April 10, 2014 | Jim Killock

Back to the coalition agreement: data retention laws should not be revived

In 2010, the coalition announced that they would roll back the surveillance state including the “Ending of storage of internet and email records without good reason”. The coalition is on the threshold of fulfilling that pledge - at least in relation to data held by ISPs. ISPs meanwhile need to clarify what they are doing now that the law is gone.

No doubt, once the coalition settled down, ministers were briefed that the retention of user data was required by European law: so they could easily forget about this pledge. The European Court of Justice has helped the matter along by deleting the law. We sincerely hope that the coalition sticks by its agreement, and does not try to re-legislate data retention back into UK statutes.

As a result of the law’s death, some ISPs are starting to delete their data in Sweden for instance, where this law caused very significant controversy. Authorities there are letting ISPs do this. It is extremely important that we know what actions ISPs are taking. For this reason, ORG has today written to BT, Sky, TalkTalk and Virgin to ask them to explain how they will be treating user data now that the Directive no longer exists:

… these regulations no longer have a valid basis in UK law.  It is our understanding that ISPs therefore should not be retaining user data unless there is some other legal basis for doing so.

We understand that you should only retain personal data such as IP logs and email communications data for legitimate business reasons or specific legal requirements.

In the interests of your customers, please can you:

(1) Confirm that you are not continuing to abide by the now defunct Data Retention Directive and regulations;
(2) Publish a description of the data you will be continuing to collect for business purposes (and how the data assists you) and what time period you will be holding the data for


[Read more]

April 09, 2014 | Jim Killock

ISPs will break the law if they continue to retain our data

Yesterday’s invalidation of the Data Retention Directive opens up the question, what do the government and ISPs do next? Both are in a dubious legal situation now that data retention has no legal basis.

The Data Retention Directive is retrospectively invalid: not only is it gone, but in legal terms it never was. The UK Regulations are also gone, as the power for the Secretary of State to pass them under the European Communities Act 1972 (UK legislation) relied on the validity of the original Directive. The obvious conclusion is that, for now, data retention should stop. We have yet to hear any argument that the government could carry on using the ex-directive's powers, although of course it may try.

There may be older legislation that the government could try to use for some elements of data retention, especially S.94 of the Telecommunications Act 1984 which gives powers to order communications data retention, but it’s more likely that the government will need to legislate.

Without the Data Retention Directive, the only likely legal basis for retaining data is for business purposes. The Data Protection Act (DPA) allows for limited retention and processing of personal data, in order to provide you with the services you’ve asked for.

ISPs are in a difficult position if they retain data under the DPA. For retention, they should hold it for business purposes only; and lawful access should be defined by law before they hand it over. We believe they are obliged to stop retaining data  and should destroy any data retained by virtue of the now invalid regulations. If companies continue to retain the data there is a risk that their own customers could launch claims for breaches of the DPA.

The government also needs to clarify whether it is still continuing to pay for retention of data that has no legal basis. Since the UK regulation that authorised these payments are now invalid, under what powers would the government make those payments?

ISPs need to think quickly about liability, retention and government payments; the government may need to legislate. If the government legislates it needs to take the ECJ judgement into account, to avoid having to rewrite the rules again if the EU introduces new data retention legislation. We’ve been given guidance to the limits of surveillance and data retention, including requirements to limit the uses and confine the retention to relevant data. It is essential that the UK takes notice of these requirements.

The government may consider reviving the rump Snooper’s Charter proposals, for data retention in mobile companies, but it is also an opportunity for Parliament to discuss surveillance in the round. The ECJ ruling validates the argument that mass data retention breaches our rights to privacy and protection of personal data, and is very significant for ORG's legal challenge to government surveillance at the European Court of Human Rights. Any new government legislation must limit surveillance to what is necessary for investigation, rather than allow blanket data collection across everyone’s communications. 

[Read more] (7 comments)

April 08, 2014 | Pam Cowburn

Victory for privacy rights as ECJ rules that Data Retention Directive is invalid

There was a major victory for privacy rights today when the European Court of Justice (ECJ) ruled that the 2006 Data Retention Directive is invalid on the grounds that it severely interferes with two of our fundamental rights: the right to respect for private life and to the protection of personal data. 

Under the Directive, telecoms companies were obliged to collect and retain location and traffic data about our personal phone calls, text messages, emails and internet use. They could retain that information for between six months and two years. Today, the ECJ found that the Directive did not define enough restrictions to limit this intrusion to what is "strictly necessary".

Importantly, the ECJ's statement recognises that locations and traffic data about our private communications do, ''provide very precise information on the private lives of the persons whose data are retained”. The argument that metadata somehow does not reveal anything about our lives has often been used to justify surveillance by the state. It was used when the government tried to introduce the Communications Data Bill and again more recently to justify mass surveillance by GCHQ and the NSA. The Court's recognition that this just isn't true is important for those of us fighting against disproportionate and indiscriminate surveillance.

Although the Directive itself has been found invalid, the national legislation brought in to deliver it still stands. However, laws could now be open to challenges and will no longer have the backing of the EU. Open Rights Group will now look into whether we should try and mount a legal challenge in the UK.

[Read more]

April 07, 2014 | Ruth Coustick-Deal

We're making web censorship more transparent - thanks to you!

We are delighted to announce that our Censorship Monitoring Project has reached and surpassed its funding goal.

The generosity of our supporters raised more than £6500 to support our campaign to end the imposition of web censorship in the UK.

We asked our supporters to donate or join to support the project after we recieved an offer of up £3000 in matched funding. 

Together with sponsorship from ISP Andrews & Arnold and hosting company Bytemark, the backing puts the project on a firm financial footing. We are incredibly grateful for the support of everyone who contributed. Thank you!

We're a small organisation so taking on new projects like this is impossible without funding from our supporters. This is an incredible amount that really makes the difference between this project finishing and not. 

You can still help out - contributions enable us to fund project management and help ensure we can keep the good work going for longer:

Donate with Paypal

What is the Censorship Monitoring Project? 

Last summer the Government pressured UK internet service providers (ISPs) into censoring home-broadband connections to protect children from adult content online. The Government persuaded ISPs that this filtering should be switched on by default. Since early this year most new connections have been made subject to this regime and ISPs will be extending the blocking to their existing customers during 2014.

The Open Rights Group opposes the imposition of default-on web blocking for a number of reasons:

  • The filters affect all users of a particular connection yet only one person, the named account-holder, gets to choose how they behave; 
  • The lists of blocked sites are secret. It is difficult to tell who's censoring what and why;
  • It's hard for website owners and their visitors to get overblocking or underblocking mistakes corrected;
  • And since such mistakes are common the filters are no substitute for proper parenting - they may even lull parents into a false sense of security when their kids go online.

We have been running since 2012 to highlight problems with similar filtering systems on mobile networks. To match the expansion of censorship into our homes we are now expanding the site with tools to help us hold ISPs and the Government accountable.

We want to provide a place where  people can learn about the real effects of web filters and offer both webmasters, and their visitors and users, mechanisms to report problems. We plan to publish an open record of web censorship that can inform a real debate about the extent to which ISPs should be interfering with our rights to freedom of expression and access to information online.

The project is being implemented by a team of volunteers. If you'd like to join them and help make this a reality please visit to find out how you can get involved. 

[Read more]

April 04, 2014 | Ed Johnson-Williams

Defend your digital rights in the European elections this May

While Nigel Farage and Nick Clegg kicked around old political footballs like immigration on Wednesday night, there was a glaring omission from the debate: digital rights.

Yesterday's net neutrality vote in the European Parliament showed our MEPs have the potential to harm or protect our digital rights.

Just two weeks ago, we were in real danger of MEPs voting for a Regulation that would have allowed a two-tier Internet where big businesses could buy their way to a faster Internet at the expense of the rest of us. Thanks to amendments brought in by pro-digital rights MEPs in the Socialist, Green and Liberal groups, worrying loopholes were closed and Europe moved a step closer to having world-leading net neutrality laws.

This was a massive victory for those of us campaigning for a free, open and democratic internet. But the vote was really close and it could easily have gone the other way.

So when we vote in the European elections on 22nd May, it's crucial that we end up with MEPs that will make the right decisions on digital rights issues.

Open Rights Group is part of the Europe-wide WePromise campaign that aims to help us get just that. It's a simple idea. Candidates sign a comprehensive 10 point Charter of Digital Rights on issues like surveillance, copyright, data protection and net neutrality. Then citizens across Europe try to vote for pro-digital rights candidates.

People who sign the WePromise petition will get an email close to polling day to confirm which candidates have signed the Charter.

You can also put direct pressure on all the candidates in your region by emailing them to ask for their support of the WePromise charter. Candidates are far more likely to pay attention when voters contact them about issues so this is a really effective way of making sure your voice is heard by your prospective MEPs.

Let's make sure we vote in as many pro-digital rights MEPs as possible on May 22nd.

[Read more]

April 03, 2014 | Jim Killock

Join to found ORG Scotland

Last month, we asked our Scottish supporters whether we should set up an office to deal with policies from Holyrood.

The support was pretty overwhelming. Nearly everyone thought it was a good and important idea, people offered their help, and others listed IT projects and policies that concerned them, some of which we hadn't heard about before. We knew from our activists in Scotland that the government approach to digital matters seems to be very centralising, but we haven't been able to work on these issues to find out how concerning these policies really are.

This week I'm in Scotland talking to our supporters and Scottish policy makers asking them what they think is needed from a group like ORG. At the moment, there seem to be a range of very real concerns:

  • The lack of a strong voice advocating for privacy-respecting government IT
  • Projects including Entitlement Cards, data sharing, health data and measures to block sectarian websites
  • Attacks on Freedom of Information in Scotland
  • The lack of a digital rights debate in the referendum campaign

ORG obviously cannot and would not take a position on Scottish independence, which is a matter for the Scottish people, not a digital rights organisation. Nevertheless, we think politicians that are both for and against independence need to explain how citizens rights will be protected in their vision for the future.

It's clear the UK has failed to protect digital rights in many key respects, including by instigating secret mass surveillance. How would an independent Scotland differ? And does the track record of the devolved regime so far point in the right direction?

While we think ORG has a strong role to play in both a devolved and an independent future, we are also worried by the lack of a strong network of rights organisations in Scotland. Currently, there are very few organisations dealing with these issues, most of whom are also quite under resourced. Many UK organisations dealing with other policy areas have set up offices in Scotland, but this is less true for human rights groups.

Meanwhile, the most important thing is that ORG hears from you. First, we need you to join so we can hire staff in Scotland to work on policy and campaigns. Secondly, we need you to tell us what you think we should be doing, and how you can help.

We're holding a discussion day on Saturday May 10th in Edinburgh: keep the date free, and come along if you can!

If you are an existing ORG supporter who would like to support the project, you can increase your donation and tell your friends about it.

Twitter Share Button  Facebook Share button  Google Plus Share button

[Read more]

March 28, 2014 | Jim Killock

Copyright: it's a long fight to get it right

Copyright is an important part of our legal framework. For many artists, it helps them control and negotiate profits flowing from the use of their work, in all kinds of media. Since the advent of digital technology, it has been hard to square the legal right to stop people copying text, pictures, video and audio with the technological realities. The global companies dependent on copyright revenues have also had a hard time learning that in the Internet era, customers are likely to decide the terms you play on, rather than the rights holders.

The result is that ORG has been fighting since 2005 for sensible copyright laws, and resisting overblown attempts by rights holders to control the flow of information on the Internet. The biggest such push in the UK has been the three strikes regime introduced in the Digital Economy Act 2010, a strategy so difficult to implement that it still hasn't fully taken shape.

Let's take the question of how the digital world and copyright come into conflict. Copyright is a right to stop people making copies, starting with books in the 1709 Copyright laws. However, copying is just what computers do, when they back up, move data across networks, when a file is read into memory, or you look at a website. EU Copyright has "exceptions" to allow "transient or incidental" copying. It's the only compulsory European copyright user right.

Still, it has taken arguably 20 years for the law to catch up with the advent of the MP3 revolution, as computer users started to copy their legally purchased music onto hard drives in compressed formats. It's long been a part of everyday life, but only yesterday did we get the final signal that UK copyright law would be updated to reflect our everyday use of legally purchased copyright works.

Part of the reason is that many "format shifting" exceptions come along with a "compensatory" levy: in much of the EU you pay, via an ipod tax, for the right to copy your music. The UK has rejected this idea, but they may have a fight on their hands. In any case, the push for compensation explains much of the delay.

The data mining exception, to allow researchers to check through electronic texts they have licensed, and the parody exception are also reactions to the new possibilities of use and creation that come with the digital age. Parodies are part of everyday Internet expression. While the exception may not end legal uncertainty, and may yet prove not to be wide enough, it is a huge step forward.

At this point, it's worth remembering that DVDs and other 'copy protected' works still won't be legally format shifted. You will, however, be able to ask the Secretary of State to help you obtain new personal copies!

Format shifting and parody were both supported by ORG in the 2006 Gowers Review, and again in the 2011 Hargreaves Review, which we are now finally seeing implemented. Back in Gowers, the report also recommended that copyright terms stay the same: which was ignored after rights holders pushed for an increase in for sound recording copyright from 50 to 90 years; we eventually got a 70 year term. Not very coincidentally this protects revenues from Beatles' sound recordings; unfortunately it also means a lot of 1960s music will likely remain out of print and inaccessible to the public.

Gowers did recommend greater online enforcement, including a possible three strikes arrangement, which became law as the Digital Economy Act 2010. This was the major part of Gowers that ORG disagreed with. However, in the DEA Lords debates, they noticed that questions like format shifting had still not been resolved, which led back to calls for the next review under David Cameron's administration, in 2010, known as the Hargreaves Review. It may even have been mentioned in the truncated three hour Commons debate before washup.

You might ask, why does it take repeated independent reviews to settle questions of copyright, when things like format shifting and parody are so obviously needed? The reason seems to be the extraordinary pressure that government is put under by copyright lobby groups, including the BPI and Motion Picture Association (MPA).

These groups push for term extension, enforcement measures, argue against exceptions or attempt to narrow them and insist compensatory levies are imposed. They have run a campaign claiming the Intellectual Property Office is anti-intellectual property, because it believes in greater exceptions. Most recently, a report by the IPPR noted to have been funded and advised upon by these groups concuded that:

the government should not proceed with the planned introduction of a series of new copyright exceptions at this time. The benefits of them are unproven, and their risks uncertain (Culture, media and sport select committee 2013). In the case of a private copying exception (to allow consumers to transfer content from CDs to digital storage) there is a clear risk that the government will pass laws to enable a form of consumer behaviour that is rapidly becoming technologically out of date.

The copyright lobby groups have international political power, and have been instrumental in creating measures such as TRIPS and push for measures like ACTA. In the USA the representatives of the same companies pushed for Internet censorship measures in SOPA and PIPA.

They are very powerful, politically influential and hard for governments to deal with rationally. This is why reviews are set up: a balanced view is easier to obtain, independent of long lobbying strategies. However, even after the reviews conclude, it is why implementation takes so long, as groups bargain, cajole, oppose and lobby.

Still, these exceptions represent a significant victory for copyright, even if copyright lobby groups don’t see it. Copyright comes into conflict with free speech and customer expectations, so to remain legitimate it needs significant user rights. When those rights are met, copyright can achieve greater legitimacy and acceptability, can claim to be fair and reasonable, and continue to claim widespread support. If the copyright lobby groups continue to complain about these very sensible and modest new user rights, remember that they are arguing against their better interests.

[Read more] (1 comments)

March 27, 2014 | Ed Johnson-Williams

Thanks to ORG supporters copyright takes a great leap forward into the 21st century

Good news! After pressure from ORG supporters over the last week, the Government has just published its proposed changes to copyright law.

This is a big victory for ORG. We've long argued that UK copyright law wasn't fit for the digital age and this is a big step in the right direction.

The new laws will finally give us the right to parody and legalise personal copying of our digital media. We're also seeing important changes allowing non-commercial research to carry out text and data mining.

The laws should come into force on 1st June but we're not done yet. MPs and Peers first have to approve them. We'll let you know when the debates and votes are as soon as we find out.

It's taken a lot of work to get to this point.

Back in February 2011 we made an important submission to Professor Ian Hargreaves' Review of Intellectual Property. Professor Hargreaves then published recommendations on copyright that the Government accepted and were the basis of the changes that they published today.

Despite promising to bring the changes in, the Government were very slow to make the reforms. In November last year ORG wrote to them urging them to get a move on. Lord Younger replied in December promising them "in the New Year" to come into force this April.

But again, the reforms were slow in coming. So over the last week ORG supporters sent over 350 unique emails to Vince Cable and Lord Younger demanding that they publish the changes to copyright.

It's been a long fight and we're nearly there. We now need to make sure MPs and Peers back the laws so we can finally get on with making parodies and transferring our CDs onto MP3 players without breaking the law!

We'll do a fuller write-up of the changes in the next few days but here's a quick summary of the two new copyright exceptions that we campaigned for over the last week.

The parody exception is fairly simple. The draft law itself is only two pages long! It says that using a work "for the purposes of caricature, parody or pastiche does not infringe copyright in the work." It also makes clear that contracts can't be written to make using a work for parodic purposes an infringement of copyright.

Personal copies for private use
The personal copies exception is a bit more complicated. It will finally allow you to make back up copies of music, films or ebooks you have purchased or been gifted. That doesn't include computer programmes though. You can also convert your files to another file format or to play on a different device. And you can make personal copies of your files in the cloud.

There are limitations on the copying. For example, you cannot pass these copies or the original files on to another person. And you can't make any commercial gains from making the copies either.

The new legislation brings in restrictions on rightsholders or vendors imposing technical or contractual measures to stop you from making private copies. This is one area where we'll be looking for greater clarity on how to interpret the new law.

[Read more]