call +44 20 7096 1079


June 05, 2013 | Lee Maguire

Tickets for the final IT Crowd recording

Two tickets for the recording of the final episode are being auctioned to raise funds for ORG.

Update (7th June): The bidding was closed at 10am, and we've gotten back in touch with the highest bidder.  Thanks for everyone else's participation.

Comedy writer, and ORG advisory council member, Graham Linehan has arranged for two audience tickets for the recording of the final episode of The IT Crowd(Sharp-eyed viewers may have noticed the ORG logo amongst the on-set paraphernalia.)

Filming takes place this Saturday (8th June 2013) at Elstree Studios.

If you're interested in the tickets, please email and make a blind bid for them before 10am on Friday the 7th.

Note that if you're planning on attending ORGCon 2013 on the same day, you may need to leave before 17:30 (the scheduled end) in order to make it to Elstree Studios for the 18:00-18:30 check-in.

Tickets for the TV shows are free and anyone can apply via Permission has been granted for ORG to use these tickets for fundraising. Tickets for the I.T. Crowd are fully booked, but you can apply to be on the waiting list.

Minimum age for entry is 16. The winner will need to provide name, postcode, email address and phone number for the booking to be updated. Other terms below:


  1. This ticket is complimentary, not for sale, non-transferable and is issued by Elstree Studios ('The Studio') and Retort TV ("The Company").
  2. The Company and The Studio reserve the right to refuse entry to any person or to cancel or alter the times of commencement of the performance or the programme without notice to the ticket-holder and without liability to the ticket-holder in any respect whatsoever.
  3. Entry is subject to studio capacity and also by The Company and The Studio's discretion. This ticket does not guarantee entry.
  4. Neither The Company or their servants, agents or associates shall be liable for any loss or damage to property or personal injury of the ticket holder or to any other person associated with the ticket holder unless caused by the wilful or negligent act or omission by The Company, The Studio or their servants, agents and associates.
  5. The taking of photographs and the making of any other form of visual or sound recording by the ticket holder is strictly forbidden.
  6. Ticket-holders shall comply with all directions given to them from time to time by The Company, The Studio, or their servants, agents or associates.
  7. Children under sixteen years of age will not be admitted.
  8. Attendance at the recording shall constitute irrevocable permission by the ticket-holder to participate in and / or to be filmed / recorded and for The Company and The Studio to exploit any and all recordings of the programme or parts thereof (including any parts in which the ticket holder has been filmed/recorded) by all means and in all media without limitation as The Company shall deem appropriate.
  9. WARNING: Please note (i) ASTHMATICS - due to special effects used in some programmes, it may be necessary for us to use synthetic smoke. (ii) Strobe lighting may be used during the recording/ transmission.

[Read more]

June 05, 2013 | Ed Paton-Williams

What are Mobile Providers Doing with Customer Data? - The results so far

Last month, ORG set up an email tool to help people ask their mobile provider what they're doing with customer data. Are they selling it to other companies? If they're anonymising it, how are they doing that? Do they give customers the chance to opt-in or opt-out? These are the results from the responses so far.

Since we set up the tool, hundreds of you have used it to contact your mobile provider. Many of you have forwarded us the responses you've had from your mobile provider – thank you!

What, then, are mobile companies telling customers who contacted them? And what do their Privacy Policies say?

O2, Vodafone and EE have all replied to their customers to say that they provide analytics on aggregated and anonymised data sets of their customers to third party companies. Their privacy policies have sections to this effect.

Virgin Media say that they don't sell their customers' data and their privacy policy says they may pass on aggregate information about their customers' mobile use to third parties.

EE have told us that all customers have agreed to their Privacy Policy and implied that this counts as customers giving consent. O2 and EE argue in their responses to customer emails that because they are aggregating and anonymising data, the law does not require them to ask customers to opt-in or opt-out.

The vast majority of people want a mobile phone connection to help them manage their lives. In effect, mobile providers are presenting their customers with the choice of whether to have a mobile phone or to have their data included in mobile analytics datasets.

Come to a discussion panel in Parliament today at 2PM to hear more about mobile analytics and privacy. Representatives from EE, the ICO and Ipos MORI as well as Julian Huppert MP and Joss Wright from the Oxford Internet Institute will be discussing how mobile providers are handling data, what consent customers should expect to have and how data is being anonymised and aggregated.

Have a look to see what your mobile provider is doing with customer data and what their privacy policy says. For more information about what they said in their responses and the relevant contents of their privacy policies, see the ORG wiki page.

  What they're telling their customers What their Privacy Policy says
EE We are able to provide historical reports from our database about mobile network usage of large groups of customers. These reports analyse how, when and where our network is being used by these large groups and what it is being collectively used for. EE does not sell any individual customer’s personal data.

All data shared is anonymised and aggregated so that it is not possible to identify an individual. EE anonymises data in accordance with industry standard and the ICO Anonymisation Code of Practice as appropriate to the data in question.

As market research that is shared with third parties is anonymised and aggregated, and it is not possible to identify an individual, we currently don’t offer an opt-out for - network level data.

We use your personal information for the following purposes:
  • to provide aggregated statistics about our sales, customers, traffic patterns to third parties, but these statistics will not include any information that is likely to identify you
  • to carry out research and analysis and monitor customer use of our network and products and services on an anonymous or personalised basis to identify general consumer trends and to understand better our customers’ behaviours and partner with other businesses to create new services and to develop interesting and relevant products and services for our customers, as well as personalise the products and services we offer you.
Vodafone Vodafone is evaluating analytics projects, and we’re aware that these types of activities can only succeed if customers have control over how their data is used and feel that they receive some value in return.

While we believe that anonymisation and aggregation are important steps in protecting data, we are also in the process of developing better tools to enable customers to make informed choices about their participation in these types of projects.

We participate in an industry-wide initiative started in the UK in 2008 to provide mobile audience web and app measurement for publishers and advertisers.


There was no mention of how to opt-in or opt-out of such analytics.

We may use and analyse your information to:
  • Carry out research and statistical analysis to monitor how customers use our network, products and services on an anonymous or personal basis

The information we use will be your approximate location, based on the nearest mobile cell site. As a result, this will change as you move around with your mobile phone.

Vodafone appear to do their mobile analytics in house with Vodafone Global Enterprise.

We track communications records, data usage and location-based information to the nearest town.

The data is aggregated and analysed at a numerical level and participants can choose to remain anonymous when they sign up, so they aren’t personally identifiable from their data.

O2 In 2012 we announced a data analytics business which included a product called Smart Steps.

Smart Steps is about measuring the size of anonymous crowds of people - this does not include the selling of any individual customer’s data and it will never be possible to identify an individual customer.

Smart Steps extrapolates trends from anonymised and aggregated data. Customers’ personal information is never sold or disclosed.

With Smart Steps, there is no disclosure of a customers’ personal identity to “opt out” from.

We may use and analyse information about you in order to:
  • aggregate information about you, your spending and your use of the Services with information about other users of the Services in order to identify trends. We may pass Aggregated Data to third parties, such as advertisers, content providers and business partners or prospective business partners, to give them a better understanding of our business and to bring you a better service. Aggregated Data will not contain information from which you may be personally identified.
  • analyse information about you including your calling, searching, browsing and location data on a personalised or aggregated basis. We may pass this data to the third parties mentioned above and we may use this information to provide you with targeted O2 or third party offers, promotions, adverts or commercial communications.
Virgin Mobile Thanks for getting in touch. I can confirm that Virgin Media does not sell customer data. As such, we do not have an opt-in/opt-out policy.

I hope this answers your question.

We may use aggregate information and statistics for the purposes of monitoring usage of our services in order to help us develop our services, and may provide such aggregate information to third parties, for example, content partners and advertisers.

These statistics do not include information that can be used to identify any individual.

Tesco Mobile Tesco Mobile does not sell or pass on any customer data or anonymised data externally. We do at times use our customer information internally to understand shopping behaviours and to develop and improve our products and services. We would like to reassure you that your details are safe and will never be released to companies outside the Tesco Group for their marketing purposes.

We will share your details among Tesco companies at home and abroad (e.g. Tesco Personal Finance) and businesses that process this information on our behalf (e.g. printers who need certain details to print mailings.


We have received a number of similar enquiries from consumers who have been prompted to contact us following press reports or by the Open Rights Group campaign.

We know that data privacy is of utmost concern to our customers and we can confirm that Three does not sell customer data. There may be circumstances where information is shared with third parties, such as service providers who help us deliver services to customers, or deliver services that the customer has subscribed to directly, but there are always be carried out in full compliance with privacy laws.

We may process “Your Information” for a number of purposes including:
  • to carry out market research
giffgaff No reply yet - Please let us know if you've had a reply from giffgaff. We may use and analyse information about you in order to:
  • Aggregate information about you, your spending and your use of the Services with information about other users of the Services in order to identify trends. We may pass Aggregated Data to third parties, such as advertisers, content providers and business partners or prospective business partners, to give them a better understanding of our business and to bring you a better service. Aggregated Data will not contain information from which you may be personally identified.
TalkTalk No reply yet - Please let us know if you've had a reply from TalkTalk. We may also use your information for research and statistical analysis with the aim of improving our services.

We may use the personal information we collect from you to build up a profile of your interests and preferences. This information may be disclosed to other companies in the TalkTalk Group Limited group of companies and carefully selected third parties and/or used to make you aware of products or services that you may find of interest.

Some of the companies' replies and all of their privacy policies are long so are heavily abridged here.

[Read more]

June 04, 2013 | Javier Ruiz

Mobile data for sale: meeting with EE sheds new light

Last Friday ORG met with representatives of EE to discuss the details of their mobile data analytics operation. The discussion was triggered by a Sunday Times article apparently claiming that Ipsos Mori was trying to sell highly personal information about EE customers to the Met Police, and our campaign following it.

This is in the lead up to our public panel discussion on Wednesday 5 June. The meeting with EE was very helpful for us to get a better idea of how the Sunday Times article came about. We have asked the journalists to give their side of events, but so far we haven’t had much luck getting a reply. Clearing up any doubts about the most serious accusations of breaching privacy laws should be the top priority for everyone here.

Phone in Hand

CC BY-SA 3.0 photo by Victorgrigas

According to EE, someone apparently mixed up some slides given at a sales presentation by Ipsos Mori to the Metropolitan Police. The two companies have entered a partnership to develop analytics services. These slides referred to the data EE holds on customers, but this was not meant to be in the analytics package. How this ended up in a newspaper story about Ipsos Mori and EE selling highly personal information to the police is still unclear.We are asking EE to make those slides public on Wednesday.

Our next question then concerns what data EE uses for their analytics. Mobile companies like EE hold a lot of information on us, their customers. They are in the unique position of being able to combine several domains of your life, including your personal details (name, address, date of birth, etc.), communications, location and internet habits.

For example, internet marketeers are able to track your web browsing via cookies, but they generally cannot match that data with your postcode or age. EE tells us that the data they hold and use for this service is simply what is mandated by data retention legislation, for example, top level URLs without details of actual pages. This means they keep but not EE keep this kind of data as long as required by law, but we would like more clarity on the exact terms.

ORG is concerned that as companies convert this big data into an economic asset, rather than a liability, there will be pressure to collect more data for longer periods. The law sets a minimum, but companies may be tempted to go way beyond requirements. ORG opposes data retention legislation as blanket surveillance. These laws have been found to conflict with fundamental rights in other European countries.

We are particularly keen to understand how EE are able to connect individual users and web activities at a specific time. The service they provide via Ipsos Mori appears to be able to tell you how many people were reading, say, on mobiles and tablets in Piccadilly Circus this morning.

This kind of insight has been a key discussion in relation to the Snooper’s Charter. We have been told repeatedly that new laws are needed because mobile networks make this impossible, as many users share the same internet connection. EE representatives weren't able to explain, but said that it may be a matter of granularity and have promised more information on this

The other issue we wanted to examine was what data does Ipsos Mori get, and makes accessible to clients. According to EE, Ipsos Mori never access their databases, but make requests and get “anonymised” and vetted insights on groups of at least 50, never on individuals.

Queries mainly combine location data (users connected to a cell mast) with demographics (age cohort, gender or first half of postcode) and behaviour. So far apparently this is mainly web browsing, but we are not sure what else has been tested. Our concerns here centre on the risks of anonymisation.

There is a wealth of research on how hard it is to protect identities, particularly with location data. And this is not an academic debate. Only last week AOL finally settled a multi-million dollar lawsuit over its failure to anonymise customer records shared for research purposes.

EE assure us that they comply with the Code of Practice on Anonymisation from the Information Commissioner, which takes a light touch approach. But even in relation to this minimal protection there seem to be a few things that could be improved.

Joss Wright provided an initial check up recommending formal Privacy Impact Assessments and independent review and statistical validation of their protection mechanisms. A particular problem is that if queries are assessed individually, without reference to other queries, they might be combined to single out individuals. ORG will be happy to work towards a sector code of best practice.

Mobile users will certainly be surprised to hear that their details are being used in this way, even if analysing customers behaviour may be common in other business sectors. To the best of our knowledge fixed line Internet service Providers do not analyse their customers web traffic to provide commercial marketing services. We are not sure this would be seen as acceptable. EE argue that their customers have consented to this in their privacy policy:

We use your personal information for the following purposes:

• to provide aggregated statistics about our sales, customers, traffic patterns to third parties, but these statistics will not include any information that is likely to identify you

• to carry out research and analysis and monitor customer use of our network and products and services on an anonymous or personalised basis to identify general consumer trends and to understand better our customers’ behaviours and partner with other businesses to create new services… We may use information about your location for research and analytics purposes but we will only retain this information in an anonymised form to ensure that you cannot be identified as an individual.

While this seems to comply with existing data protection legislation in UK, we think that companies may need to go beyond the law in order to win the trust of their customers. We remain concerned about the amount of information that mobile companies are able to collect and believe that their unique position may require an specific sector code of practice. This would also involve stronger processes on data handling, anonymisation and sharing with third parties than asked for in the minimal requirements typically set by the UK ICO.

Please join us on Wednesday as we continue this discussion in person.

[Read more] (1 comments)

May 31, 2013 | Peter Bradwell

What mobile internet filtering tells us about porn blocks

Mobile networks filter their Internet service by default, in the name of child protection. We've looked at what lessons this can teach those calling for more Internet blocking.

There's been plenty of coverage today of calls to do more to block access to pornography, and specifically pornography on the Internet. There's plenty to be frustrated about much of this, for example an inability to distinguish between child abuse images and pornography in some cases.

But for this post I'll focus on some lessons we can draw from the Internet filtering that already takes place, mostly by default, on mobile networks.

This post does not deal with whether blocking actually does what it is supposed to - for example, preventing access or exposure to adult material, or helping improve attitudes to sex or gender. This post is also not intended to tacitly endorse blocking as a strategy - it rather is written to report what we've observed happens when it is deployed. It is always worth reiterating that restricting access to pornography, in the way described below, is a different issue to tackling child abuse and access to images of it.

Whether you think that website blocking is a good idea or not, it is important to at the very least recognise that it has serious, tangible, negative consequences, especially when it is switched on by default at the network level. This post helps demonstrate what some - but by no means all - of these issues are and why they happen.

1. It's very hard to define what you think should be blocked

Blocking is almost never just about stopping access to pornography. Mobile networks block a wide variety of content, including blogs to content related to tobacco or alcohol. It is hard enough trying to define pornography, let alone what fits into categories such as 'bombs' or 'esoteric content'. Orange listed both of these as blockable categories on their website until a recent update to their customer services pages. I assume that the blocking categories remain the same, but have asked if this is the case and will report back if not.

Even if blocking is restricted to subcategories like 'violent porn', the ability to define what that means is made extremely difficult because websites and content are, due to the sheer volume of sites to check, by robots, not human beings.

An added complication is what age-level filtering is set at. What sort of material should a 17 year old have access to? What about a 13 year old? What about an 8 year old? All very different. Any default blocking involves decisions about what level to set content restrictions at for a given age. On mobile networks, there is no facility to allow parents to tailor filtering to suit their children's age.

2. The 'wrong' things will be blocked

Through mistakes or abuse, too many sites will be blocked. This is not in question. 

We have found political blogs, technology news sites, shops, community sites, a blog about things that go on a shelf, campaign websites and churches blocked on various mobile networks. The primary website of the privacy tool Tor (meaning the HTTP version of the Tor Project website, rather than connections to the Tor network) was blocked on Vodafone, O2 and Three last year. We heard from an online gift shop that was blocked over Christmas last year. We assumed this was because they sold engraved lighters - and thus were categorised as 'tobacco'. It took over a month to get this fixed. 

In Australia, 1,200 websites were accidentally blocked when the Australian Securities and Investment Commission tried to take down two sites it believed were behind a fraud campaign. 

There are a number of reasons why this might happen, including categories being too broadly defined and mistaken categorisations through to human error. As the filtering services are run by third party services, and exactly what is blocked is not known, there is also the danger that filtering will be abused for all of the reasons that someone might want to restrict access to a website - from commercial rivalry through to political censorship.

It is important to recognise that although it is often merely inconvenient for a user to be subject to filtering, it is more than inconvenience when your site is blocked. Because that could mean that customers can't access your shop. Or people can't read your political commentary. Or you can't share your cat photos. Whatever, sites stuck behind filters are cut off from anybody on the relevant network.

3. It's hard to find out what is blocked and why

There's no easy way of finding out if your site is one of those blocked - unless we require people to have accounts with every mobile network so they can habitually check for themselves. And if you're not in the UK, that's not really an option. Only O2 have a (very useful) URL checker.

So we don't really know why mobile operators block some websites, or how they come up with the categories that they think should be blocked, or how they decide what sites fit into those categories. They are not transparent enough about the categories they choose, what they consider fits in to those categories, or who decides these things.

Mobile operators all say that they act according to a code of conduct set by the Mobile Broadband Group. But this code does not itself provide any criteria for determining or defining ‘blockable’ content. It does point to a framework devised by the Independent Mobile Classification Body (IMCB).

The Mobile Broadband Group code of conduct that mobile operators adhere to states that filters are ‘set at a level that is intended to filter out content approximately equivalent to commercial content with a classification of 18.’ There is a process of interpretation, as mobile operators look to derive blocking lists from the framework specifications. There is an added layer of interpretation: these filtering lists are usually maintained by the external third-party providers of the filtering systems.

There is a further problem of how ‘current’ the frameworks are. The IMCB Framework to which mobile operators adhere in their filtering policies was written in 2005. The latest version of the code of practice on self-regulation was published in 2009, with the original published in 2004.

It is not clear how frequently the mobile operators, individually or collectively through the Mobile Broadband Group, review how appropriate the filtering classifications are, or more broadly the effectiveness of their filtering systems - whether mistakes are made, how prevalent they are, and how they deal with them.

4. Reporting problems and mistakes is very difficult

Mobile operators’ staff often seem uninformed about mobile Internet filtering, and thus they are poorly trained to help users making complaints - whether they are trying to report a mistaken block or have blocking removed. Furthermore, a customer’s request to have the filtering removed may be framed as a request to turn on ‘adult content’ – which suggests the primary interest is adult sexual material. That ignores the breadth of the content blocked under these filtering systems, noted above.

This is especially problematic for sites that are blocked. Most networks see this as only an issue for their customers, and specifically only about whether their account has blocking enabled. It can be especially difficult, therefore, to get your website delisted by the blocking service when it is blocked inappropriately. This for many will be a serious inhibition on their ability to trade or share information.

5. Failure to put effort into addressing the problems

One of the biggest problems with mobile blocking has been the haphazard way in which the systems work - for example, the way networks decide what content should be blocked, and how mistakes should be addressed. Mobile networks have faced significant political and media pressure to do something about possible access to pornography on their networks, but feel very little in the way of commercial or political pressure in the other direction.

So it's easy to see that there are not too many incentives for them to take seriously issues such as over blocking, the reporting of mistakes or decisions about what is 'blockable'. This is why it's really important that policy makers understand that the 'switch it off' calls are not as simple as they sound, and that there is a tangible impact on freedom of expression.

We have been looking at this for a while now, and published a report almost exactly a year ago called 'Mobile Internet Censorship: what's happening and what to about it." We made a number of asks of mobile networks - more transparency, more choice, better means of fixing mistakes. It's fair to say that aside from networks being slightly easier to contact, very little has been done to fix the problems.

There are other problems with website blocking, for example related to how easy it is to get round blocks, how website blocking won't really address access or distribution of illegal material, how it might lull parents into a false sense of security, how network blocking is a problematic technological solution, to name a few. And that's without looking at some of the calls for age verfication and registration made today.

The Government's position on website filtering for child protection currently seem reasonably sensible - help households make their own decisions about what is appropriate for them. We have to hope that the sort of pressure exerted by calls for more blocking made today, emotively made in the wake of such a tragedy, don't pursuade them to take a more drastic route without considering the consequences. 

At ORGCon next week Professor Andy Phippen will be giving a talk called 'Think of the children!', where he'll talk about his research into young people, technology and exposure or access to 'harmful' material. And Child Rights International Network will be talking about the impact of blocking on children's rights in our rapid fire talks session (they have written previously about this for ORGZine).

A full programme and tickets are available at the ORGCon website

[Read more]

May 31, 2013 | Jim Killock

Sacrificing freedom on the altar of political fears

The news debate moves onto more calls for Internet restrictions debates today, prompted by April Jones' murderer possessing illegal child abuse images. Some commentators have sought to blame Google – who takedown links to such material – and others have sought to link access to child abuse images to access to pornography in general, advocating restrictions for all adults.

These are extraordinarily big leaps, with little thought to the consequences. Restrictions on legal content, like pornography, come with many potential results. They may be the opposite of those intended. The wrong material may be blocked, or otherwise, people may simple remove all of the blocks, and find it easier to access illegal material, whether they wish to or not.

Comments, email, and peer-to-peer technologies are all hard to monitor and censor without disturbing results. Centralised mechanisms are extremely hard, if not impossible to impose.

Meanwhile, governments look for ways to grow the economy and jobs. The Internet and tech are one of the few parts of the economy that are continuing to grow. Judging by the headlines, if our politicians are simply allowed to follow their worst instincts, then both our freedom and economic future will be sacrificed on the altar of their fears.

We’ll be asking some of the hard questions at ORGCon, where Professor Andy Phippen will be presenting a talk about the best ways to help children as they grow up with the Internet.

[Read more]

May 30, 2013 | Ruth Coustick-Deal

What's Happening at ORGCon2013: Digital Arms Trade Debate

The digital arms trade is an increasingly pressing threat. Here we introduce and set the context for the discussion on this important issue taking place at ORGCon2013.

 ORGCon2013 is a great place to find about new threats to our online rights – and ways to combat them. One of these issues is the Digital Arms Trade, a new area for ORG, but one that is increasingly gaining attention and action. We're delighted that Eric King of Privacy International, Hauke Gierow, Reporters without Borders and Simone Halink, Bits of Freedom will be sharing their expertise at the conference.

The Internet is a tool for communication that has been shown over and over again to be a source of empowerment. It connects the LGBT teenager who is being bullied to find support and a network of friends online, it connects the activists suffering under oppressive regimes to one another, and allows groups on the ground to communicate human rights abuses to the world.

But the trade in surveillance technology undermines this potential and treats this technology as a tool for governments to surveil citizens and control their communications. 

In the UK we have seen policy makers spend years trying to persuade Parliament and the electorate to stand behind legislation for mass surveillance of the population. They seem unable to relinquish the idea that these powers are necessary for beating terrorists or paedophiles. Just this week we have seen a number of senior political figures claim that Snoopers' Charter powers could have prevented the Woolwich attack – despite MI5 saying that isn't the case.

In our campaigns against the Snoopers' Charter we have warned of the foreign policy problems that it would create and the terrible precedent it would set internationally. Our Professor Elemental video makes that point more eloquently than mere blogging can:

The digital arms trade is exactly what the Professor is talking about: surveillance and censorship equipment being exported across the world - and it is happening already. As EDRi (European Digital Rights) write on their site:

“Surveillance equipment is used, inter alia, to spy on journalists, bloggers, citizen journalists, democracy activists and their sources, friends and even loose contacts. Many suppliers of this surveillance infrastructure are located in the European Union, names like Nokia Siemens Networks, Gamma, Trovicor, Hacking Team and Bull / Amesys come to mind. Those firms supplied equipment to Libya, Egypt, Syria, Bahrain, Morocco and many more countries that have systematically violated human rights over the course of the last years. In all of these countries at the time of the instalment of surveillance infrastructure there was no press freedom and people were being tortured or imprisoned for criticizing the government."

You can find out more about this worrying issue at ORGCon by coming to the Digital Arms Trade panel. We have three excellent speakers who all have different experiences dealing with this threat:

Hauke Gierow from Reporters without Borders who campaign on this issue as one of the most pressing threats for modern journalism. It is key for journalists to be able to protect their sources and store their information securely in order to preserve a free press.

Simone Halink from Bits of Freedom. Bits of Freedom are a Dutch digital rights campaigning group and they have recently been fighting back against a new proposed surveillance law. The Dutch government announced plans for legislation that would give law enforcement new powers to investigate crime online. It would include the power to not only access emails, but also install spyware, destroy files and access servers located in other countries. Bits of Freedom will be sharing their insights and talking about how this law is an international threat.

Eric King of Privacy International will be speaking about their "Big Brother Inc" project. In 1995 PI produced a report called Big Brother Incorporated about the international trade in surveillance technology, the first investigation ever conducted on this issue. In it they point out that more than 80 British companies are involved, making the UK the world leader in this field. This report started their on-going project, Big Brother Inc, which continues to investigate, raise awareness of and campaign against the digital arms trade.

Come along and find out more about this and more at ORGCon2013, Sat 8th June. You can book your tickets here:

[Read more]

May 30, 2013 | Jim Killock

Snoopers' Charter debate at ORGCon

This week has seen an extraordinary deluge of comment on the Snooper’s Charter, seemingly co-ordinated by the Home Office. A succession of hardline Home Office sympathisers have sought to link the events at Woolwich with a need to spy on every citizen: despite the fact that the perpetrator was known to the police.

theresa mayEven MI5 agents have declared that the Snooper’s Charter could not have prevented Woolwich, and that calls for its revival are a “cheap argument”.

So far, the Lib Dems seem to be holding firm to the line they took when agreeing the Queen’s Speech. This was to reject the wider proposal for mass data collection and trawling powers. This week, Nick Clegg has declared this week on LBC that would back attempts to “link IP addresses to specific mobile devices”.

This mobile IP address problem is the one concrete example the Home Office was able to present to Parliament when pressed about ‘loss of access’ to communications data, which is proliferating at 1000% a decade.

However, they are clearly under a lot of pressure. The Lib Dems, like everyone else, want to avoid the impression that they may be hindering the police.

The responsible decision would be to wait, so that we understand what is really needed. Of course, that’s not how the Home Office work, who would rather use such incidents to push for whatever plans they have. That is how they leveraged compulsory data retention of Internet and phone records, not just for the UK, but across Europe, in the wake of 7/7. The result has been challenges on privacy grounds in a series of EU member states and now at the ECJ.

What we really need is to revisit the whole problem of digital surveillance, starting with the lack of supervision, non-transparency and proliferation of data requests. We should ask whether ‘data preservation’ can be put in place, rather than relying on blanket surveillance. Our Digital Surveillance report gave ten recommendations:

  1. Hold an overarching review, potentially through a Royal Commission, to properly study surveillance in the digital age.
  2. Judicial oversight of requests for intrusive communications data, in particular for all traffic data requests.
  3. Choose ‘data preservation’ rather than blanket data retention. Include quick response and emergency processes, and means to intelligently and accountably identify targets.
  4. Create a unified Surveillance Commissioner capable of carrying out a strong, independent audit with “multi-skilled investigators including human rights and computer experts.”
  5. Reject vague proposals, such as those in the draft Communications Data Bill, for automated, pervasive analytics tools designed to trawl through and across datasets.
  6. Provide stringent penalties for misuse of either powers or data.
  7. Individuals should be notified by default of a decision authorising the request for their communications data.
  8. Invest in law enforcement’s capacity to use and analyse the data already available to them.
  9. Lift the ban on the use of intercept evidence in court.
  10. Use the International Principles on Communications Surveillance and Human Rights developed by Privacy International and other groups as a template for future laws.

They are a good start for a thorough debate. We’ll be asking our panellists - including Julian Huppert MP, who was on the Parliamentary Joint Committee, and Peter Sommer, the digital evidence – how we can push these ideas, in the place of the rush to knee-jerk legislation. Hope to see you there!

[Read more] (1 comments)

May 28, 2013 | Ed Paton-Williams

Snoopers' Charter - How You Can Stop it Coming Back...Again

The Snoopers' Charter is back in the news. It's come back sooner than any of us expected. We've stopped it twice already so we know we can win. What can you do to help stop a revived Snoopers' Charter?

It's only been one month since Nick Clegg declared the Snoopers' Charter dead but already Home Secretaries past and present are calling for the Snoopers' Charter to be brought back in response to appalling tragedy in Woolwich.

John Reid - former Labour Home Secretary and director of G4S, currently working for security firm The Chertoff Group and a regular speaker on the security conference circuit - decided that monitoring the entire British population was an appropriate answer to Woolwich, just hours after the event.

Theresa May 
CC-BY Photo by UK Home Office 

Theresa May also wants to bring the Snoopers' Charter back. She's supported by another former Labour Home Secretary Alan Johnson who's suggesting that Labour could join forces with the Tories to get it through Parliament. All this despite many people, including May's cabinet colleague Eric Pickles, saying that Woolwich would not have been prevented by the Snoopers' Charter.

What can you do to help stop a revived Snoopers' Charter?

  1. Come to an ORG meeting
    Local ORG Groups are meeting up for everyone to hear and talk about what's happening with the Snoopers' Charter. We'll need to put pressure on lots of local MPs so these meetings are crucial to start fighting any new proposals.

    If you're anywhere near Sheffield, Manchester or Edinburgh, please come along. They're free to attend and it'd be great to see you there.
    Sheffield - Tuesday 11th June - Simon Phipps talk "CDB: The Zombie Bill That Just Won't Die"
    Manchester - Wednesday 12th June - Simon Phipps talk "CDB: The Zombie Bill That Just Won't Die"
    Edinburgh - Thursday 13th June - Panel discussion with Ian Murray MP, Marco Biagi MSP, and Jim Killock

  2. Come to ORGCon 2013
    ORGCon is on Saturday 8th June. It's our biggest event of the year and there're lots of things to get involved with to do with the Snoopers' Charter.

    We've put together a great panel to talk about the Snoopers' Charter including Julian Huppert MP who was one of the leading Parliamentarians on the issue. We've also got Peter Sommer who wrote much of our Digital Surveillance report on our proposals for better surveillance law.

    ORG's Campaigns Director Javier Ruiz is running an Activism Workshop to discuss how to get involved with our campaigns by meeting your MP face-to-face, writing to the media about digital rights issues like Snoopers' Charter and lots more.

    Tickets are just £16 for existing supporters and £28 for people who haven't joined us yet. Students get in for just £6!

    If you're not an ORG supporter yet, join today and get your ORGCon ticket absolutely free! It's a great chance to join a growing movement that supports our digital rights and stands up to those that try to take them away.

  3. Join ORG
    Joining ORG is one of the best things you can do to fight the Snoopers' Charter. We keep costs down as much as we can but running campaigns isn't free. When you join ORG you become part of a movement standing up for your digital rights. As an added bonus, if you join today you get a free ticket to ORGCon 2013 and a copy of keynote speaker Tim Wu's book The Master Switch.

  4. Email and Meet your MP
    Emailing your MP is an easy way to let them know you're against reviving the Snoopers' Charter. You can even use the opportunity to arrange to meet them at their constituency surgery.

[Read more]

google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail