call +44 20 7096 1079


May 31, 2013 | Peter Bradwell

What mobile internet filtering tells us about porn blocks

Mobile networks filter their Internet service by default, in the name of child protection. We've looked at what lessons this can teach those calling for more Internet blocking.

There's been plenty of coverage today of calls to do more to block access to pornography, and specifically pornography on the Internet. There's plenty to be frustrated about much of this, for example an inability to distinguish between child abuse images and pornography in some cases.

But for this post I'll focus on some lessons we can draw from the Internet filtering that already takes place, mostly by default, on mobile networks.

This post does not deal with whether blocking actually does what it is supposed to - for example, preventing access or exposure to adult material, or helping improve attitudes to sex or gender. This post is also not intended to tacitly endorse blocking as a strategy - it rather is written to report what we've observed happens when it is deployed. It is always worth reiterating that restricting access to pornography, in the way described below, is a different issue to tackling child abuse and access to images of it.

Whether you think that website blocking is a good idea or not, it is important to at the very least recognise that it has serious, tangible, negative consequences, especially when it is switched on by default at the network level. This post helps demonstrate what some - but by no means all - of these issues are and why they happen.

1. It's very hard to define what you think should be blocked

Blocking is almost never just about stopping access to pornography. Mobile networks block a wide variety of content, including blogs to content related to tobacco or alcohol. It is hard enough trying to define pornography, let alone what fits into categories such as 'bombs' or 'esoteric content'. Orange listed both of these as blockable categories on their website until a recent update to their customer services pages. I assume that the blocking categories remain the same, but have asked if this is the case and will report back if not.

Even if blocking is restricted to subcategories like 'violent porn', the ability to define what that means is made extremely difficult because websites and content are, due to the sheer volume of sites to check, by robots, not human beings.

An added complication is what age-level filtering is set at. What sort of material should a 17 year old have access to? What about a 13 year old? What about an 8 year old? All very different. Any default blocking involves decisions about what level to set content restrictions at for a given age. On mobile networks, there is no facility to allow parents to tailor filtering to suit their children's age.

2. The 'wrong' things will be blocked

Through mistakes or abuse, too many sites will be blocked. This is not in question. 

We have found political blogs, technology news sites, shops, community sites, a blog about things that go on a shelf, campaign websites and churches blocked on various mobile networks. The primary website of the privacy tool Tor (meaning the HTTP version of the Tor Project website, rather than connections to the Tor network) was blocked on Vodafone, O2 and Three last year. We heard from an online gift shop that was blocked over Christmas last year. We assumed this was because they sold engraved lighters - and thus were categorised as 'tobacco'. It took over a month to get this fixed. 

In Australia, 1,200 websites were accidentally blocked when the Australian Securities and Investment Commission tried to take down two sites it believed were behind a fraud campaign. 

There are a number of reasons why this might happen, including categories being too broadly defined and mistaken categorisations through to human error. As the filtering services are run by third party services, and exactly what is blocked is not known, there is also the danger that filtering will be abused for all of the reasons that someone might want to restrict access to a website - from commercial rivalry through to political censorship.

It is important to recognise that although it is often merely inconvenient for a user to be subject to filtering, it is more than inconvenience when your site is blocked. Because that could mean that customers can't access your shop. Or people can't read your political commentary. Or you can't share your cat photos. Whatever, sites stuck behind filters are cut off from anybody on the relevant network.

3. It's hard to find out what is blocked and why

There's no easy way of finding out if your site is one of those blocked - unless we require people to have accounts with every mobile network so they can habitually check for themselves. And if you're not in the UK, that's not really an option. Only O2 have a (very useful) URL checker.

So we don't really know why mobile operators block some websites, or how they come up with the categories that they think should be blocked, or how they decide what sites fit into those categories. They are not transparent enough about the categories they choose, what they consider fits in to those categories, or who decides these things.

Mobile operators all say that they act according to a code of conduct set by the Mobile Broadband Group. But this code does not itself provide any criteria for determining or defining ‘blockable’ content. It does point to a framework devised by the Independent Mobile Classification Body (IMCB).

The Mobile Broadband Group code of conduct that mobile operators adhere to states that filters are ‘set at a level that is intended to filter out content approximately equivalent to commercial content with a classification of 18.’ There is a process of interpretation, as mobile operators look to derive blocking lists from the framework specifications. There is an added layer of interpretation: these filtering lists are usually maintained by the external third-party providers of the filtering systems.

There is a further problem of how ‘current’ the frameworks are. The IMCB Framework to which mobile operators adhere in their filtering policies was written in 2005. The latest version of the code of practice on self-regulation was published in 2009, with the original published in 2004.

It is not clear how frequently the mobile operators, individually or collectively through the Mobile Broadband Group, review how appropriate the filtering classifications are, or more broadly the effectiveness of their filtering systems - whether mistakes are made, how prevalent they are, and how they deal with them.

4. Reporting problems and mistakes is very difficult

Mobile operators’ staff often seem uninformed about mobile Internet filtering, and thus they are poorly trained to help users making complaints - whether they are trying to report a mistaken block or have blocking removed. Furthermore, a customer’s request to have the filtering removed may be framed as a request to turn on ‘adult content’ – which suggests the primary interest is adult sexual material. That ignores the breadth of the content blocked under these filtering systems, noted above.

This is especially problematic for sites that are blocked. Most networks see this as only an issue for their customers, and specifically only about whether their account has blocking enabled. It can be especially difficult, therefore, to get your website delisted by the blocking service when it is blocked inappropriately. This for many will be a serious inhibition on their ability to trade or share information.

5. Failure to put effort into addressing the problems

One of the biggest problems with mobile blocking has been the haphazard way in which the systems work - for example, the way networks decide what content should be blocked, and how mistakes should be addressed. Mobile networks have faced significant political and media pressure to do something about possible access to pornography on their networks, but feel very little in the way of commercial or political pressure in the other direction.

So it's easy to see that there are not too many incentives for them to take seriously issues such as over blocking, the reporting of mistakes or decisions about what is 'blockable'. This is why it's really important that policy makers understand that the 'switch it off' calls are not as simple as they sound, and that there is a tangible impact on freedom of expression.

We have been looking at this for a while now, and published a report almost exactly a year ago called 'Mobile Internet Censorship: what's happening and what to about it." We made a number of asks of mobile networks - more transparency, more choice, better means of fixing mistakes. It's fair to say that aside from networks being slightly easier to contact, very little has been done to fix the problems.

There are other problems with website blocking, for example related to how easy it is to get round blocks, how website blocking won't really address access or distribution of illegal material, how it might lull parents into a false sense of security, how network blocking is a problematic technological solution, to name a few. And that's without looking at some of the calls for age verfication and registration made today.

The Government's position on website filtering for child protection currently seem reasonably sensible - help households make their own decisions about what is appropriate for them. We have to hope that the sort of pressure exerted by calls for more blocking made today, emotively made in the wake of such a tragedy, don't pursuade them to take a more drastic route without considering the consequences. 

At ORGCon next week Professor Andy Phippen will be giving a talk called 'Think of the children!', where he'll talk about his research into young people, technology and exposure or access to 'harmful' material. And Child Rights International Network will be talking about the impact of blocking on children's rights in our rapid fire talks session (they have written previously about this for ORGZine).

A full programme and tickets are available at the ORGCon website

[Read more]

May 31, 2013 | Jim Killock

Sacrificing freedom on the altar of political fears

The news debate moves onto more calls for Internet restrictions debates today, prompted by April Jones' murderer possessing illegal child abuse images. Some commentators have sought to blame Google – who takedown links to such material – and others have sought to link access to child abuse images to access to pornography in general, advocating restrictions for all adults.

These are extraordinarily big leaps, with little thought to the consequences. Restrictions on legal content, like pornography, come with many potential results. They may be the opposite of those intended. The wrong material may be blocked, or otherwise, people may simple remove all of the blocks, and find it easier to access illegal material, whether they wish to or not.

Comments, email, and peer-to-peer technologies are all hard to monitor and censor without disturbing results. Centralised mechanisms are extremely hard, if not impossible to impose.

Meanwhile, governments look for ways to grow the economy and jobs. The Internet and tech are one of the few parts of the economy that are continuing to grow. Judging by the headlines, if our politicians are simply allowed to follow their worst instincts, then both our freedom and economic future will be sacrificed on the altar of their fears.

We’ll be asking some of the hard questions at ORGCon, where Professor Andy Phippen will be presenting a talk about the best ways to help children as they grow up with the Internet.

[Read more]

May 30, 2013 | Ruth Coustick-Deal

What's Happening at ORGCon2013: Digital Arms Trade Debate

The digital arms trade is an increasingly pressing threat. Here we introduce and set the context for the discussion on this important issue taking place at ORGCon2013.

 ORGCon2013 is a great place to find about new threats to our online rights – and ways to combat them. One of these issues is the Digital Arms Trade, a new area for ORG, but one that is increasingly gaining attention and action. We're delighted that Eric King of Privacy International, Hauke Gierow, Reporters without Borders and Simone Halink, Bits of Freedom will be sharing their expertise at the conference.

The Internet is a tool for communication that has been shown over and over again to be a source of empowerment. It connects the LGBT teenager who is being bullied to find support and a network of friends online, it connects the activists suffering under oppressive regimes to one another, and allows groups on the ground to communicate human rights abuses to the world.

But the trade in surveillance technology undermines this potential and treats this technology as a tool for governments to surveil citizens and control their communications. 

In the UK we have seen policy makers spend years trying to persuade Parliament and the electorate to stand behind legislation for mass surveillance of the population. They seem unable to relinquish the idea that these powers are necessary for beating terrorists or paedophiles. Just this week we have seen a number of senior political figures claim that Snoopers' Charter powers could have prevented the Woolwich attack – despite MI5 saying that isn't the case.

In our campaigns against the Snoopers' Charter we have warned of the foreign policy problems that it would create and the terrible precedent it would set internationally. Our Professor Elemental video makes that point more eloquently than mere blogging can:

The digital arms trade is exactly what the Professor is talking about: surveillance and censorship equipment being exported across the world - and it is happening already. As EDRi (European Digital Rights) write on their site:

“Surveillance equipment is used, inter alia, to spy on journalists, bloggers, citizen journalists, democracy activists and their sources, friends and even loose contacts. Many suppliers of this surveillance infrastructure are located in the European Union, names like Nokia Siemens Networks, Gamma, Trovicor, Hacking Team and Bull / Amesys come to mind. Those firms supplied equipment to Libya, Egypt, Syria, Bahrain, Morocco and many more countries that have systematically violated human rights over the course of the last years. In all of these countries at the time of the instalment of surveillance infrastructure there was no press freedom and people were being tortured or imprisoned for criticizing the government."

You can find out more about this worrying issue at ORGCon by coming to the Digital Arms Trade panel. We have three excellent speakers who all have different experiences dealing with this threat:

Hauke Gierow from Reporters without Borders who campaign on this issue as one of the most pressing threats for modern journalism. It is key for journalists to be able to protect their sources and store their information securely in order to preserve a free press.

Simone Halink from Bits of Freedom. Bits of Freedom are a Dutch digital rights campaigning group and they have recently been fighting back against a new proposed surveillance law. The Dutch government announced plans for legislation that would give law enforcement new powers to investigate crime online. It would include the power to not only access emails, but also install spyware, destroy files and access servers located in other countries. Bits of Freedom will be sharing their insights and talking about how this law is an international threat.

Eric King of Privacy International will be speaking about their "Big Brother Inc" project. In 1995 PI produced a report called Big Brother Incorporated about the international trade in surveillance technology, the first investigation ever conducted on this issue. In it they point out that more than 80 British companies are involved, making the UK the world leader in this field. This report started their on-going project, Big Brother Inc, which continues to investigate, raise awareness of and campaign against the digital arms trade.

Come along and find out more about this and more at ORGCon2013, Sat 8th June. You can book your tickets here:

[Read more]

May 30, 2013 | Jim Killock

Snoopers' Charter debate at ORGCon

This week has seen an extraordinary deluge of comment on the Snooper’s Charter, seemingly co-ordinated by the Home Office. A succession of hardline Home Office sympathisers have sought to link the events at Woolwich with a need to spy on every citizen: despite the fact that the perpetrator was known to the police.

theresa mayEven MI5 agents have declared that the Snooper’s Charter could not have prevented Woolwich, and that calls for its revival are a “cheap argument”.

So far, the Lib Dems seem to be holding firm to the line they took when agreeing the Queen’s Speech. This was to reject the wider proposal for mass data collection and trawling powers. This week, Nick Clegg has declared this week on LBC that would back attempts to “link IP addresses to specific mobile devices”.

This mobile IP address problem is the one concrete example the Home Office was able to present to Parliament when pressed about ‘loss of access’ to communications data, which is proliferating at 1000% a decade.

However, they are clearly under a lot of pressure. The Lib Dems, like everyone else, want to avoid the impression that they may be hindering the police.

The responsible decision would be to wait, so that we understand what is really needed. Of course, that’s not how the Home Office work, who would rather use such incidents to push for whatever plans they have. That is how they leveraged compulsory data retention of Internet and phone records, not just for the UK, but across Europe, in the wake of 7/7. The result has been challenges on privacy grounds in a series of EU member states and now at the ECJ.

What we really need is to revisit the whole problem of digital surveillance, starting with the lack of supervision, non-transparency and proliferation of data requests. We should ask whether ‘data preservation’ can be put in place, rather than relying on blanket surveillance. Our Digital Surveillance report gave ten recommendations:

  1. Hold an overarching review, potentially through a Royal Commission, to properly study surveillance in the digital age.
  2. Judicial oversight of requests for intrusive communications data, in particular for all traffic data requests.
  3. Choose ‘data preservation’ rather than blanket data retention. Include quick response and emergency processes, and means to intelligently and accountably identify targets.
  4. Create a unified Surveillance Commissioner capable of carrying out a strong, independent audit with “multi-skilled investigators including human rights and computer experts.”
  5. Reject vague proposals, such as those in the draft Communications Data Bill, for automated, pervasive analytics tools designed to trawl through and across datasets.
  6. Provide stringent penalties for misuse of either powers or data.
  7. Individuals should be notified by default of a decision authorising the request for their communications data.
  8. Invest in law enforcement’s capacity to use and analyse the data already available to them.
  9. Lift the ban on the use of intercept evidence in court.
  10. Use the International Principles on Communications Surveillance and Human Rights developed by Privacy International and other groups as a template for future laws.

They are a good start for a thorough debate. We’ll be asking our panellists - including Julian Huppert MP, who was on the Parliamentary Joint Committee, and Peter Sommer, the digital evidence – how we can push these ideas, in the place of the rush to knee-jerk legislation. Hope to see you there!

[Read more] (1 comments)

May 28, 2013 | Ed Paton-Williams

Snoopers' Charter - How You Can Stop it Coming Back...Again

The Snoopers' Charter is back in the news. It's come back sooner than any of us expected. We've stopped it twice already so we know we can win. What can you do to help stop a revived Snoopers' Charter?

It's only been one month since Nick Clegg declared the Snoopers' Charter dead but already Home Secretaries past and present are calling for the Snoopers' Charter to be brought back in response to appalling tragedy in Woolwich.

John Reid - former Labour Home Secretary and director of G4S, currently working for security firm The Chertoff Group and a regular speaker on the security conference circuit - decided that monitoring the entire British population was an appropriate answer to Woolwich, just hours after the event.

Theresa May 
CC-BY Photo by UK Home Office 

Theresa May also wants to bring the Snoopers' Charter back. She's supported by another former Labour Home Secretary Alan Johnson who's suggesting that Labour could join forces with the Tories to get it through Parliament. All this despite many people, including May's cabinet colleague Eric Pickles, saying that Woolwich would not have been prevented by the Snoopers' Charter.

What can you do to help stop a revived Snoopers' Charter?

  1. Come to an ORG meeting
    Local ORG Groups are meeting up for everyone to hear and talk about what's happening with the Snoopers' Charter. We'll need to put pressure on lots of local MPs so these meetings are crucial to start fighting any new proposals.

    If you're anywhere near Sheffield, Manchester or Edinburgh, please come along. They're free to attend and it'd be great to see you there.
    Sheffield - Tuesday 11th June - Simon Phipps talk "CDB: The Zombie Bill That Just Won't Die"
    Manchester - Wednesday 12th June - Simon Phipps talk "CDB: The Zombie Bill That Just Won't Die"
    Edinburgh - Thursday 13th June - Panel discussion with Ian Murray MP, Marco Biagi MSP, and Jim Killock

  2. Come to ORGCon 2013
    ORGCon is on Saturday 8th June. It's our biggest event of the year and there're lots of things to get involved with to do with the Snoopers' Charter.

    We've put together a great panel to talk about the Snoopers' Charter including Julian Huppert MP who was one of the leading Parliamentarians on the issue. We've also got Peter Sommer who wrote much of our Digital Surveillance report on our proposals for better surveillance law.

    ORG's Campaigns Director Javier Ruiz is running an Activism Workshop to discuss how to get involved with our campaigns by meeting your MP face-to-face, writing to the media about digital rights issues like Snoopers' Charter and lots more.

    Tickets are just £16 for existing supporters and £28 for people who haven't joined us yet. Students get in for just £6!

    If you're not an ORG supporter yet, join today and get your ORGCon ticket absolutely free! It's a great chance to join a growing movement that supports our digital rights and stands up to those that try to take them away.

  3. Join ORG
    Joining ORG is one of the best things you can do to fight the Snoopers' Charter. We keep costs down as much as we can but running campaigns isn't free. When you join ORG you become part of a movement standing up for your digital rights. As an added bonus, if you join today you get a free ticket to ORGCon 2013 and a copy of keynote speaker Tim Wu's book The Master Switch.

  4. Email and Meet your MP
    Emailing your MP is an easy way to let them know you're against reviving the Snoopers' Charter. You can even use the opportunity to arrange to meet them at their constituency surgery.

[Read more]

May 28, 2013 | Claudia Mateus

Exciting speakers at ORGCon2013!

Listen to some of the excellent speakers that will be coming to our June 8th event, ORGCon.

Visit the ORGCon2013 website!

Freedom of Speech, Copyright, Open Data and Digital Arms Trade are some of the issues that our speakers will be discussing. In this video, Ian Brown, Jeni Tennison, Eric King, Gabrielle Guillemin and Hauke Gierow give us a preview of their talks at ORGCon!

[Read more]

May 23, 2013 | Jim Killock

Capitalising on tragedy

Yesterday's events in Woolwich were appalling, but Lord Carlile and John Reid wasted no time in attempting to use this atrocity in justifying a return to reductions in personal privacy and other human rights.

Lord Carlile said on Newsnight:

We have to learn proportionate lessons from what has occurred.

We mustn't rush to judgment. But we must ensure that the police and the security services have for the future the tools they need which will enable them to prevent this kind of attack taking place.

I hope that this will give the Government pause for thought about their abandonment for example of the Communications Data Bill and possibly pause for thought about converting control orders into what are now called Tpims, with a diluted set of powers.

According to ITN:

Labour ex-home secretary Lord Reid said such measures were "essential" to combating terrorism, warning it could otherwise take "some huge tragedy" to show the decision was wrong.

It is highly difficult to know how useful the CDB would or could be for detection of serious incidents like this, but very frequently, human intelligence turns out to be more effective and useful.

John Reid, by Steve Punter, cc-by

The CDB's central plank involved massive data collection coupled with data mining. Many people such as Bruce Schneier have pointed out that data mining for 'suspicious' but very rare patterns will return 'false positives' just because of their rarity; improving the tightness of pattern matching on the other hand simply means you miss the incident when it happens.

The best argument that the Home Office put forward for it has been that, when they find someone is suspicious, it is useful to go back through communications records. But that puts us all under suspicion for the times when the police have a suspect, and is already investigating them. How often would such cases really reveal information that was so new that the outcome of a case would be different?

As Peter Sommer pointed out in our Digital Surveillance report, usually other quite mundane kinds of activity, such as gathering resources and planning with others, are what reveals the criminal's hand.

Lord Carlile and John Reid have a long history of making calls like this. They are in poor taste, and should be seen for what they are: attempting to take advantage of someone’s death for political advantage. No doubt they are in touch with people in the Home Office who continue to have ambitions for the Snoopers' Charter, but it is unclear that the public are simply going to respond in the way they want.

Rather, these calls are a tactic which can convince fearful and risk-averse politicians into doing the wrong thing in the name of being able to say they did everything in their power, even if those things are in fact pointless.

Widespread erosions of our rights aren't an acceptable response to people who seek to limit our liberty through violence. Calls like those from Lord Carlile if answered would mirror the outcomes that the perpetrators seek, by overstating their influence on our society, and undermining the legitimacy of our laws. We can only preserve our freedom by protecting it, not by removing it, step by step.

Political leaders including Nick Clegg and Ed Miliband must firmly reject these calls, and reprimand Carlile and Reid for their behaviour.


[Read more] (4 comments)

May 21, 2013 | Ed Paton-Williams

A Quick Look at some Mobile Providers' Customer Data Policies

There's been concern recently about what mobile providers are doing with customers' data after a Sunday Times article on EE selling information about them. We've had a brief look at some of their customer data policies to try to work out what's going on.

The article in the Sunday Times described a deal for the sale of customer data between mobile operator EE and polling organisation Ipsos MORI, who in turn, the Sunday Times claimed, tried to sell the data to the Met Police. EE say that the data they sell has been aggregated and anonymised. 

We've been asking people to write to their mobile operators to check how their information is used. You can do that using our tool. ORG is concerned about what information is being shared, who it is shared with, and for what purposes. Mobile providers should clarify how they are aggregating and anonymised the data, because there are well-documented risks that people can be re-identified from anonymised data. Customers are not being asked to opt-in or opt-out of their data being used like this.

It is not just EE that are looking to sell data about their customers to other companies.

For example, Telefonica (who own O2) say that their 'Dynamic Insights' team “collect mobile data, anonymised and aggregated, to understand how segments of the population collectively behave. We trace trends and the behaviours of crowds, not individuals. We use this insight to enlighten the space between organisations and their users, enabling them to improve their propositions, and businesses.”

They say that this data will help retailers, councils, and public safety bodies to understand the movements of large groups of people. Like EE, they stress that only anonymised and aggregated data is used:

“it is our belief is that in the field of analytics customer data can be used responsibly in two ways: either it must be anonymised and aggregated so that no individual can be identified, or the appropriate customer permissions must be in place. By using anonymised and aggregated data we seek to achieve best practice standards and subject ourselves to expert peer review to achieve this.”

Similarly, Vodafone set out how they are looking at “unleashing powerful insights with mobile analytics”. They say that this information “can be used to drive new business strategies, challenge preconceptions and help identify new marketing opportunities. Mobile analytics can provide powerful insights to inform your enterprise operations.”

Their privacy policy sets out that they “carry out research and statistical analysis to monitor how customers use our network, products and services on an anonymous or personal basis”.

Giffgaff say in their privacy policy that they “analyse markets and produce reports, perform research and statistical analysis and to monitor usage behaviour”, but it is not clear from their policies whether they share 'anonymised' data with third parties for the sort of research and marketing purposes described in the Sunday Times article.

Virgin Mobile's privacy policy says that "We may also, subject to your consent, use your personal information to contact you with information about special offers and rewards. Additionally, we may, subject to your consent, disclose your personal information to other Virgin companies so that they can contact you with information about their products and services. But don't worry, your details won't be shared with companies outside the Virgin group for marketing purposes without your consent."

[Read more] (1 comments)

google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail