July 31, 2008 | Michael Holloway

Supporter update - July 2008

Here's a link to this month's supporter update, which is a bumper edition with news of our blooming supporter drive and an extremely busy campaigning month for ORG. Please read and give us some feedback on how we're doing .

Link to July 2008 supporter update.

[Read more]

July 29, 2008 | Becky Hogge

Next election for Mayor of London to be counted manually?

Will the 2012 election for Mayor of London be counted manually? Yes, at least, that’s the assumption the UK’s elections watchdog would like City Hall to make. The Electoral Commission’s report into the London Elections [pdf] has called for the Greater London Returning Officer to carry out a cost benefit analysis of options for counting ballot papers at the 2012 elections "as a matter of urgency" (mirroring the key recommendation from ORG’s recent report), and to start from the assumption that the vote will be counted manually.

The statutory report, published earlier this month, vindicates many more of the observations made by Open Rights Group volunteers in our 2008 London Elections report. The Electoral Commission are "extremely concerned" that they have not been given full access to audits of the e-counting system commissioned from KPMG before the election, demanding that any future technical audit include a requirement for full publication. They write:

"We recognise that commercial suppliers... may wish to protect their commercial interests. However, such wishes should never take priority over the interests of electors"

The Commission also raise the same concerns as ORG over the ballot box verification process, and the discrepancies observed between figures for ballot papers issued at the polling station, and ballot papers scanned in the count centre. They recommend that any future e-count allow count centre staff to record reasons for such discrepancies, and provide "verification statements" to candidates, party agents and observers. They concur with our analysis that the system could have been recording blank ballots as valid votes. And they also touch on the fact, detailed in the ORG report, that nearly 1,000 votes for London Mayor from the Merton and Wandsworth constituency never made it into the final result because of a transmission error.

Central to the ORG report were concerns around transparency, and the Electoral Commission report emphasises loss of transparency as one of the "hidden costs" of electronic counting. They point out that observers at electronic counts need to increase their technical knowledge in order to understand what is going on, because:

"Candidates, agents and observers act as a crucial check on the accuracy and integrity of the count process, both for their own benefit and for the wider benefit of the vast majority of electors who are not able to physically attend the count."

Last year, the Electoral Commission recommended that no further pilots of e-voting or e-counting take place until the Government have released "a robust, publicly available strategy that has been the subject of extensive consultation". In this month’s report, they reinforce this recommendation, demanding in addition a full cost benefit analysis for the use of electronic counting.

Will the Ministry of Justice listen? Despite expectations that a strategy document on e-voting and e-counting could be available before the Summer recess, no such document has emerged. And it seems their idea of extensive consultation is one question hidden in a pretty unrelated consultation (on remote electronic voting – a completely barmy idea that even the USA won’t touch with a barge pole). We can only hope that the Government listen to this latest Electoral Commission report – and to the growing consensus that "modernising" elections doesn’t have to mean expensive computer systems that hide the workings of our most important democratic ritual in a black box away from public scrutiny.

[Read more] (2 comments)

July 28, 2008 | Michael Holloway

ORG Growth - 825 fivers and counting!

Mo' money As you'll have noticed if you've been tracking the ORG fundometer, since launching the ORG-GRO supporter drive three short weeks ago, we've scored a phenomenal 10% growth, as well as a pile of one-off cash donations. This means we're on track to double the number of monthly fivers we receive to support our work during 2008. Thanks to everyone so far who's put their hands in their pockets for ORG. And if you're yet to pledge your monthly fiver, please do so now.

Some of these fantastic early results are due to volunteer efforts, such as Danny O'Brien (pictured)'s pledge to blog every day for a month if five people sign up to ORG (he's also pledged to resuscitate NTK - - if ten more of his readers agree to give ORG a tenner a month) and the posse of ORGsters (Glyn, Sheila and Richard) who spread the good word at LUG Radio Live. Just as pleasing is the fact that the extra work we're putting into our financial stability has not limited our campaigning.

We're also excited to announce that the volunteer who attracts the most new supporters will win an Eec PC, donated by the kind people at Asus. If you convince someone to join ORG, be sure that they note your supporter ID on their sign-up form. We'll keep a league table of supporters for the next few months and announce a winner on ORG Day (19 November) 2008. For more details, see the ORG-GRO page. Also, don't forgot that there's a mystery gift (ooh!) for new supporters who sign up to donate ten pounds a month, and also for existing supporters who increase their donation level to ten pounds a month.

Thanks to Bowbrick for the image.

[Read more]

July 24, 2008 | Becky Hogge

Government to consult on legislation to curb illicit filesharing as industry agrees voluntary scheme

Only 3 months late, the Government has finally released a consultation into potential legislation aimed at curbing illicit filesharing on the net. Several of the legislative options on the table are worrying, and mirror schemes being discussed in various national and international fora. They include streamlining the legal process to require ISPs to provide personal data relating to an IP address, handing responsibility for taking action against illicit filesharers to a third party body, or requiring ISPs to take action against users themselves or to install filtering equipment to block infringing content.

At the same time, the Department for Business, Enterprise and Regulatory Reform (BERR) have also announced a “landmark industry agreement” to address unlawful filesharing, signed by the UK’s six major ISPs - Virgin Media, Sky, Carphone Warehouse, BT, Orange and Tiscali - as well as the British Phonographic Industry and the Motion Picture Association.

This “Memorandum of Understanding” (MoU), negotiated behind-the-scenes with strong influence from the Government, is appended to the consultation (Annex D). Its stated objective is to achieve a significant reduction in illicit filesharing and a change in popular attitudes towards copyright infringement, within 2 to 3 years.

Signatories endorse five principles in the MoU:

  1. That a joint industry solution is the best way forward


  • That they will work together to educate consumers about why illicit filesharing is wrong



  • That making content available in a wide range of user-friendly formats is important



  • That they will engage in a 3 month trial to send letters to 1,000 subscribers per week suspected of downloading or uploading unlicensed, copyrighted material



  • That they will work with OfCom to identify effective measures to deal with repeat offenders


A BERR press release out this morning describes how the MoU and legislation arising from the consultation will work together:


“The approach will pilot letters to be sent to the registered user of an internet account when their account has been identified as having been used to unlawfully share copyrighted material. The letters could point consumers to other sources of material available legally and in a variety of formats.

“ISPs and rights holders will produce a Code of Practice together on how they will deal with alleged repeat infringers. Government will consult to give this Code legislative underpinning.

“Ofcom will facilitate discussion between the parties and approve the final Code of Practice. Ofcom will also ensure that the self-regulatory mechanism is effective, proportionate and fair to consumers.”

For dealing with repeat infringers, the MoU mentions “technical measures such as traffic management or filtering, and marking of content to facilitate its identification”. Although there is no mention of disconnecting users, such a course of action is not ruled out. More worryingly, negotiations around the code of practice to deal with repeat infringers will not involve direct consumer participation, relying instead on Ofcom to ensure consumers get a fair deal.

As the Open Rights Group has set out exhaustively on this site and in the media (also see our appearance on Channel 4 News below), disconnection is not a good option – either for internet users or for the artists whose livelihoods are harmed by illicit filesharing. Not only is the punishment disproportionate to the crime, in most households, an internet connection is shared by a number of people. What’s more, as soon as law enforcers start snooping for IP addresses to pass on to ISPs for disconnection, hardcore filesharers will simply start using encryption and IP-masking to obfuscate their identities. Then they’ll develop software that makes it easy for non-technical people to do the same. Driving illicit filesharers further underground isn’t going to earn artists a penny, and will further irritate their fans.

Instead, offering consumers legal, attractive and competitive alternatives to illicit filesharing is the vital component in any programme to curb illicit filesharing. The MoU mentions that such alternatives might include subscription, on demand or sharing services. But unlike with the proposed enforcement measures, no timetable for providing legal alternatives is mandated. In this way, today’s announcement has its priorities wrong – preferring criminalising consumers over catering to them.

ORG will be responding in detail to BERR’s 60+ page consultation on a legislative approach over the coming weeks. The consultation will be up on our interactive consultation tool soon – and you’ll be able to help us respond by leaving your views. The consultation closes on 30 October 2008.

[Read more] (25 comments)

Copyright extension: what you can do.

In a letter to the Times todayEurope's leading professionals in the field of intellectual property have explained why the proposal for copyright term extension would harm Europe's creators and consumers:

The simple truth is that copyright extension benefits most those who already hold rights. It benefits incumbent holders of major back-catalogues, be they record companies, ageing rock stars or, increasingly, artists’ estates. It does nothing for innovation and creativity. The proposed Term Extension Directive undermines the credibility of the copyright system. It will further alienate a younger generation that, justifiably, fails to see a principled basis.

Many of us sympathise with the financial difficulties that aspiring performers face. However, measures to benefit performers would look rather different. They would target unreasonably exploitative contracts during the existing term, and evaluate remuneration during the performer’s lifetime, not 95 years. Following on from last week's EU Commission announcement, they haven't been alone in voicing their concern. Fortunately, the battle isn't lost. You can help campaign for a rational copyright policy in three ways.

How you can help 1:

The UK Intellectual Property Office, the government body charged with ensuring balance and fairness in intellectual property, has asked the public and all those with an interest to make sure their voices are heard, and contact the UK-IPO by the end of August. Remember, always be polite and considerate when explaining why term extension concerns you. You can find out which government body in your country is responsible for intellectual property policy here.

How you can help 2:

We've loaded in the full texts of the proposal and the relevant impact assessment. Help us challenge the arguments and point out evidence that disproves their claims. You can leave your comments using our collaborative annotation tool.

How you can help 3:

We need more people to show their support. More than 12,500 people have signed our petition, so tell your friends and help us spread the word across Europe so that you can be heard in Brussels:

"Grammophone" gratefully licensed from Nils Pickert.

[Read more] (4 comments)

July 18, 2008 | Jason Kitcat

London Assembly Elections Review Committee - who would want to steal an election?

Yesterday the Greater London Authority's Elections Review Committee met to discuss the conduct of the May 2008 London elections. The ORG 2008 Elections Report played an important role in their agenda and it was great to see it attached to the papers sent to all members.

First up were representatives from Indra (the e-counting supplier) and election officials from London Elects, Greater London's Returning Officer and two Constituency Returning Officers. A number of good, challenging questions based on ORG's findings were directed at those present, but the responses were often less than satisfactory, resorting to assurances (because proof of the election's validity couldn't be provided). Members of the committee, being London Assembly members, were in the strange position of having to question whether their own election was valid. So their was little incentive to push hard for answers, with the exception of Andrew Boff (Con) who as a former systems analyst understood the severity of the problems and risks involved in e-counted elections.

Mr Mayer, Greater London's Returning Officer for the election, at one point suggested that the way to deal with the burden of staffing for such elections was for more e-counting and e-voting and he seemed to regret that there wouldn't be e-voting for the 2009 European Elections. Thankfully he also admitted that the Electoral Commission had made clear they didn't support such moves and indeed would have opposed e-counting in the 2008 London elections if London Elects hadn't already been so far down the line in their preparations.

On asking Indra whether the error messages ORG had observed risked the integrity of the election, Indra responded that these were isolated 'glitches' but that they had absolute confidence in the declared results, a view supported by Mr Mayer. Andrew Boff was prevented by the chair, Brian Coleman (Con), from pursuing this weak response further.

Imagine a caterer was contracted to provide 9 million hot meals and of these some went wrong. Imagine that a few thousand people got sick from eating these meals, a few hundred seriously so. Would explaining these as 'kitchen glitches' be satisfactory? Or would we want to understand if the procedures for ordering, checking and handling ingredients had been satisfactory? Would we check for the qualifications and training of cooks, perhaps also looking at the audit trail for the ordering of the goods?

No such scrutiny was levelled at Indra nor London Elections. Indeed the committee seemed uncomfortable challenging the results, but happier expressing displeasure over delays or other administrative matters which, while of importance, hadn't risked the accuracy of the result. Furthermore several attempts were made to imply ORG's report was the work of well intentioned amateurs, perhaps not worth taking seriously.

On ORG's behalf I then came before the committee to discuss our findings. I began by explaining my ten years of experience in the field and why I was qualified to discuss this election. Some committee members visibly raised eyebrows on hearing my brief resume. Perhaps they assumed I was a geek without knowledge of elections.

However on trying to address some of the weak or ridiculous responses from the previous participants (Indra in particular) the Committee balked at my comments. Again with the exception of Mr Boff they were incredulous of our findings, in particular challenging our maths over the maximum number of possibly unaccounted-for ballots.

The Chair claimed electoral fraud wasn't an issue in the UK, to which I responded that candidates from all three major political parties have been convicted of electoral fraud in the last 10 years. Still Mr Coleman refused to accept that there were people with sufficient interest and capability to commit electoral fraud in the London elections. My presence was soon no longer desired and the meeting swiftly ended.

Fundamentally the problem for the committee members, Indra and London Elects was they wanted to believe the election was correct. They couldn't prove it was though and neither could we. Instead of asking for decent evidence of a proper election (such as audit trails, manual sample recounts and so on) they chose to focus on whether ORG could prove our concerns. I don't believe it is for ORG to do that. Our report raised reasonable doubt over the integrity of the election due to issues with the software, ballot box security, ballot paper counts and more. It is for London Elections and their contractors to now prove to a reasonable level of assurance that those issues didn't affect the result of the election. As I tried to say yesterday, if they are so confident in the result, why not do a manual recount of samples at least? What are they scared of finding?

You can watch the whole session here (Windows Media only I'm afraid).

Read more about the Committee and download the agenda papers for the meeting here.

You can read ORG's report of the 2008 London elections here.

[Read more] (3 comments)

EU Commission proposes copyright term extension and ignores all the evidence

Disregarding the evidence-based findings of their own advisors, the UK government's independent analysis, and those of Europe's leading intellectual property research centres, the EU Commission has formally accepted DG Internal Market's proposal to extend the duration of copyright protection for sound recordings.

Copyright term is a quid pro quo, designed to balance the interests of consumers and creators. Confusing this with contractual issues and pension schemes while ignoring the evidence gives Europeans a raw deal. Europe's citizens are entitled to more than a privatised cultural heritage. Recent evidence such as DG Internal Market's own review of the Database Directive 2005, has confirmed that granting further intellectual property rights without a proper basis delivers no real benefit to the competitiveness of the EU.

While granting unending intellectual property rights may sound good, a fair and balanced approach means that legislators must avoid dismissing economic rationale and the traps of faith based policy and voodoo economics that simply grant IP rightsholders requests for more. Adhering to the same standards that environmental and pharmaceutical regulation are held to is essential, because the significant losers will not simply be consumers, but also voters.

Following its adoption the proposal will proceed to the Council of Ministers and to the European Parliament. Please show your support and sign our petition as we continue to oppose term extension.

[Read more] (12 comments)

July 11, 2008 | Glyn Wintle

Data Sharing Review

The Data Sharing Review, commissioned by the Prime Minister last October to look at the use and sharing of personal information in the public and private sectors, published its final report today. The report argues that data sharing is shrouded in confusion and spotlights deficiencies in the organisational culture of those who collect, manage and share personal information. Its authors call for personal data to be handled, like any valuable asset, with respect.

We attended workshops with the reports authors and drafted a submission emphasising the risks rather than the benefits associate with data sharing. In the conclusion to our submission, we said, "If customers were to participate fully in the design and decision-making of the public services intended to benefit them it seems to us very unlikely they would come up with the centralised databases and data sharing approach of Transformational Government."

The report is 80 pages long (ignoring the annexes, all 112 pages of them) so if you don't have time to read it all, here are some points of interest.

The report neglects to make specific recommendations on any of the current or future large government databases. This is deeply regrettable as a missed opportunity to encourage respect for personal data and greater trust in the public and private bodies who store our data. Even if all the recommendations are followed, the impact of this report will be minor: a toothless regulator will gain some powers, medical research will become easier, and sale of the edited electoral register will be prohibited.

Based on the evidence we have collected and analysed, we believe change is necessary to transform the culture that influences how personal information is viewed and handled; to clarify and simplify the legal framework governing data sharing; to enhance the effectiveness of the regulatory body that polices data sharing; to assist important work in the field of research and statistical analysis; and to help safeguard and protect personal information held in publicly available sources.

Data Sharing Review Report Page 7

No recommendations about any of the massive government databases

During the course of our review, many people made comment about specific Government initiatives involving the wider use of personal information, including proposals for a national identity card and the related national identity register, and about ContactPoint. Our task however was not to look at specific projects but to review the general principles governing the use and sharing of personal information. For this reason, we make no recommendations about individual data-sharing schemes.

Data Sharing Review Report Page 14

That the review ignores projects like the National Identity Register, ContactPoint, NHS Spine, which are planned to collate personal data on the entire population and represent a major concerns for many of those who responded to the consultation, is shameful. Our response to the Data Sharing Review noted that: "Large databases which need to grant access to many hundreds of users will inevitably fail along one of three axes - scale, functionality or security."

Enhancing the effectiveness of the the regulator

A strong regulator is also needed to facilitate these cultural improvements. It is essential that the regulator has sufficiently robust powers and sanctions available to it; and that it is resourced adequately. We welcome recent changes in the law to provide the Information Commissioner with a power to impose financial penalties for wilful and reckless breach of the data protection principles and call on the Government to implement these changes quickly. We also believe that stronger inspection and audit powers are required and that new funding arrangements to enable effective enforcement are long overdue. We also recommend an important change in the nature of the office of the Information Commissioner in order to improve the provision of guidance and the regulatory oversight of the handling and sharing of personal information. We recommend that a Commission with a supporting executive team replace the single Information Commissioner.

Data Sharing Review Report Page 3

The Information Commissioner's Office (ICO) is widely seen as "a toothless tiger", because it lacks resources and enforcement powers, amongst other reasons. The Data Protection Act should include stronger penalties and sanctions, and the ICO should be given increased powers and resources to more effectively carry out his duties.

Recommendation 9: The regulations under section 55A of the Data Protection Act setting out the maximum level of penalties should mirror the existing sanctions available to the Financial Services Authority, setting high, but proportionate, maxima related to turnover.

Data Sharing Review Report

One reason why the Data Protection Act is not taken seriously in businesses, at Board level, is its lack of sanctions. Section 55A of the Data Protection Act provides a new fine for data controllers who recklessly or repeatedly allow significant data breaches. This new power was created during the course of the review and this recommendation hopes to increase the maximum fine.

To date prosecutions brought under the any part of section 55 have generally resulted in low penalties. Between November 2002 and January 2006, only two out of 22 cases ended with fines above £5,000. Other investigations led to frustrating outcomes, despite the harm caused to individuals and public confidence more generally. Since 2006 there have been two further successful prosecutions and a further individual cautioned, resulting in fines ranging between £3,300 and £4,200. This is pocket change to many businesses and does not present a significant deterrent, so we welcome the recommendation to increase maximum fines.

Recommendation 10: We also call on the Government to bring these provisions fully into force within six months of Royal Assent of the Criminal Justice & Immigration Act, that is, by 8 November 2008.

Data Sharing Review Report

This is a welcome call on Government to hurry up. We also cover this in more detail later under the heading Time table please.

Recommendation 12: We recommend that the Information Commissioner should have a statutory power to gain entry to relevant premises to carry out an inspection, with a corresponding duty on the organisation to co-operate and supply any necessary information. Where entry or co-operation is refused, the Commissioner should be required to seek a court order.

Data Sharing Review Report

There is wide support for the Information Commissioner to be given powers to carry out audits and inspections unannounced. The simple threat of a court order should be enough in most cases to allow voluntary access. That an individual or organisation has the right to review via court of law provides an important safeguard against bureaucratic abuse. The wording of law will require carefully review, but the concept is good.

Recommendation 13: We therefore recommend that changes are made to the notification fee through the introduction of a multi-tiered system to ensure that the regulator receives a significantly higher level of funding to carry out his statutory data-protection duties.

Data Sharing Review Report

The ICO lack the resources to promote, let alone enforce, proper information management practices. Greater funding may to make the ICO slightly more effective. The review seeks to secure increased funding by levying a higher annual charge on the small percentage of organisations that hold data on millions of people. The figure for most data controllers will remain at £35.00 per year. In reality this will at most double their budget, and so business's will still know the odds of being caught are extremely low.

Recommendation 8(a): Where there is a genuine case for removing or modifying an existing legal barrier to data sharing, a new statutory fast-track procedure should be created. Primary legislation should provide the Secretary of State, in precisely defined circumstances, with a power by Order, subject to the affirmative resolution procedure in both Houses, to remove or modify any legal barrier to data sharing by:

  • repealing or amending other primary legislation;
  • changing any other rule of law (for example, the application of the common law of confidentiality to defined circumstances); or
  • creating a new power to share information where that power is currently absent.

Recommendation 8(b): Before the Secretary of State lays any draft Order before each House of Parliament, it should be necessary to obtain an opinion from the Information Commissioner as to the compatibility of the proposed sharing arrangement with data protection requirements.

Data Sharing Review Report

This is a bad recommendation. It weakens safety checks and removes powers from parliament, in exchange for giving the Information Commissioner the power to state an opinion. This opinion in practice can be ignored if the minister wants to.

Developing a culture of respect for personnel data

Recommendations 1 to 5 are rather woolly and will have little concrete effect. They recommend training for staff handling personnel data, knowing what personnel data you hold, what you do with it and what the controls are, etc. Recommendation 5 is the closest to a nod in the right direction, but even here its worth pointing out that most organisations do not need to authenticate you, many interactions can be done anonymously.

Research and statistical analysis

Recommendations 15, 16 and 17 cover research and statistical analyses of personal data, for example, wherever possible, such data should be anonymised. The review team evidently received complaints from researchers because the report tries to make life easier for medical researchers. We note that legal barriers to information sharing are generally in place for good reasons, for example preventing incidents like HMRC losing vast amount of data. The second data protection principle states "Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes." Data Protection Act 1998

Enquiry into online aggregation of personal information

Recommendation 18: We recommend that the government should commission a specific enquiry into online services that aggregate personal information, considering their scope, their implications and their regulation.

Data Sharing Review Report

This is an enquiry that ORG will keep an eye on. It mentions social networking sites but we cannot comment further without more detail.

Time table please

We strongly commend these recommendations to the Government and we look forward to a timely response. In particular we would like the Government, as part of its response, to set out a clear timetable for implementation and to report on progress in eighteen months time.

Data Sharing Review Report Page 10

P.S. It would be nice if the Government, as part of its response to this review, established a clear timetable for implementation so we do not end up one year from now asking "where are our reforms?"

[Read more] (1 comments)

: 3 Ways to Improve Democratic Participation in Scotland-->
  • May 31: ORG Aberdeen: Cryptonoise May 2018
  • ORG Glasgow: A discussion of the General Data Protection Regulation (GDPR)
  • ORG Aberdeen: March Cryptonoise event
  • ORG North East: Take control of your online life