ORG policy update/2016-w47

This is ORG's Policy Update for the week beginning 21/11/2016.

If you are reading this online, you can also subscribe to the email version.

ORG's work

  • ORG has launched a petition against censorship of legal content on erotica and pornography websites. Our petition is a response to a proposal from several MPs to block websites which don't comply with age verification. Blocking websites is a disproportionate, technical response to a social issue. Sign our petition and reject proposals for censorship of legal content in the UK. Nearly 10,000 people have signed already!
  • You can watch MPs calling for censorship of legal content in our new video here.
  • ORG released another video featuring Alec Muffett, a security expert, explaining tech aspects of the Government’s plans to censor legal adult content. Watch it here.

Planned local group events:

  • Join ORG Cambridge for our monthly meetup on Tuesday 6 December to discuss the current state of digital rights, what we've done in the past month and what we are planning to do in the upcoming month.
  • ORG Manchester have got their Christmas social with Manchester No2ID planned for Thursday 8 December. This is a social event rather than a formal meeting, although no doubt there will be some talk about the current state of the world!
  • Join ORG London for a presentation on data-collection apps on Wednesday 21 December. Academic Jennifer Pybus will be discussing a recent hack day she led, where her students created an app that showed how advertisers collected data.



The Report stage for the DEBill will start next week on 28 November. You can find a list of amendments due to be debated here.

Age verification

Karen Bradley MP, Secretary of State for Culture, Media and Sport announced early this week that the Government will support website blocking by Internet service providers in order to protect children from accessing adult content online.

The Government submitted their own amendment making the age-verification regulator (expected to be the BBFC) responsible for issuing notices to ISPs to block erotica and porn websites. ISP blocking of non-complying porn publishers will inevitably lead to a form of censorship on several levels.

The BBFC, as the potential age-verification regulator, will not certify sites as compliant if the sites publish material that is not legal in the UK, or that the BBFC believes are unacceptable to a UK audience. This would mean that the BBFC will seek to limit the content of foreign websites and age verify it.

If the BBFC tries to enforce its own standards as the level of compliance this will be even more concerning, as they will not certify a number of activities that are regarded as fairly normal in the pornographic world.

A very similar amendment submitted by Claire Perry MP has been supported by a big Cross Bench group of MPs. It is likely this amendment will be withdrawn and the MPs will support the Government’s proposal.

Jim Killock gives more details on the implications of this “disastrous policy” in the Huffington Post blog and in a response to the letter by John Carr in the Guardian.

You can watch ORG’s new video featuring Alec Muffett, a security expert, explaining tech aspects of the Government’s plans to censor legal adult content here.

Data sharing

ORG has previously criticised the state of the Codes of Practice regarding data sharing and we put together a list of amendments to improve them.

Loose wording in the Codes of Practice could lead to energy companies being given tax and benefits data of UK citizens. The DEBill proposal would help people lower their energy bills but the wording of the Bill and Codes of Practice could fail to unify the discount system, and the government may feel obliged to share personal data with the companies so they can validate the discounts themselves.

Javier Ruiz gives more details in his blog.


The Investigatory Powers Bill completed all its parliamentary stages in both houses on 16 November. The Bill is still awaiting Royal Assent and is expected to become an Act of Parliament before the end of 2016 and before the DRIPA sunset clause takes effect.

Paul Bernal summarised the process of how the Bill got passed.

Media have been increasingly discussing the Bill this week labelling it as granting “the most extreme surveillance powers in history”. The UK public responded by launching a petition to repeal the new law. At the time of writing, the petition was nearing 40,000 signatures. It could be discussed in a debate in Parliament if 100,000 people sign the petition.

Question on Cybercrime elections

Tom Blenkinsop MP asked the Minister for the Cabinet Office, whether the Government has assessed the level of potential risk of cyber interference by foreign governments in elections in the UK.

Ben Gummer MP responded that the Government treats cyber security seriously. They recognise that cyber attacks remain a top threat to the UK's economic and national security (according to the 2015 National Cyber Security Strategy). Gummer did not expressly comment on cyber interference in elections.

Question on the ICO issuing guidance

Lord Hodgson asked the Government whether the Information Commissioner is required to consult relevant stakeholders before issuing guidance. In addition, he asked whether there are any plans to review the conduct of guidance consultation process.

Lord Ashton responded that the Information Commissioner is required to consult “with trade associations, data subjects or persons representing data subjects as appears to him to be appropriate”. The Information Commissioner is due to review the ICO guidance consultation process as part of its preparations to implement the EU General Data Protection Regulation.

Question on data protection and charities

Lord Hodgson asked the Government whether they have made assessment of the extent to which the Information Commissioner has complied with the duties relating to promoting good practice by data controllers in relation to charities (section 51 of the Data Protection Act 1998).

Lord Ashton responded that the ICO updated its direct marketing guidance in March 2016 with references to the charitable sector. The ICO also published a webinar providing specific advice to charities on how to comply with the direct marketing legislation.

Other national developments

GCHQ to respond to FoI

The European Court of Human Rights ruled that European citizens have a right to information from public authorities under Article 10 of the European Convention on Human Rights.

Article 10 says:

“"Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers."

The judgment was made in a case concerning a dispute between Hungary's government and an NGO (the Hungarian Helsinki Committee) over a freedom of information request filed by the NGO. The latest ECtHR interpretation of Article 10 in the case ruling gave guarantees to people on obtaining information from a government. The right does not apply to all requests but it shall apply to all requests where access is “'is instrumental for the individual’s exercise of his or her right to freedom of expression”.

This ruling could have further implications for disclosure of information by public bodies, such as GCHQ or the National Crime Agency.

Three UK data hack

Customers of the UK mobile operator Three have been exposed to a data breach. Personal data of 134,000 customers has been accessed.

This data includes name, address, date of birth, gender, handset type, contract start and end date, whether they are a handset or SIM only customer, telephone number, e-mail address, previous address, marital status, employment status, Three account number and phone number, and how long they’ve been with Three.

The mobile operator believes that the attack was carried out in order to obtain new handsets through getting access to their handset upgrade database, not to obtain customers’ information. The affected customers have not been notified by Three yet.

The ICO had been notified of the breach and they are investigating the incident.

TfL wifi tracking

Transport for London has begun a four week trial in which they are following wifi connections of their customers throughout the Underground station. The trial aims to understand passengers’ movements and interchanging habits and to assess best advertising placements.

The trial started on 21 November using data from mobile devices at 54 stations in zones 1-4.

TfL has taken several privacy measures: travellers MAC (Mobile Access Control) addresses will be encrypted and depersonalised, the data will be stored on a secure server and not linked to any other data and the data will be unavailable to third parties.

TfL customers have been notified of the trial through posters displayed at the entrances and on the platforms of all the participating stations. They have the option of opting out of the trial by switching their wifi off.

TfL is hoping to obtain data that will help them with better disruption management, timetable planning and station design.

Despite the TfL’s efforts, not all privacy concerns have been answered. The explanation given by TfL on posters at stations and platforms misses three crucial points to help passengers understand how the scheme works, all the purposes the data is being collected for, and how to opt out:

  • TfL are tracking people's movement around London and around stations
  • Passengers have to turn off WiFi on all the devices they are carrying to opt out. If they leave WiFi switched on but never use the WiFi network, they will still be tracked.
  • The data will be used to find and set prices for advertising spaces in stations, in addition to improving services

More in depth assessment of the TfL's trial practices can be found in a blog by Ed Johnson-Williams.

Retailers offering e-receipts

A Money Mail investigation revealed that several high street retailers are offering their customers e-receipts and potentially harvesting their details for marketing.

Customers are offered e-receipts as a substitute for printed receipts because of their convenience and as a substitute for warranty. The investigation found that shop staff did not always explain that emails could be used for marketing emails and that some customers were still sent marketing emails even though they had expressly asked not to get them.

According to the law, customers need to be given “a simple means of refusing” any future direct marketing. The ICO has issued a short guide explaining how retailers should proceed when asking for their customers’ data.

You can find more information in Pam Cowburn’s blog post.


EU countries on encryption

A freedom of information request from the Dutch NGO Bits of Freedom revealed that several EU countries want EU law to be created to enable law enforcement agencies to access encrypted information.

The Slovakian government (currently holding the rotating presidency of the Council of Europe) asked the member states to identify how their law enforcement agencies deal with encryption technology. From the 12 responses obtained so far by the Dutch NGO, Croatia, Hungary, Poland, Latvia and Italy called for drafting EU laws letting their agencies to decrypt information.

Several countries indicated in their responses that their police forces lack the funds and technical skills to intercept criminals encrypted communications. Following the survey responses, national ministers will discuss encryption at a meeting in early December.

Andrus Ansip, Vice President for the Digital Single Market, previously criticised the efforts to create backdoors for encryption.

ORG media coverage

See ORG Press Coverage for full details.

2016-11-18-The Canary-While we were busy freaking out about Trump, parliament had a bonfire of our human rights
Author: Carlyn Harvey
Summary: Jim Killock quoted on the IPBill being the most extreme surveillance law ever passed in a democracy.
2016-11-20-Al Jazeera-UK politicians approve 'extreme surveillance' law
Summary: Jim Killock quoted warning on the international reach of the IPBill and authoritarian regimes using it as a justification for their own practices.
2016-11-21-Metro- Plan to block porn websites ‘to go ahead’, government confirms
Author: Rob Waugh
Summary: Jim Killock quoted on the necessity for privacy and safety of end users if age verification proposals are to be implemented.
2016-11-21-Wired-UK government plans to block porn sites that don’t provide age-checks
Author: James Temperton
Summary: Jim Killock quoted on the ISP website blocking leading to censorship of legal material.
2016-11-22-The UK is entering a draconian era of porn prohibition
Author: Amelia Tait
Summary: Jim Killock quoted on the ISP website blocking leading to censorship of legal material.
2016-11-22-BBC-Porn sites could be blocked by ISPs under new UK rules
Summary: Jim Killock quoted on the ISP website blocking leading to censorship of legal material.
2016-11-22-Newsweek-Privacy Row as U.K. Government Plans Porn User Database
Author: Anthony Cuthbertson
Summary: Jim Killock quoted on the ISP website blocking leading to censorship of legal material.
2016-11-23-Metro-Non-conventional’ porn will be banned from all websites in the UK, BBFC warns
Author: Rob Vaugh
2016-11-23-CNet-UK government: No porn please, we're British
Author: Katie Collins
Summary: ORG quoted on the ISP website blocking leading to censorship of legal material.
2016-11-23-Vice-What the New British Porn Bill Means for You
Author: Girl On The Net
Summary: Alec Muffet quoted on the non-existence of national boundary of the Internet in relation to the age verification proposals.
2016-11-23-Business Insider-The UK is banning 'non-conventional' porn and it could censor huge swathes of the web
Author: Rob Price
Summary: ORG quoted on chilling privacy implications of age verification for porn websites.
2016-11-23-The Verge-The UK is about to wield unprecedented surveillance powers — here’s what it means
Author: James Vincent
Summary: Jim Killock quoted on the impacts of the IPBill on people’s online behaviour.
2016-11-24-Politics-Insecure, ineffective and dangerous: The reality of the UK's new porn bill
Author: John Lubbock

ORG Contact Details

Staff page