call +44 20 7096 1079

Blog


May 28, 2013 | Claudia Mateus

Exciting speakers at ORGCon2013!

Listen to some of the excellent speakers that will be coming to our June 8th event, ORGCon.

Visit the ORGCon2013 website!

Freedom of Speech, Copyright, Open Data and Digital Arms Trade are some of the issues that our speakers will be discussing. In this video, Ian Brown, Jeni Tennison, Eric King, Gabrielle Guillemin and Hauke Gierow give us a preview of their talks at ORGCon!

[Read more]


May 23, 2013 | Jim Killock

Capitalising on tragedy

Yesterday's events in Woolwich were appalling, but Lord Carlile and John Reid wasted no time in attempting to use this atrocity in justifying a return to reductions in personal privacy and other human rights.

Lord Carlile said on Newsnight:

We have to learn proportionate lessons from what has occurred.

We mustn't rush to judgment. But we must ensure that the police and the security services have for the future the tools they need which will enable them to prevent this kind of attack taking place.

I hope that this will give the Government pause for thought about their abandonment for example of the Communications Data Bill and possibly pause for thought about converting control orders into what are now called Tpims, with a diluted set of powers.

According to ITN:

Labour ex-home secretary Lord Reid said such measures were "essential" to combating terrorism, warning it could otherwise take "some huge tragedy" to show the decision was wrong.

It is highly difficult to know how useful the CDB would or could be for detection of serious incidents like this, but very frequently, human intelligence turns out to be more effective and useful.

John Reid, by Steve Punter, cc-by

The CDB's central plank involved massive data collection coupled with data mining. Many people such as Bruce Schneier have pointed out that data mining for 'suspicious' but very rare patterns will return 'false positives' just because of their rarity; improving the tightness of pattern matching on the other hand simply means you miss the incident when it happens.

The best argument that the Home Office put forward for it has been that, when they find someone is suspicious, it is useful to go back through communications records. But that puts us all under suspicion for the times when the police have a suspect, and is already investigating them. How often would such cases really reveal information that was so new that the outcome of a case would be different?

As Peter Sommer pointed out in our Digital Surveillance report, usually other quite mundane kinds of activity, such as gathering resources and planning with others, are what reveals the criminal's hand.

Lord Carlile and John Reid have a long history of making calls like this. They are in poor taste, and should be seen for what they are: attempting to take advantage of someone’s death for political advantage. No doubt they are in touch with people in the Home Office who continue to have ambitions for the Snoopers' Charter, but it is unclear that the public are simply going to respond in the way they want.

Rather, these calls are a tactic which can convince fearful and risk-averse politicians into doing the wrong thing in the name of being able to say they did everything in their power, even if those things are in fact pointless.

Widespread erosions of our rights aren't an acceptable response to people who seek to limit our liberty through violence. Calls like those from Lord Carlile if answered would mirror the outcomes that the perpetrators seek, by overstating their influence on our society, and undermining the legitimacy of our laws. We can only preserve our freedom by protecting it, not by removing it, step by step.

Political leaders including Nick Clegg and Ed Miliband must firmly reject these calls, and reprimand Carlile and Reid for their behaviour.

 

[Read more] (4 comments)


May 21, 2013 | Ed Paton Williams

A Quick Look at some Mobile Providers' Customer Data Policies

There's been concern recently about what mobile providers are doing with customers' data after a Sunday Times article on EE selling information about them. We've had a brief look at some of their customer data policies to try to work out what's going on.

The article in the Sunday Times described a deal for the sale of customer data between mobile operator EE and polling organisation Ipsos MORI, who in turn, the Sunday Times claimed, tried to sell the data to the Met Police. EE say that the data they sell has been aggregated and anonymised. 

We've been asking people to write to their mobile operators to check how their information is used. You can do that using our tool. ORG is concerned about what information is being shared, who it is shared with, and for what purposes. Mobile providers should clarify how they are aggregating and anonymised the data, because there are well-documented risks that people can be re-identified from anonymised data. Customers are not being asked to opt-in or opt-out of their data being used like this.

It is not just EE that are looking to sell data about their customers to other companies.

For example, Telefonica (who own O2) say that their 'Dynamic Insights' team “collect mobile data, anonymised and aggregated, to understand how segments of the population collectively behave. We trace trends and the behaviours of crowds, not individuals. We use this insight to enlighten the space between organisations and their users, enabling them to improve their propositions, and businesses.”

They say that this data will help retailers, councils, and public safety bodies to understand the movements of large groups of people. Like EE, they stress that only anonymised and aggregated data is used:

“it is our belief is that in the field of analytics customer data can be used responsibly in two ways: either it must be anonymised and aggregated so that no individual can be identified, or the appropriate customer permissions must be in place. By using anonymised and aggregated data we seek to achieve best practice standards and subject ourselves to expert peer review to achieve this.”

Similarly, Vodafone set out how they are looking at “unleashing powerful insights with mobile analytics”. They say that this information “can be used to drive new business strategies, challenge preconceptions and help identify new marketing opportunities. Mobile analytics can provide powerful insights to inform your enterprise operations.”

Their privacy policy sets out that they “carry out research and statistical analysis to monitor how customers use our network, products and services on an anonymous or personal basis”.

Giffgaff say in their privacy policy that they “analyse markets and produce reports, perform research and statistical analysis and to monitor usage behaviour”, but it is not clear from their policies whether they share 'anonymised' data with third parties for the sort of research and marketing purposes described in the Sunday Times article.

Virgin Mobile's privacy policy says that "We may also, subject to your consent, use your personal information to contact you with information about special offers and rewards. Additionally, we may, subject to your consent, disclose your personal information to other Virgin companies so that they can contact you with information about their products and services. But don't worry, your details won't be shared with companies outside the Virgin group for marketing purposes without your consent."

[Read more] (1 comments)


May 17, 2013 | Ryan Jendoubi

Taking the privacy message to MEPs

This week ORG supporter Ryan Jendoubi visited MEPs in Brussels to ask them to support stronger privacy rights - as part of our ongoing Naked Citizens campaign. In this post he talks about why he was there and how the message was received.

Ryan in the European ParliamentI'm Ryan Jendoubi — programmer, aspiring lawyer, and member of ORG's Supporter Council. On Wednesday I arrived back from Brussels where ORG's Peter Bradwell and I were meeting with other members of European Digital Rights (EDRi). We were there to be briefed on the current status of the EU's proposed new Data Protection Regulation, and then meet with MEPs and their staff to advocate for stronger privacy protections.

The trip – a sort of European Parliament safari – forms part of the Naked Citizens campaign, which is all about giving people control of their personal information.

I think most people have a decent grasp of what "data protection" should be about, namely protecting the personal information and privacy of citizens. However, even that basic, common-sense starting point seems to be lost on some industry lobbyists and political groupings in Brussels.

I was shocked to find that, despite having had European rules on data protection since 1995, many of the amendments which have been tabled in the last few months would have the effect of completely unravelling the protections currently in place, when we should of course be aiming to consolidate and strengthen those protections for the ever more data-rich world in which we live.

Our discussions with MEPs were focussed on five primary areas of concern: the definition of consent (how clear an organisation has to be when asking for your data), purpose limitation (how much they have to tell you about what they'll do with your data), the "legitimate interest" principle (the scope of an organisation's right to use your data without your consent), profiling (making automated decisions about you based on personal data they've collected) and "pseudonymous data" (data about you, but with your name removed).

That might seem like a lot to get your head around, but it's a pretty good distillation of a proposal that comprises 91 Articles and almost four thousand proposed amendments — I was entirely new to all this of course, but apparently four thousand is quite a lot!

You can find out about each of these topics in section three of the Naked Citizens report, written by ORG and other EDRi members (my personal favourite problem is pseudonymous data, but I'll refrain from going off on one here).

The two meetings I had with MEPs' advisers contrasted drastically.

The first advisor worked for an Austrian MEP called Hubert Pirker, who had co-signed several of the amendments we think would be very damaging for people's privacy, for example suggesting the removal of the word 'explicit' from the definition of consent (see these two amendments, for example) and the broadening of the 'legitimate interest' principle (see these two amendments).

It was good to have the opportunity to engage with him, and we got some good points in. He listened to our arguments very politely, but the overall impression was that they were pretty set in their views.

On the other hand the second person we met, the assistant to MEP Carlos Coelho, despite being an advisor to an MEP in the same conservative grouping as the first, was very keen to listen, to acquire factual arguments to counter those she had been hearing from insurance industry lobbyists just hours before!

That experience showed me the immense value in seeing past party affiliations, getting to know MEPs and advisers as individuals and having ongoing relationships with them.

In addition to that, the trip was a lesson in why having full-time campaign groups like ORG and EDRi is so essential. It's not just the keeping up with legislative developments (again, four thousand amendments). They do the running around giving briefings and meeting politicians and advisers, be it in London or Brussels, and help to connect citizens with politicians and policy makers too. I was fortunate that on this occasion my employer was flexible enough to let me sneak off to the continent for three days, but volunteer work alone would not win this fight.

You know that companies which stand to have their exploitation of people's data curtailed have staff working the halls of power 24/7. ORG and its sister organisations in EDRi are there to make sure that we have a voice at the table as well.

At the same time, making sure MEPs hear citizens' voices directly, whether it is through a visit to their office, a phone call, a postcard or an email, is really important. MEPs need to know that their constituents care about what they are doing, are watching the decisions they are taking, and want to see their privacy rights respected.

That's why ORG and the other members of EDRi have launched their Naked Citizens campaign. You can send a postcard or email to your MEP from the campaign site

As a little coda to the heavy politicising, one other thing I enjoyed in the EU Parliament was walking the members' corridors and seeing national decorations, the tourism materials for their various home counties, posters for small film showings in the Parliament, notice boards with ads for dance lessons, day-care, or a second-hand coffee table for €10... all the little human things.

For me, as for a lot people I think, politics is a bit like a force of nature which happens a long way away for reasons I don't fully understand and occasionally upsets things — sort of like solar flares. So seeing the human side of it is quite nice. Or scary, perhaps. For example, I also saw a large green bear.

[Read more]


May 17, 2013 | Javier Ruiz

Shakespeare: on the mark for open data, misses on privacy and transparency

The independent review on public data prepared by Stephan Shakespeare, chair of the Data Strategy Board, has just been published. Much of what Shakespeare recommends is very good stuff, and includes things that ORG has been proposing for some time. But we have some disagreements, particularly on the analyses and proposals around privacy.

UK Government CO2 emissions 2011 (actual volume)

We will not cover every recommendation. The full text including an executive summary can be found HERE.

National Data Strategy

Shakespeare looks at the big picture and proposes a National Data Strategy that overcomes the current fragmentation and piecemeal approach. This would be based on a clear principle of citizen ownership, and reach both government departments and the Trading Funds that sell high value data. The initial focus would be on education, health, economic and public administration data.

We will have to wait until the official response to know whether these recommendations are accepted by government. Previous attempts to crack the trading funds have been slow to progress. The review is accompanied by an economic study carried out by Deloitte that estimates the cost of opening the trading funds at £143 million. The benefits from opening all PSI are calculated at £1.8bn in direct value with wider social benefits of £6.8bn. This is not the first such report, and previous calculations have simply not been accepted by those responsible at BIS. 

But will it work in practice?

These proposals will inevitably be compared with changes in US policy. Obama’s recent executive order on Open Data sets the bar very high. The order sets clear guidelines for engagement, reporting and moving on from a similar cherry-picking approach. But both in UK and USA the problem has been implementation. The order from Obama demands that departments index all their data, but in the UK government bodies supposedly have had an obligation to build comprehensive asset inventories for some time, and failed to do so. 

The recommendations do not explain how this will change. There are some excellent proposals to improve the governance of open data with a review of the complex structures. ORG has direct experience of engaging with the proverbial right and left hands, and has raised this issue with policy makers. But it may not be enough. The US seems to take a stronger line and will force departments to open.

Private sector data

Other positive proposals centre on the data from private companies. Shakespeare proposes an environment where public and private sector support each other and share data. We think this is good as long as it does not involve personal information. We support calls for companies to share data on private-public partnerships, but the proposed mechanism of procurement clauses may not be enough. Changes to FOI law would have been preferable.

Also very much in line with ORG’s thinking is the idea that private data derived from the activity of citizens is co-owned by them and should return value to citizens while respecting private investment. Midata is presented as an example, but this is a narrow understanding of the implications of this. We need wider governance models for both public and private data.

Transparency vs Growth

Less positive is the exclusive focus on economic growth, against transparency and accountability. This separation is artificial and problematic, and risks that if the economic benefits are disputed the whole policy could be endangered. Instead, transparency and accountability should be recognised as the basis for a public interest data policy, with economic growth building upon these.

The review does not completely avoid the topic. Calls for “systematic and transparent use of administrative data” in policy are very welcome. We agree that we should embed this in an improved democratic process of consultations and impact assessments.

Trust and privacy

It is good that privacy is given a lot of consideration, but we have to disagree on some of the analyses and recommendations. In the review the main privacy risks of public data can be divided into those affecting identifiable data and those around anonymous data. Shakespeare recommends a “pragmatic policy on privacy” based on two main pillars: 

Technological measures

He proposes sandbox technologies with restricted access control for selected groups such as researchers. This implies that the data is not fully opened, as it would cover personal and pseudonymous data. While a good idea in principle, there are issues around governance.

Anonymisation is seen as the main vehicle to convert personal data into open data. Although the review acknowledges that anonymised data receives stronger protection in other European countries, it does not properly explore the implications of the growing mountain of evidence that anonymisation in itself does not provide long term protection. It simply refers to the work of the ICO, which has developed a Code of Practice of Anonymisation and an expert network. 

There are good ideas for better complaints system - we propose a responsible disclosure framework - and some consideration of opt-outs, but these are not properly developed.

Self regulation with stronger penalties

It is slightly disappointing that citizens’ privacy remains being perceived a hurdle, instrumentally required in order to build trust rather than as a fundamental right. 

According to Shakespeare, citizens have an “unrealistic degree of expectation” of the capacity of those who hold their data to truly protect it, and this inhibits innovation. He proposes a “privacy through accountability” model that would shift the responsibility to ensure that citizens are not harmed to the re-users rather than the primary holder of the data, which currently bears the main responsibility. This is proposed by Mayer-Schönberger and Cukier in their book Big Data.

These proposals follow a model similar to ICO Code of Practice of Anonymisation, where if the organisation holding the data follows procedures and tries its best, they won’t be held fully responsible for re-identification by third parties. 

This self-regulation model would be coupled with stronger penalties for misuse, including criminal sentences. This has been a demanded for some time by the ICO and privacy groups, and it appeared again at the Leveson inquiry. The European Data Protection Regulation currently discussed in Brussels contemplates stronger fines based on revenue, rather than the paltry fixed amounts the ICO can currently adjudicate. 

But a fundamental issue not tackled by these proposals is that citizens have to rely on the ICO for fines or punishment, and have no power to demand compensation. Allowing for class action on damages would be a good addition to fines and punishment. It would also be important lo look at the wider impacts, for example in relation to profiling and discrimination law, where no data breach will take place.  

The review makes sensible proposals about better guidance and privacy impact assessments. Ethical guidelines for researchers, also proposed by Shakespeare, are certainly a good idea, but we cannot agree that “best practice guidelines should be enough”. Non enforceable systems should build on top of a strong baseline of statutory data protection. Also, rather than an industry self-regulation approach, we would prefer a multi-stakeholder governance model that involves the data subjects as well.

In any case, privacy regulation is a veritable legal supertanker and such fundamental changes to basic principles of accountability of data controllers will be limited both by EU level legislation and other international processes. The Shakespeare review may have benefitted from broader consultation with civil society groups.

Other reactions on the web

The Guardian: The Shakespeare review: what's the future of UK open data?

Open Knowledge Foundation: positively received

Open Data Institute: ODI calls for government to act fast in response to Shakespeare Review

Paul Maltby (Head of Transparency at the Cabinet Office) on core reference data

 

 

 

[Read more]


May 14, 2013 | Ed Paton Williams

Naked Citizens: Protect your Privacy!

Imagine you opened your door tomorrow morning and found hundreds of naked people there waiting for you. Now what if they all started telling you what they thought about something you’d assumed not many people cared about. Naked people...talking about data protection? It’s safe to say it’d get your attention.

After a little sit down and maybe once everyone had covered themselves up a bit, you’d probably want to find out just why all these people had turned up at your door. You’ve just put yourself in the shoes of your MEPs who are receiving postbags full of cards just like this one.

Naked Citizens Postcard

People from across Europe are sending postcards like this to their MEPs asking them to support new proposals protecting our privacy and giving us control over what happens to our data.

Join them right now - click here to send your postcard! You can choose the message and how it looks and everything.

Big business isn’t standing by though. They are flooding the normal democratic process with lobbying to get the plans watered down and strip us of our right to privacy. It wants to keep on profiting from our most intimate data.

Take Everything Everywhere, reported this week to be selling the data of their 27 million mobile customersto the polling company Ipsos MORI. EE customers’ personal details could have been revealed to the police without their consent. EE say that the data has been anonymised but it is often possible to re-identify people from anonymised data.

Phone companies like EE have been pushing particularly hard against the new data protection plans. It’s not hard to see why. They wouldn’t be able sell their customers’ data without their consent.

As they stand, the new regulations would help make sure we control what happens to our data, not the big corporations making money from data about our personal lives. Here’s what the new laws would mean for you. 

  • You’d be able to decide who gets access to your data, what they can do with it and who they can give it to. You could delete your data or move it wherever you like, whenever you like.
  • Your data would be protected whenever you could be identified. This includes so-called pseudonymous data that could still single you out despite being stripped of personal identifiers such as names and addresses.
  • Services that want to use your data would have to get your explicit consent beforehand so there’d be no more vague or easy-to-misunderstand ‘agreements.’
  • There would be severe penalties when the rules were broken to help deter companies from misusing your data and infringing your privacy.

But all this is under threat. If the big corporations and their armies of lobbyists get their way, the new law won’t have any teeth and companies will just keep on invading your privacy.

Help stop their full frontal assault on our personal data! Please send a postcard to your MEPs.

Read more about the amendments to the Data Protection regulations that would threaten citizens' privacy in this report put together by digital rights organisations from around Europe.

[Read more]


May 13, 2013 | Jim Killock

EE and sale of user data: does Anonymisation work?

This afternoon, EE called ORG to ask us about our blog. They did not question the article, but confirmed that it is their belief that IPSOS MORI employees misrepresented what the data they are offering can do.

They said in response that “most” of the data is large, aggregated datasets, of around 50 users. However, their customers currently don’t know how and when their data might be aggregated or made available in an anonymised form.

Anonymising datasets rarely prevents re-identification. For instance, Nature highlights research showing “in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.”

Cambridge research on network identification shows similar kinds of results.

In response to these publicly-aired concerns, the CEO of Ipsos Mori offered data to researchers:

Ben Page, Ipsos MORI ‏@benatipsosmori
@PlanetJamie39 @PaulbernalUK @patrick_kane_ I don't see why not. Should publish peer reviewed paper on this data

But there are other answers to the problem, other than waiting for a public outcry. These are

  1. Ask for users’ permission before offering their anonymised data. Make this legally required in data protection, helpfully being debated right now.
  2. Open anonymisations techniques for peer review. Then the best brains can help spot mistakes. Such approaches take place in security software, e-voting software, and of course in Open Source software more widely.
  3. Offer “responsible disclosure” mechanisms for people to explain when they see mistakes, so data providers can stop the problem.

Mobile companies are not the only people playing with fire in this way. There are also government data initiatives, which are even more worrying, looking at personal health data, education and benefits data.

If you want to do something today, why not ask your MEP for strong data protection, as a first step?

[Read more] (2 comments)


May 13, 2013 | Jim Killock

EE selling your data to pollsters and police

The Sunday Times has published an explosive piece about an exclusive deal for the sale of customer data between mobile operator Everything Everywhere and polling organisation Ipsos Mori, who in turn have tried to sell the data to the Met Police.

The details that have emerged since imply that access to the data is partially controlled by use of “anonymisation” - a controversial practice which many people believe to be highly circumventable in practice.

According to the Sunday Times (Paywall), the data offers the following insights:

  • Gender, age and postcode of users as well as friendship networks, plus calling circles, customer interests (eg sport, film, news) and activity at work or at home
  • Calls data, including time of day call is made, number called, duration of call and customer location to a 100-metre radius
  • Data on texts, including time of day it is sent and location of customer
  • Mobile web and app usage, including domain name of sites visited, session length, duration on site, previous and next sites visited and amount of data uploaded and downloaded during session
  • Customer location, which is determined by call records or mobile phone ID, to an approximate accuracy of 100 metres, and profiles of customers, potentially including spending patterns.

Access to such data normally requires personal consent in data protection law. This is why
Ipsos Mori have been quick to reject claims that the data would allow for any individual to be singled out (Press Release).

Ben Page, the CEO of Ipsos Mori, has taken to Twitter to assure critics that their data only provides aggregates of 50 people within a 700 sqm area, or "across a time period", showing "mas[s] movements of people - but not individuals". The data is "anonymised" by EE and according to Page it would allow the Met to know "what travel, crime, info sites people look at when in West End for example, but anonymously".

However, the Sunday Times article contains details of conversations between Ipsos Mori and the Met about the ability to track individual protesters after a demonstration. This would be surveillance on a par with the Snoopers’ Charter and it is perhaps unlikely that a major company would commit such major privacy blunder. However, what employees are doing or saying is another thing.

The Sunday Times’ evidence is that employees are making such claims: this must be investigated by the ICO, or a police force other than the Met. After all, T-Mobile’s employees (now part of the EE group) got into trouble in 2009 by selling customer data - thus we do not have confidence that official positions are without doubt representative of practice on the ground.

However, even if the most serious claims turn out not to be true, the incident reveals a massive loophole in UK data protection law, parallel to practices in the USA that are seeing anonymised or pseudonymised data being sold and reused on a massive scale and in the developing world: for instance Jana obtains data from millions of developing world mobile phone customers.

The deal is part of growing trend by companies to make money out of data they collect in the course of carrying their businesses. Credit card companies, car manufacturers, and of course, mobile phone operators are creating secondary revenue streams.

Ipsos Mori argue that their system is compatible with EU data protection, but this may not be the case. Telefonica launched a similar service, but withdrew it from Germany. In Germany customers would have to give their consent for this kind of data use, but not in the UK. This is a good example for why we need the new European Data Protection Regulation. 

The attempt by big business to remove anonymised personal data from your control is one of the central battlegrounds in the new Data Protection Regulation, being debated in Europe right now.

Companies including EE and other telcos are arguing that consent should not be necessary to resell data or access to third parties. While that may be a business opportunity, it is also one that is already undermining trust between consumers and business in the USA and the UK.

The EE deal with IPSOS MORI and subsequently the police is as good example as any why we should be supporting the new Data Protection Regulation and resisting attempts by big business to remove the need for consent to anonymise your data. 

Today what was previously thought of as a technical question showed itself to have very clear and disturbing consequences. Let your MEPs know that you need them to protect your data rights, by sending a postcard through the Naked Citizens campaign site.

Update: EE called us this afternoon to talk about what happened. We promised we would write back with the policy asks we have for anonmymisation techniques.

[Read more] (2 comments)


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail