Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Stream: Blog

Blog
Privacy International's picture

As part of the government’s ambitious Open Data programme, the Cabinet Office announced last year that data from the National Pupil Database (NPD) will be made freely available and accessible to all. The NPD, previously only available to researchers on an academic licence, contains a record for every single state school pupil in the country, covering educational attainment from reception to sixth form, as well as characteristics such as attendance, ethnic background and free school meal eligibility. According to the Cabinet Office, the data will be ‘anonymised’: names and other information that directly identifies individuals will be removed from the version of the NPD that is open to the public. But this in itself is not a safeguard of pupils’ privacy rights.

Blog
Sam Smith's picture

We welcome the Informational Commissioner's intention to produce guidance for data controllers around the production of Open Data. Rigorous guidance is sorely needed in this area, with even large Government departments getting it dangerously wrong. Some data can be released safely in some circumstances; depending on the type and there has been sufficient consideration of the nuance of the situation. Adequate anonymisation is exceptionally difficult, and reidentification is possibly using subtle clues.  Accurate advice is vital.

However, the draft ICO guidance published for consultation is fundamentally problematic. It includes some superficial detail on anonymising spatial data, while ignoring almost every other type that needs consideration. Such flaws (and there were several) will lead to misguided confidence, the release of inadequately protected data, and all of the real problems that can cause. 

Blog
Carly Nyst's picture

Privacy International has urged the Australian Parliament to ensure that rigorous legal and judicial safeguards are at the heart of future reforms to national security legislation. In a submission to the Joint Parliamentary Committee on Intelligence and Security, Privacy International gave its full support to the objections raised by the Australian Privacy Foundation in its submission to the Inquiry into Potential Reforms of National Security. The Inquiry is considering a discussion paper published by the Australian Attorney-General's Department which envisages a number of draconian reforms to Australian national security and communication policies, including increased powers to monitor and intercept communications. 

Blog
Sam Smith's picture

Privacy Internationally has submitted two documents to the UK Parliament's Joint Committee reviewing the draft Communications Data Bill. The first submission is an implementation briefing based on our work for the Big Brother Incorporated project, establishing the capabilities and defects of existing surveillance technologies. The second submission focuses on the the majority of the Joint Committee's 21 questions about the social and ethical implications of increased communications data surveillance capabilities. Our two submissions:

Blog
Sam Smith's picture

The Home Office constantly insists that trafffic data is not about the content of the pages you look at, but about the sites you visit.

This would have made some sense in 1999 when RIPA was first being debated, but technology has moved on and new open data sources are now available. This allows for vastly more invasive tracking in 2012 than was envisaged in 2000. We’ve done a little bit of work on how…

The English Wikipedia contains 4 million articles, which contain 18 million links out to other websites.

We’ve run an analysis on those articles and links, and looked at how many of the outbound hostnames uniquely identify the page that you were looking at (a hostname is the www.privacyinternational.org part of a web address). Of the 4 million articles on Wikipedia, 1.3m of them - i.e. one in three - contain a link that is enough to identify the wikipedia page you were looking at, simply because only one page on wikipedia contains a link to that domain.

Blog
Carly Nyst's picture

Last week the Rwandan government tightened its grip on citizens when the parliament's lower house adopted legislation that sanctions the widespread monitoring of email and telephone communications.1 The bill is now awaiting Senate approval. 

Blog
Sam Smith's picture

Modern communications surveillance policy is about gaining access to modern communications. The problem is that the discourse around communications policy today is almost the same as it was when it was simply a question of gaining access to telephone communications. "Police need access to social network activity just as they have access to phone calls" is the politician's line. We use Facebook as an example here, but most internet services will be similar in complexity and legality.

The reality is much more complicated, and modern communications surveillance policy hides far greater ambitions. Telcos usually have physical offices in the countries in which they operate and will comply with the law of the jurisidiction in responding to law enforcement requests. Social networking service providers tend to be based in just a few countires, despite having users all over the world, and are not therefore necessarily obliged to comply with domestic legal regimes.

Blog
Sam Smith's picture

In the PI office, we have daily debates about which platforms to use for our organizational operations. As a privacy charity, we are naturally concerned about the integrity of our own information services and resources, but we frequently receive queries about the best technologies to use from a variety of other organizations, some with very complex threat models.

The sad fact is that we are all poorly served by the range of services currently available. We worry that there is a significant lack of outsourced/cloud-mediated services that include effective content privacy protections. If you know of resources that are out there or under development, please get in touch or leave a comment below.

Blog
Carly Nyst's picture

Imagine a secret government list of suspicions and allegations, fuelled by unsubstantiated rumours provided by anonymous citizens with undisclosed intentions. The information contained in the list would not be measured against any legal burden of proof or supported by any credible evidence, but would – simply by its existence – become “fact”. Imagine, then, if the government could rely upon such “facts” to identify and implicate individuals for illegal behaviour. Such a system would be reminiscent of McCarthyistic tactics to ferret out suspected communists and traitors in 1950s America.

Blog
Sam Smith's picture

By now, UK internet users are probably familiar with major sites asking them to consent to the use of website cookies. This is prompted by the 'cookie law' (aka "Directive 2002/58 on Privacy and Electronic Communications", otherwise known as the E-Privacy Directive), which is proving a privacy trainwreck. Theoretically, the Directive was a good idea - a method of preventing companies secretly following a user from site to site across the web. However, ill-executed law can be worse than no law at all, and the UK's regulator, the Information Commissioner's Office has made a hash of its implementation.

Pages

Subscribe to Privacy International - blog