call +44 20 7096 1079


July 19, 2013 | Jim Killock

ORG asks court for web blocking documents

Courts have not been forthcoming with access to website blocking orders, citing administrative reasons for refusing to treat them as public documents.

A few weeks ago, ORG published the website to compile and analyse website blocking orders in the UK.

Our aim is to create transparency over what methods of blocking are being authorised, what blocking is being done and by whom.

Once a judge has decided that a website deserves to be blocked under Section 97A of the Copyright Act, each ISP is sent a court order describing the actions they must take to block the website. It specifies the kind of blocking to be undertaken. The court order contains other important information, including the name of the organisation responsible for mistakes and changes to the lists of clone sites to be blocked.

Publication of the orders should benefit everyone. Courts, ISPs and copyright holders stand to benefit by having this knowledge made public. Accountability, fewer errors and less confusion about what is happening should be the result.

However, ISPs are often reluctant to share the orders with us, despite the fact they are 'public documents'. Possibly they feel that copyright owners asking for the orders may find publication by an ISP provocative. This means we are obliged to ask the courts for the documents, in order that we can publish and analyse their contents.

Unfortunately, court officials so far have turned down ORG's requests for copies of the blocking orders. They have done this because, they say, 'judgment has not been entered' or 'service has not been acknowledged'.

We think court orders ought normally to be easily accessible to the public at all stages of litigation. At present the rules governing access to court documents only permit access to these orders as of right once the litigation has finished. The courts seem to be treating blocking injunctions as if they were like temporary injunctions made while proceedings are still going on. In fact the injunctions are the end of the section 97A process. Nothing more is intended to happen.

This week we therefore applied to have a procedural judge (a 'Master') in the High Court to look at our requests to gain access to the documents relating to the blocks of Fenopy, H33t and Kickass Torrents.

We hope to persuade the Master that a section 97A blocking injunction should be treated like any final judgment in court and be available to the public as of right. If we cannot do that, we will ask the Master's permission to have access to the orders.

As the orders proliferate, it is important that keeps a record of what is happening. In due course, we hope that ISPs will also link to these documents in their blocking notices, to make it clear what the legal authority for the block is.

[Read more] (1 comments)

July 17, 2013 | Ed Paton-Williams

Mobile Privacy: Parliament debates data protection and the mobile industry

What happened when the Commons debated privacy and mobile data earlier this week?

On Monday night, Parliament debated the use of personal data by mobile operators.

We met with Helen Goodman MP last month to talk about mobile companies developing marketing and analytics products based on data about their customers without clear consent. After that meeting, she was able to secure the Commons debate on the issue.

Houses of Parliament

Helen Goodman told the Commons that "current law is inadequate to protect people’s privacy" and "consent rules are completely inadequate."

"For consent to be meaningful, it needs to be explicit, informed and freely given. Usually, that is not the case—the consent is buried somewhere in paragraph 157 of the terms and conditions—and people have no option to refuse if they want the service at all."

She went on to ask the Government whether it thought mobile companies can legally process customers' location data when it is not for the customers' benefit and if the ICO is doing enough to ensure consumers are aware of how their data is used.

"Do the Government think there is a proper legal basis for processing location data for the benefit of the marketing purposes of third parties?"

"Does the Minister believe that the ICO is taking enough action to require mobile phone companies to keep consumers informed?"

Ed Vaizey - the Minister responding for the Government - didn't seem to be fully aware of the laws governing companies' handling of customer data. In his reply, he spoke about the E-Privacy Directive/PECR as if it related solely to cookies.

Helen Goodman had spoken about PECR because it imposes restrictions on the processing of traffic and location data that go beyond the general Data Protection regime. These - apparently lesser known - requirements put a question mark on the legal basis for some of these, so called, BIg Data products.

The Government's response on this issue leaves a lot to be desired. Open Rights Group will continue to work with Helen Goodman and others to press mobile operators to clarify the legality of their operations and improve their privacy policies. These companies should also make it easier for customers to opt out of data about them being processed and shared to third parties.

[Read more]

July 05, 2013 | Ed Paton-Williams

Mobile Privacy: 'You can't see the contract until after we've done a credit check'

How do you choose which mobile operator to go with? A good deal? Strong coverage in your area? Access to the best new handset? Would you like to know which companies let you keep your data private?

On Wednesday afternoon, I left the ORG office and went to the mobile operators' shops on the Strand in central London.

Could I get a good deal, strong coverage, a great new handset and choose a company that let me keep my data private?

Mobile Shops

To do that, I'd need to be able to have a look at their contracts to see which one was best. It didn't seem likely that they'd just hand them over without the prospect of a sale.

I needed a story. Here's what I told the sales assistants.

"I'm looking for a phone and contract for my dad. He's never needed a mobile before but he had a fall recently. I just want to get him one for peace of mind." (None of that is true by the way.)

The sales assistants in Three, O2, Vodafone, EE and Phones4U were more than happy to tell you about tarifs, give phone demos and talk about how easy it is to transfer numbers over.

After the sales pitches, I told them a request my dad had.

"My dad's quite privacy-conscious. He told me he's been reading stories in the newspaper about mobile companies tracking where their customers go. I'm sure it's all fine but he told me to read the contracts before picking a company to go with."

Suddenly it was a very different story.

'You can't see the contract until after we've done a credit check' was the response in all the shops. I pushed back each time. 'I just want to make sure I read whatever I'm going to sign.'

The guy in Vodafone let me have a quick look but said I couldn't take it away. I could have a promotional flyer though, which was nice. After a lot of persuasion, EE reluctantly let me take the contract home to have a look at.

In O2, Three, and Phones4U, they all said that they don't have contracts in the shop. They print them out each time apparently. Not very likely. Vodafone and EE both had the contracts and terms & conditions behind the till.

I laid out my predicament to the woman in Phones4U, "My dad wants to choose his mobile operator based how they handle his data. But you won't let me see the contract saying how they handle his data until he chooses his mobile operator."

My only option was to agree to the mobile company carrying out a credit check on me before I could see the documents I'd have to sign. And I definitely didn't want to do that just to see the contract.

It's pretty clear there was a serious lack of transparency. Was I unable to see the contracts because of a policy set by the companies? Or were the sales assistants out of line in not showing me the documents I'd have had to agree to eventually anyway?

Whichever is the case, the only straightforward way to find out what data the mobile companies collect and what they do with it is reading the ORG Wiki page documenting their privacy policies.

But if you were on the Strand on Wednesday afternoon and wanted to buy a phone and contract from a mobile company that told you if you could keep your data private, you were definitely out of luck.

Image by Simon Phipps under CC BY-NC-SA 2.0 licence

[Read more]

July 03, 2013 | Ed Paton-Williams

ORG's next challenge

We've got a huge challenge on our hands. You've probably read about Edward Snowden's leaks revealing the NSA's PRISM and GCHQ's Tempora mass surveillance programmes.

Here in the ORG office, they've managed to both shock us and confirm our worst suspicions.

What's the problem?

We now know the US can monitor what up to 95% of the world's population does online. If you use the services provided by US firms like Google, Skype and Facebook and you're a non-American outside the USA, the US Government simply doesn't accept your right to privacy.

And US intelligence shares what they learn from their snooping with the UK.

Not wanting to be outdone, the UK has been spying on the web's 2 billion users and working with the US to analyse the data.

The problem here is RIPA - the British law governing surveillance and enabling Tempora. No-one's broken any laws because the law's already broken. So we badly need to reform RIPA.

By abusing loopholes in RIPA, GCHQ is tapping undersea cables to intercept staggering quantities of people's web data as it enters Britain. They're then storing all that data for 3 days and the metadata for 30 days

And the Snoopers' Charter?

You might well have been thinking, "The Home Office were a bit cheeky trying to get the Snoopers' Charter through when they could do all this anyway."

And you'd be right.

Even without the Snoopers' Charter, GCHQ's been able to intercept terrorists' web use for at least 3 years. But the Home Office argued that they needed the Snoopers' Charter to get intelligence on terrorists.

Now that claim seems even more nonsensical and misleading than it did at the time.

ORG was at the forefront of the campaign against the Snoopers' Charter. We worked really hard to:

  • inform and influence politicians, the media and other NGOs so everyone knew the problems with the Government's plans
  • help ORG supporters tell the Government why they opposed the Snoopers' Charter
  • produce our Digital Surveillance report to present everyone with a better alternative - accountable and targeted surveillance

And it worked! Thanks to the huge opposition to the plans, Nick Clegg blocked the Snoopers' Charter.

How can we stop RIPA now?

With Tempora and RIPA, we've got an even greater challenge.

If we want to reform RIPA to stop GCHQ abusing the law and invading everyone's privacy, there's a lot to do.

We really need to:

  1. Grow ORG's base of digital rights activists even further so we can maintain public pressure
  2. Spend more time talking to politicians and the media so we can keep pushing for reform of RIPA
  3. Keep on doing the in-depth research and policy work that will provide the arguments to win the debate on surveillance

Inevitably, increasing the amount of work we do costs more money.

At the moment, about 30,000 people subscribe to ORG's emails and take part in our campaigns. But only around 1,700 supporters chip in an average of £5 a month to help fund our work.

ORG needs more supporters to help us take on RIPA

If you haven't joined ORG yet, it's the perfect time to get even more involved with ORG's work by joining us as an ORG supporter.

As well as the knowledge that you're helping defend everyone's digital rights, you'll also get a free copy of Tim Wu's The Master Switch when you donate £5 a month or more.

And if you join ORG before 10AM on Friday 5th July (that's this Friday) you'll automatically be entered into a draw to win two tickets to see Graham Linehan's The Ladykillers.

The winner will go to London's West End for the prestigious Press Night performance on Tuesday 9th July. After the show, you'll go to the after-show party with the cast and producers of the show.

So...defend privacy and freedom of expression, become a member of the UK's biggest digital rights movement and get a chance to see one of the best new plays around.

I hope you decide that now's the right time to join ORG. We really need your help.

And if I'm already an ORG Supporter?

If you are already a paying ORG supporter, thank you! Your support helped ORG fight off the Snoopers' Charter, win the campaign for changes to copyright law and defend consumer rights on the Internet.

Can you help spread the word by sharing the link to our Join page to your friends, family and followers?

Click the buttons below to help ORG to ask people to join you as a supporter.

Email share button  Facebook Share button  Twitter Share Button  Google Plus Share button 

[Read more]

July 01, 2013 | Javier Ruiz

Open Rights Group at Latin American open data events

Open Rights Group participated in two international conferences in Uruguay last week. We were invited to cover the junction between privacy and open data, an area under increasing scrutiny as governments implement transparency programmes.

ORG has been working on the issues and conflicts around privacy and open data for some time. Recently ORG intervened to help limit access to the National Pupil Database for commercial companies.

The first gathering was Abrelatam 2013, organised by the lovely people of Data Uruguay and Ciudadano Inteligente from Chile, the Latin equivalent to MySociety. If you want to hear more about the Chileans, founder Felipe Heusser will be in London at the Guardian Activate conference on Tuesday 9th of July.

Abrelatam 2013 unconference

Abrelatam brought together tech and transparency activists from across Latin America and beyond, including OKFN, Sunlight Foundation and MySociety. There were many inspiring stories and groups, from the data journalists from La Nacion to the mobile tech lab in a bus from Brazilians Transparencia Hacker.

The conference covered the usual open data topics from measuring the success of programmes - users, impacts, etc. - and smart cities to how to convince governments to open up. But quite refreshingly there were also many conversations around grassroots participation and involvement, with a very genuine concern that open data is not just about playing with tech toys. The discussion on the relationship between transparency and social movements took place against the backdrop of mass protests in Brazil.

We were particularly impressed with the work of the ACIJ from Argentina shedding light on the opaque selection process of magistrates in Buenos Aires using open data and visualisation tools. This case also brings important lessons on how privacy claims should not hinder the transparency of public appointments. Another excellent project, presented by Laura Sommer, is, where citizens can “verify public discourse”, with a classification system that besides true or false includes finer verdicts such as “not supported by evidence”, “exaggerated” and “true, but”, meaning that a crucial aspect has been ommited.

ORG’s proposed session on privacy brought up many interesting examples of conflicts and difficult choices. Among others we heard of exam results being published in Mexico and the electoral register with Google indexed photos in Argentina. The consensus was that the privacy and open data nexus is very important but we lack the framework to analyse it. This is particularly complicated with the diversity of legal and cultural contexts we find in different countries. Many activists asked for more information and capacity building.

The second event we attended involved governments and international bodies. The Regional Conference on Open Data for Latin America and the Caribbean covered a fairly comprehensive range of public information topics: agriculture, health, education archives and statistics, etc. The region can boast some transparency giants such as Brazil, and there are efforts in most other countries. But there is a long way to go in terms of accountability and genuine civic participation, as evidenced in the Brazilian riots.

Conf Datos Abiertos Uruguay 2013

ORG participated in a panel on the regulation of open data. The room was full despite the session partially clashing with the football match between Uruguay and Brazil that wrecked havoc with the planned schedule. Our contribution again centred on the privacy aspects of these policies. Other panelists included the data protection agencies of Uruguay and Mexico, the Brazilian Fundaçao Getulio Vargas and Spanish legal expert Franz Ruz from The discussion touched on the many legal frameworks governing open data, from access to licensing and reuse, but most of the hard questions centred on privacy and data protection.

We covered as much as we could in such a short time:

  • The conflict between open data and the fundamental principles of data processing - purpose limitation, etc.
  • Criteria for assessing the privacy protection of public employees: seniority, work related activities, etc.
  • Asymmetries of public benefit and personal costs: education, health, public registers…
  • The difficulties in asking citizens directly about the value of privacy and transparency
  • Anonymisation and its discontents
  • Voluntary sharing of personal information and the need for control over our data
  • European data protection hot topics: righto to delete (not forget), pseudonymous data, consent
  • Combining regulatory models for hard complexity: participation, multistakeholderism, strong data protection, technical guidelines, sector codes of practice…

On our last day we mananged to squeeze an extra workshop on privacy and open data for local activists and a meeting with the Government of Uruguay to help them improve their work with civil society to produce a national transparency plan, as required by their membership of the Open Government Partnership. ORG is part of the coordination of the UK civil society network working on the Open Government Partnership.

We came back home reassured that open data and privacy is a really important issue, where ORG can really help as one of a handful or organisations currently trying to tackle the difficult questions that arise. Last week also reaffirmed that most of the issues we deal with on the impacts of technology on rights and liberties have a global reach, and that while we must continue leading on UK policies we have to increasingly work internationally as well.

You can join our email list on Open Data Privacy HERE

[Read more]

June 28, 2013 | Jim Killock

PRISM Parliamentary event packed out

Around 70 people attended our PRISM and Tempora event in Parliament yesterday, hosted by Tom Watson MP. The speakers, Caspar Bowden, Simon McKay and David Davis MP, helped give context to some of the recent claims on surveillance made by the government.

The executive claims that all is well with secret surveillance, and that there is nothing to worry about, as everything that takes place is under a strict legal framework. And of course, if you have nothing to hide, you have nothing to fear.

Tom Watson and David Davis

Coincidentally, David Willets on Question Time made the same points about obeying the legal framework as William Hague did after the original PRISM leak from the Guardian.

However, the main message from both Caspar and Simon was that the US and UK legal framework is woefully lacking to the point of irrelevancy.

Caspar BowdenBowden explained that UK citizens lack any constitutional protections in the USA as 'foreign nationals'. FISA s702 contains provisions to target people for broad foreign policy reasons, which in practice means anything political that could be of interest to the US government. He explain that protections for whistleblowers and warnings when data is transferred to regimes like the US are needed in data protection law.

David Davis MP then outlined the political situation in the UK. He noted that the leaks from Snowden had changed the atmosphere surrounding surveillance questions, and that the oversight regime was broken. He said he believed that we have a chance to review the whole of the Act under which this surveillance is being carried out, RIPA. He later extended rare praise to the EU Commission and Viviane Reding in particular.

Simon McKaySimon McKay explained the UK legal framework, starting with provisions that require secrecy from agencies, in ways that can be used to hinder effective oversight. He showed that RIPA section 80 allows more or or less any kind of intelligence activity to be lawful. He described RIPA's oversight provisions as essentially a 'voluntary code'.

The discussion led into questions on the Snoopers' Charter; apparently the Joint Committee are livid with the lack of disclosure they were given surrounding intelligence sources. The justifications made by Theresa May at the time, that it was needed on the basis of terrorism and serious crime, do not now look well founded.

The event is covered in today's GuardianPC Pro and V3. We've posted the audio and slides of the event.

We'd like to thank all three speakers and Tom Watson for hosting the event.

[Read more] (4 comments)

June 26, 2013 | Jim Killock

Prophetic analysis warned about US-based cloud

One of the weak points in the new European data protection regulation that privacy advocates have been warning about is the ease by which data can be exported from the EU into FISAAA-ready services in the USA. In short, the European Commission have been trying to make “data exports” easier, but in the process have made it harder to enforce our fundamental privacy rights.

The Commission's position on data exports relates to their cloud strategy. They see the use of cloud computing as a way to enable EU businesses to save costs and become more efficient. They hope this will increase European competitiveness in a global marketplace. The argument runs that current data protection rules make full use of cloud computing impossible because of the restrictions it imposes on data exports, as all the big cloud providers are non-EU.

As Caspar Bowden and Judith Rauhofer point out in their recent paper, this argument leads to a position where data protection rights are highly unenforceable as soon as data moves outside the EU via data exports. In short, if the US enacts FISAAA laws and initiates PRISM, there’s not much that the new data protection laws can do to help, especially as they are currently drafted.

Rauhofer and Bowden also reference a paper produced back in January by the European Economic and Social Committee.The EESC pointed out the problem with the Commission’s economic argument. They say that an increase in the uptake of cloud services provided by mostly US-based companies will lead to a loss of sovereignty by EU businesses and public sector, not only over personal data, but also over commercially sensitive information and trade secrets:

Page 5-6:

Recent decades have demonstrated the significance of the dependency of the Member States - or even of Europe as a whole - regarding various sources of energy: petrol, gas, electricity, etc. Should European citizens', businesses' and public services' data in future be hosted, managed and controlled by non-European CC operators, there would be legitimate concerns surrounding the impact of this dependency:

  • protection of particularly sensitive data that are crucial to strategic competition between European and non-European countries, such as in the aviation, automotive, pharmaceutical and research sectors;
  • the availability of data in the event of international tensions between "host" countries and Member States;
  • equality of treatment of consumers of digital energy depending on whether or not they are citizens or organisations of a "friendly" country;
  • job and wealth creation from the production of digital energy, and also from the entire service development ecosystem, in the host countries, thus disadvantaging countries that are simply "cloud-friendly" users of digital energy. …

3.5 Currently, although there are some differences between the Member States' regulations, they are close to the European texts, standards and directives; hence users' fears - in some cases justified - of their data being stored outside Europe, leading to difficulties and legal stalemates in the event of disputes.

In addition, the greatest cause for concern among users is the "Patriot Act". This act came out of the war on terror (following the September 11 attacks), and allows the US government or a federal judge to access any data hosted and controlled by an American company, whether or not the owner of the data is American and including data hosted in a centre on European soil. Above all, the owner of the data cannot be informed that the host has disclosed the hosted data.

After Edward Snowden’s revelations about PRISM, now that the public and EU Parliament are more aware of the effects of FISAAA as well as the Patriot Act, there is a very high risk that EU businesses will lose trust in cloud services to everyone’s detriment.

This also creates an opportunity: data protection law can allow citizens and businesses to manage the risks. The increased privacy of European-based services could make them more competitive, especially for businesses who must protect their confidentiality, as the EESC point out. But the EU Parliament will have to be open to making some significant changes, including improving notification and insisting that US and other states’ surveillance laws are only to be applied to EU data in the context of international laws and agreements. This was the intention of Article 42 – which should now be reinstated.

[Read more] (2 comments)

June 24, 2013 | Jim Killock

Questions for the UK government

The Guardian’s revelations about the Tempora programme, including global Internet and telecoms surveillance, leave the UK’s reputation in great danger. Using legal loopholes, and hiding the extent of these programmes from the public eye, the UK has breached the rights of both our own citizens, and those of every country whose citizens’ data has been harvested.


Not everything set out by these leaks is new or unknown, but what is new is the confirmation of the existence of the programmes, and the pressure on governments to come clean and explain what they have done.

While governments can claim a need for secrecy around specific investigations, they cannot reasonably claim a need for secrecy around the programmes they initiate. By making such a massive operation secret, they have undermined the rule of law, denied us democratic accountability and breached legal commitments to human rights that have been made in public to the peoples of other countries.

The position seems to be that the UK government believes it can wiretap whatever it likes, so long as the tapping takes place outside of the UK (ie, the tap is placed on an undersea cable a few miles west of Bude) and involves communications that are not simply UK citizen to UK citizen.

Making this apparent to the political class, reversing the situation, and introducing genuine accountability will not be easy, but is vital. Here are some reasons why we need an unparalleled outbreak of political honesty, to live up to the opportunity that Edward Snowden has given us.

Senior politicians have misled Parliament and the public

Tempora was implemented under Labour, and has carried on under the Conservative-Lib Dem coalition. Some senior politicians including Jacqui Smith, Alan Johnson and Theresa May failed to inform the public and the vast majority of Parliament about Tempora. William Hague has been guilty of making similarly bland justifications and reassurances following revelations about PRISM. MPs should be especially wary of the executive’s justifications for Tempora. They have the most to lose, personally and politically.

However, the members of the three parties, their democratically elected committees and the delegates to their conferences did not know of these programmes. It is also highly unlikely that many MPs knew and it is even probable that many former and current ministers were never told about the programmes. Creating and continuing with Tempora will have been a decision taken by a very narrow group of people.

This places the UK’s political class in a troubling situation, and they badly need guidance from the public.

Malcolm Rifkind and the Snoopers’ Charter cheerleaders

Malcolm Rifkind chairs the Parliamentary committee responsible for overseeing the intelligence agencies, and has recently shown himself to be very much a willing hand of the Home Office. He has reassured everyone that these programmes are highly likely to be working within the law, and recording everyone’s communications is nothing to worry about, since there is too much to read. In essence, Rifkind believes, if you have nothing to hide, you have nothing to fear.

Even four hundred years ago, Cardinal Richelieu understood that this was not a compelling argument:

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

and he was hardly a major proponent of universal human rights.

Given Rifkind’s beliefs, can we trust his leadership of the Intelligence and Security Committee to guide the only major inquiry that is currently planned by the UK Parliament?

Rifkind is a particularly powerful example of a kind of UK politician that makes a habit of justifying secret service and Home Office demands. He was one of the first people to argue for the return of the Snooper’s Charter. Others, including Lord Carlile, Lord Reid and Jack Straw have been wheeled out to make the same arguments, as if their experience implementing hardline rollbacks of civil liberties in some way made them the right people to explain to us why we need to trust the secret state. Their credibility is shattered.

Foreign policy

The UK is a major gateway for Internet traffic cross the Atlantic. The volumes of traffic are immense, and provide a major wiretapping opportunity

The UK government clearly thinks it benefits from being close to the US intelligence and helping out by providing such access to them.

Both the UK and the USA need to ask if it is reasonable to use their positions to surveil global communications without regard to individuals’ inalienable human rights, or other nations’ and allies’ legitimate interests. We cannot reasonably expect other countries to behave better, if we do not ourselves. Our position also seems to be at odds with our human rights commitments, which is angering many very reasonable countries, such as Germany.

Damage to the Internet economy

The global Internet economy has become more centralised, with a great deal of data being handled and stored by a few US companies, such as Facebook, Apple, Microsoft, Yahoo and Google. This, as Tim Wu observed at ORGCon, makes them easy to compel. Surveillance benefits from this kind of centralisation. This centralisation is also reflected in the small number of entry and exit points for Internet communications. Such ‘choke points’ increase the ease of surveillance.

However, the confidence of the public and businesses depends on a sense of trust. This balance has been thrown by the Snowden revelations. Internet privacy is not an abstract concern.

Surveillance from the USA and UK will include gathering intelligence for their ‘economic wellbeing’. Why should either nation be trusted when companies think about choosing ecommerce and cloud services? The ‘national interest’ of the UK and USA could easily override the privacy and security of a company based in Germany or France. Taking such an approach is surely bad for business.

Who is really threatened?

There are many threats to individuals from accessing data. These can include:

  1. Businesses, who may be communicating confidential information of interest to competitors;
  2. Businesses who are specifically competing against businesses in the US or UK, when our governments regard their competition as against our ‘national interest’;
  3. Journalists, who need to communicate privately with sources;
  4. Whistleblowers, especially those who act against the will of their government – think of Daniel Ellsberg perhaps;
  5. Anyone whose personal position could be leveraged by security services for their benefit;
  6. Members of groups like Anonymous;
  7. Everyone, as our data might be leaked to a third party against our will

The wider threat is to our democratic culture. If people fear being listened to, or becoming of interest to security services, then they change and limit their behaviour. This is a loss to the whole of society, whether or not you think the specific threats are likely to affect you.

What needs to happen

Everyone should think about how we rein in the security services. Some of the things that are needed include:

  1. The EU draft Data Protection Regulation must allow people to control their data, so they can manage the security threats to their personal data. It should reinstate Article 42, which requires data disclosures from companies should be governed by international agreements.
  2. Transparency calls in the USA must be heeded, immediately
  3. UK law must be revised to remove indiscriminate data collection
  4. US and UK surveillance activities must be brought into a transparent international legal framework

[Read more] (7 comments)

google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail