Tag Archives: privacy - Page 2

Oh Shit! You mean spying on everyone is illegal?

Better change that then! In April, the Court of Justice of the EU, ruled that its 2004 Data Retention Directive mandating Information System Services Providers to store all their records for 12 months was declared incompatible with the EU’s Fundamental Charter of [Citizen’s] Rights. It and all the national laws implementing the Directive need to be reviewed to see if they remain legal. Last week, the Government announced that it planned to introduce new laws to plug the gap. This is to be called the Data Retention and Investigatory Powers Bill/Act. (DRIP) which they plan to pass in less than ½ a week using emergency provisions and the agreement of the Labour front bench.  … » Read more …

Spying and Network Effects

At Don’t Spy on Us’ Day of Action, I attended the seminar/panel “Changing the Law to uphold our privacy”. Amongst the speakers were Ross Anderson, Claude Moraes and Mark Stephens. Ross Anderson works at the University of Cambridge, where he is Professor of Security Engineering. He blogs at “Light Blue Touchpaper”. To me the most memorable contribution, was from Anderson, where he shared his views developed while researching and writing his paper, “Privacy versus government surveillance: where network effects meet public choice”.   … » Read more …

What do London’s MEP candidates think about digital?


Yesterday the Open Rights Group held its final European Parliament hustings at Shoreditch Village Hall in Hoxton, London. It’s been a while since I visited and it’s certainly cleaned up well. It was great to be there. On the way in, I met Claude Moraes, Labour’s spokesman who told me that the Tories non-attendance was deliberate policy. I don’t know if it’s shame at their behaviour on the lobbying around the data protection directive or fear of a digitally educated audience. The meeting was moderated by Glyn Moody, who led the meeting through the issues of privacy, surveillance, whistle blowing, net neutrality, lobbying and copyright reform. The Tories absence meant that representatives from Labour, the LibDems, both represented by incumbents Claude Moraes and Sarah Ludford,the Greens (Danny Bates) and UKIP (Paul Oakley) who were not, were present.  … » Read more …

Both sides of the jurisdictional fence


In an discussion thread in a BCS group on linkedin, I commented on the bind that US companies have in attempting to meet European Privacy Laws and the US requirement to co-operate with their law enforcement authorities. Some raised the issue of extra-territoriality as based on the location of the storage medium, I said,

The US jurisdictional claim is over the ownership of the storage media not its location. The EU’s jurisdictional claim is over ownership of the data. The current state of law means that it is not possible for US companies to obey the European duty of privacy and the US duties of disclosure.

I should add that the US legal system has some difficulty in accepting privacy as an inalienable right as well as accepting that it is universal; they believe the rights to privacy from government intrusion only belongs to its citizens. This is the inexorable logic of the republic.  … » Read more …

Privacy is a Human Right, get over it!

The European Parliament, last Wednesday voted on a resolution coming from its Civil Liberties committee which determines the European Parliament’s response to the NSA’s democratic over reach. As Glyn Moody points out in his Techdirt article, in order to become binding, it will need to be agreed by the Council of Ministers where their votes are directed by the Governments of the EU member states.  … » Read more …

Privacy and Big Data

I read Privacy and Big Data by Craig and Ludloff towards the end of 2013. The first chapter is called “The Perfect Storm”. The book lists a number of consumer and corporate computing trends, from Google’s search solution and their clustered file systems, the consumer adoption of cloud storage and the realisation of parallel computing models. There is no question that data is growing at an explosive rate and that new computational models are being developed to use these new volumes of data in timescales appropriate to the human. These new models are of interest to both the new internet companies and to Governments yet because of both social media and the distributed nature of modern computing raise questions of privacy.  … » Read more …

Is piracy really the most important issue facing the creative industries

Today, Parliament released the “Culture” select committee’s report “Supporting the Creative Industries”. The headline pursued by most media outlets is that Google’s efforts to limit copyright infringement by its ‘users’ is, to quote the committee chairman, John Whittingdale, “derisory”.  This is reported by Computing, which extends Whittingdale’s quotes which demand further action from Google which is erroneously singled out as the single largest source of piracy and thus the single largest source of damage to Britain’s creative industries. Peter Bradwell of the ORG, and Paul Bernal of UEA cover the report and its impact, in Peter’s case on the ORG Blog, in an article called, Culture Committee copyright report one-sided and simplistic and in Paul’s case on his blog in an article called, Supporting the creative economy?. The ORG verbal evidence to the committee is available as a video here…, on Parliament TV. Enjoy the show and Peter’s persistant return to statistics and facts  … » Read more …

Privacy Liberty and security: How will Labour tackle terror?


This was chaired by Jamie Bartlett of Demos, with David Blunkett and Helen Goodman with Nick Pickles of Big Brotherwatch. Jamie Bartlett, who has an interesting publication record at Demos may have been the perfect chair for the meeting.

He opened by looking at Labour’s mixed record, on the positive side introducing the Human Rights Act and on the less positive side, introducing RIPA and extending detention. RIPA is not well understood; but it defines the powers and duties in the issue of search warrants as a result most police searches are now self-authorised. He made the point that once in existence, databases suffer from scope creep and that to some extent the Communications Data Bill is an attempt to legalise actions already taken.  … » Read more …


Earlier this week, the Guardian in conjunction with its partner publishers, New York Times and ProPublica ran an article, Revealed: how US and UK spy agencies defeat internet privacy and security. As we’ll see, the title is a bit misleading, but the agencies certainly gave it their best shot. This story builds on the initial Snowden leaks that the NSA has been using computer technology to spy on everyone using the internet in the USA. The story rapidly came to the UK where it became clear that Britain’s GCHQ was tapping the UK/USA telecom links, sharing intelligence with the USA and providing the NSA with a slightly more legal way of spying on US citizens. There is little doubt that the US & UK’s intelligence agencies have outsourced their own domestic spying which is legally restricted to each other.  … » Read more …


The next session, called “Naked Citizens! The Data Protection Regulation and why you should care about it”.

The speakers were Anna Fielder from Privacy International, David Smith, the Deputy Information Commissioner and Kasey Chappele, a Lawyer from Vodafone. Fortunately for Kasey, no-one asked about about Vodafone’s Tax Affairs. She went through some of Vodafone’s route to where they are today, and they are quite proud of where they’ve got to. Critically, she argued that while Privacy is seen as a compliance issue, it won’t improve, it’s only when companies start to compete on Privacy that managers will treat Privacy as more than a burden.  … » Read more …

Will US companies keep our secrets?

A tweeted conversation between Tom Watson MP and Chris Gerhard, in the afterglow, of the Guardian’s running a story that the FBI are looking for warrant-less and secret intrusion into an email provider’s customers.

US companies have to obey the law as it stands in the US and the EU.

US Law states that the Department of Homeland Security can obtain electronic data from US owned computers anywhere in the world, without a warrant if the data subject is a foreigner. EU Law states that EU citizens have a right of privacy including their correspondence and that owners and controllers of computers located in Europe must conform to privacy and data protection laws. US companies can’t do both. Guess which they choose or are encouraged to obey first.

This makes Google and Microsoft both problematic consumer mail providers for those who take their right to privacy seriously. It also sets a problem for US Companies that want to work in Europe.

Interestingly, I have at least one colleague who says he now uses Facebook for stuff he wants to keep private but it is US based and I believe at the moment that all it’s computers are based in the US, so while it may have a decent if volatile privacy model, the US Government can read what it wants.


Other interesting diversions, Google are turning xmpp off, this means that OTR will become unavailable to chat users, as will third party clients and I wonder if US companies are more restricted in reading their employees mail in Europe than their government.  … » Read more …

A night with the Open Rights Group

I dropped into the #openrightsgroup meetup last night. Jim Killock presented on the coming legislative challenges, the crawl of the DE Act to execution, the resurrection of the CDDP, the corporate lobbying of the Tories and the EPP in European Parliament to weaken the EU’s proposed Data Privacy regulation. The resurrection of DRM in the standards world (HTML5) was raised, as was retaining the capability to help scrutinise electronic counting of paper votes, and oppose the full automation of elections. Jim announced that the ORG are organising an ORGCON North and an ORGCON in London later in this year. Welcome to #ORGCON13  … » Read more …

Is not just hackers, its leaking as well

I have suggested in two blog articles, that the should the UK’s security services build their proposed internet surveillance system, that it will be accessed illegally by the well resourced and technically savvy, and legally by those that can afford the lawyers, mainly big business or the sensitive libel litigators. There is well proven precedent that laws designed for a narrow purpose will bleed into broader areas.

We already have example of the Norwich Pharmacal case, where HMRC were subpoenaed to release records to a party in a civil case. This has bled from intellectual property to other cases. It should be noted that giving HMRC the facts they require is mandatory. It’s this bleeding of law from its original purpose to others that often makes the worse law.

The inland revenue refused point blank to take on the Child Support Agency’s collection duties and also fought tooth and nail to keep its data private from the CSA. They felt that many men would tell the truth to them, but seek to avoid co-operating with the CSA; inter-agency co-operation would in their eyes make their duties more difficult; they’d loose co-operation of many of taxpayers.

The decennial Census is mandatory. The privacy guarantee is that neither individual returns nor micro-sets that allow the identification of individuals will be published, yet this was run by Lockheed Martin, an organisation subject to Patriot Act supervision?

The establishment of the Criminal Records Bureau (CRB) has also created another luge, from the specific to the general. It was created to ensure that staff in schools criminal records were known. It is now used for parent volunteers and it is becoming common place for large employers to ask for a criminal records check before offering work. The CRB won’t release their data to organisations with no child protection roles without the permission of data subject, so guess what the options are if you want or need the job.

(That’d be quite a good caveat, no non law enforcement organisations can access the snoopers database without permission of the data subjects, but we need to change RIPA, since very large number of organisations can issue.)

This is all an interesting contrast as private (i.e. legally confidential) data is made available to the interested, but public data is being privatised.

Actually the Tories seem conflicted, their manifesto promises and early actions suggest they’d like to live with and act on the view that public data should be made available to allow the crowd-sourcing of innovation using the data, such as TFL and the train locations, enabling the private sector to create jobs and income on the back of a public sunk investment. They were persuaded that the public or the taxpayer as they like to see it had already paid for the data. However, the cutting of the Universities funding system weakens the public claim on the research output of these institutions; enabling the enclosure of this research by the academic publishers.

Alec Muffett has performed a   … » Read more …