call +44 20 7096 1079

Blog


December 23, 2013 | Jim Killock

Help ORG monitor UK blocking and filtering

This weekend showed that the debate on blocking is getting serious and worrying. We aren’t being given any of the information we need to check what is happening as a result of new filtering tools. We don’t know what, how or why sites are blocked. We need to know, and you can help.

ORG is putting together tools to track what is blocked and where. We intend to develop our current blocked.org.uk site into a means to request a check across the UK - using probes based in each network.

We intend to make it easy for anyone to check whether their site is blocked, and find out where, so that complaints can be made as needed. We also want to compile a list of sites that have found themselves mis-categorised, so we can check for future errors.

In the end, we want ISPs to do this themselves. But we fear they won’t do until they have been shown that error checking will happen anyway. So we’re just going to get on with it ourselves.

How you can help the project

Join ORG

We need money to do this, including basic costs, and longer term employing someone with technical project management skills, so if you haven't already, please join us.

Development and bug reports

At the moment we are looking for coders and people with project management skills and time. if you are interested please subscribe and introduce yourself on our Tech Volunteers list.

Project Details

The outline of the project is on our wiki: https://wiki.openrightsgroup.org/wiki/Censorship_Monitoring_Project

Get the Code

There are three parts to this project, probes (on phones and on Raspberry Pi's) some middleware to manage the probes and the website front end. The code for the probes and middleware is on Github

 

[Read more] (2 comments)


December 23, 2013 | Jim Killock

Blocking: what could possibly go wrong?

Concerns are growing over exactly what filters are doing, and what information is blocked for adults and children.

David Cameron cc-by-nc-sa-worldeconomicforumWe now have two kinds of blocking: firstly, mobile companies, providing one or two levels of filtering, which has to be actively switched off.

Secondly, we have new “parental controls” developed and rolled out by BT, TalkTalk, Sky and Virgin. Here, users will be asked to decide whether to switch different filters on, but will be “nudged” towards enabling them. 

Last week, BT launched their filtering product, and people started to look at what they were blocking. Some surprises emerged, including a suggestion it would block sites that “promote respect for a partner”. 

Over the weekend BT updated their descriptions of Parental Control categories, removing the description of sites that “promote respect for a partner”. However, this leaves a great deal of doubt: has BT changed the filtering mechanism, or has the description merely been altered? How do we know? (The Register says it is just a change of description.)

Also, over the weekend, people concerned about blocking were directed to O2’s url checker, snowballing after a LGBT website drew attention to their site being blocked. Many bloggers and others found that their sites were blocked by its Parental Control category and used Twitter to ask O2 why their site was blocked. 

Sites being blocked on the O2 Parental Control filter would not be unexpected, as it blocks everything on the web with a small number of exceptions deemed suitable for under-12s. The setting is switched on by parents, unlike the “default safety” which is set for everyone until they get it lifted.

However, what we really need to know with O2’s whitelist is who is making the decision about what is allowed for children, and by what criteria. It is allowing a very narrow range of material, which should be chosen carefully to be as broad but as safe as possible.

O2’s under-12 whitelist includes mcdonalds.com but excludes childline.org.uk - showing that their aim of promoting child safety with this product really is not delivering very well.

This raises wider questions. Perhaps there are some sites that a parent should never be able to ban for a child, starting with help services like Childline. Unfortunately, what you should not ban varies with a child’s age, meaning in practice, once empowered with blocking tools, some parents will seek to restrict information inappropriately. Abortion advice, sexuality, religious debate, perhaps Darwinism: all these are now much more blockable for the parent worried about their child’s moral development.

Let’s remember, blocking has arisen at the government’s initiative. These problems will be theirs to resolve. 

Both mobile and fixed ISPs are loath to provide information about how and what is blocked. [note] ISPs so far have been very cagey about how sites are categorised. BT, for example, disclaims responsibility for the categorisation and promises to forward complaints to their unnamed third-party supplier. 

Beyond the reasons of commercial confidentiality, there are reasons why ISPs may be reluctant to tell you who makes the blocking decisions. Some ISPs buy filtering services from countries with differing religious or cultural values to the UK - attitudes to guns, alcohol, sex and discrimination may not match customer expectations. Some use services that use computer algorithms to do the bulk of their classification. Others may use cheap labour.

What you can guarantee is that filtering is error prone. The sheer number of classifications to make means that costs have to be kept low. 

But without some level of transparency and accountability, not just to their customers but to the internet at large, why should people trust the decisions ISPs make about what they or their children are allowed to see? 

We are calling on ISPs to provide lookups, information about where they get their categorisation, criteria, and means to report and correct errors, as well as statstics about the problems they encounter. Last week, we made ten recommendations to UKCCIS to deal with overblocking. We need transparency.

But in the absence of transparency from companies, ORG is putting together tools to track what is blocked and where. We intend to develop our current blocked.org.uk site into a means to request a check across the UK - using probes based in each network. 

Our aim is to allow you to be able to check whether your site is blocked, and where, so that you can make complaints as you need to. We want to compile a list of sites that are frequently mis-categorised and limit some of the harms. Ultimately, we want to do this to encourage the ISPs to provide these tools themselves. 

Of course, we need money to do this, so if you haven't already, please join us

[Note] O2 attempted to placate people on twitter by shifting the responsibility for all web filtering to the BBFC (almost certainly based on a misunderstanding within O2’s staff about how their web filters are managed). See this for instance. O2 however are the one company that does at least provide a mechanism for people to check.

[Read more] (13 comments)


December 19, 2013 | Peter Bradwell

Ten recommendations to ISPs for dealing with over-blocking

Yesterday's Newsnight has helped demonstrate once again that over blocking by ISPs internet filtering systems is a real and serious issue. We've told the 'UKCCIS' over-blocking group how ISPs should start dealing with the problem.

We started looking closely at internet filtering by mobile networks a couple of years ago. We knew that we could try to learn lessons from the way their default-on systems worked that could be helpful if and when systems for domestic ISPs were rolled out. We found that it was hard to understand what was blocked and why and that over-blocking was a serious problem. We also found that it was hard to get the Government or ISPs to take it seriously. We published a report in May last year, jointly with LSE Media Policy Project, setting these things out.

So far it seems those lessons (we set out five earlier this year) have not been learnt. TalkTalk, BT and Sky now offer network level filters and we're seeing the same issues play out. Yesterday Newsnight helped demonstrate some of the overblocking issues, showing that filters designed to stop pornography also block sex education, sexual health and advice sites.    

We have joined the 'UKCCIS' group that has been set up to try to address over-blocking. (UKCCIS is made up of a number of 'working groups' that are set up to discuss issues related to online child safety.) We'd like to help the group ensure ISPs take concrete steps to deal with inevitable overblocking by their filtering systems. To kick start that process we have sent the group a summary of our concerns about what is happening now and made 10 recommendations for how ISPs could improve the way they deal with over-blocking. You can read what we sent them below.

We are clear that we don't agree with the Government's current approach - mandating network level filters and a 'one click to safety' approach. The 10 ideas below are about dealing with the problems with over-blocking as we see them now, but the Government should be thinking again about the best approach for parental controls. 

Let us know if you have other ideas for dealing with over-blocking in the comments below. 

Concerns about over-blocking and 'one click to safety' filtering

Filtering systems should adhere to four principles: transparency, accountability, choice and responsiveness. The Government's current approach of mandating network level filters and aiming for what David Cameron called 'one click to safety', is not conducive to policies that live up to these principles.

The result could be counter-productive to the Government's aims. For example, all users within a household will be subject to the same level of filtering at a given time, and there is a risk that in frustration at how unresponsive filters can be some account holders may simply turn them off.

Rather than addressing here this broader question about the best solution to the Government's policy goals, below are our top level concerns about the 'one click to safety' approach and some recommendations for addressing these issues.

Concerns about how over-blocking is currently dealt with

1. There is not enough clarity for users about what categories are blocked, what falls within those categories and why, and who makes these decisions. 

2. People who run sites that are blocked incorrectly...:

a. ...have no way of checking if and why their sites are blocked on different ISPs. As far as we are aware, only O2 provide a URL checker. Website owners are going to face multiple ISPs, who will use a variety of filtering systems. 

b. ...can find it difficult to report the problem. Issues can include knowing to speak to and getting a clear response / finding someone at the ISP who understands the issue.

c. ...can find it takes too long to get their site removed from blocking lists. On mobile networks we've seen cases taking a month to get resolved; recently, it took around a week to resolve issues TalkTalk users had accessing Wordpress admin pages (this related to TalkTalk's implementation of the IWF list).

3. There is no clear organisational responsibility for blocking mistakes.

4. It can be hard to find out technical details about how filtering works. This sort of detail may affect someone's decision about which ISP to use, or it may help website operators or users understand filter-related access issues.

Ten recommendations for addressing current over-blocking problems

1. ISPs should provide a one-stop URL checker to help people check if sites are blocked, which checks across ISPs.

2. ISPs should provide clear and consistent information for the user at the point of blocking and on their general customer service pages. At the point of blocking this should cover why a site is blocked and how to report mistakes. On FAQ and customer service pages that should include the categories blocked with explanations and examples of what those categories will block.

3. When mistakes or errors occur due to filtering, clear information should be provided quickly to users and affected sites about what has happened and why. 

4. ISPs should ensure training to ensure that customer service staff understand filter-related problems.

5. ISPs should commit to monitoring performance of their filtering accuracy and responsiveness and to publishing data about this performance. That should include, for example:

a. The number of over-blocking reports received, broken down by filtering category

b. The speed with which mistakes with blocking issues are resolved and sites are taken off blocked lists.

6. ISPs should set common performance standards against these metrics. Performance against these standards should be overseen by independent regulator.

7. ISPs should provide a process for site owners to proactively have their sites whitelisted. 

8. ISPs should offer a process for 'edge cases' (where suitability for under 18s may be disputed, for example) to be resolved. An independent regulator could arbitrate if disputes are not resolved. 

9. ISPs should publish who provides their filtering service and details of the technology involved. 

10. There should be a clear timetable for implementing these changes, we suggest by Spring 2014. Roll out of parental filters to existing customers should not proceed until these measures to mitigate over-blocking are in place.

 

[Read more] (1 comments)


December 18, 2013 | Peter Bradwell

Why WordPress bloggers were blocked by TalkTalk, and what it tells us about Internet filtering

Even a site with WordPress' popularity and clout struggled for a week to understand and fix their users' access problems.

At the end of November a number of WordPress blog admins complained on WordPress forums that they were having problems accessing their accounts. It appeared that TalkTalk subscribers who had WordPress blogs could not access their administration pages over https, and so couldn't write and publish new blog posts.

WordPress were unable to explain what was happening. The first reports were on 26th November and continued until around December 5th.

Similar access problems have occurred before, with users struggling to access WordPress and another site called Vk.com. Other ISPs have had issues (see below).

The story demonstrates some of the key issues with over blocking by ISPs' Internet filtering systems. There are lessons here for the Government as they press for more Internet blocking - about the ISPs' responsiveness to reports of over-blocking and how seriously the government and ISPs take the problem. 

It seems reasonable at this point to mention again that in June this year Claire Perry MP, who advises the Prime Minister on preventing the commercialisation and sexualisation of childhood, described concerns about overblocking as a 'load of cock'. 

What happened?

It seems a WordPress account was reported for containing child abuse content, and once this was confirmed WordPress took the account down and the IWF added the relevant URLs to its block list. (thanks to Barry Turnbull for his work figuring out what was happening.)

The Internet Watch Foundation (IWF) give ISPs a list of sites that contain child abuse images, which the ISPs then block. It is down to the ISP how this blocking actually works. The IWF maintained that no WordPress URLs were on their block list at the time of the access problems and that they are not responsible for how the blocking is implemented. 

So it seems the problem comes from the way TalkTalk deal with the list the IWF supply them. TalkTalk provided the following statement:

"Due to the application of our blocking of the IWF list of URLs that contain child abuse imagery, a small number of users may have experienced intermittent issues accessing WordPress at the end of last week. We apologise for any inconvenience this may have caused."

Beyond this, we don't know exactly why TalkTalk's implementation of the IWF blocking list causes this issue. TalkTalk do not seem to have supplied any further technical explanation. 

It's not the first time this has happened

The cases we have seen all involve filters struggling to limit the blocking to a specific page or site within a domain, and end up restricting access to more than was intended.

When their subscribers had similar problems accessing some of WordPress and Vk.com in October this year, TalkTalk provided almost the same statement as the one above in response. Just before that statement was posted, TalkTalk admins posted some slightly unclear and unhelpful explanations, pointing the finger of blame at the IWF.

It was reported this week that Sky subscribers also had issues accessing imgur, an image sharing site, last weekend. The difference here is that instead of the intention being to block child abuse material via the IWF list, the aim in this case was to block sites found to be infringing copyright. 

Why does it matter?

1. It matters even when 'small numbers' of users can't access a site.

It seems any TalkTalk users trying to access their WordPress admin pages over https couldn't do so. It's important to look at who was affected as much as how many.

Some may have been journalists who couldn't post stories for a number of days. For others their WordPress sites may have been part of their business, meaning they couldn't reach their market for a week.

There shouldn't be a number of affected users that counts as legitimate collateral damage.

2. ISPs need to take more responsibility for negative affects of filtering.

Affected users received vague and sometimes conflicting information about the problem and who was to blame.

In their forums, for example, TalkTalk's admins initially blamed the existence of the IWF list rather than their implementation of it.

The IWF explained repeatedly on Twitter that the issue was not of their making.

WordPress struggled to explain why their users couldn't access the site, leaving some of their users to speculate that it was WordPress' fault. It is telling, for example, that WordPress lead developer Peter Westwood was tweeting at IWF for an explanation on 4th December.

Even WordPress and its users can find themselves in a protracted state of limbo. It will probably be a lot more difficult for a site with a lower profile to get things sorted.

ISPs should make sure that there are speedier ways for sites to get these issues resolved, and should explain as soon as possible what the cause of the problem is. Those running websites need to be able to find out quickly from ISPs what is happening and why so they can explain to their users.

3. The Government need to take more responsibility for their filtering policies - even if they involve 'voluntary' industry arrangements.

The Government unwisely want more Internet filtering. They have pushed ISPs to roll out network level parental control filtering and want to see more blocking of content related to extremism. They seem less concerned that blocking comes with technical issues.

In their response to an e-petition about over-blocking the government say they have set up a discussion group at UKCCIS to look at over-blocking, but stress users should complain to ISPs about their issues.

We know mistakes and errors will happen, and the Government should be ensuring ISPs deal with the problems quickly. At the moment, nobody is willing to take responsibility.

In cases like this, the Department for Culture, Media and Sport in particular, who have recently pushed filtering with such enthusiasm, should be trying to understand why these problems are occurring.

We've asked to be part of the UKCCIS group to see if that forum can be a route to a solution.

[Read more] (10 comments)


December 13, 2013 | Peter Bradwell

BT answers our questions about parental controls

In the summer we asked ISPs 20 key questions about how their parental control filters will work. Today BT replied and you can read their answers here.

Today BT launched their new Parental Controls service, the latest ISP to roll out network level filters following the Government's push this summer.  (There's also more detail in their press release).

Sky replied to our questions a couple of weeks ago, and you can read their responses too. You can also read our explanation of why we asked these questions. 

We haven't gone through the answers in great detail yet. But from a first look, the main similarity with Sky's answers concerns how they will deal with reports of over-blocking. Both Sky and BT say that there will be a process for responding quickly to reports, which is a start. But there's little more than that and the devil will be in the detail.  We need to be sure that site owners know who to approach, that they will speak to someone who understands the problem, and that the mistake will be fixed quickly.

Neither Sky nor BT really address the issue of liability, either. If a business finds its site blocked for, say, a week by mistake, are they able to take any action to remedy the possible damage? BT seem to suggest that they are not responsible at all for the categorisations, pointing at the (unnamed) third party that they are using for the service.

As with Sky, we appreciate BT answering the questions. We're waiting for replies from Virgin and TalkTalk - we believe they are on the way. These answers will be part of our continued effort to make sure these parental control filters are as transparent and responsive as possible. 

 

Twenty questions for ISPs on Internet filtering systems

BT Parental Controls – Responses

What is BT Parental Controls?

BT Parental Controls is a network based solution designed to help parents protect their children online. The tool is quick and easy to set up and simple to manage. Parents can set filters that best suit their family’s needs from one of our 3 pre-defined filter levels – strict, moderate or light, or they can completely personalise the categories they wish to block for their family.

In addition, there is an option for parents to add specific sites to either an allowed or blocked list.

BT Parental Controls also offers the capability to turn off filters during a set time (the controls will automatically turn back on after this time). Parents can also set up Homework time, which adds an additional layer of filters during a time set, to block social networking, school cheating sites and online gaming.

A. On how the technology works

1. Is any traffic of users who are not opted in to filtering inspected and / or logged?

No. The BT Parental Controls solution does not inspect or log traffic for customers who do NOT opt in to the service.

If so, is it logged in a way that links the traffic to a subscriber? What logging will there be of blocking events? How does this work?

n/a

2. Is filtering applied to all forms of connection offered by the ISP (dialup, ADSL, cable, fast fibre connections etc)?

Yes, the BT Parental Controls tool is available at the network level to all BT Broadband customers and so applied to all forms of connection.

3. Have you estimated the impact of the through-put of filtering technology on the speed of users' internet access (both for those who are opted in and opted out)?

Yes, we do not anticipate that BT Parental Controls will have any impact on user’s speeds however we will continue to monitor this.

4. We are concerned about the impact on Internet applications in general as well as web traffic. Does filtering take place only of HTTP traffic on port 80, or will other traffic be affected? What steps will be taken to avoid interfering with non-HTTP traffic on port 80, for example non-HTTP applications that use this port in order to bypass firewall restrictions?

Our Filtering solution is based on Domain name resolution and can apply to any protocol used for a blocked domain.

5. What impact does the filtering have on end-to-end security measures such as SSL or DNSSEC?

BT Parental Controls filtering will not have an impact on end- to- end security measures.

6. Can you guarantee that your networks will not be susceptible to mistaken blocking as a result of using specific IP addresses for forwarding filtered traffic, for example as seemed to happen in a case involving Wikipedia?

No filtering system can provide a complete guarantee that this won’t happen, however BT Parental Controls utilises a trusted specialist 3rd party to categorise content.
In the unlikely event that content has been incorrectly categorised, we have a mechanism in place which allows us to quickly correct this.

7. Have you made any estimates on the impact of filtering systems on infrastructure upgrades?

Our business as usual capacity planning processes take into account growth and traffic forecasts for BT Parental Controls.

B. On setting up the filtering

8. Are users faced with pre-ticked boxes when choosing to activate filtering?

Yes, during the smart set up journey on the BT Home Hub 4 and 5 the ‘Yes, I want BT Parental Controls’ option is pre-selected.

What is the impact on customers who do not have access to or who do not use a web browser on a network such as a home broadband connection that is only used for Smart TV video on demand applications? (ie who will not be presented with a web-based set up screen?)

BT Parental Controls can be activated and managed from any internet enabled device capable of internet browsing including tablets and smartphones.

9. How granular are the available choices? Will a household be able to cater for:

a. Multiple ages or a variety of beliefs?

BT Parental Controls is a network based solution which means that all devices connected to your BT Broadband will have the same level of protection applied.

The account holder can choose one of our pre-defined filter levels – strict, moderate or light – or they can personalise their filter level by choosing which of the categories they would like to block.

b. Can specific sites be unblocked by a user?

Yes either by allowing access from the blocked page (they will require their BT ID and password) or by adding a particular site to their allowed list.

10. Have you done user-testing for your opt-in systems?

Yes, user testing was carried out during the development of the BT Parental Controls product and feedback was implemented to our tool. We also conducted user testing and product refinements throughout our trial phases – including testing with Mumsnet.

11. What information about the filtering is available at the point of sign up? Does it include:

a. Detailed information about what types of content are blocked, with examples?

Yes, the categories are listed in the sign up journey and on bt.com.

b. The providers of their filtering tools, if a third party is involved?

BT informs customers that a third party is involved within the Terms and Conditions

c. Information about the possible problems with and limitations of blocking, with information about how to report problems?

Yes – we provide guidance throughout the setup process and provide a range of help options, including a comprehensive troubleshooting guide, FAQs and a help video posted on bt.com. In addition, we provide links to information on some of the issues that children may face on the internet.
We inform our customers that no solution is 100 per cent effective and should be seen as a tool to be used in combination with other parenting measures and education

12. What age-verification processes will be in place? How will this work?

The broadband account holder’s credentials are required to setup BT Parental Controls and any changes made to the filter settings will be notified to the account holder via email.

13. Is a customer’s decision not to activate filtering a one-off decision, or will it have to be periodically repeated?

Customers will be asked each time a new device is connected to the BT Home Hub 4 or 5 (unless they choose to disable the Smart Setup functionality). They can choose to activate Parental Controls at any time by logging into My BT and finding the BT Parental Controls panel in the My Extras section.

C. On managing problems and mistakes

14. When a site is blocked, what information is supplied to the end-user about why and how it has been blocked?

When a user attempts to access a site which is blocked under the restrictions set on BT Parental Controls by the account holder, the user will receive a blocked page stating that the page has been blocked by BT Parental controls and the filter level that has been applied.

15. Are there easy ways to report mistaken blocks, either over-blocking or under-blocking? Are these clear when users encounter a block?

A customer or website owner can report mistaken blocks by contacting us.

If a site is blocked or allowed unexpectedly, the user can add this to their personal allowed or blocked list which can be done from the blocked page or through the BT Parental Controls management page

16. Are there easy ways for people to check if URLs are blocked, and will this include a reporting tool for requesting corrections and reclassifications?

We do not currently provide the facility for people to check if URLS are blocked. However, we have a process that allows website owners to report mistaken blocking. Details will be available in our FAQs.

17. How will complaints, from both your subscribers and from owners of sites that are blocked, be dealt with?

We have processes for customers and content owners to submit complaints. Details will be available in our FAQs.

a. Are there plans in place to train customer service staff for dealing with these reports? 

Yes – this will be included as a standard part of product launch and in-life management.

b. Are there targets for dealing with mistakes in a timely manner, or estimates of how long responding to and correcting mistakes will take?

There are processes in place to ensure that we respond to any mistakes / issues in a timely manner. The length of time will depend on the complexity of the issue.

c. Will you share error reports and corrections with other ISPs?

We will share best practices with other ISPs

18. Have you specified acceptable error rates to suppliers of filtering services? If so, what are they?

Our decision on the third party vendor included an assessment of accuracy – the agreed service level agreements with our vendor are commercially confidential.

19. Have you sought legal opinions relating to liability for incorrect blocks, including both false positives and false negatives?

We make it clear to users of BT Parental Controls that BT is not responsible for any of the site categorisations as these are done by our third party specialist vendor.

Do you have plans to offer compensation for businesses harmed by blocking errors, for example when potential customers are unable to access the site?

Our processes will ensure blocking errors are dealt with in a timely manner and each case will be dealt with on an individual basis.

20. Are there or will there be systematic reviews of the effectiveness and quality of filtering, including reporting on problems and complaints?

Yes

Is there a process for review and improvement? 

This will be part of our standard product management model

Is there or will there be an ombudsman or other oversight body to handle disputes and review performance?  

No.

[Read more] (7 comments)


December 12, 2013 | Peter Bradwell

Data Retention Directive breaches fundamental rights, says Advocate General

According to an influential legal opinion in the European Court of Justice, the Directive breaches privacy rights and should be replaced with a new law.

The Court of Justice of the European Union is considering whether the European law about collecting and storing communications data (information about our communications) is compatible with the European Chater of Fundamental Rights. For background on this case, see our post from yesterday. 

In an opinion published this morning (which you can read in full), the Advocate General (AG) concluded:

I propose that the Court should answer the questions referred by the High Court in Case C 293/12 and the Verfassungsgerichtshof in Case C 594/12 as follows:

(1)Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is as a whole incompatible with Article 52(1) of the Charter of Fundamental Rights of the European Union, since the limitations on the exercise of fundamental rights which that directive contains because of the obligation to retain data which it imposes are not accompanied by the necessary principles for governing the guarantees needed to regulate access to the data and their use.

(2)Article 6 of Directive 2006/24 is incompatible with Articles 7 and 52(1) of the Charter of Fundamental Rights of the European Union in that it requires Member States to ensure that the data specified in Article 5 of that directive are retained for a period whose upper limit is set at two years.

An AG opinion is an important indication of how the Court will rule in its final judgment. 

It looks like there are three main take aways from this opinion. First, he says that the Directive does not define rules about access to the communications data, but it should because it covers the collection of and access to such detailed personal information. Second, he concludes that the period of time (2 years) that government's may require data to be retained is too long and not supported by evidence. From the press release:

...the Advocate General has not found, in the various views submitted to the Court of Justice defending the proportionality of the data retention period, any sufficient justification for not limiting the data retention period to be established by the Member States to less than one year. 

Third, the AG says that there needs to be a new law that rectifies these issues, but adds that the current Directive can continue until that new law is agreed. 

EDRi (which Digital Rights Ireland is a member of) say in their press release that this is a major blow to the European Commission who have consistently failed to recognise faults with the Directive, even where those faults were detailed in its own review of the evidence of Member State's implementation.

EDRi also note that the Commission took legal action against countries who had not implemented the Directive - and EDRi are calling for the Commission to pay back finanacial penalties imposed on those contries as a result. Read more of EDRi's reaction on their website.  

It's also worth reading the reaction from Simon McGarr, of McGarr Solicitors who represented Digital Rights Ireland in this case.   

The Court's press release, which summarises the opinion, is available as a pdf from their website.

[Read more] (1 comments)


December 11, 2013 | Peter Bradwell

Important opinion about data retention due tomorrow

Tomorrow we're expecting an opinion about the 'Data Retention Directive'. It's a significant moment in the debate about laws that define the limits of digital surveillance.

Update: The opinion has now been published, with the Advocate General arguing that the Directive breaches the Charter of Fundamental Rights. Read our new post for more on what he said.

The Directive is a European law that allows governments to require companies to collect information about our communications and then make it available to law enforcement.

The case we'll hear about tomorrow concerns whether this law conflicts with the rights to private life (Article 7) and the protection of personal information (Article 8) set out in the Charter of Fundamental Rights of the European Union.

The opinion due tomorrow will come from an "Advocate General" at the Court of Justice of the European Union. Their job is to provide a legal opinions regarding cases before the court, which the judges involved have to take into account.

Who is involved?

The case is a combination of two complaints, one brought in Ireland by Digital Rights Ireland and another in Austria by a group including AK Vorrat Austria and an individual Austrian citizen. The Court decided to hear these two together.

There was a hearing on 9th July during which the parties who brought the complaints gave evidence, as did the European institutions (Commission, Parliament and Council) and the European Data Protection Supervisor.

What are the main issues?

The parties are arguing that the Data Retention Directive is incompatible with the Charter of Fundamental Rights. Basically, the question is whether governments can require communications providers to collect store communications information about all of us and for law enforcement to be able to access this data.

If legislation conflicts with our rights, the Court has established that the measures need to be necessary and must strike a proportionate balance. So the Court asked about how the law might interfere with articles 7 and 8; what objective evidence the European Union used when deciding that the Directive was necessary; whether the Union achieved a balance in this case; and about the provisions relating to the security of the data involved.

In their arguments in the hearing in July, the parties said that there is no evidence that the retention powers set out in the Directive are a necessary and proportionate method of tackling crime and terrorism, and that the data has been used for investigating crimes for which the Directive was not intended. You can read more about what was said at the hearing in the summary by EDRi.

ORG has also campaigned against Data Retention, and we co-signed a letter in 2010 to the European Commission which goes through some of the reasons why. 

Statewatch also recently produced a report on the effectiveness of Data Retention. The report describes how the Directive became law, how countries in Europe implemented it, and describes the various legal challenges that Data Retention is facing.

What happens next?

The Advocate General opinion is not the final result from the Court - it's effectively a guide for the judges. They do give a good indication of what the final judgment will look like. So this is an important intervention.

We'll bring you news of the opinion when we hear it tomorrow.

[Read more]


December 06, 2013 | Ruth Coustick-Deal

A milestone for Open Rights Group: 2000 supporters

This December Open Rights Group is approaching 2000 supporters. We look back at all that has happened in 2013 and celebrate our community growth.

We are really proud of what we've achieved in 2013. We've become louder and more effective at defending your rights. We've seen an enormous amount of interest in our campaigns, with unprecedented numbers responding to Government consultations through us, and thousands signing our petition against mass filtering of the Internet.

Open Rights Group was founded in 2005 when a group of activists pledged their support for creating the first UK digital rights organisation. Since then we've grown rapidly in capability and reach, appearing frequently in the national press and having an impact on technology laws through giving evidence to those drafting bills and organising supporter led campaigns. We now have 7 staff, (3 full time and 4 part time) a dedicated Advisory Council and a fantastic group of volunteers and interns who help make it all happen.

The greatest growth has been in our brilliant community of supporters. Thank you to all who have joined ORG and those who taken part in our campaigns. We are now at a huge landmark for Open Rights Group:

Can you help us reach 2000 supporters?

Join ORG button

We have nearly doubled in size since we were formed. We started this year with 1500 and the fact that we are rapidly approaching 2000 this December is dramatic evidence that people are passionately concerned about their rights online.

Help us reach the 2000 supporters milestone, and become part of this movement for change.

Please consider joining ORG, enabling us meet the many challenges to digital rights we will face next year.

Here are some of the big things our supporters have helped ORG achieve in 2013:

Stopping the Snoopers' Charter

We led the campaign that got the Snoopers' Charter dropped. Our evidence to the committee in Parliament scrutinising the Communications Data Bill influenced their damning final report. Our Digital Surveillance report and letter-writing actions gave MPs realistic alternatives to blanket snooping.

Challenging PRISM and TEMPORA

We immediately responded to Edward Snowden's leaks of agencies spying on the population by organising a campaign for parliamentary scrutiny of GCHQ. Thanks to donations we're also running a European legal challenge, with Big Brother Watch and English PEN, against UK surveillance practices on the basis that they breach our human rights.

Fighting to keep Facebook from controlling your personal information

We are part of a coalition of European civil liberties groups campaigning for new privacy-friendly data protection laws. We met with MEPs and helped supporters petition theirs, trying to ensure that the new Regulation keeps you in control of personal data.

Monitoring and documenting UK censorship

We have fought for greater transparency in the use of court orders to censor material on the net. We're also exposing secret court orders mandating the blocking of websites through our www.451unavailable.org project.

We also ran a petition against Cameron's plans for default-on filters of the Internet. These proposals ignore free speech issues so we demanded that ISPs tell us how the filters will work in practice and what they will actually block. We've seen some responses from them to us on issues of over-blocking as filtering is rolled out.

Defending the right to parody

Thanks to overwhelming responses from supporters to the Hargreaves Review we're expecting reforms that will broaden consumer rights and make it legal for people to create parodies using copyrighted works, like Downfall videos.

Exposing sales of your data
We uncovered the full story of how mobile companies like EE sell data about you. We held them accountable at a public meeting in Parliament and are exposing their possible exploitation of loopholes in the law.

These are some great successes, but there's even more we need to do.

Open Rights Group provides a vital campaigning voice for digital rights. Governments are very keen to legistlate to control the Internet. We expect to see even more problems next year as default Internet filtering is fully rolled out, the Government looks at censoring more types of content, continued efforts to campaign against mass surveillance from NSA and GCHQ as well as the negotiations towards the "TTIP" trade agreement between the EU and the US.

In 2014 ORG hope to be:

  • Speaking to MPs about surveillance reform
  • Leading supporter activism
  • Monitoring over-blocking of websites on default filters
  • Working with UKCCIS, a body set up to discuss online child safety issues, to improve the approach to over-blocking through dialogue with government and ISPs.
  • Pressing on behalf of website owners for easy ways to have correct blocking mistakes, reviewing what falls under filters
  • Providing a knowledgable rights-focused voice to the press on technology issues.
  • Running educational training for lawyers and journalists on online security
  • Producing a report into the impacts of PRISM and Tempora on UK businesses
  • Running an MP Lobby Day to mass petition Parliament for change

These are big tasks and we can't do them without more support.

Please consider joining ORG with a regular donation. Most supporters give £5/month, but please give as much as you are able.

How do I join?

Please set up a Direct Debit. Direct Debits are the best way to join ORG: it’s cheaper for us to do the paperwork and means more of your hard earned cash can make a difference.

You can also set up a PayPal subscription if you prefer not to use Direct Debit.

Or you can make a one-off donation to us. You can do this via PayPal, Flattr or by making a cheque payable to Open Rights Group.

[Read more]


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail