Recently in Digital Rights Category

The perceived trade-off between freedom and security has been a defining feature of the early 21st century. With "terrorists" allegedly lurking around every corner, a number of governments, including successive UK ones, seem to have taken a "legislate first and ask questions later" approach. Add to this the revolutionary effect of digital technology and the Internet in particular on the relationship between the state and the individual, and worrying trends begin to emerge.

In the US, the Patriot Act gives authorities the power to, for instance, demand that individuals and organisations hand over vast amounts of communications and transactional data, while at the same time prohibiting anyone receiving such a demand from speaking about it. Statistically, between 2003 and 2006 one in every 1500 Americans received such a demand. In the UK, the Terrorism Act of 2006 prohibits something it vaguely calls "glorifying terrorism", while the Regulation of Investigatory Powers Act (RIPA) - also originally intended for use against serious crime and terrorism - allows councils to spy on people suspected of breaking the smoking ban.

The Draft Communications Data Bill, which was last year shredded by a Joint Select Committee and yet is about to make it back onto the government's legislative agenda, proposes to significantly extend existing police powers to monitor our digital lives. If passed into law, the proposals would allow the government to compel telecommunications operators - anyone from Royal Mail, Internet Service Providers and mobile operators to Google and Facebook - to retain and collect transactional data on their users: who they spoke to or emailed and when, where they were based on their mobile phone location, even which websites they visited. While some data is already being retained for a limited time period with the intention of being able to reconstruct a suspect's activity for criminal investigation purposes, the new proposals go several steps further. They include the creation of entirely new data sets and the powers to "data mine" - investigate the data for conspicuous patterns even if no crime has been committed.

Given well-documented abuses of existing powers and legislation, civil liberties and digital rights campaigners like the Open Rights Group are raising a number of concerns about the Draft Communications Data Bill. The potential for abuse of such powers - both by those authorised to access the data but also by malicious individuals for whom the simple existence of such a data set is a target - is staggering. Even without knowledge of which websites someone has visited - which automatically gives you access to the content they have accessed - it is remarkably simple to make conclusions about the content of a conversation by cross-referencing different pieces of information such as where an event took place, who was there, or the time of day when it occurred.

In some ways, however, the problem with the Draft Communications Data Bill is not so much the potential for extreme abuses of these powers - though that too is a concern. Rather, this is another step in a gradual but fundamental shift in the relationship between the state and the individual. Digital communication has given individuals unprecedented freedom to associate, exchange ideas and power to hold governments to account. At the same time, digital data processing creates the potential for government to spy on our every move. Never before - not even in totalitarian states like the Soviet Union and East Germany - has the state had the power to map and examine individuals' lives with such a level of detail.

The challenge here is the insidious nature of mass surveillance - the danger that with every new set of powers the state grabs for itself, every restriction on our freedom and civil liberties in the name of some abstract concept of security we just begin to feel that this acceptable, normal, expected. Just as we hardly notice CCTV cameras anymore - we just assume they are there - will we in future assume that a database is storing our every move, a computer analysing all the data and flagging up when we walk out of line?

We need to start asking the questions and having the conversations before legislating. We need to ask ourselves if we want a state where the police and security services have the power to spy on all of us. Who benefits from such powers and who loses? If we do want to give the state such powers, what safeguards should we put in place and what governance structures? These are debates that we as a society are currently largely failing to have. The Open Rights Group's campaign against the Communications Data Bill is a good starting point. Write to your MP. Join the debate.

Africa is rapidly becoming "the place to be" for Western businesses. Despite common preconceptions expressed in Twitter hashtags like #FirstWorldProblems, a lot of African economies are growing rapidly, and US and European companies are looking to the continent for their next wave of consumers. This is not as surprising as you might initially think. Compared to Western Europe with its declining birth rates and, in many countries, negative population growth, Africa's population continues to grow rapidly.

Read more on OrgZine.

Let's be clear on one thing here: we have the technology. We have the technology for me to be able to view any piece of digital video ever made, instantly, wherever I want, whenever I want. And another thing: I have absolutely no objection to paying for viewing said digital video; but I do object to so-called content providers taking the piss.

Case in point: LoveFilm vs Netflix

I've been meaning to try out both LoveFilm and Netflix for a while. I got doorstepped by a very cold lass from LoveFilm last week, and I took pity on her and said yes to her three months for the price of one trial. Then, for the sake of comparison, tonight I also signed up for the Netflix trial. So far so good - let see how they compare.

Netflix outdoes LoveFilm for sheer creepiness. Once I log in on the PC, it automatically logs me on the PS3. I'm assuming it just uses my IP address to identify me, but it's creepy as hell.

In terms of content, they both suck in slightly different ways. LoveFilm doesn't have films which I would expect it to have (but Netflix does), Neflix doesn't have some TV shows that LoveFilm does. Neither of them has one of the shows I really want to see - or rather, Netflix does, but only in the US.

Perhaps the most ridiculous way in which they both fail is technically. The LoveFilm app on the PS3 crashes any time the network connection slows down. Netflix refuses to work on Linux (but will allegedly work on a Chromebook). Netflix doesn't seem to have an easily identifiable way to queue things to watch in future. LoveFilm has a vaguely useful Watchlist functionality on the PC interface... which does not seem to be available in the PS3 app. I don't even. WHAT?

Case in point: The National Hockey League

If you happen to live in the UK and want to watch NHL games now that the lockout is over, you're screwed. There's some sort of obscure, paid-for channel on Sky which screens about 10 as far as I can tell random games a week, but that's about it. The NHL does have its own online streaming service which, however, only works in North America for games which your local TV network won't show. Now, as much as I do get the value of TV deals to sports organisations like the NHL, making it difficult for your fans to access your product seems somewhat counterproductive to me.

Dear Netflix, LoveFilm, NHL and co.: give me just one good reason not to go to the PirateBay!

And here of course every content provider screams, "We can't compete with free! We must shut all these naughty file sharing websites down, block them and censor them, we must disconnect file sharers from the Internet!"

Well, I've got news for you guys: You're not competing with free. You're competing with a service which meets my requirements. I have no problem paying for the things I want to watch, or the music that I want to listen to, or the books I want to read. I do it all the time. But if I'm giving you money, I expect a service that doesn't take the piss; that doesn't make it deliberately difficult for me to access the content I want to view; that actually works.

Try harder, chaps.

A quick reminder from me as to why everyone should care about digital rights:

Digital rights are human rights - they go beyond the technorati.

Parents get advice and support on all kinds of issues on Mumsnet. Feminists organise through websites like The F Word which often translate into real world action. Disabled people find new ways of reaching out to the world and fighting for their rights through The Broken of Britain Campaign. Bullied lesbian, gay, bisexual or transgender teens can find new hope through the It Gets Better videos. Men, women, black, white, straight, gay, Muslim or humanist, able-bodied or not, the internet brings us together and empowers us all.

At the same time, this new-found empowerment is under constant threat. Copyright lobbyists are demanding powers to censor free speech and disconnect us from the internet without due process. Politicians threaten us with the Great Porn Firewall of Britain, potentially preventing vulnerable LGBT teenagers from accessing information and safe spaces online that may help them come to terms with their sexual orientation and even save their lives. People are taken to court for posting messages on Twitter and Facebook. The security services want to know where you've been, who you've been talking to, and what websites you've visited.

As the information war gains new fronts almost on a daily basis, it is vital for all of us to be engaged in what is perhaps the defining political issue of the 21st century.

And now we interrupt your regular schedule for a special announcement from the Open Rights Group:

After a year of successes ORG is ready to take the next step in the battle for your rights!

We campaigned for change to copyright that would create a new right to parody, built the coalition against the Snoopers' Charter, broke the story of Mobile Internet censorship, and our hard work against ACTA came into fruition as we watched MEPs shoot down a law that would have led to damaging copyright policy. We couldn't have done any of it without our supporters!

ORG is now prepared to take legal action to challenge threats to your digital rights.

We now need to fund a new position: a legal expert who can co-ordinate our crack-team of volunteer lawyers, perform thorough legal research, and create new case law to actively prevent potential threats to civil liberties.

You can help ORG achieve this! We only need 150 new members to start our legal project; 300 new members could pay a Legal Officer full time. Join the Open Rights Group today to help protect your digital rights!

Back in April this year, the Guardian published its "Open 20" - a list of twenty "fighters for internet freedom". As with any such list, the opportunities for criticism and disagreement are endless. What struck me in particular, though, is that not only does the list contain just four women but one of them is Ada Lovelace. As illustrious and pioneering a woman as the Countess of Lovelace was, she died in 1852, over a hundred years before anything that can be legitimately seen as a progenitor of the internet, and thus can hardly be described as a fighter for internet freedom. You know we're struggling to showcase female participation in a field when we have to scrape the barrel for examples from before the field even existed.

Read more on ORGZine.

Imagine the government had the power to compel your internet service provider, your mobile operator, or even Google and Facebook to collect or retain certain data about your activities: who you were talking to, when and how long for; where your mobile phone was at a given time; what websites you visited. The police could then use this data to scan for suspicious activity, or trace an individual suspect's activities through the entirety of their electronic life.

This is precisely what the government is proposing in the Draft Communications Data Bill. While some data is already being retained for a limited time period with the intention of being able to reconstruct a suspect's activity for criminal investigation purposes, the new proposals go several steps further. They include the creation of entirely new data sets and the powers to "data mine" - investigate the data for conspicuous patterns even if no crime has been committed.

Sure, you say. I'm not a suspect; I've got nothing to hide. If it helps the police catch terrorists and paedophiles, why not?

Are you sure you have nothing to hide? Who decides what activity is suspicious, and what action to take as a result? Think about it.

Let's say you're an investigative journalist - or simply someone who likes the idea of investigative journalists being able to do their jobs and expose shady dealings and dodgy expense claims. You're the kind of investigative journalist who meets contacts at random times in random places, who gets anonymous tip-offs, who works on stories that can be extremely embarrassing to the government... or the police. Even if your activity hasn't already been singled out for analysis, chances are a high level scan would throw you up as someone who is suspicious. Who are you meeting in the middle of the night in a deserted car park? The police only need to look up who the other mobile phone in that car park belongs to, and they know. Who have you been emailing? What have you been googling? Suddenly a picture begins to emerge of the story you're working on.

Oh, and by the way... your mobile phone was located at your GP's surgery three times this month; or at the abortion clinic last week; or at the AA meeting. While the police may not necessarily want to know that, there are plenty of people who do: you employer, your church, or if you happen to have the misfortune to have attracted public interest in some way, the Daily Mail. Have we really seen the end of phone hacking, blagging and all the other dirty tricks that went with them in the tabloid press? Just by existing, the enormous data set the government is proposing to create becomes a target for all sorts of malicious activity.

It's not like police don't already abuse existing data either. With access to location information or detailed data on who someone has been communicating with, corrupt police officers get even more leverage over their victims. Domestic violence victims may well initiate contact with their abuser as part of the pattern of abuse they suffer. If the copper investigating your case has that information they can blackmail you into all sorts of things with the threat that it will be used to "prove" that you aren't a victim of domestic violence after all.

Call me paranoid, but before handing additional powers to the state, I would like them to pass the "Stross Test". This is based on a short story called "Minutes of the Labour Party Conference 2016" by Charles Stross, published in the anthology "Glorifying Terrorism". In the story a BNP government uses anti-terrorism legislation passed by Labour in 2006 to establish and uphold a fascist state by labelling all opposition, including the Labour Party, as terrorists. Would you trust the BNP with the Draft Communications Data Bill?

The Open Rights Group is currently campaigning against the Bill. You can use the ORG campaign website to email your MP and explain to them your concerns about the proportionality, the potential for abuses and the lack of proper safeguards of these proposals.

In the meantime, with party conference season upon us, I will leave you with this thought from the minutes of that fictional Labour Party Conference in 2016:

"The Party would be grateful if you can reproduce and distribute this document to sympathizers and members. Use only a typewriter, embossing print set, mimeograph, or photographic film to distribute this document. Paper should be purchased anonymously and microwaved for at least 30 seconds prior to use to destroy RFID tags. Do not, under any circumstances, enter or copy the text in a computer, word processor, photocopier, scanner, mobile phone, or digital camera. This is for your personal safety."

The Department for Education's consultation on parental internet controls (aka the Great Porn Firewall of Britain) closes tomorrow (that's Thursday, September 6th). For those of you who've not been following this one, this is the proposal to make ISPs block pornography unless you specifically ask them not to. It's one of those ill-thought-out "think of the children!" initiatives which make it look like the government is doing something while being both utterly ineffective and actively harmful.

The Open Rights Group has a campaign page which makes it easy for you to tell the government precisely what you think of the Great Porn Firewall of Britain, and even if you only write two sentences, I would still strongly encourage you to head over there and submit a consultation response before close of business on Thursday. If you need inspiration, mine's below:

My response to the Department for Education Consultation on Parental Internet Controls

A copy of this email is going to my MP. I am raising my concerns about the proposal for network filtering of adult content and default blocking.

I would like to submit the following evidence:

The proposals for default blocking of certain content are ostensibly there to make it easier for parents to restrict their children's access to online pornography. Yet this is a blanket measure which will in one way or another affect all 26 million households in the UK. According the government's own data only 7.5 million of those households actually have dependent children living in them. This is clearly a vastly disproportionate measure.

Additionally, such mechanisms are unlikely to actually work, either at the micro and at the macro level. From an individual household's point of view, blocking content at the point of internet connection ignores the fact that different members of the household have different content needs. Content filters also have a tendency to not be very effective at blocking the kind of content they are targeted at, while also often blocking content which is harmless.

The proposals are of particular concern to the LGBT community as simple information about different sexualities can often be blocked by such filters. For children and teenagers growing up and beginning to question their sexuality in an environment which is often still hostile, lacks positive role models and where bullying is rife, the internet can often be a lifeline to finding more information, talking about one's experiences and finding a more accepting community. The blocking proposals put this lifeline at risk and thereby put children at risk.

Finally, blocking as proposed at the internet connection level is open to future misuse and abuse and opens the door to censorship of other material without adequate justification or oversight.

Governments are not in the business of defending freedom

To seasoned digital rights campaigners this is probably not news, but it's definitely something worth reminding ourselves of. It was certainly a theme that ran through the "Freedom and Security" session at the Turing Festival in Edinburgh on Saturday morning.

Read more over on ORGZine.

A Joint Select Committee is currently reviewing the Draft Communications Data Bill, also affectionately known as the Snoopers' Charter. This Bill would compel "telecommunications operators" - everyone from your ISP to your mobile phone company to Royal Mail - to collect and share with the government certain data about your communications: who, where, when, how. There are, unsurprisingly, a number of privacy issues with this approach.

The Joint Select Committee is running a consultation, which you can access here. The deadline for written evidence is tomorrow, August 23rd. You can also submit a written response to the consultation through 38 Degrees, which is what I did. For reference (and reapplication if you want), my response, particularly to questions 2 and 3 of the consultation, is below.

My response to the Joint Committee Consultation on the Draft Communications Data Bill

2. Has the Government made a convincing case for the need for the new powers proposed in the draft Bill?

There already extensive provisions under the Regulation of Investigatory Powers Act (RIPA). There is currently no convincing case for an extension of data gathering and surveillance powers as proposed in the Draft Communications Data Bill. The proposals are likely to generate vast amounts of additional data, and rather than looking for a needle in a haystack, the effect would be akin to adding more hay to the stack. This also increases the risk of "false positives" - flagging perfectly legitimate behaviours as suspicious, thereby turning us all into a nation of suspects. Rather than introducing the Communications Data Bill, the government should focus on tightening up RIPA, making it more transparent and limiting the number of often frivolous requests granted under that Act.

3. How do the proposals in the draft Bill fit within the wider landscape on intrusion into individuals' privacy?

Both of the likely uses of the data generated under the Communications Data Bill are problematic from a privacy point of view:

Data mining: This is the practice of looking at the entire data set to spot suspicious behaviour patterns and proactively take steps to prevent an individual from doing something as a result. A possible action that could be taken as a result of data mining is, for instance, putting someone on a no-fly list. We are therefore likely to end up with law enforcement agencies making life-changing decisions about individuals on the basis of data which is likely to be inaccurate, generate false positives and which individuals will have very little or no access to in order to appeal and overturn such decisions.

Data filtering: This is the practice of tracing one individual's activity through the entire data set. A remarkably detailed picture of an individual's life can be generated from records such as who they have contacted by phone or email, what websites they have accessed or where they have been, based on location data from mobile phone networks. Simply by existing, this data set becomes a target for malicious activity by criminals, corrupt journalists or other parties not authorised to access the data. Rather than increasing our safety and security, this data set would expose us to additional risks.

Both data mining and data filtering at the scale proposed in the Draft Bill give the state unprecedented powers to invade individual's privacy. They extend well beyond the sphere of digital communications and into our physical day-to-day lives. There are also additional concerns over the extent of the intrusion into content of communications, as well as potential future secondary uses of the data set.

Intrusion into communication content: While the Draft Bill is intended to only track headline communications data (who, where, how, when) rather than content, the proposed implementation would potentially give access to communication content. For instance, in the case of data on which websites an individual has visited, content is implicitly included in this information. Remarkably accurate conclusions about content may be also be made by putting together different pieces of information from the data set, e.g. if an individual looked up medical terms on the Internet and then went to see their GP.

Secondary uses: We have seen a number of cases where data sets collected by companies or governments for one purpose have later been used for other purposes without gaining consent from individuals. A recent example comes from Germany where the government is in the process of legalising the sale of citizens' data acquired through the mandatory registration programme to private companies for marketing purposes on an opt-out rather than opt-in basis. Therefore invasion of privacy is unlikely to remain limited to the state and law enforcement agencies.

As a woman and feminist working in technology and interested in digital rights, I occasionally find that the different worlds I am part of collide quite spectacularly. Case in point: the growing controversy over how women are treated in certain online spaces, notably gaming and blogging, but also in everyday social interactions online. Let's take a quick tour of the female experience of online spaces.

Read more on ORGZine.