This week’s Tech Law News Round-Up

March 6, 2020

Biometrics and Forensic Ethics group investigates ethical issues regarding facial recognition technology

The Biometrics and Forensic Ethics group is investigating the ethical issues in the use of live facial recognition (LFR) technology in collaboration between police forces and private entities. As part of ongoing evidence-gathering, views on this specific use are now sought from: manufacturers of LFR technology; public and private sector users of LFR technology; past users, or potential future users of LFR technology, such as councils, land owners and police or security forces. The call for evidence is open from 28 February to 17 April 2020.

DCMS Select Committee launches inquiry into full-fibre and 5G roll-out

The House of Commons Digital Culture and Media Select Committee has launched an inquiry into broadband and 5G to examine the UK government’s pledge to ensure every home and business in the UK has gigabit-capable broadband by 2025. The inquiry will focus on how realistic the ambition is, what is needed to achieve it, and what the target will mean for businesses and consumers. It will also look at what role 5G technology might play, and what initiatives such as the Shared Rural Network mean for improving mobile connectivity across the UK. The terms of reference include how realistic the government’s ambition is, and what measures (regulatory, financial, technical, other) will be needed to achieve it; the challenges to the roll-out of 5G and gigabit-capable networks; addressing the digital divide; attitudes to digital connectivity and the impact on individuals and communities whose broadband and mobile connectivity fails to keep pace with the rest of the country over the next ten years. It will also consider the link with other DCMS policy concerns, such as changing patterns in the consumption of digital media and how effectively the different stakeholders work together in both the mobile and broadband sectors and how their relationships might be improved to support gigabit-capable roll-out. The deadline for submitting evidence is 2 April 2020.

ICO fines Cathay Pacific £500K for security breaches

The ICO has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide. Cathay Pacific became aware of suspicious activity in March 2018 when its database was subjected to a brute force attack. The incident led Cathay Pacific to employ a cybersecurity firm, and they subsequently reported the incident to the ICO. The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. A catalogue of errors were found during the ICO’s investigation including: back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.

ICO fines Scottish company £500K for making nuisance calls

The ICO has also has fined CRDNN Limited £500K for making more than 193 million automated nuisance calls. The ICO’s investigation revealed that CRDNN Limited was found to be making nearly 1.6 million calls per day. Some of the calls potentially put people’s safety at risk as they were made to Network Rail’s Banavie Control Centre, and blocked the line for drivers and pedestrians at unmanned level crossings, who were calling to check it was safe to cross the rails. The calls were all made from so-called ‘spoofed’ numbers, which meant that people who received the calls could not identify who was making them. The company broke the law by not gaining consent from the phone owners to make those calls and by not providing a valid opt out. More than 3,000 complaints were made about the nuisance calls. CRDNN Limited has also been issued with an enforcement notice ordering it to comply with the law within 35 days of receipt of the notice.

NCSC issues guidance on smart security cameras and on online gaming

The National Cybersecurity Centre has issued guidance on smart security cameras, detailing how to prevent common cyber attacks. Live feeds or images from smart cameras can (in rare cases) be accessed by unauthorised users, putting privacy at risk. This is because smart cameras are often configured so that they can accessed while people are away from home. The guidance sets out three key ways to increase security: change the default password on a camera, regularly update it and if individuals do not need to remotely view camera footage, disable it. The NCSC also advises reviewing router settings.

The NCSC has also published guidance on online gaming. The advice is intended to help safeguard individuals and their personal data when gaming. The guidance covers securing devices, account protection, protecting privacy and verifying sources of anything an individual installs on their devices.

UK government announces details of new review to protect the future of radio

The scope of the Digital Radio and Audio Review and its terms of reference have been announced. The review will examine the issues facing radio in the next decade. The review will form part of a commitment which aims to ensure a sustainable, vibrant radio and audio sector for the UK in the long term. The review also aims to support decisions about the future of radio in light of rapid changes in radio and audio consumption particularly amongst young people. Previously, radio’s future was seen in terms of a transition from analogue to digital broadcasting. However, with the growth of smart speakers in homes and online audio platforms, the UK audio market is rapidly changing and there is no longer simply a binary choice between analogue and digital audio broadcast (DAB) platforms. The digital radio and audio review will examine future trends and consider how radio should adapt to the growing challenges and opportunities from the latest audio technologies, as well as the impact of new consumer behaviours such as streaming. Its terms of reference focus on how to ensure radio remains fit for the future, assessing potential future listener trends and making recommendations to strengthen the UK radio audio industry and promote innovation.