Digital Rights Case Studies

Add case study details, for example, the wrongful arrest of David Merry[1]; people[2] who've made it on to America's no-fly list for no good reason; and other abuses of people's digital rights.


See also: UK Privacy Debacles

Delores McNamara's details accessed by Tax and Social Welfare officials after she wins EuroMillions:,,2091-2014750,00.html

Andrew Rowe recently got sent away for a long time for possessing a small piece of paper on which were scrawled a few dozen words, and corresponding codewords. Ross Anderson was asked to give an expert opinion on its fitness for alleged purpose, and wasn't too impressed.

Now the bungling Home Office steals our good names After all the recent revelations of Home Office incompetence, the disclosure that almost 1,500 citizens have been wrongly said to have criminal records is less shocking than it would once have been.

Inland Revenue to warn its staff after it was found some employees were looking at celebrities' tax returns.

Ross Anderson: Security of Medical Information Systems. An example of likely problems comes from a report that the Real IRA penetrated the Royal Victoria Hospital in Northern Ireland and used its electronic medical records to gather information on policemen to target them and their families for murder. A particularly shocking case was that of Helen Wilkinson, who needed to organise a debate in Parliament to get ministers to agree to remove defamatory and untrue information about her from NHS computers.

Indymedia Server Takedown On Thursday, October 7, 2004, more than 20 Independent Media Center (IMC) websites and other Internet services were taken offline pursuant to a Commissioner's Subpoena. The hard drives were handed over in the UK, following an order by a US federal agency which acted on the request of another country, possibly Italy and/or Switzerland, complaining about a website run by French volunteers. Or, as Indymedia volunteer Micah guessed on IRC-chat the very day of the event: "So this is about Swiss police, on a French site, on a server in England, taken away by American federal police..." Kurt Opsahl, Staff Attorney of the Electronic Frontiers Foundation, states: Oct 8 "This seizure has grave implications for free speech and privacy. The Constitution does not permit the government unilaterally to cut off the speech of an independent media outlet, especially without providing a reason or even allowing Indymedia the information necessary to contest the seizure."

In a significant number of the Operation Ore cases, it now appears that the poor chaps who had their doors broken down at 4am were not bad people who had downloaded filthy pictures - they were unlucky people who were the victims of credit card fraud. Operation Ore Exposed

Royal Bank of Scotland and its NatWest subsidiary are being investigated for allegedly dumping customers' financial details in bins

Tax credit fiasco: 8,800 identities stolen

One of Britain’s biggest high street banks knew about a security loophole in its online banking service that left millions of accounts open to fraud and did nothing about it for almost two years. HSBC initially denied the defect in its computer banking but conceded yesterday that the problem had been known about since the system was introduced. HSBC knew about security loophole in online banking

One in five NHS trusts in England do not store, use and dispose of information about patients to an agreed NHS standard

TK Maxx loses payment details Retailer TK Maxx has warned UK customers that their credit and debit card details may have been stolen in a when there computing systems where cracked into by attackers. The attack occurred in December, but, on the advice of investigative authorities, they only alerted customers at the end of January.


DVD Jon released DeCSS a program for viewing DVDs, he was prosecuted in Norway for computer hacking. The trial opened in the Oslo district court (Oslo tingrett) on December 9, 2002 with Johansen pleading not guilty to charges that had a maximum penalty of two years in prison or large fines. The defence argued that no illegal access was obtained to anyone else's information, since Johansen owned the DVDs himself. Also, they argued that it is legal under Norwegian law to make copies of such data for personal use. The verdict was announced on January 7, 2003 acquitting Johansen of all charges.

In June 2006 NextGenTel, one of the biggest broadband providers in Norway decided to deliberately limit the bandwidth from the Norwegian Broadcasting Corporation (NRK). The CEO of NextGenTel, Morten Ågnes tells the Norwegian newspaper Aftenposten that they will give priority to the content providers that pay for better bandwidth. It seems like the customers won this battle (link, to Norwegian article). Due to bad publicity and reactions from customers, on October 3rd NextGenTel removed the limit and NRK is now back on full speed in their network.


The Swedish police attempted to take down The Piratebay, several sources reported that the MPAA initiated the attack by directly influencing Swedish authorities on governmental level, in this case the Ministry of Justice, to intervene in this specific case, which is considered illegal in Sweden. It also turned out that the US had threatened to put Sweden on WTO’s black list because they didn’t take the Pirate Bay down, something that should’ve made the Swedish government move even quicker.


Australian ID card database misused by Government staff. Australia's identity card system was routinely searched for personal reasons by Government agency employees, some of whom have been sacked. Police are now investigating allegations of identity fraud resulting from the security breaches. Centrelink staff sacked for spying The government's welfare agency has confirmed it uncovered almost 600 cases of staff wrongfully accessing client records during the last two years. The head of the Australian government’s Smartcard Privacy Taskforce, Professor Allan Fels said the breaches highlighted why data on the proposed new card should be kept to a minimum.


Google complies with a "small and narrow" court order for information about hate groups in a Brazilian court. The case highlighted concerns that "as long as Internet companies retain data that can identify people, which they use for marketing purposes, they will become targets of law enforcement" according to the article. Google said "it is and always has been our intention to be as cooperative in the investigation and prosecution of crimes as we possibly can" however "European and Latin American laws permit prosecution for hate speech -- an approach the U.S. Constitution does not allow" according to the Post.



  • A security flaw in Passport Canada's website has allowed easy access to the personal information - including social insurance numbers, dates of birth and driver's licence numbers - of people applying for new passports.


In 2009, the Open Society Foundation funded research into the campaigning methodologies of six groups: from Brazil, the US, New Zealand, Canada, France and the UK. The research was carried out by former ORG Executive Director Becky Hogge. Click through for a summary of the report and to download a copy.