Blog


October 03, 2008 | Becky Hogge

Show Parliament the Big Picture

Big Ben being watchedI'm pleased to announce that I can now reveal the location for our live collage of the hundreds of surveillance state photos you've been taking this week for the Freedom Not Fear, Big Picture event.

On 11 October, we'll gather underneath the statue of Winston Churchill on Parliament Square in London to build an image showing where the incremental invasions of our privacy you've been documenting will eventually lead British society. We need ten or so people to help, so if you'd like to offer a hand, email info [AT] openrightsgroup.org and let us know.

On Monday, ORG and No2ID put out a call for people to take photos of stuff that embodies the database state, and the UK’s world-famous surveillance society. Since then, hundreds of photos of surveillance cameras and other database state ephemera from all over the country have been uploaded to Flickr or emailed to FreedomNotFear@no2id.net. There's still time to get snapping, so if you fancy getting involved, here are the easy-to-follow instructions:

  1. Spot something that embodies the UK's wholesale transformation into the surveillance society/database state. Subjects might include your local CCTV camera(s), or fingerprinting equipment in your child's school library
  2. Snap it
  3. Upload it to Flickr and tag it "FNFBigPicture" - please use an Attribution Creative Commons license* (alternatively, email your picture to FreedomNotFear@no2id.net)
  4. That's it!

*We need you to license it this way because we want to give the image to newspapers to run on the day.

Freedom not Fear is an international day of action for democracy, free speech, human rights and civil liberties, and events to celebrate these central tenets of a just society will be taking place all over the world.

Thanks to stephenjjohnson@flickr for the image.

[Read more] (5 comments)


October 02, 2008 | Michael Holloway

ORG-GRO: Aiming for 1,000 this month!

This post contains both good and bad news.

The good news is that the community is really helping in our mission to achieve financial sustainability and a secure future for digital rights. The chart below shows how many new supporters you have successfully recruited: a mix of blogging and friendly persuasion have contributed a lot to our growth since July of this year.

Tom, currently the top recruiter, is in line to win the Asus Eee PC (but remember, there's still plenty of time to catch up with him) and there's a good crowd who've recruited three or more new supporters so will receive a special T-shirt. Please, if you have a blog, encourage your readers to join ORG. If you know people sympathetic to the cause, convince them to sign up. And if you have spare time, read this page or get in touch for more ideas to help us recruit new supporters. If even a small proportion of our readers and supporters increase their involvement, we would smash our target.

Tom Reynolds: 14, Glyn Wintle: 12, Danny O Brien: 12, Simon Willison: 7, Richard King: 7, Sheila Ellen: 7

Onto the bad news: this week the widgetometer slipped from 968 to 960 fivers per month. The drop is largely explained by the twenty or so supporters' donations that every month fail to arrive as expected. This seems to be mainly administrative error, such as forgetting annual payments or Paypal subscriptions ending as credit cards expire, rather than a conscious decision to stop making regular donations. After a couple of reminders, the payments generally restart. We have been attracting a lot of new supporters but not, in the last week anyway, enough to balance out the regular drop. We wanted to share this with you to highlight how tough it's been to build up our supporter base. Also, we hope this will encourage you to use your networks to reach our target.

That aside, the ORG-GRO supporter drive has been a real success so far and you guys - especially the recruiters in the chart - deserve a huge thanks. This month, let's try and break through the 1,000 mark. That's only another forty supporters we need to attract by the end of October. Come on - join up!

[Read more]


September 30, 2008 | Michael Holloway

Supporter update - September 2008

Here's your regular, concentrated dose of ORG's activities for the past the month:

Click to read the September 2008 supporter update

[Read more]


September 30, 2008 | Becky Hogge

4 good reasons not to take part in the BT Webwise trial

Today, BT will start trials of Webwise, a technology which analyses your web surfing habits in order to serve you targetted ads. If you're a BT Total Broadband customer, you might be asked to consent to being part of this trial. Here are four good reasons not to.

  1. You gain nothing. BT is looking to profit from its deployment of behavioural targetted advertising technology, but you stand to gain very little. Unless the offer of "more relevant advertising" is something that holds a special promise for you, what you are getting in return for allowing BT to analyse your web surfing habits is an "anti-fraud" feature which is unlikely to give you anything more than the features already built into web browsers Internet Explorer 7 (available for free upgrade to existing Internet Explorer users) or Firefox 3 (also free) - or Opera (thanks for the tip, Glyn!).

  2. BT has already trialled Webwise on its customers - without telling you. BT are only asking for your consent now because the authorities that regulate data protection have told it it has to. BT already trialled Webwise - without asking your permission - in 2006 and 2007. That doesn't sound like a company you should trust to protect you and your family's privacy.
  3. BT are making you responsible for getting everyone who uses your computer to consent to being profiled by Webwise. The Government have told BT that in order for Webwise to conform to UK data protection laws, BT must seek the consent of everyone who uses an internet connection where Webwise is enabled. To get around this, BT have devised new terms and conditions for people who agree to trial Webwise that transfer this burden onto you.
  4. BT Webwise turns the web inside out. Competitiveness, universal access, and the transformative effects of the world wide web are all underpinned by the internet’s structure as a so-called "network of ends", and by internet service providers, like BT, adopting the role of a "mere conduit" of information. By intercepting communications between you and the websites you visit and using this information to target advertising at you, BT is compromising that role - becoming more like a television broadcaster than an internet service provider.

Concerned digital rights campaigners have fought a long and hard battle over Phorm, the technology used in BT Webwise. During this battle, it has become clear that there is no protection for UK citizens from corporations who wish to illegally intercept private communications for financial gain. Today it might look like campaigners have lost the battle against Phorm, but without their hard work, BT may not have been forced to ask your permission to take part in this trial at all - it could have simply assumed it.

If you'd like to find out more about how Phorm works, read this technical overview. If you would like to know more about the legal ramifications of Phorm, read this legal analysis. If you would like to get active, visit dephormation.org.uk and nodpi.org.

Previous posts on Phorm:

[Read more] (13 comments)


September 29, 2008 | Becky Hogge

Capturing the database state: community photocall

Collage of imagesHappy-snappers unite! We need as many people as possible to take photos of stuff that embodies the database state, and the UK's world-famous surveillance society (wake up! You've just walked into it).

On 11 October, No2ID and the Open Rights Group will make a live collage of the images you've taken in a prominent location in London (to be confirmed), to celebrate Freedom Not Fear Day 2008.

Freedom not Fear is an international day of action for democracy, free speech, human rights and civil liberties, and events to celebrate these central tenets of a just society will be taking place all over the world.

Here's how you can help:

  1. Spot something that embodies the UK's wholesale transformation into the surveillance society/database state. Subjects might include your local CCTV camera(s), or fingerprinting equipment in your child's school library
  2. Snap it
  3. Upload it to Flickr and tag it "FNFBigPicture" - please use an Attribution Creative Commons license*
  4. That's it!

*We need you to license it this way because we want to give the image to newspapers to run on the day.

Watch this space for more news on the 11 October event, including how to come and help build the collage.

Click here and here for photo credits.

Freedom Not Fear Web Banner

[Read more] (21 comments)


September 24, 2008 | Becky Hogge

Home Office extend deadline for ORG FOI request on Intercept Modernisation

Back in August, we submitted a Freedom of Information request to the Home Office, asking them to shed light on the Intercept Modernisation Programme (IMP). Over the Summer, a number of news reports had claimed that as part of this programme a new national database would be created containing the electronic communications data of the entire population. You can read more about the IMP here.

The Home Office have now got in touch to say they are extending the 20 working day response period (which ended today) in order to consider whether our request meets the public interest test. They write:

We are considering your information request. Although the Freedom of Information Act carries a presumption in favour of disclosure, it provides exemptions which may be used to refuse to confirm whether or not we hold information, or where we do, to withhold that information in specified circumstances. Some of these exemptions are subject to a public interest test. These exemptions are known as qualified exemptions. The public interest test is used to balance the public interest in openness against the public interest in favour of applying exemptions. Section 10(3) of the Act allows us to exceed the 20 working day response target where reasonably necessary to consider the public interest test fully. This is subject to us telling applicants when we expect to conclude our deliberations and provide a full response.

We are currently assessing the public interest in saying whether or not we hold the information you have requested, and should we do so, in providing the information you have requested. We are doing so under the exemptions contained in Sections 23(5) and 24(2) (national security), 35(3) (formulation of government policy, 31(3) (prevention and detection of crime) and 43(3) (prejudice to commercial interests) of the Freedom of Information Act. This letter should not be taken as conclusive evidence that the information you have requested exists or does not exist.

[Read more] (5 comments)


September 20, 2008 | Becky Hogge

To do this weekend: ask your MEPs to vote for Telecom package amendments 133 and 138

Update (24/09/08): The votes are in. The bad news is that amendment 133 was rejected (watch this space for a link to a list of the MEPs who rejected it). But the good news is that amendment 138 was passed, with a last minute oral amendment. The European Parliament voted to adopt it in this form:

"applying the principle that no restriction may be imposed on the rights and freedoms of end-users, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, without a prior ruling by the judicial authorities, save when public security is threatened"

According to IP Integrity, this amendment to the Directive means that ISPs ability to impose restrictions on users' access to content will be limited.


Update (22/09/08): Since the vote isn't until Wednesday 24 September, there's still time to write to your MEPs and ask them to support these amendments. So what are you waiting for?


Next Wednesday, MEPs will vote on the Telecoms package. Two amendments have been tabled which in particular will ensure the new telecoms regulations protect European citizens from unreasonable surveillance and censure. If you have half an hour this weekend, why not write to to your MEPs and ask them to support these amendments?

Amendment 133 is an anti-filtering amendment, and will add the following text to the Directive:

"Member States shall ensure that no technology may be mandated by competent authorities which would facilitate surveillance of internet users, such as technologies that mirror or monitor the user´s actions and/or interfere with operations of the user's network activity for the benefit of a third party (known as "filtering")."

Amendment 138 ensures that sanctions cannot be imposed on end-users without judicial oversight. It will add the following text to the Directive:

"applying the principle that no restriction may be imposed on the rights and freedoms of end-users, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, without a prior ruling by the judicial authorities, except where dictated by force majeure or by the requirements of preserving network integrity and security, and subject to national provisions of criminal law imposed for reasons of public policy, public security or public morality."

La Quadrature du Net are maintaining a voting list, which gives MEPs interested in protecting the rights of European citizens advice on how to vote on all the amendments tabled to the Telecoms package. As the list demonstrates, many amendments have been tabled that reflect the criticisms of the Telecoms package made by the European Data Protection Supervisor last week.

[Read more] (15 comments)


September 19, 2008 | Becky Hogge

What BERR want from Phorm - and what we think they're missing

Phorm, the targeted behavioural advertising technology company, has been back in the headlines this week. The Department for Business, Enterprise and Regulatory Reform (BERR) have finally responded to the European Commission's demand for an explanation of how Phorm's technology conforms with EU data protection and privacy laws. Information Society Commissioner Viviane Reding had asked the UK Government to respond to her enquiries by the end of August.

The Register has published BERR's public statement in full. In it, BERR lay out the conditions they think Phorm needs to conform to in order for it to operate within the law:

After conducting its enquiries with Phorm the UK authorities consider that Phorm's products are capable of being operated in this fashion on the following basis:

  • The user profiling occurs with the knowledge and agreement of the customer.
  • The profile is based on a unique ID allocated at random which means that there is no need to know the identity of the individual users.
  • Phorm does not keep a record of the actual sites visited.
  • Search terms used by the user and the advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user.
  • Phorm does not have nor want information which would enable it to link a user ID and profile to a living individual.
  • Users will be presented with an unavoidable statement about the product and asked to exercise a choice about whether to be involved.
  • Users will be able to easily access information on how to change their mind at any point and are free to opt in or out of the scheme

.

The conditions either misunderstand or ignore a crucial stakeholder in the web-browsing process - website owners. As Nicholas Bohm (General Counsel to the Foundation for Information Policy Research and ORG Advisory Council member) made clear in his legal analysis [pdf], unless the ISPs employing Phorm's technology to intercept the communications between their customers and the owners of the websites their customers are visiting have the explicit consent of both parties , they are likely to be committing an offence under the Regulation of Investigatory Powers Act (RIPA), the legislation that governs interception of communications in the UK. As Mr Bohm states:

"The inevitable conclusion is that an ISP who operates the Phorm system will commit offences under RIPA s1 on a large scale. Phorm is inciting the commission of those offences, which is itself an offence at common law (and will be an offence under section 44 of the Serious Crime Act 2007 when it is brought into force to replace the common law offence)."

What's more, although Phorm may not have "information which would enable it to link a user ID and profile to a living individual", website owners might. Bohm again:

"If parts of the visited site use the HTTPS protocol for secure browsing, the cookie containing the Phorm UID will be sent to the site, where the UID can be read; and if a webmaster wishes to do so, he can read the UID in any case using Javascript. The result is that any site which holds any personally identifying information about a user, and many do, can associate that information with the Phorm UID and indeed also with the user's IP address visible to the site. In view of this, Phorm's claims for the anonymity of its processes are, to put it no higher, a considerable exaggeration."

Are the UK authorities under the misguided impression that ISPs provide the internet, the way that broadcasters provide television? Or do they understand that communications between internet users and website owners during web browsing are as legally private as communications between me and my grandmother when I write her a letter and post it using Royal Mail?

BERR have declined to publish the full text of the letter to Viviane Reding, which is also expected to contain an explanation of any action UK authorities propose to take over BT's trials of the Phorm technology in 2006 and 2007, trials which did not seek the consent of users. These trials are the subject of an ongoing investigation by City of London police.

A variety of Freedom of Information requests have now been made to BERR which ask them to reveal details of meetings with BT, Phorm and other ISPs, and disclose the full text of the letter to the Commission.

Previous posts on Phorm:

[Read more] (3 comments)