July 06, 2006 | Suw Charman Anderson

What do businesses know about you?

Matt Mower has made a pledge on Pledgebank to write to a supplier - say a mobile phone company - to ask them what they know about him, as per the Data Protection Act, but he needs more people to sign up. The pledge in full:

"I will perform a Subject Access Request (Data Protection Act 1998) to find out what one of my suppliers knows about me but only if 19 other people will too."

— Matt Mower, Product Manager at PAOGA Ltd.

Deadline to sign up by: 24th July 2006 1 person has signed up, 18 more needed

Country: United Kingdom

More details We all know that suppliers hold a lot of information about us and that many of them are careless with it, misuse it, and don't bother to check whether it's correct or keep it up to date. This can have serious negative consequences on our lives and is likely to continue until we take action and do something about it. 

A good start is for us to find out what our suppliers think they know about us and how they are using our data. The Data Protection Act (1998) provides a way for us to do this called a Subject Access Request. It's pretty easy to do (essentially just writing a letter) and should cost no more than £10. 
 You can find more information about the DPA and making Subject Access Requests at the Information Commissioners website, for example:

"Your Information Rights" ( "How to Access Information" (

If this pledge is successful I will make a subject access request on one of my suppliers (e.g. my cell phone provider) and then blog about the process. I'd encourage everyone who takes the pledge, if they can, to write about their experiences too.

[Read more]

July 03, 2006 | Suw Charman Anderson

Protect your bits. Support ORG.

If you've been wanting a 'Support ORG' button for your blog or website, I'm happy to say that we've now created some. In three smashing sizes, you can now exhort your visitors to protect their bits.

Here they are with code that you can cut and paste:


Support the Open Rights Group

<a href="" title="Support ORG"><img src="" width="150" height="36" alt="Support the Open Rights Group" style="border: 0" /></a>


Support the Open Rights Group

<a href="" title="Support ORG"><img src="" width="200" height="47" alt="Support the Open Rights Group" style="border: 0" /></a>


Support the Open Rights Group

<a href="" title="Support ORG"><img src="" width="308" height="70" alt="Support the Open Rights Group" style="border: 0" /></a>

And remember... your bits are vulnerable, but every new supporter we get will help us protect them.

[Read more] (10 comments)

June 19, 2006 | Suw Charman Anderson

ORG Update - what have we been up to?

Last year, over a thousand people pledged a fiver a month to help us set up the Open Rights Group - an organisation to publicise and fight for civil liberties in the digital world. So far, we have around 500 supporters who have been true to their pledge and are giving us a fiver each month. If you are one of those five hundred, thank you. That was enough money to secure our short term future and to begin laying the foundations for the group. But we don't have enough funding to achieve all that we set out to do. In the next six months, we want to expand the work that ORG is doing, and go beyond these first steps. If you haven't yet fulfilled your pledge to ORG, can I ask you to live up to your promise, and send us that fiver? Please become an ORG supporter, and one of the Founding 1000. We need your help to be able to expand and increase our campaigning power. What have we been doing over the last six months? Working on a shoestring and a part-time staff, we've still managed:

With your additional support, we'll be able to expand our work. This year, the UK is facing some significant challenges in the online world:
  • The criminalisation of many intellectual property rights infringements, in the form of the second EU Intellectual Property Rights Enforcement Directive. Accidentally using copyrighted or patented materials in your own work? Under IPRED, you could end up in jail.
  • The implementation of EU Data Retention legislation. Which ISPs are already storing your phone and internet usage on behalf of the police?
  • Pushes to extend the copyright term for sound recordings. Cliff Richard may be all for it, but we think it's bad for music and musicians. We'll be publicising the benefits of public domain, examining the dangers of term extension, and lobbying for the term to remain the same.
  • The introduction of Part III of the Regulation of Investigatory Powers Act, permitting the government to seize private encryption keys. Will it stop terrorists? Or will it just compromise your security?
With your help, we can work to shine more light on these issues, bringing them to the attention of the media, the politicians and the wider public. Please support ORG with just a fiver a month. Your promise is what will let us fulfill ours. But remember, it's not just your money that's valuable, it's you. To get more involved, please join the ORG Discussion list (sign up using the forms in the righthand sidebar) or visit the ORG wiki. And thanks again for your support.

[Read more] (1 comments)

June 19, 2006 | Suw Charman Anderson

Film censors want a stab at the net

The British Board of Film Classification want to have stab at classifying content on the net, a Sisyphean task if ever I heard of one. I couldn't agree more with Simon Davies:

Simon Davies, of Privacy International, which campaigns for freedom of expression, told The Times: “It sounds like the most stupid intervention since the registration of fax machines and photocopiers in communist China.”

Board of censors wants net classified - Times Online

[Read more]

June 19, 2006 | Suw Charman Anderson

Linux User

A few months ago, I started writing a monthly column for Linux User. The first one, Whose Net is it, anyway? is now up online. I'm not sure how long it will be there, or if there will be an archive, so get it whilst it's hot. And, for your delectation, an excerpt:

Just imagine. The sum of all human knowledge available at your fingertips via a desktop machine. In 1985, that would have seemed like a dream. In 1945 when Vannevar Bush posited such a system - the Memex - in his essay As We May Think, it would have seemed like magic. Yet here we are. With Google and a razor sharp search term, you can now access a significant portion of all human knowledge. Indeed, some would say that the World Wide Web has exceeded Bush's original vision: it's not just a repository of information, it's a communications tool that millions of people rely upon every day.

[Read more] (2 comments)

June 15, 2006 | Suw Charman Anderson

ORG on the BBC

The Apple/iPod DRM story seems to be a hot one at the moment. I've just got back from the Apple Store, where I did an interview with BBC journalist Sumant Bhatia. The segment will be on World Business Report on BBC World tomorrow morning, which BBC1 and BBC News 24 air at 0530. After that, it will be repeated on BBC World all day, which you can only get if you're abroad. You should be able to watch it online, however. ORG has had quite a few requests to be on the news, but until now all of the stories they would have wanted us to comment on have been dropped at the last minute. Nice to finally have a story run, though. UPDATE: Hah! Looks like they bumped me for Bill Gates. Still, nice practice.

[Read more] (1 comments)

June 14, 2006 | Suw Charman Anderson

ORG in the FT

In the UK, the Open Rights Group, another consumer protection organisation, has been lobbying MPs to force companies to open up their DRM. “If I buy a car I expect any brand of petrol to work in it. Consumers are starting to see that they can do less with the music they buy,” says Suw Charman, executive director of the group. Crunch time for Apple’s music icon
Props to Cory for the 'do less with' line, which always seems to make the point beautifully.

[Read more] (2 comments)

June 13, 2006 | Suw Charman Anderson

Cryptography and fallacy

The Times has an emotive piece on the implementation of Part III of RIPA, the Regulation of Investigatory Powers Act, which demands that people hand over their cryptographic keys.

The internet has transformed life for billions, making the once time-consuming swift and the once complex straightforward. Unfortunately the beneficiaries include paedophiles who now have a frighteningly easy vehicle with which to peddle the most depraved and exploitative material that would turn the stomachs of those unfortunate enough to come across it. The advance of computer technology now makes it cheap to render such material inaccessible, even to experts in software code-cracking. This is a problem that directly affects the safety of Britain’s children.

Punishing silence - Comment - Times Online

I'm always suspicious of overly emotional pieces like this, because they're full of logical fallacies which are designed to undermine rational argument. The first I spotted is called 'argumentum ad metum', which is Latin for 'giving you the screaming heebie-jeebies' - you can see it in that last sentence about 'the safety of Britain's children'.

There's also a hefty dose of 'argumentum ad odium', which is all about appealing to your hatred of, in this case, people who do nasty things to children. Yes, paedophiles are depraved and exploitative, and yes child pornography would make your stomach turn. But the reason for including that sentence is not to provide you with information, but to whip up your hatred of paedophiles.

The question is not 'are paedophiles bad?', but 'should people be forced to hand over cryptographic keys, and punished when they do not?' By reframing the argument as if it is only about paedophiles, The Times evokes an emotional response that 'yes, paedophiles are bad, so yes, we should have legislation that forces them hand over their keys.'

They fail to consider that of the people using cryptographic keys, paedophiles are in the minority. This is a logical fallacy of it's own called 'secundum quid', which is when you make a hasty generalisation based on a small and unrepresentative sample. The paedophiles are presented as the general problem, and the author ignores all other types of people - such as business people - who use cryptographic keys.

As Ian Brown says, it seems that the Times has had a briefing from the Home Office, resulting in this rather slick paragraph:

Punishing silence is a dangerous concept and should be rejected in all but severe cases. But the consultation paper circulated by the Home Office sets out the hurdles, designed to protect the innocent, which prosecutors would have to jump. For a suspect to be charged and face a prison term of more than two years for failing to unlock computer files, he would have to be a convicted paedophile; his computer would have to contain indecent pictures of children; or there would have to be evidence that he had communicated the encrypted information to someone else. The court would have to be satisfied that the encrypted data was likely to contain illegal images of children. The battle against paedophiles, like that against money-launderers, has been made more complicated by the internet. It is reasonable that law enforcement acquires stronger powers to fight back.

Of course, it's not just paedophiles... it's obviously money-launderers, and before you know it, it will be anyone they fancy. That's what you call 'mission creep'.

(And there you might accuse me of committing the logical fallacy of 'the slippery slope', where you imply that one step in the wrong direction must, perforce, lead to disaster. But when you have a point of principle at stake, then examining the wider ramifications is not a slippery slope argument. The point of principle here is, Should people be forced to give up their cryptographic keys? and if you concede Yes, then any community of cryptography users is at risk and it's fair game to point that out.)

There are a bunch of other fallacies used in this piece, and I'm not even an expert fallacy spotter yet.

'Argumentum ad modum', a call for proportion: "It is reasonable that law enforcement acquires stronger powers to fight back."

'Shifting the burden of proof', which runs through the whole of the article, and says 'prove why we shouldn't demand cryptographic keys' or 'prove that these files aren't evil', rather than proving why we should or why they are.

'Petitio principii', which is basically where your conclusion is the same as your argument, in this case it's that 'police should have access to cryptographic keys because they need to access cryptographically concealed computer files'. This one is quite well dispersed, but it's there in the first paragraph: "Mr A was caught trying to procure a 10-year-old child for sex. Police found in his possession a number of computer files. They almost certainly contained illegal images and further damning evidence. They may also have contained clues. But officers were unable to read them because they were encrypted."

Finally, we have 'half-concealed qualification', a limited claim which is expressed in an inflammatory way so that you don't hear/see the disclaimer: "In recent years, police investigators have run up against encrypted data with increasing frequency. Even if they succeed in getting into protected files, they may be unable to comprehend the contents without a second key. This is more than frustrating when a suspect is in custody and the clock is ticking until he must be charged or released. A dangerous man could be allowed home." In this section, the 'increasing frequency', 'clock ticking' and 'dangerous man' undermine the 'may' which qualifies the existence of the putative second key.

For more on RIPA Part III (which sounds an awful lot like the last installment of a slasher film trilogy), take a look at Spy's blog on the Home Office Consultation, and for background see FIPR's RIPA Information Centre.

[Read more] (1 comments)