Blog

Europe makes many of the laws that are shaping privacy and restricting surveillance. Data Protection, for instance, should guarantee that interception is lawful, rather than arbitrary.

Last week, the European Court of Justice declared the Data Retention Directive invalid: which has huge implications for our claim that UK law supervising surveillance is inadequate.

The European Parliament also investigated the Snowden allegations, and took evidence from Edward Snowden himself.

After investigations, the Parliament agreed that data protection “safe harbor” agreements with the USA should be suspended and said that the activities of GCHQ and the NSA “appear illegal”.

It was the Parliament, too, that struck down the ACTA treaty, and recently voted to protect net neutrality.

Europe matters for digital rights and our campaign to end mass surveillance in the UK. That's why we are taking part in the wepromise.eu campaign, asking you and candidates to pledge to support digital rights; and why we are asking you to come to the nearest digital rights hustings for EU Parliamentary candidates in May. With the election coming, we can put pressure on candidates to tell us what they will do to protect the right to privacy and free speech if they are elected.

Here are the WePromise.eu events, hopefully one will be near where you live:

Manchester

http://www.meetup.com/ORG-Manchester/events/176592492/

When: Tuesday 6th May, 6:30 - 8:30 pm

Where: The Main Hall, The Friends Meeting House, Mount Street

Sheffield

When: Thursday 8th May, 6:30 - 8:30 pm

Where: St Mary's, Bramall Lane, S2 4QZ

http://www.meetup.com/ORG-Sheffield/events/176593712/

Bristol

When: Friday 9th May, 6:30 - 8:30 pm

Where: St Werburghs Community Centre

http://www.meetup.com/ORG-Bristol/events/176594452/

Norwich

When: Monday 12th May, 6:30 - 8:30 pm 

Where: Norwich Quaker Meeting House, NR2 1EW 

http://www.meetup.com/open-rights-group-norwich/events/176603832/

London

When: Thursday 15th May, 6:30 - 9:30pm

Where: Shoreditch Village Hall, 33 Hoxton Square, N1 6NN

http://www.meetup.com/ORG-London/events/176612572/

Brighton

When Friday, May 16, 2014 6:30 PM to 8:30 PM

Where: BMEP Centre 10A Fleet Street. Brighton, BN1 4ZE, Brighton

http://www.meetup.com/ORG-Brighton/events/177466782/

[Read more]

At times the campaign to prevent default internet filters has bordered on the surreal, such as when the Deputy Children’s Commissioner Sue Berelowitz said, ‘no one should be panicking – but why should there not be a moral panic?’ Or the time when Helen Goodman MP thought parents weren’t capable of switching in filters themselves because, ‘the minute you talk about downloading software, my brain goes bzzzz’. And who can forget Claire Perry MP dismissing overblocking as, ‘a load of cock’?

Against this background of moral outrage and technological incompetence, ORG has been trying to make people aware that filters don’t work, are dangerous for internet freedom and could give parents a false sense of security when it comes to their children’s use of the internet.

But now it looks like Claire Perry has won. Every major internet service provider in the UK has installed default filters that block websites containing material that isn’t appropriate for children. This means that your internet service provider gets to decide what you can or can’t see online, regardless of how old you are.

No laws were passed for this to happen. There was no debate in parliament, just a series of closed meetings, following a report by Claire Perry MP. A report that was sponsored by Christian charity Safermedia and radio broadcaster Premier Christian Media.

This has been done in the name of keeping children safe from pornography, although the filters include a whole load of other categories, including web forums, alcohol, smoking, suicide and anorexia. No one knows exactly which sites are on the list. Recently, the government asked to add secret extremist website lists to the blacklist as well so we can only expect that this list will grow and grow. Then there’s the problem that a whole load of sites get blocked by mistake - from churches (they mention wine!) to political blogs that have been miscategorised as hate speech. And a lot of sites that children should have access to - such as sites on sexual health - are also blocked. Once your website is on a blocked list, there’s no easy way to get off it.

Let’s be honest, no one wants their kids seeing porn or stuff that might upset them but David Cameron’s suggestion of, "one click to protect your whole home and keep your children safe," is deeply irresponsible. It may come as a surprise to Cameron but parents might need to act like grown ups when it comes to adult content. Talking about porn, extremism or self-harming sites might not come naturally to most of us. But we have a responsibility to equip our children with the skills they need to navigate their way in the digital world - just as we do in the non-digital world. Filters don’t do that.

If parents want to switch on filters, that is their choice. But it should be an informed choice and there are alternatives to default filters, such as device-level filters, which are more effective

If parents don’t want filters, they shouldn’t be made to feel ashamed or that they are failing as a parent because they’ve decided to take responsibility for how their kids use the internet. If you don’t have kids, then there is absolutely no reason you should feel pressurised into switching them on. Filters are harmful for people who are browsing for information about domestic violence, safe sex or drugs health but they are not going to stop a tech-savvy teenager who is determined to find adult content.

If it turns out the public don’t want filters to censor what they see online, then politicians will start asking for blocks that are even harder to switch off. They will continue to claim that filters can solve every social ill. We have to discredit this ridiculous idea. We don’t have to put up with censorship just to make their lives easier.

To get this message across we want to produce a high-quality, funny film that will re-start the debate about why filters are a bad idea. It will cost us £12,000 to get this campaign off the ground.

We have launched a campaign on Indiegogo to help raise the money we need and we have less than four weeks to raise it.

Support this film so we can show exactly how stupid filters are.

[Read more] (1 comments)

ORG is running a project to end the imposition of web blocking by ISPs and the Government. Here's how we're getting on and how you can get involved.

Since the start of the year ORG's community of technical volunteers have been turning blocked.org.uk into an automated platform for censorship detection, reporting and research. I joined ORG's staff at around the same time to help support both the project and the community bringing it to life. We are now at a very exciting stage of the project - however there is still a lot of work to be done.

Here's a quick overview of the system we're building, the progress we've made to date, and the many ways in which you can help us finish the job.

Upgrading the website

First of all, we're giving the website itself (www.blocked.org.uk) a facelift, with a new responsive template and graphical design. The form for submitting a URL to check or report as blocked will still be the main feature. New features will include overview statistics, historical data on individual URLs, and a space for user-submitted stories on how censorship affects them.

Behind the Scenes

We're also building a benevolent botnet of "probes", each connected to a different company's broadband line.

When given a URL to test, these probes will check whether it can be reached via their ISPs and report the results to our database.

Visitors to blocked.org.uk will be able to ask the database whether a particular URL is being censored and by which networks. They will also be able to see the blocking history of the URL if it has already been registered, request that the site be checked again, and tell us why this particular site is important to them.

We'll be releasing all this data, and our code, under permissive licenses that let others reuse and build on what we're creating.

What are the next steps?

The new website, the probe software, the databases and the Application Programming Interfaces (APIs - mechanisms that let each part talk to the others) are all at advanced stages of development. We have ordered broadband subscriptions from all the major UK ISPs and these are being commissioned right now. Our next challenge is to link all these components together into a working system.

Achieving this first milestone will make web censorship in the UK more transparent - but we won't be stopping there.

We want to improve the system by experimenting with different sets of URLs to keep an eye on, adjusting retest frequencies, iterating our methods for detecting that a site has been blocked, and generating reports and statistics on filtering methods, behaviour and effectiveness.

How can I help?

All this work is being done by our amazing community of technical volunteers - which you are welcome to join! There's plenty to do, from writing copy to writing software, and you can find out how to get involved on our project website: http://www.blocked.org.uk/help. See you on the mailing list!

[Read more]

In 2010, the coalition announced that they would roll back the surveillance state including the “Ending of storage of internet and email records without good reason”. The coalition is on the threshold of fulfilling that pledge - at least in relation to data held by ISPs. ISPs meanwhile need to clarify what they are doing now that the law is gone.

No doubt, once the coalition settled down, ministers were briefed that the retention of user data was required by European law: so they could easily forget about this pledge. The European Court of Justice has helped the matter along by deleting the law. We sincerely hope that the coalition sticks by its agreement, and does not try to re-legislate data retention back into UK statutes.

As a result of the law’s death, some ISPs are starting to delete their data in Sweden for instance, where this law caused very significant controversy. Authorities there are letting ISPs do this. It is extremely important that we know what actions ISPs are taking. For this reason, ORG has today written to BT, Sky, TalkTalk and Virgin to ask them to explain how they will be treating user data now that the Directive no longer exists:

… these regulations no longer have a valid basis in UK law.  It is our understanding that ISPs therefore should not be retaining user data unless there is some other legal basis for doing so.

We understand that you should only retain personal data such as IP logs and email communications data for legitimate business reasons or specific legal requirements.

In the interests of your customers, please can you:

(1) Confirm that you are not continuing to abide by the now defunct Data Retention Directive and regulations;
(2) Publish a description of the data you will be continuing to collect for business purposes (and how the data assists you) and what time period you will be holding the data for

[Read more]

Yesterday’s invalidation of the Data Retention Directive opens up the question, what do the government and ISPs do next? Both are in a dubious legal situation now that data retention has no legal basis.

The Data Retention Directive is retrospectively invalid: not only is it gone, but in legal terms it never was. The UK Regulations are also gone, as the power for the Secretary of State to pass them under the European Communities Act 1972 (UK legislation) relied on the validity of the original Directive. The obvious conclusion is that, for now, data retention should stop. We have yet to hear any argument that the government could carry on using the ex-directive's powers, although of course it may try.

There may be older legislation that the government could try to use for some elements of data retention, especially S.94 of the Telecommunications Act 1984 which gives powers to order communications data retention, but it’s more likely that the government will need to legislate.

Without the Data Retention Directive, the only likely legal basis for retaining data is for business purposes. The Data Protection Act (DPA) allows for limited retention and processing of personal data, in order to provide you with the services you’ve asked for.

ISPs are in a difficult position if they retain data under the DPA. For retention, they should hold it for business purposes only; and lawful access should be defined by law before they hand it over. We believe they are obliged to stop retaining data  and should destroy any data retained by virtue of the now invalid regulations. If companies continue to retain the data there is a risk that their own customers could launch claims for breaches of the DPA.

The government also needs to clarify whether it is still continuing to pay for retention of data that has no legal basis. Since the UK regulation that authorised these payments are now invalid, under what powers would the government make those payments?

ISPs need to think quickly about liability, retention and government payments; the government may need to legislate. If the government legislates it needs to take the ECJ judgement into account, to avoid having to rewrite the rules again if the EU introduces new data retention legislation. We’ve been given guidance to the limits of surveillance and data retention, including requirements to limit the uses and confine the retention to relevant data. It is essential that the UK takes notice of these requirements.

The government may consider reviving the rump Snooper’s Charter proposals, for data retention in mobile companies, but it is also an opportunity for Parliament to discuss surveillance in the round. The ECJ ruling validates the argument that mass data retention breaches our rights to privacy and protection of personal data, and is very significant for ORG's legal challenge to government surveillance at the European Court of Human Rights. Any new government legislation must limit surveillance to what is necessary for investigation, rather than allow blanket data collection across everyone’s communications. 

[Read more] (7 comments)

There was a major victory for privacy rights today when the European Court of Justice (ECJ) ruled that the 2006 Data Retention Directive is invalid on the grounds that it severely interferes with two of our fundamental rights: the right to respect for private life and to the protection of personal data. 

Under the Directive, telecoms companies were obliged to collect and retain location and traffic data about our personal phone calls, text messages, emails and internet use. They could retain that information for between six months and two years. Today, the ECJ found that the Directive did not define enough restrictions to limit this intrusion to what is "strictly necessary".

Importantly, the ECJ's statement recognises that locations and traffic data about our private communications do, ''provide very precise information on the private lives of the persons whose data are retained”. The argument that metadata somehow does not reveal anything about our lives has often been used to justify surveillance by the state. It was used when the government tried to introduce the Communications Data Bill and again more recently to justify mass surveillance by GCHQ and the NSA. The Court's recognition that this just isn't true is important for those of us fighting against disproportionate and indiscriminate surveillance.

Although the Directive itself has been found invalid, the national legislation brought in to deliver it still stands. However, laws could now be open to challenges and will no longer have the backing of the EU. Open Rights Group will now look into whether we should try and mount a legal challenge in the UK.

[Read more]

We are delighted to announce that our Censorship Monitoring Project has reached and surpassed its funding goal.

The generosity of our supporters raised more than £6500 to support our campaign to end the imposition of web censorship in the UK.

We asked our supporters to donate or join to support the project after we recieved an offer of up £3000 in matched funding. 

Together with sponsorship from ISP Andrews & Arnold and hosting company Bytemark, the backing puts the project on a firm financial footing. We are incredibly grateful for the support of everyone who contributed. Thank you!

We're a small organisation so taking on new projects like this is impossible without funding from our supporters. This is an incredible amount that really makes the difference between this project finishing and not. 

You can still help out - contributions enable us to fund project management and help ensure we can keep the good work going for longer:

Donate with Paypal

What is the Censorship Monitoring Project? 

Last summer the Government pressured UK internet service providers (ISPs) into censoring home-broadband connections to protect children from adult content online. The Government persuaded ISPs that this filtering should be switched on by default. Since early this year most new connections have been made subject to this regime and ISPs will be extending the blocking to their existing customers during 2014.

The Open Rights Group opposes the imposition of default-on web blocking for a number of reasons:

• The filters affect all users of a particular connection yet only one person, the named account-holder, gets to choose how they behave; 

• The lists of blocked sites are secret. It is difficult to tell who's censoring what and why;

• It's hard for website owners and their visitors to get overblocking or underblocking mistakes corrected;

• And since such mistakes are common the filters are no substitute for proper parenting - they may even lull parents into a false sense of security when their kids go online.

We have been running www.blocked.org.uk since 2012 to highlight problems with similar filtering systems on mobile networks. To match the expansion of censorship into our homes we are now expanding the site with tools to help us hold ISPs and the Government accountable.

We want to provide a place where  people can learn about the real effects of web filters and offer both webmasters, and their visitors and users, mechanisms to report problems. We plan to publish an open record of web censorship that can inform a real debate about the extent to which ISPs should be interfering with our rights to freedom of expression and access to information online.

The project is being implemented by a team of volunteers. If you'd like to join them and help make this a reality please visit http://www.blocked.org.uk/help to find out how you can get involved. 

[Read more]

While Nigel Farage and Nick Clegg kicked around old political footballs like immigration on Wednesday night, there was a glaring omission from the debate: digital rights.

Yesterday's net neutrality vote in the European Parliament showed our MEPs have the potential to harm or protect our digital rights.

Just two weeks ago, we were in real danger of MEPs voting for a Regulation that would have allowed a two-tier Internet where big businesses could buy their way to a faster Internet at the expense of the rest of us. Thanks to amendments brought in by pro-digital rights MEPs in the Socialist, Green and Liberal groups, worrying loopholes were closed and Europe moved a step closer to having world-leading net neutrality laws.

This was a massive victory for those of us campaigning for a free, open and democratic internet. But the vote was really close and it could easily have gone the other way.

So when we vote in the European elections on 22nd May, it's crucial that we end up with MEPs that will make the right decisions on digital rights issues.

Open Rights Group is part of the Europe-wide WePromise campaign that aims to help us get just that. It's a simple idea. Candidates sign a comprehensive 10 point Charter of Digital Rights on issues like surveillance, copyright, data protection and net neutrality. Then citizens across Europe try to vote for pro-digital rights candidates.

People who sign the WePromise petition will get an email close to polling day to confirm which candidates have signed the Charter.

You can also put direct pressure on all the candidates in your region by emailing them to ask for their support of the WePromise charter. Candidates are far more likely to pay attention when voters contact them about issues so this is a really effective way of making sure your voice is heard by your prospective MEPs.

Let's make sure we vote in as many pro-digital rights MEPs as possible on May 22nd.

[Read more]