July 07, 2008 | Becky Hogge

Growing the ORG community - and having fun doing it

Update: We've had quite literally tens of new supporters sign up to support ORG in the last week or so. Please keep telling your mates about Open Rights and why our issues deserve their support. Here's a recording from Open Tech, where Becky and Danny launched the ORG-GRO campaign.

Or if you want to download the MP3 ORG-GRO.mp3

ORG needs your help. Over the next five months, we want to do something really ambitious.

Not explain to MPs and record companies why DRM was a dead-end technology (done that). Not marshall a team of election observers to uncover e-voting bungling that could have swayed an election, and put electronic voting on the back-burner for years (tick). Not singlehandedly beat back the music industry's lobbying for copyright term extension in the UK (yawn, done it). Not even make sure Britain was safe for knitted Dr Who monsters everywhere (well, you get the idea).

No, what we want to do is *everything else* on our ever-growing list of digital rights fights. And to do that we need you. And your money.

And the money of all of your friends.

By December of this year, we intend to double the amount of financial support we receive directly from individuals who are concerned about the erosion of civil liberties in the digital age.

Why? Because we want ORG sustainable with money from individuals' donations. After all, we're here to protect individual rights for all tech users. And we think the best way to do that is through the direct advice and support of smart, well-informed individuals.

That's why, in 2005, ORG started with nothing more than 1,000 people pledging to give £5/month to fund a UK digital rights organisation.

Today, we receive the equivalent of roughly 750 of those fivers from ORG supporters (that's accounting for the fact that some folk give more than £5, while some chose to pay at our concessionary rate of £2.50/month). By 1 December 2008, we want that figure to be 1,500. But we won't be able to do that unless everybody gets involved and makes this happen. Here's how:

If you already support the Open Rights Group:

  • Get as many of your friends to join as you can. If every ORG supporter recruited just one of their friends, we'd reach our target. We're not beneath bribery, here: if you recruit three friends or more, we'll send you a glamorous ORG T-Shirt.
  • Double your support for ORG. If none of your friends care about digital rights, make an investment in their future now and they'll be sure to thank you later. If you double (or more!) your support to ORG, let us know and we’ll send you a special gift.
  • Do all of the above and do more. Get creative. Run a mini-ORG fundraising campaign on your blog. Approach strangers on the street. Knock on your neighbour's door. Sign up on behalf of your pets. If you've got an idea of how to enlist more people to the ORG community – go for it. If you need our help, get in touch.

If you're not already supporting the Open Rights Group

  • Start. Now. Then do all of the things we've just listed above.

1,500 regular supporters are enough to make ORG sustainable into the foreseeable future. We're not being greedy – we'll make every penny we receive from the Open Rights Group community count. To see what we'll spend your money on, click here.

This year and last we've received grants from organisations like JRRT Ltd and the Open Society Institute – for which we're very grateful. But ORG's heart lies with the views of its independent membership, and being funded direct by our community means we can represent your concerns 100%.

Over the coming months, we'll be announcing more initiatives and happenings that we think will help us reach that magic number.

And if we make it to 1,500 by December 2008, we'll throw a big party for everyone who helped us get there (note to self: do not spend all of new income on this party).

Databases that log where you go, what you buy and who you talk to and pass it on to state snoopers. Electronic elections that rob you of your right to vote. Constricted copyright laws that mean you can't even post your holiday snaps online. Every day, your digital rights are under threat. Supporting the Open Rights Group won't make it all go away, it won't mean we stop asking you to do stuff. It won't help you become even smarter and glamorous than you are now[1]. But joining the ORG community will ensure that in the corridors of Westminster, the warrens of Brussels, in the national and international media, and for years into the future that you know so well, and even now are helping to craft, your voice gets heard.

[1] Because that would be impossible.

[Read more] (12 comments)

Write to your MEP: say no to "3 strikes" through the backdoor

Could Europe be drafting a new law to disconnect suspected filesharers from the internet? MEPs have already signalled their condemnation of this approach. But last-minute amendments to telecommunications legislation could bring the so-called "3 strikes" approach in by the backdoor. If you want your MEP to stick to their guns on 3 strikes, write to them today to voice your concerns.

Back in February, we reported that the UK Government was considering a law to ban illicit filesharers from the 'net. A promised consultation on proposed legislation is yet to materialise (although we're still hoping it will appear before the Summer recess). Meanwhile, pressure on ISPs and rightsholders to come to a voluntary arrangement has had some effect, with both Virgin and BT recently starting to "educate" those customers they believe are infringing copyright in their use of p2p networks.

As we pointed out at the time, neither the voluntary nor the statutory approach will put a penny in artists' pockets unless accompanied by viable legal alternatives that deliver consumers what they want. A recent survey commissioned by British Music Rights [pdf] indicates that 80% of those currently downloading music would pay for so-called "legal p2p" - properly licensed and competitive filesharing alternatives. Rumours that industry is close to developing such an offer are yet to be confirmed. But without it, any enforcement move is likely only to drive illicit filesharing further underground.

Over in France, President Nicolas Sarkozy (who also took over the European presidency yesterday) has put his weight behind legislation proposed by the Olivennes report. The bill, which has been delayed until the Autumn, will mandate termination of internet connections. It goes without saying that it is the subject of much controversy across the Channel.

La Quadrature du Net - a French pressure group - have been actively campaigning on the issue. They're also tracking the progress of the Telecoms Package, a review of European telecoms law currently in the European Parliament. Ordinarily this bill would deal with network infrastructure, universal service and other purely telecoms matters.

But as La Quadrature du Net announced yesterday:

"One week before a key vote in the reform of European law on electronic communications ("Telecom Package"), La Quadrature du Net (Squaring the Net) denounces a series of amendments aimed at closing the open architecture of the Internet for more control and surveillance of users..

…this set of amendments creates the unprecedented mechanism known as graduated response in European law; judicial authority and law courts are vacated in favour of private actors and "technical measures" of surveillance and filtering. According to rules set forth by administrative authorities and rights holders, intermediaries will be forced to cooperate in monitoring and filtering their subscribers, or they will be exposed to administrative sanctions"

If you want to voice your concerns about 3 strikes legislation brought in through the backdoor in Brussels, you have until 7 July, the date of the vote in IMCO and ITRE committees, to contact your MEP and inform them that the "Telecoms Package" amendments could bring in disproportionate and ineffective law.

You can find details of your MEPs here. Suggestions for topics to raise in your letters are here and analysis and commented amendments with other resources about the Telecoms Package are also available.

[Read more] (75 comments)

July 02, 2008 | Becky Hogge

ORG verdict on London Elections: "Insufficient evidence" to declare confidence in results

ORG's report into e-counting of votes cast in the London Elections is out today. The report, which is the result of a huge team effort, finds that:

"there is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters’ intentions."

Votes for London Mayor and the 25 member London Assembly were counted electronically, and overall the election was well-managed by the independent body set up to run elections in London, London Elects.

However, transparency around the recording of valid votes was a major issue, leading many of our team of 27 official observers to conclude that they were unable to observe votes being counted. And while hundreds of screens set up by vote scanners showed almost meaningless data to observers, London Elects admit that the system was likely to be recording blank ballots as valid votes.

The report also details how London Elects are unable to publish an audit, commissioned from KPMG, of some of the software used to count the London vote, because of disputes over commercial confidentiality. The situation highlights the problems that arise when the very public function of running elections is mixed with issues of commercial confidentiality and proprietary software. In the context of a public election, it is unacceptable that these issues should preclude the publication of the KPMG audit.

London Elects will pay Indra – the company who supplied both Bedford and Breckland during last year's chaotic trials of e-counting technology in local elections – upwards of £4.5 million for delivering the London e-count. Today's report recommends a full cost benefit analysis of any future e-count, set against a properly costed manual count.

This cost-benefit analysis should include our report's five recommendations for improved transparency around the recording of valid votes in e-counting systems. The problems around transparency observed by the ORG team can be solved, but it is important to ask: at what cost? There comes a time when electoral administrators need to ask themselves whether electronic counting really delivers value for money to our democracy.

Huge thanks go out to all the observers who put in hard work and long hours to make this report possible. We are still in the shadows of the chaotic May 2007 e-count in Scotland, and the electoral timetable is likely to preclude the deployment of computers in elections for the next two years. However, in that time these deterrents may have faded and legislators may feel eager to experiment with e-counting again. This report should be top of their reading list.




[Read more] (13 comments)

June 30, 2008 | Michael Holloway

Supporter update - June 2008

The June 2008 supporter update is now available for your enjoyment. Read on...

[Read more]

June 25, 2008 | Glyn Wintle

HMRC "Datagate" verdict: further data loss "a distinct possibility"

Kieran Poynter has published his review of information security at HM Revenue and Customs. Yes, after a seven month wait, it's the official explanation of how it was possible for a junior official to lose discs containing records for 25 million individuals and 7.25 million families in the post. ORG is very pleased to see the review making sensible recommendations that should be followed not only by HMRC but by all government institutions. Information security should be seen as a priority. This report is clear in stating that in HMRC it was not.

The fact that information has value may be blindingly obvious to most of those who read our blog, but it is not so obvious to officials working in government. Poynter recommends that HMRC should hold the minimum amount of data required to perform its functions - a recommendation echoed by the Home Affairs Select Committee in their recent report A Surveillance Society?. Unfortunately, unless this Government can get over its addiction to large, centralised databases, data minimisation will be a distant dream.

The report also recommends that the transfers of digital data involving physical media should be phased out completely and computers (and in the short term, any removable media) should be encrypted. From the report it is clear that HMRC employees were unsure about who owned and was responsible for data. Insufficient security education and awareness is highlighted as an unsurprising explanation for the poor information security. And because HMRC did not understand how data moved through the organisation it was hard to effectively identify and manage its information security risks. Or, put a different way, if you do not know what you have got, where it is and who is doing what with it, it is impossible to guarantee that someone is not doing something they shouldn't be.

The data loss incident arose following a sequence of communications failures between junior HMRC officials and between them and the National Audit Office ("NAO"). The loss was entirely avoidable and the fact that it could happen points to serious institutional deficiencies at HMRC.

The two major institutional deficiencies from which many of the more detailed issues flow were:

  • Information security simply wasn't a management priority as it should have been, and
  • HMRC had an organisational design which was unnecessarily complex and crucially, did not clearly focus on management accountability

So now to an important question: will it happen again?

HMRC has significantly reduced the risk of further data loss since the incident. However, when there are so many islands of information and so many data transfers going on, and while simple guidance is not available to staff, further data loss nonetheless remains a distinct possibility and more needs to be done. Investment will be required to continue the reduction of risk to an acceptably low level, although the review process is identifying data transfer practices which can simply be stopped at no significant cost.

Not the most reassuring answer. The good news is that a low level employee has not had all the blame placed on his head. The culture inside HMRC of getting things done quickly and cheaply at the expense of information security is singled out throughout the report.

... the more junior staff involved in the incident clearly voiced their concerns about handing over the data to the NAO, but were overruled by their immediate superiors - at least in part to save the cost of producing a bespoke set of data.

The HMRC Discgate affair has not solved Government's bad habit of losing valuable and sensitive data about individuals. A rolling log of data losses can be found on our UK Privacy Debacles page.

Richard Thomas, Information Commissioner, said:

I will be taking formal enforcement action against HMRC and MOD following the serious data breaches that have occurred.

The reports that have been published today show deplorable failures at both HMRC and MOD. Whilst these breaches have been highly publicised and involve big numbers, sadly they are not isolated cases. It is deeply worrying that many other incidents have been reported, some involving even more sensitive data. It is of fundamental importance that lessons are learned from these breaches. Information security and other aspects of data protection must be taken a great deal more seriously by those in charge of organisations. No chief executive can now say that data protection doesn’t matter.

It is beyond doubt that both Departments have breached Data Protection requirements and we intend to use the powers currently available to us to serve formal Enforcement Notices on them. To comply with the terms of the Enforcement Notices we will require HMRC and the MOD to use their best endeavours to implement all the recommendations outlined in the reports. We will also be monitoring the situation closely. We will require progress reports to be published after 12, 24 and 36 months documenting in detail how the recommendations have been, or are being, implemented to improve Data Protection compliance. Failure to comply with an Enforcement Notice is a criminal offence. ‘I welcome the seriousness of the requirements and guidance for central government in the Cabinet Secretary’s Data Handling Report; this material should help chief executives across the whole of the public, private and third sectors achieve better compliance with the Data Protection Act and keep people’s personal details more secure.

A separate report by the Independent Police Complaints Commission said that "investigation found no visible management of data security at any level".

[Read more] (5 comments)

June 23, 2008 | Michael Holloway

Open Tech 2008 preview

Open Tech 2008 is an informal, low cost one-day conference on technology, society and low-carbon living, featuring Open Source ways of working and technologies that anyone can have a go at.

We don't usually flag events on this blog, instead we use Upcoming to publish events. Open Tech is exceptional because Open Rights Group was conceived at this conference in 2005. Our sessions at Open Tech 2008 will review the giant steps we've made and look forward to even greater things.

The programme is a three-streamed feast of 60 talks from the likes of mySociety, No2ID, OpenStreetMap, the Power of Information task force, ourselves and many others. Our sessions kick-start the day, beginning at 10.30am, when we'll share the stage with No2ID to present our current programme of works. The second slot at 11.30am will features Danny O'Brien telling the story of ORG and asking for your suggestions to help chart our future course. Recordings will be made available.

Open Tech logo

Besides these seminars, we're rounding up a posse of staff, directors, advisors and volunteers for a few drinks after the formal sessions close at 7.15pm. We're inviting everyone who cares about their digital rights to help us celebrate ORG and spot future issues. Here's all the details you need to be a part of Open Tech 2008:

When: Saturday 5 July 2008, 10.30am-7.15pm. Registration now open (Doors open at 10am, bar closes at 11pm) Where: ULU, Malet street, London WC1E 7HY (Zone 1, CC zone). Link to map. Cost: £5 on the door. The organisers expect to sell all tickets so pre-registry is strongly advised.

[Read more]

Term Extension "will damage Commission's reputation", top legal advisers tell Barroso

Today, the leading European centres for intellectual property research have released a joint letter to EU Commission President José Manuel Barroso, enclosing an impact assessment detailing the far-reaching and negative effects of the proposal to extend the term of copyright in sound recordings. With the confusion and disillusionment of Ireland's rejection of the Lisbon Treaty still ringing in the Commission's ears, the letter states:

"This Copyright Extension Directive, proposed by Commissioner McCreevy, is likely to damage seriously the reputation of the Commission. It is a spectacular kowtow to one single special interest group: the multinational recording industry (Universal, Sony/BMG, Warner and EMI) hiding behind the rhetoric of "aging performing artists".

"The Commission is required to conduct an impact study for each directive it proposes. We, the leading European centres for intellectual property policy research, have collectively reviewed the empirical evidence. Our findings are unanimous. The proposed Copyright Extension Directive will damage European creative endeavour and innovation beyond repair."

Read the letter and impact assessment in full. Further details are available from the Centre for Intellectual Property and Management.

[Read more] (5 comments)

June 06, 2008 | Michael Holloway

The Future of the Internet in Focus

Will consumer pressure for a safer net mean the end of open platforms and rapid innovation? And should the geeks who "get" the net care if the rest of the world prefer TiVos and iPhones?

On Wednesday of this week we co-hosted an event at the British Computer Society to discuss the problems raised by Jonathan Zittrain's new book, The Future of the Internet and How to Stop It. Professor Zittrain was joined by technology journalist Bill Thompson and our Executive Director, Becky Hogge, to discuss the threat that insecurity and "tethered appliances" pose to the generative Internet. We were also fortunate enough to have an expert and lively audience.

The recording (thanks to Felix) of this 90 minute event shows there is both plenty of middle ground and a broad range of views held within our community. We'd love to see your comments on the merits of Jonathan's arguments, particularly his point that online communities should develop self-regulatory mechanisms rather than rely on Government measures to ensure the net flourishes.

[Read more] (4 comments)