"It is a long-standing policy that we do not comment on intelligence matters,” said the U.K. Government Communications Headquarters (GCHQ) Wednesday in response to the filing Tuesday by Privacy International of a complaint alleging the security service hacks computers and mobile devices (CD May 14 p18). All of GCHQ’s work “is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight,” a GCHQ spokesperson said in an emailed statement. “All our operational processes rigorously support this position."

Using malicious software to hack into computers or mobile devices is a clear violation of the European Convention on Human Rights, said Privacy International on Tuesday. It filed in the U.K. Investigatory Powers Tribunal what it said was the first U.K. challenge to the use of hacking tools by intelligence services (http://bit.ly/1iP47cx). PI argued that the infection of devices with malicious software, enabling covert intrusion into the lives of ordinary people, is so invasive that it’s incompatible with democratic principles and human rights standards. Given that the Government Communications Headquarters and its partner, the U.S. NSA, have no clear lawful authority to hack, their conduct is illegal and must be stopped immediately, PI said. GCHQ had no immediate comment.

The Trade Promotion Authority (TPA) bill (HR-3830, S-1900) should “prioritize the role of the Internet economy,” said a letter (http://bit.ly/1fKUbSa) led by Reps. Darrell Issa, R-California, and Jared Polis, D-Colorado, to House Ways and Means Committee Chairman Dave Camp, R-Michigan, ranking member Sander Levin, D-Michigan, Senate Finance Committee Chairman Ron Wyden, D-Oregon, and ranking member Orrin Hatch, R-Utah. The TPA “rightfully recognizes the key role that the Internet plays in international trade today,” but “does not extend that vision of the importance of the Internet economy throughout its provisions,” said the letter. The bill “states the overall trade negotiating objectives of the United States with respect to any agreement with a foreign country to reduce or eliminate existing tariffs or nontariff barriers of that country or the United States that are unduly burdening and restricting U.S. trade” (http://1.usa.gov/1qbEQP3).

Samsung Electronics, charged with violating EU antitrust law by misusing standard essential patents (SEPs) is “pleased to have reached an amicable settlement with the European Commission,” it said Wednesday. The deal “implies no wrongdoing” by the company and ends the competition investigation, it said. Samsung believes the agreement will reduce uncertainties and give the industry more clarity, it said. The settlement also shows the company’s “commitment to finding solutions which balance the interests of both [intellectual property] licensors and licensees,” it said. The EC cited Samsung and Motorola Mobility for using SEP-based injunctions to gain more advantageous licensing terms that could harm consumers and innovation (CD April 30 p22).

Growing and competing demands for spectrum will “require a mix of spectrum repurposing and increased sharing,” said the U.K. Office of Communications in a spectrum management strategy released Wednesday (http://bit.ly/1fsjMPO). Ofcom said it expects in coming years a continuing emphasis on repurposing some bands as a way of addressing changing spectrum needs, as well as more spectrum sharing among different uses. Its 10-year strategy will be to: (1) Proactively explore new forms of spectrum sharing. (2) Maintain its focus on coexistence challenges associated with changes in spectrum use. (3) Promote improvements in radio frequency performance standards to reduce coexistence issues. (4) Boost the quantity and quality of information available on spectrum use. (5) Take a leading role in key international spectrum forums. Ofcom will address future mobile data demands and put in place its strategy for the 700 MHz band. It will support the government’s release of spectrum to private parties and address challenges arising from future wireless mic spectrum uses. The regulator also said it will enable growth and innovation in machine-to-machine/Internet of Things (IoT) applications, and help the government address the future wireless communication needs of emergency services. Ofcom outlined its plans for spectrum sharing in a separate document (http://bit.ly/1fsjMPO). To encourage wider use of spectrum sharing, Ofcom said it will: (1) Carry out further studies into the risk that future extension of the 5 GHz band for license-exempt Wi-Fi could cause new coexistence issues with incumbents. (2) Continue to monitor spectrum usage by Wi-Fi devices to provide an early warning of possible congestion. (3) Investigate the feasibility of making new shared spectrum bands available for mobile broadband. (4) Look into the possibility of making more narrowband shared spectrum available below 1 GHz to help meet emerging IoT spectrum demands. (5) Seek to extend the application of the geolocation database approach beyond TV white spaces and consider a tiered spectrum approach. (6) Pilot measures for pre-agreeing arrangements for research and development access for bands of special interest for innovation.

Motorola Mobility and Samsung Electronics infringed EU antitrust law by misusing standard essential patents (SEPs), the European Commission said Tuesday. SEPs are patents essential for implementing a specific industry standard, it said in an FAQ (http://bit.ly/1m7en3s). It’s impossible to manufacture standard-compliant products such as smartphones or tablets without using technologies covered by one or more SEPs, it said. SEPs can confer significant market power on their holders which they wouldn’t have had without the standard, the EC said. Since standards benefit consumers and businesses in terms of interoperability and innovation, standardized technology must be accessible to all interested parties subject to reasonable conditions, it said. To ensure that access, standard-setting bodies require that patent holders agree to license their SEPs on fair, reasonable and non-discriminatory (FRAND) terms to address the issue of market power, it said. The EC wants to stop SEP holders from using SEP-based injunctions to extract licensing conditions that may hamper competition and hurt consumers, and SEP holders should be entitled to appropriate remuneration for the SEPs, it said. The EC accepted several legally binding commitments from Samsung to settle an antitrust case. One is that for five years, Samsung won’t seek injunctions in the European Economic Area, on the basis of any present and future SEPs relating to technologies for smartphones and tablets, against any company that agrees to a particular licensing framework for the relevant SEPs. The licensing framework calls for a negotiating period of up to 12 months, after which, if there’s no agreement, FRAND terms will be determined by a third-party arbitrator such as court, the EC said. The commitments will be monitored by an independent trustee, it said. The EC also said Motorola violated antitrust law by seeking and enforcing an injunction against Apple in a German court on the basis of a smartphone SEP after it had agreed to take a license and be bound by a determination of FRAND royalties by a court. The EC also said it was anticompetitive of Motorola to insist, by threatening to enforce its injunction, that Apple give up its right to challenge the validity or infringement by Apple’s mobile devices of Motorola SEPs. Samsung had no comment. Motorola agrees that injunctions should only be sought against unwilling licensees, and in this case it followed the procedure set by the German courts, spokeswoman Katie Dove told us. “We are now evaluating the EC’s decision."

The Philippines was removed from the U.S. Trade Representative’s Special 301 watch list of countries that fail to sufficiently protect intellectual property rights, said a White House news release Monday (http://1.usa.gov/1kdFnsl) timed for President Barack Obama’s visit to the country, scheduled to continue through Tuesday. The administration of Philippines President Benigno Aquino “has made significant progress in implementing economic policy and institutional reforms,” including “intellectual property protection and enforcement,” it said. Israel was removed from the Special 301 watch list last month (CD March 4 p17).

One in four U.K. residential fixed broadband connections is now “superfast,” defined as 30 Mbps or more, the Office of Communications said Tuesday. Its latest report on fixed-line home broadband speeds (http://xrl.us/bquw7r) said the proportion of superfast connections rose from 5 percent in November 2011 to 25 percent last November. The average superfast connection was 47 Mbps in November, an increase of more than 15 Mbps since May 2010, the regulator said. Although this is good news for consumers, the national picture is “uneven,” it said. Many households, particularly in rural areas, experience much lower speeds, it said. The study said: (1) The average urban download speed in November was around 32 Mbps, up 21 percent from May 2013. (2) The average suburban download speed in November was 21.8 Mbps, up 22 percent since last May. (3) Average speeds in rural areas rose from nearly 10 Mbps to 11.3 Mbps from May-November 2013. Speeds are slower in rural areas because of the limited availability of superfast broadband services and because speeds over ADSL, which uses the copper network, are subject to longer distances the signal must travel to the phone exchange, it said. Virgin Media was the ISP with the fastest speed, with download speeds averaging 114.9 Mbps (advertised as “up to” 120 Mbps) over 24 hours, delivered over cable, Ofcom said. But Virgin’s speed also had the most variation between peak-time download speeds and maximum speeds, it said. The research examined packages offered by the country’s seven largest ISPs by subscriber numbers, Ofcom said. There were 735 million separate test results recorded in 2,391 homes in November, it said.

Massive, indiscriminate and systematic surveillance of Europeans is illegal and can’t be justified by the fight against terrorism, the Article 29 Working Party (WP29) said in an opinion (http://bit.ly/1hGOj6l) Friday. The group, whose members are national data protection authorities, recommended several actions to ensure that privacy rights are enforced. EU governments should ensure more transparency and control over the surveillance activities of their intelligence services, including a right for people to be informed and given adequate safeguards when their personal data are collected and transferred, WP29 said. To prevent such spying from happening again, there should be effective and independent oversight of security agencies, “which implies a genuine involvement of the data protection authorities,” it said. EU institutions must finalize negotiations on the data protection revamp package, and approve an enforceable international agreement that gives individuals strong guarantees in the context of surveillance activities, it said. Approval of the opinion coincided with the European Court of Justice decision Tuesday to overturn the data retention directive (CD April 9 p11), WP29 said. The organization plans to hold a conference on surveillance later this year to discuss how to better inform people of the consequences of using e-communications and how to protect themselves, it said. WP29 also responded to a Nov. 27 European Commission statement on the workings of the safe harbor agreement for data transfers to the U.S. Given current circumstances, it said, the agreement’s ability to adequately protect EU citizens is “questionable.” If the revision process now under way in the EC doesn’t “lead to a positive outcome, the Safe Harbor agreement should be suspended,” a WP29 news release said.

The international community should agree on new standards of behavior and “secure-by-default” communications processes, former National Security Agency (NSA) contractor Edward Snowden told lawmakers at a webcast Council of Europe (CoE) Parliamentary Assembly hearing on mass surveillance Tuesday. Speaking from Moscow via video link, Snowden said his earlier testimony before the European Parliament established, among other things, that: (1) The U.S. government has confirmed that its dragnet surveillance hasn’t been effective in preventing terrorism and has no basis in law. (2) The NSA has a directorate that has worked to deliberately subvert European countries’ privacy laws for mass snooping. (3) Reports are accurate of intelligence agencies using blanket surveillance not for antiterrorism activities but to spy on organizations such as the U.N. Children’s Fund and human rights groups. (4) The U.K. Government Communications Headquarters (GCHQ) collected, on a massive scale, images from webcams without any individual suspicions of wrongdoing even after it determined the information had no law enforcement uses. Some of the information was “intensely private,” Snowden said. Asked whether the NSA, GCHQ and others engage in sophisticated data-mining of the information they scoop up, Snowden said yes. The agencies use algorithms to find unknown persons of interest not suspected of wrongdoing, he said. The NSA “XKeyscore” framework permits creation of “fingerprints” that can be used to create a unique signature for an individual or group, but this is just the “smallest part” of its capability, he said. Metadata and content can both be accessed via any algorithm that analysts can put in place, Snowden said. The algorithms give analysts the ability to learn about such things as people’s sexual orientation, personal interests or computer network, he said. U.S. government claims that such searches aren’t carried out aren’t true because Snowden has personally done them with the government’s approval, he said. The algorithms allow for searches without any warrant, creating a de facto policy of “guilt by association,” he said. Systems such as XKeyscore allow the NSA to track entire populations of people who share a particular trait such as religious affiliation or gun ownership, he said. While the agency isn’t engaged in actively compiling lists of homosexuals in order to send them to camps, its activities nevertheless implicate human rights, he said. International standards are needed to guard against routine abuse of the technology, he said. The most cost-effective means to guard against the systemic violations is “pervasive encryption,” Snowden said. Hansjörg Geiger, former head of the German Federal Intelligence Service, urged rapid action to remedy the breaches of law. He proposed international agreements under the U.N. or CoE but said that because they will take many years, intelligence services now need a code of conduct that stops their unfettered spying and limits it to strictly necessary purposes. The code could be brokered by the EU or NATO, and should at the least contain four simple rules, Geiger said. They should bar economic espionage; forbid any intelligence activity on the territory of another country without its permission; allow access to data only for clearly defined purposes such as preventing terrorism; and outlaw efforts to force telecom and Internet companies to give complete access to their databanks to security services.