February 11, 2014 | Peter Bradwell

Join our new campaign to fight mass surveillance

Today, alongside an unprecedented coalition of leading privacy and human rights groups, we're launching Don't Spy On Us. We need your help.

You can learn more about the new campaign, sign our petition and email your MP at our new Don't Spy On Us campaign site.

Since 5th June last year we have read a series of revelations about the reach and power of our surveillance agencies. We've learnt about blanket collection of all sorts of digital information and the sharing of this data between the US and UK.

Our intelligence agencies do vital work for which we should all be grateful and which we all benefit from. But for Open Rights Group, and many others like us, the stories showed surveillance agencies exploit laws that have been rendered out of date by technology to collect too much information about too many people with too little democratic oversight.

The revelations can leave you feeling a bit powerless. You know something seems really wrong, but can you do anything about how our most secretive and powerful institutions work? How do you even begin to change how so many laws, programs and oversight bodies work?

Today our fightback begins in earnest. With our new campaign, Don't Spy on Us, we're intent on ending the blanket surveillance we've heard about because of Edward Snowden. Alongside our campaign partners, we want to change our archaic surveillance laws. We need your help.

We've got new demands for how the government can act quickly to make sure surveillance carried out in our name respects our privacy rights.

We're setting out six powerful principles that we want surveillance law to stick to. We're calling for an inquiry to be concluded before the election, and for the government to then proceed with legislation that upholds the principles we've set out.

This need to start happening now. Not in a few years after some drawn out mega inquiry, or in three Parliament's time. The government has to start listening now, accept the need for reform and commit to changing how our intelligence services work and are governed.

We've got an ambitious plan. But we can do it. We will need your help. We hope you'll want to join us and be part of such an important campaign.

You can help now by signing our petition and emailing your MP. You can do both at our new campaign site. Tell your friends, tell your family, tell your colleagues.

[Read more]

February 07, 2014 | Ed Johnson-Williams

Don't Spy On Us - Help get the word out!

GCHQ from the airOn Tuesday, internet users all over the world are standing up to say no to GCHQ and the NSA's mass surveillance. Over the last eight months we've heard plenty about how intelligence agencies monitor us on the Internet.

Our surveillance laws have let the intelligence agencies extend their reach deep into our private lives.

Tuesday 11th February is The Day We Fight Back.

As part of this global day of action against mass surveillance, Open Rights Group, Liberty, English PEN, Privacy International, Article 19 and Big Brother Watch are coming together to launch Don't Spy on Us.

On Tuesday, we'll be launching Don't Spy On Us and calling for:

  • an independent inquiry into UK surveillance to report before the General Election
  • a new law that will fundamentally reform the way GCHQ carries out mass surveillance

In the meantime, could you promise to send a Tweet or post a Facebook status on Tuesday to help get the word out about the Don't Spy On Us campaign? If enough people make that promise, we'll be able to make Don't Spy On Us appear on social media timelines around the country and the world.

It only takes a minute. Take action here.

Open Rights Group and the other campaign groups working with us on the Don't Spy On Us campaign were integral to getting last year's Snoopers Charter blocked. But after the Snowden revelations, we know that the challenge of stopping GCHQ's mass surveillance is much greater.

Hundreds of people tweeting and posting Facebook statuses at once on Tuesday will really help grab lots of people's attention - people who don't always pay attention to privacy concerns and mass surveillance.

We're relying on all our supporters to spread the word about the campaign and build the pressure on the decisions-makers in Government.

Pledge now to send a Tweet or post a Facebook status on Tuesday morning!

Image by the Ministry of Defence under the Open Government Licence v1.0

[Read more] (2 comments)

February 04, 2014 | Jim Killock

You did it!

Over 200 people joined ORG – raising enough to pay for two extra days so we can hire a full time Legal Director.

help hire a legal directorYou can still help out – there are always extra costs, including rent and fees for legal publications, that an extra contribution can cover costs for.

This is the biggest spike in membership in a single month that we've seen since hundreds of people joined after the passing of the Digital Economy Act – which is still not implemented, thanks to your work showing how bad the legislation is. And yesterday, Parliament continued their work repealing the dangerous website blocking powers the DEA still contains.

ORG's supporters have grown from just over 1500 a year ago to past 2100 today – that's 40% growth in a year. Your funding means we can now start a full-fledged legal track, as well as continue the campaigning work we do on privacy, surveillance, filtering and free speech.

We've ambitious ideas for the future: there's much more to be done. We need greater depth to our policy, campaigns and expertise. We've been thinking about the kinds of changes we need to see – so more of this later. For now, we'd just like to say thank you to everyone who joined, rejoined or increased their contribution. You've made an enormous step forward possible.

[Read more]

February 03, 2014 | ORG Law project

Our lawyers want to have a word with you

We are lawyers who work with the Open Rights Group. You and the Open Rights Group can make a huge difference in the UK and European courts, defending your digital rights.

Help hire ORG's Legal Director

That’s why we are asking you to join ORG today, so they can hire a Legal Director. We need just a few more people to hire them full time.

But perhaps it’s best if we explain in our own words:

“The appointment of a legal director will make a real impact on the work of the Open Rights Group.  It has never been more important to have informed interventions at the High Court and appeal courts on matters to do with digital rights.

“I know from my own experience as appeal solicitor in the “Twitter Joke Trial” the difference it makes when courts properly understand technological issues, especially when imposing criminal liability on the citizen”

David Allen Green, solicitor at Preiskel & Co LLP and member of Advisory Council, ORG.

“In the US, digital freedoms have been fought for and won in historic legal battles such as Reno v ACLU  and countless smaller cases where the EFF and other digital rights groups have helped take on cases involving freedom of speech online, privacy online, cyber- harassment, vindictive copyright enforcement and so on. In the UK until now civil society has never had the capacity to take such important legal cases. Help ORG hire a Legal Director to change this and bring UK law into the 21st century.”

Dr Lilian Edwards, Professor of Internet Law at Strathclyde University and ORG Advisory Council 

“ORG is a vital partner with EFF in addressing mass surveillance. Just as GCHQ and NSA work together, it's increasingly critical that we strengthen the capabilities of groups on both sides of the Atlantic to push back to regain our privacy and free speech.”

Cindy Cohn, Legal Director, Electronic Frontier Foundation

“There is no doubt that Parliament and the Courts have struggled with the challenges posed by the explosion of online interaction and the growing importance of rights in an increasingly digital world. Decisions made now will shape the approach that the Law takes for decades and possibly longer. This is a key moment. ORG speaks up for those whose interests are usually discounted when it comes to governmental and judicial policy making – it speaks up for you and everyone else who lacks a vested interest and a lobbying budget. A Legal Director is exactly what ORG needs at exactly the time we all most need ORG.”

Seán Jones, barrister at 11KBW Chambers

“The law can be an instrument of repression but it can also be a powerful tool for change. Your support for ORG's Legal Director post can make a real difference in the fight for digital freedom in the UK.”

Eric Metcalfe, barrister at Monckton Chambers and former director of human rights policy at JUSTICE

“Please help with the appointment of a Legal Director for the Open Rights Group. In my personal experience, ORG have initiated valuable interventions on civil liberties issues affecting millions of adults in the UK, such as filtering.”  

Myles Jackman, Law Society Junior Lawyer of the Year and Consultant Solicitor-Advocate at Hodge Jones and Allen LLP 

"As an American lawyer I've seen how important it is to have boots on the ground to defend civil liberties in court.  Even when the underlying law itself is designed to protect civil liberties, being able to appeal directly to the courts may be the only way to keep them protected not just in theory but in practice." 

Cathy Gellis, US Tech and civil liberties lawyer

“I have had the honour of working with ORG to do some marvellous work: both intervening in high profile cases and working behind the scenes to help individuals who have fallen foul of laws that were not or should not have been drafted for the modern digital world. I am convinced that ORG could do so much more with the assistance of a full-time legal director and I am excited by all the things that ORG could do if it had one. Money pledged for this purpose will be money well spent.”

Francis Davey, Independent barrister and ORG legal volunteer

We need just a handful more people to join to make this project happen. Please help us hire a full time Legal Director by joining the Open Rights Group today!


ORG Legal volunteers and ORG Law group

[Read more]

January 29, 2014 | Cory Doctorow

Open Rights Group and impact litigation

I’m writing this blog today ORG has an unprecedented opportunity to make a difference to the world's digital future -- a chance to argue before the European Court of Human Rights in coalition with Big Brother Watch and English PEN, in a crucial case over GCHQ's lawless program of indiscriminate, total Internet surveillance.

cory-doctorow-cc-by-joiThis case not only marks a chance to make a change for better—it also marks a new stage in ORG's growth as an organisation that makes the Internet safe for human habitation. 

But we can't do it without your help.

I was working for the Electronic Frontier Foundation when I helped found the Open Rights Group. EFF is an American digital rights group with a long tradition of winning important fights, using a variety of innovative tactics — but one of the most effective tools in its toolchest was "impact litigation."

Impact litigation uses consitutions as a back-door into the legislative system. The rich and powerful can buy themselves any number of unjust laws through the front door, or even commit crime by impunity by declaring themselves to be above the law.

That's where impact litigation comes in. Rather than trying to get 20,000,000 or so voters to scare the pants off of elected representatives and force them to do what's right for the people they represent (rather than the powerful interests by whom they've been captured), an impact litigator asks a judge to find the conduct unconstitutional, and thus illegal. At the stroke of a pen, a bad law can be killed in its tracks.

Impact litigation can be costly. Top lawyers don't come cheap, and the government has the power to drag out legal action for years, trying to bankrupt its opposition.

But impact litigation can win victories that simply can't be won in any other way. In areas where rallies, phone calls, letter-writing and logic hold no sway, a single, well-placed legal action can move mountains.

You'll have seen that the European Court of Human Rights is forcing the UK government to reply to the case that we brought over GCHQ's warrantless, lawless, mass-scale Internet spying. With this court action, we have to chance to cut through all the self-serving secrecy and scare-stories about terrorist bogeymen, and straight to the heart of the matter: the right of the law-abiding people of all nations to go about their daily lives unmolested, unsurveilled, undocumented and free.

That's where you come in. Supporting a full-time legal director is a major step for ORG, a new tactic in our arsenal, a way to make a real and lasting difference.

We can't do it without your support

Can you help ORG carry on using impact litigation by joining today?

The more people who join ORG in the next week, the more time the new Legal Director will be able to spend defending your digital rights in the courts.

Lots of people have already joined ORG this month already so just 60 (Update - 32) new supporters would take the Legal Director would make the post full-time.

0 new supporters = 4 days a week
60 32 new supporters = 5 days a week

Can you join Open Rights Group today?

Many thanks,

Cory Doctorow


Cory Doctorow
Co-founder and Advisory Council Member
Open Rights Group


[Read more]

January 23, 2014 | Peter Bradwell

What's happening to your medical records and how you can opt out

The NHS has been going through some fairly radical changes. This will affect who can see your medical records and what they can do with them.

Where your records will be stored, the people deciding who has access to them, the reasons people can access them - all of these things are affected by what's happening.

And it is happening now.

You have the opportunity to opt out of your medical records being used in this way. But you have to actively opt out. If you don't want your medical records to be part of the new system from the start you need to opt out soon.

If you're just looking for details about how to do that, I'd suggest heading over to medConfidential, who have produced information about what the changes mean and a guide to opting out with forms for doing so

There's also lots of really useful information up on Dr Neil Bhatia's site and information on how to opt out, again with an opt out form (in pdf format), should you decide that's what you want to do.

More on what is happening to your records

The NHS are making some big changes to how very sensitive information about us is handled - information about which many people feel understandably protective and worried.

The story about what is happening is fairly long. But most simply put, your medical records, in identifiable form, will be extracted from GP surgeries. They will be held centrally and then made available, in certain circumstances, to a variety of people and institutions from university researchers to think tanks and businesses. The data will be available in different forms for different purposes - sometimes 'anonymised', sometimes 'pseudonymised', sometimes identifiable. There will be various conditions that those wishing to apply for access to the data must meet.

medConfidential say this will "fundamentally alter the concept of doctor-patient confidentiality" - which sounds fair, if only because now there are many more people involved in deciding who can access your medical records, and more people who can potentially do so. 

If you'd like to read NHS England's explanation of what's happening and why they think this is a good idea, read their information page, the patient FAQ and the article written by their Chief Data Officer.

Like medConfidential, lots of people have become extremely concerned about the way these changes are happening. The issues include how much of an informed choice people can make, the faith placed in 'anonymisation' techniques, and who will be able to access records and for what purposes.

What choice do we have?

One of the most pressing issues is whether we have a proper choice about whether our records are part of the new system. 

Well, you can opt out. If you don't do anything, your data will be uploaded to the new system. NHS England say you can change your mind later.

(Update: Phil from medConfidential has pointed out that whilst they say you can change your mind, once your data has been uploaded to HSCIC it will never be deleted and will always be available for subsequent matching on its systems.)

Of course you can only opt out of something that you know is happening. So the opt out approach relies on people knowing what is going on, and having some way of telling the health service what decision they have taken. That places a responsibility on the NHS to provide people with clear and comprehensive information, and to try to make sure people see it.

The NHS fell short of the mark here. Their approach looks like it is more about selling the idea and minimising opt outs than helping people come to informed decisions.

They are sending leaflets, supposedly to every household in the county, with an overview of the benefits of sharing more information. The leaflet is also available as a pdf from the NHS website, with more detail on an information page. Dr Geraint Lewis, the NHS England Chief Data Officer, has posted an article explaining more about how the new system will work and its benefits. There's an FAQ pdf too, which gives a little more detail. 

The leaflet and website read more like a sales pitch for the new system, and are both light on specifics. The leaflet also implies people need to make appointments with the GP surgery to discuss options for opting out - however this is not true. An appointment is not necessary. 

medConfidential and Dr Neil Bhatia have both pointed out some of the shortcomings with the leaflet and information campaign - some of the things that it doesn't mention or explain properly. 

It has been left to medConfidential, Dr Bhatia and others to provide people with clear, detailed and comprehensive explanations about what is happening, and to make it absolutely clear how people can opt out of the scheme. Following the pressure they have applied, it seems the NHS is trying to up their game.  

medConfidential and Dr Bhatia also raise extremely important questions about other aspects of the system, including the problems with a reliance on anonymisation, and concerns about who will have access to identifiable information and for what purposes (see medConfidential's explanation of how paid for access to information will work.)

Here's some more useful articles with information and opinion about what's going on:

1. An editorial from last week in Nature, criticising how 'people's right to opt out has been greatly downplayed.' 

2. The Guardian this week reported on concerns about access that insurance and drug companies. 

3. Jane Fae on openDemocracy, arguing that we're in danger of sleepwalking into a big information grab. 

4. Ross Anderson on opting out - he notes that "if you don't opt out your kids in the next few weeks the same will happen to their data, and they will not be able to get their data deleted even if they decide they prefer privacy once they come of age." 

5. Jon Baines, of, on why he's worried about the new system and has opted out. 

6. Roy Lilley, giving a run down of what he sees is happening and why the Department of Health could have run the opt out better 

7. An article about an Early Day Motion tabled by MP Roger Godsiff in the House of Commons, following news that 2,400 people have called the customer hotline with concerns about the system since January 6th. 

Of course there are benefits to various innovative uses of medical data. And it's obvious that there are ways to improve how health related information is used. 

But with such fundamental reforms patients should be at the heart of the system, and reforms should be happening with their consent. 

Whatever you think of the merits of the new system, it's hard to escape the conclusion that the way the transition has been handled so far is below standard. Looking at how patients' attitudes and opinions are being built in to this process, it seems the NHS are trying to minimise how many people opt out because they are institutionally so convinced of the benefits of greater data sharing.

This is probably counterproductive, too.  It will surely, for some people, raise doubts about the principles and motivations guiding future decisions about how their medical data will be used. 

If you want to opt out, you can use the forms that medConfidential and Dr Bhatia have made available. You can change your mind at a later date.

More background to relevant NHS changes

As mentioned above, medConfidential have produced a helpful guide to what's happening, including information about changes to the NHS and who is in charge of overseeing the use of health records.  

The King's Fund have produced an explanation of what's happening to the NHS in the form of an animated video, which is helpful for background on what the NHS is going through. 

[Read more] (2 comments)

January 15, 2014 | Peter Bradwell

How to complain about mobile filtering over-blocking

The British Board of Film Classification (BBFC) is now involved in how mobile internet filtering works. In this post we explain what role they have and how you should be able to get over-blocking problems fixed.

Yesterday we had a very helpful meeting with the BBFC. Last year they took on an important role dealing with mobile Internet filtering. You can read about it on their website.

Over Christmas there was an awful lot of understandable concern about mobile filters, especially the ‘Parental Control’ filters provided as an optional service by O2. We wrote about this at the time, but for now it’s worth repeating that one of the biggest lessons was that mobile networks don’t do a good enough job of explaining how their filters work, why and how they make decisions about what gets filtered, and how people can complain. 

I thought it would be helpful to explain what role the BBFC now has, and explain how the process for complaints about over-blocking (or under-blocking) is supposed to work.

The BBFC’s role involves three things: 

1. Setting a framework that describes what should be considered adult content for the purposes of mobile phone filtering. They have defined a set of categories and explained what content will be considered blockable.

2. They offer advice to the mobile networks when they are setting their filters.

3. They run an appeals process, which is designed to resolve disputes about over- or under-blocking.

The BBFC do not classify individual sites for mobile networks or run a first-stage complaints process.  And they aren't responsible for the decisions that mobile networks make about implementing the framework. It’s also important to point out that their framework and complaints procedure only applies to networks’ under 18 filters - their default safety level - and not to other services provided for different age groups. For example, they do not regulate O2’s Parental Controls, which is an optional service designed for those under 12.  


How you can complain about overblocking

1. You should be able to complain direct to the relevant mobile operator. The BBFC have helpfully provided email addresses for each mobile network, which is where you should direct complaints about overblocking or underblocking in the first instance. This contact information should also be on the mobile operators’ websites. In some cases it isn’t, however. For example, at the moment, O2 point people at their Twitter account or forum. As we saw over Christmas, those are not helpful channels. 

2. If you do not get a satisfactory resolution from the mobile network, you can then appeal to the BBFC. Details about how to do this are on the BBFC website. BBFC have committed to resolving the complaints they receive in five working days.


What will happen after a complaint?

If the BBFC agree that a site should not be blocked by under 18 filters, in the case of over blocking, then they will inform the mobile network, who should then remove the site from their block list. The BBFC told us that in the cases they have handled so far, the networks have responded fairly quickly to these notifications.

The same applies for under blocking - i.e. if the BBFC decide a site should be blocked, they will inform the network and it should be added to the block list.

Things are slightly complicated with overblocking because at the moment, mobile networks are allowed to block more categories than the BBFC have set out. 

So even if the BBFC decide that a site should not be blocked against the BBFC criteria for over 18 content, the mobile networks might decide that the site should still be blocked because it falls under their additional categories. 

For instance, we believe most networks block information about ‘circumvention’ technology, which might help people learn how to get round blocking, even though such information is not considered blockable by the BBFC. Networks also used to block content related to tobacco or alcohol, but the BBFC framework specifically excludes sites that supply age restricted goods or services such as tobacco or alcohol. We are not currently sure if any of the networks continue to block alcohol and tobacco. 

That may lead to a fair amount of confusion if the BBFC decide something should not be blocked but the mobile network decides it still fits one of their additional categories. This is made more tricky for consumers or website operators because the mobile networks don't publish what categories they block, so it's impossible currently for someone to know in advance of any complaint.


Mobile networks need to be more transparent, consistent, clear and responsive

The BBFC site and process is a vast improvement on the previous code - it's clearer, more considered, and there's an added appeals process. They are taking the work seriously.

However, the issues with mobile networks’ own implementation have not gone away. The BBFC's transparency, clarity and responsiveness cannot be a replacement for mobile networks' own information or process, because these networks will be customers' or website owners' first port of call when they are looking for information or trying to complain.

It is still hard to get clear information from networks about what they block and why - for instance what categories they filter - and it is still hard to get information about their own complaints procedure. For example, O2 point people at their Twitter account and forums, which to date have not been helpful. Three still link to the Mobile Broadband Group code of practice, rather than the BBFC. And Everything Everywhere used to provide a list of categories filtered by their two filtering levels, but that link no longer works.  

Families should be in a position to make informed choices about what their children can access via mobile phones. At the moment, it’s not really possible for a parent to get a clear idea about what a mobile networks’ default safety filters do and why.

It also should be possible for someone who runs a website that is blocked by a mobile network for no good reason to get that problem fixed quickly. They should be able to find out easily if their site is blocked on different networks. Again, at the moment that process is not clear enough and happens too slowly.

It shouldn't be too difficult to fix these problems - it's more a question of whether mobile networks consider it important enough to spend time and resources really addressing it.

[Read more] (2 comments)

January 08, 2014 | Ed Johnson-Williams

MEPs release draft report damning blanket Internet surveillance

Tomorrow MEPs on the European Parliament's civil liberties committee will present their draft report on the Internet surveillance of the UK and USA as well as other EU states. Its recommendations are damning and the UK Government comes in for particularly strong criticism.

It won't be officially presented to the committee until tomorrow but you can already read the draft report on the EU Parliament website. Here are the headlines.

After condemning the systematic collection of the personal data of innocent people, the report calls on EU Member States and the USA "to prohibit blanket mass surveillance activities and bulk processing of personal data."

It goes on say that "these mass surveillance activities appear also to entail illegal actions by intelligence services." The MEPs call on the UK, Germany, France, Sweden and the Netherlands to revise their legislation relating to intelligence services to ensure they comply with the European Convention on Human Rights.

They make particular mention of the UK saying that the current legal framework governing British surveillance – the Human Rights Act 1998, the Intelligence Services Act 1994 and the Regulation of Investigatory Powers Act 2000 –  "should be revised" to comply with fundamental rights obligations relating to privacy, data protection and presumption of innocence.

The report also calls on EU Member States to "take appropriate action immediately, including court action, against the breach of their sovereignty...perpetrated through the mass surveillance programmes."

The MEPs go on to call on Member States to "refrain from accepting data from third states which have been collected unlawfully and from allowing surveillance activities on their territory by third states’ governments or agencies which are unlawful under national law".

On transfers of data from Europe to the USA, the committee says that American data protection laws "do not provide adequate protection for EU citizens" and calls on the European Commission to produce a "comprehensive assessment of the US privacy framework covering commercial, law enforcement and intelligence activitie" by June 2014.

It's striking when reading the draft report just how opposite the response to Snowden's revelations has been in Brussels to that in Westminster. This inquiry puts the UK Parliament to shame.

Whereas the European Parliament has called witnesses, had a full debate and will soon hear from Snowden himself, MPs in London have debated Internet surveillance just once. In that debate and in the few committee hearings dealing with surveillance, many MPs have decided that it is more important to criticise Snowden and the Guardian for revealing the surveillance than to engage with implications of the revelations themselves.

ORG and others have long called for a full inquiry into British surveillance law and we welcome the recommendations in the committee's report. We call on the UK Government to accept the recommendations of this report and undertake a comprehensive review of the legislation governing British Internet surveillance.

[Read more]