I was on BBC’s Daily Politics show Thursday, 17 January 2013 discussing opening up government databases with Stephan Skakespeare who is leading the government’s review. The main point I hope I made is that access to data should be determined by what is in the public interest not necessarily that which can turn a profit.
Archive for the ‘Freedom of Information’ Category
Today I heard that hacktivist Aaron Swartz killed himself. He was just 26 years old. I met Aaron at various Open Government conferences. He was an incredibly intelligent original thinker who was committed to freedom of information and democracy. He went beyond the rhetoric and put his principles into action. While I was researching the Boston hacker scene for The Revolution Will Be Digitised he generously agreed to help me. I’ve decided to post that section here to give a sense of the man we’ve lost.
…I can count on one finger my Boston contacts. Fortunately that person is Aaron Swartz, who’s in the Cambridge tech/activist scene. He describes himself as a writer, activist and hacker and at twenty-five his CV is impressive: currently founder and director of a democracy campaign group, Demand Progress, he previously co-founded Reddit.com (a website for sharing news links) and was part of the original team to launch Creative Commons. At fourteen he co-authored the Really Simple Syndication (RSS 1.0) specification for publishing news updates. In the information war he’s participated in a few guerrilla campaigns which have accorded him his own FBI file (posted on his blog). In 2008, he hacked into a federal court library system to leak over 18 million public documents that the government had been charging citizens to access. Swartz only realised how much trouble he was in when the FBI started monitoring him. He got himself a lawyer, but luckily the New York Times got on the case and made him something of a cause célèbre. The FBI eventually backed off: it looked bad to spend taxpayers’ money going after a kid for making public records more publicly available.
Aaron has set me up with a room in a place called the Acetarium but even standing outside the door on this cold November night I can’t tell if it’s a hostel, a hotel or a house. I telephone the proprietor Benjamin Mako Hill and in a few minutes I see pale legs jumping down the stairs. He’s known as ‘Mako’, he tells me, and he has an impish, Irish look with a pointy Pan-like beard and big mischievous blue eyes with a ring through his left eyebrow. He’s wearing an American flag do-rag and a yellow cycling jacket. He’s brimming with energy and hops up the stairs two at a time. On the landing is a sign: ‘Shoes and pants off please’. I leave mine (shoes that is) at the door and head in.
Inside, over some home-made vegetable dumplings, I meet Mako’s wife and some of the other residents: a twenty-year-old couchsurfer from North Carolina, a freelance software programmer in the spare room and a guinea pig whose owner has gone travelling. Mako himself is a scholar at MIT’s media lab specialising in sociology and online communities and he’s an active member of the Free Software Foundation. He sounds exactly the sort of person who can put me in touch with the people I need to talk to, but when I start asking questions he clams up. ‘I’m not into that scene,’ he says tersely, tapping his foot. ‘I don’t know any of those people.’
Later that evening, Aaron comes over to the Acetarium and tells me this used to be the original Reddit offices. He passed them to Mako when Reddit was bought by Condé Nast and he and the other founders moved out to San Francisco to live the dream. He says California wasn’t all it’s cracked up to be. Neither was the office job at Condé Nast. He’s since been fired, dropped out of Stanford and is now a fellow at the Center for Ethics at Harvard University as well as running his campaign group. He has an intense curiosity that lasers into whatever happens to interest him at any given moment, but the attention is short, and soon he’s off delving into something else. Fortunately his immediate interest is my ‘quest’, so he grabs a nearby laptop to see what he can find online. A quick glance of Tyler Watkins’ and David House’s social networks reveals they’re both linked to someone called Danny Clark. It’s a long shot, but I ask Mako if he knows Danny Clark. His response is straightforward enough: ‘Never heard of him.’
‘But he’s on your list of LinkedIn contacts,’ says Aaron, now perusing Mako’s profile, and I remind Mako there’s no privacy on the Internet. He reiterates that he’s ‘not involved in any of this, and I don’t want anything to do with it’.
‘What’s wrong with answering her questions?’ Aaron counters.
‘You don’t understand, there’s been all kinds of people round here.’
‘I understand completely. I was investigated by the FBI, don’t forget. That doesn’t mean you can’t talk. We’re not in a police state yet.’
I decide not to press my host any further, but I’m struck by his guardedness. Clearly people are scared, and I begin to worry if I’ll get anything at all out of this trip. Maybe to make up for his reticence, Mako invites me to come along to a pub in Harvard Square where every Sunday he organises a social evening for a group of techie friends studying or working at MIT or Harvard. I meet all sorts of interesting people including a woman working on the human genome project, but the most interesting of all is another Brit who tells me he lives with Danny Clark…
While I was in Boston, Aaron told me he was working on another ‘project’ which I found out later was his guerrilla action to liberate academic articles. In July 2011, he was arrested and charged with downloading 4.8 million academic articles between September 2010 and January 2011 from JSTOR, a research subscription service offering digitised copies of academic journals and documents. He was accused of breaking into a computer wiring closet on MIT’s campus and downloading the documents which prosecutors say he intended to share online. Swartz turned himself in and pleaded not guilty to charges including wire fraud, computer fraud and unlawfully obtaining information from a protected computer. He was released on a $100,000 unsecured bond and faced up to thirty-five years in prison, if convicted. In September 2012, federal prosecutors added even more charges.
Aaron wasn’t a dangerous person who hurt people. His mission was to free public information. Shamefully for that he was targeted by certain justice officials in what amounted to more of a persecution than a prosecution. I think the war on hackers has gone on long enough. Officials need to understand that criminalising the best and the brightest is not good public policy.
The Sunday Times, 24 December 2012
The Freedom of Information Act (FOIA) has always sat uncomfortably with the British government. Britain was one of the last western democracies to adopt the act and officials were so worried about people’s “right to know” that implementation of the law was put off for five years — the longest preparation time in the world. Indeed, Tony Blair described its passage as “one of the biggest mistakes I made in office”.
That should tell you all you need to know about officials’ fear of real public engagement. Responding to what people actually want to know is a different form of democracy from telling people what you want them to know through bloated governmental press offices.
After the expenses scandal, this government came to power on a transparency mandate and has substantially improved matters, opening up large tracts of official data, publishing more public spending information than ever before and even providing pay grades for public officials. We are still a long way from what a company chief executive would expect to see from his employees — exact pay and perks for all staff employees with their name attached — but things have improved dramatically.
However, all that good work is about to be undone by one worrying change announced last week in the government’s response to post-legislative scrutiny of the FOIA. This would allow officials to “take into account some or all of the time spent on considering and redacting when calculating whether the costs limit has been (more…)
Check out the Guardian’s Prince Charles page for the latest news on our unelected and unaccountable heir to the throne.
There is a disturbing type of aggressive public relations being used to try to re-write history. I noted several examples of heavy-handed PR in The Silent State: public officials getting harassed, bullied and in some cases criminally prosecuted by their public service employers for speaking directly to the public (instead of through central press offices). It seems there is another tactic gaining strength whereby PRs attempt to silence those uttering inconvenient truths ‘Scientology-style’ by hunting down criticism and aggressively seeking to have it withdrawn.
This week I received an email from the Guardian’s Reader Editor seeking clarification for the opinion piece I wrote about the reluctance by some universities to disclose underlying research in response to Freedom of Information Act requests. They’d had a complaint – not from Stirling University, the subject of the piece, but from the University of East Anglia which occupied a whole ONE SENTENCE of my article. The offending section reads thus:
This is not the first time a university has tried to hide from FoI. The University of East Anglia breached the Freedom of Information Act when handling requests by climate change sceptics (the university escaped prosecution because the case came to light outside the six-month time limit for cases to be brought).
For those who don’t recall, the University of East Anglia got into trouble when someone hacked into its server and leaked a number of documents, detailed data and private e-mails exchanged between climate scientists to the public. The emails gave the impression the University was not exactly keen on the public’s right to know and was actively breaching access to information laws by suppressing or destroying information subject to requests.
One email from Professor Phil Jones, then the director of the Climatic Research Unit (CRU) stated: “If they ever hear there is a Freedom of Information Act now in the UK, I think I’ll delete the file rather than send to anyone”, and another email in which he had written “Can you delete any emails you may have had with Keith re AR4?”.
Most of the hand-wringing by the university seemed to focus on the leak itself rather than on the disturbing content which showed officials actively trying to evade their FOI responsibilities. The Information Commissioner was called in to investigate and found primie facie evidence that the access laws had been breached. However, the ICO was never able to make a formal finding or complete its investigation because it discovered a loophole in the law that tied its hands. While it is a criminal offence to alter, destroy or suppress information subject to FOI requests, the statute of limitations on this crime is a measly SIX MONTHS. For this reason alone, the ICO could not proceed. Instead they did what they could and issued a decision notice on the breaches of other aspects of the Environmental Information Regulations (the FOI equivalent for environmental info). The Notice also refers to the criminal offences:
The emails suggested that some requests for information were considered an imposition, that attempts to circumvent the legislation were considered and that the ethos of openness and transparency the legislation seeks to promote were not universally accepted. This is of considerable concern to the Commissioner and in keeping with his duty to promote observance of the legislation he will now consider whether further action is appropriate to secure future compliance.
The complainant made an allegation that an offence under regulation 19 of the EIR had been committed. Although the emails referred to above indicated prime facie evidence of an offence, the Commissioner was unable to investigate because six months had passed since the potential offence was committed, a constraint placed on the legislation by the Magistrates Court Act 1980.
And finally there were a number of enquiries: the Muir Russell Report and various reports of the Science and Technology Select Committee which exonerated most of the important people. Here’s how another article in the Guardian described the findings of the Russell Report:
…the inquiry conducted detailed analysis of only three cases of potential abuse of peer review. And it investigated only two instances where allegations were made that CRU scientists such as director Phil Jones and deputy director Keith Briffa misused their positions as IPCC authors to sideline criticism. On the issue of peer review and the IPCC, it found that “the allegations cannot be upheld”, but made clear this was partly because the roles of CRU scientists and others could not be distinguished from those of colleagues. There was “team responsibility”.
The report is far from being a whitewash. And nor does it justify the claim of university vice-chancellor Sir Edward Action that it is a “complete exoneration”. In particular it backs critics who see in the emails a widespread effort to suppress public knowledge about their activities and to sideline bloggers who want to access their data and do their own analysis.
Most seriously, it finds “evidence that emails might have been deleted in order to make them unavailable should a subsequent request be made for them [under Freedom of information law]“. Yet, extraordinarily, it emerged during questioning that Russell and his team never asked Jones or his colleagues whether they had actually done this.
Secrecy was the order of the day at CRU. “We find that there has been a consistent pattern of failing to display the proper degree of openness,” says the report. That criticism applied not just to Jones and his team at CRU. It applied equally to the university itself, which may have been embarrassed to find itself in the dock as much as the scientists on whom it asked Russell to sit in judgment.
The university “failed to recognise not only the significance of statutory requirements” – FOI law in particular – and “also the risk to the reputation of the university and indeed the credibility of UK climate science” from the affair.
The university has responded by abolishing the role of director of CRU, held by Jones until last November. Indeed CRU itself has lost its former independence. Acton said Jones would now be “director of research” for CRU, working within the university environment department.
Knowing all this you can imagine my amazement at the sheer gall of UEA to then demand this correction:
Subject: Heather Brookes on Freedom of Information
Heather Brooke’s opinion piece: “Freedom of information is for businesses too” (2 September 2010) perpetuates the myth that the University of East Anglia has breached the Freedom of Information Act.
She bases her assertion on a previous Guardian piece which we wrote asking you to correct.
The Information Commissioner’s Office has confirmed that it has not investigated whether section 77 of the act had actually been breached – ie whether the university had broken the law. As a point of detail, we also pointed out that the case in question related to emails and not to climate data as mentioned in the article of 28 January 2010.
I hope you can correct this.
University of East Anglia
Freedom of information is for businesses too
Guardian, 1/2 September 2011
Is scientific research endangered by Philip Morris’s freedom of information request? Not when we all benefit
A request by tobacco giant Philip Morris International to the University of Stirling has reignited concern about the use of freedom of information laws. The data it was interested in was collected as part of a survey of teenagers and smoking carried out by the university’s Centre for Tobacco Control Research.
The UK’s FoI law is meant to be applicant blind. This means anyone can ask a public body for official information and there should be no discrimination based on the identity of the person asking. In the case of scientific research conducted and funded in the public’s name, there is a strong argument that the underlying data and methodology should be disclosed. It is precisely this transparency that grants research reports their status as robust investigations.
Some universities, however, are balking. Stirling is one of nine universities that form the UK Centre for Tobacco Control Studies, and is the premier research institute for investigating smoking behaviour. It receives funding from the Department of Health and its findings are used to formulate anti-smoking laws. So it’s probably no surprise that Philip Morris is interested in its data. The tobacco company made its first FoI request anonymously through the London law firm Clifford Chance in September 2009. It put in a further two FoI requests in its own name: all seeking underlying data and methodology for the centre’s report, which was called “Point of Sale Display of Tobacco Products”. In particular, it sought information from a survey entitled “Cancer Research UK CTCR survey of adolescents’ reactions to tobacco marketing” which was referred to in the introduction to the report.
The university provided some data but refused the bulk by claiming the requester was time-wasting. It would have been better off dealing with the request openly and using those exemptions in the FoI law which protect privacy or expending excessive resources. Instead, its appeal to the Scottish information commissioner was rejected. This is not the first time a university has tried to hide from FoI. The University of East Anglia breached the Freedom of Information Act when handling requests by climate change sceptics (the university escaped prosecution because the case came to light outside the six-month time limit for cases to be brought).
Other universities claim researchers will feel inhibited or endangered if forced to reveal their methodology or primary data. This strikes me as unlikely. The arguments reveal a discomfort with the higher level of accountability that exists in the digital age. There are plenty of exemptions in the FoI law for genuine issues of cost, privacy and confidentiality. Stirling’s attempt to refuse the request, calling it “vexatious”, smacks of fear. The research in question is funded with public money and conducted in the public’s name. These reports often go on to become cornerstones in creating new legislation, so we should be allowed to interrogate the underlying facts.
Several FoI officers complain it’s unfair to the taxpayer to provide such data to a rich company like Philip Morris. Indeed there may well be concerns about what Philip Morris will do with the data, but if it’s available to all then we can see for ourselves if any attempt is made to “spin” it.
In the US, businesses are one of the biggest users of FoI and new industries are built on this universal access to official data. The ability to use and re-use official government data is a factor behind the remarkable growth of the US knowledge economy. The satellite navigation industry grew out of free GPS data obtained from the US government.
There’s a unique anti-business attitude in Europe in relation to FoI. Prof James Boyle of Duke University Law School told me: “European attitudes towards private commercialisation actually work against the idea of openness. In the US if the government hands out weather data for free and people make a ton of money off the back of it, everyone says, ‘Great! it’s good for the economy, good for us, good for the company’ … In Britain there’s a sense that the company has got something for free and now they’re making money out of it. ‘How terrible! They’re free-riding.’ They don’t see the overall economic benefit that comes from sharing information.”
I’m in favour of businesses using FoI. Not simply because business people are members of the public but because once businesses – with their bigger budgets and legal departments – start using FoI, we might see the law have some real bite.
For 20 days in June, July or August, every council is legally required to open up its draft accounts for public inspection. Under the Audit Commission Act 1988 you have a legal right to see detailed contracts, invoices, receipts, books and bills, the right to make copies and the right to raise other points of interest with the auditor. This is one of the most powerful rights citizens in the UK have to uncover the nitty gritty details of how public bodies are spending public money.
Chances are if you rock up to your council office you may be the first one to do so in years. But don’t be put off. You have every right to be there and too few citizens make the effort to hold local councils accountable for the money they spend in the public’s name. Certainly as local newspapers disappear it could be that the local nosey parker is all that stands in the way of a corruption scandal continuing undetected for years.
You can find out when your local council (or police authority) holds its inspection period here. From March 2011, it is a legal requirement for English councils to advertise the public inspection details on their websites. About a third of councils did so in previous years. The very tenacious Richard Orange who runs the Orchard News Bureau rates each council for the transparency with which it informs the public of this important access right.
|Council name||Start date||End date|
|North East Derbyshire District Council||Thursday, July 07, 2011||Wednesday, August 03, 2011|
|Blaby District Council||Friday, July 08, 2011||Thursday, August 04, 2011|
|Blackburn with Darwen Borough Council||Friday, July 08, 2011||Thursday, August 04, 2011|
|Dover District Council||Friday, July 08, 2011||Thursday, August 04, 2011|
|Thanet District Council||Friday, July 08, 2011||Thursday, August 04, 2011|
|London Borough of Bexley||Monday, July 11, 2011||Friday, August 05, 2011|
|Bolsover District Council||Monday, July 11, 2011||Friday, August 05, 2011|
|Boston Borough Council||Monday, July 11, 2011||Friday, August 05, 2011|
|Calderdale Metropolitan Borough Council||Monday, July 11, 2011||Friday, August 05, 2011|
|Cambridge City Council||Monday, July 11, 2011||Friday, August 05, 2011|
|Canterbury City Council||Monday, July 11, 2011||Friday, August 05, 2011|
|Charnwood Borough Council||Monday, July 11, 2011||Friday, August 05, 2011|
|Chichester District Council||Monday, July 11, 2011||Friday, August 05, 2011|
Freedom of Information requests have revealed that 48 police officers in Wales have faced serious misconduct hearings in the past three years, including allegations of assault, careless driving, drinking on duty and breach of confidentiality, all of which were held in secret.
Yesterday, the Western Mail reported that calls had been made for public hearings for police officers, in line with doctors, nurses and teachers. Councillor Malcolm King told the paper:
It is a balance between what harm is done by having them out in the open against what harm is done by not doing so.
For pubic services the question should always be, ‘are we being open enough with the public, do the public have a right to know and is it in the public interest?’ There needs to be a change in priorities.
All hearings should have to be held in public unless there is a good reason to have them in private, not the other way around.
A spokesman for Dyfed Powys Police, the force which was heavily criticised for arresting a citizen who refused to stop filming a public council meeting earlier this month, said the figures only referred to misconduct hearings, and that minor cases were brought to misconduct meetings as outlined by government policy. John Feavyour from the Association of Chief Police Officers defended the current system, saying other public professions only hold hearings in public when allegations are ‘serious breaches’ that ‘involve their professional bodies’.
Gwent police officers smashed the car window of Robert Whatley, 71, after he was pulled over for not wearing a seatbelt. He was denied access to the disciplinary hearing that vindicated the two officers involved, as was his lawyer. His son Peter pointed out that the hearing panels are made up of senior police officers rather than independents, and told the Western Mail:
These hearings need to be held in public simply for accountability. If a doctor is accused of breaching confidentiality or a teacher for assaulting a pupil they are made accountable in public hearings, why should it be any different for police officers? It is an antiquated system and sets a dangerous precedent.
Tom Whatley is right, and disciplinary hearings should be accessible, transparent and effective. If justice is not seen to be done, if it is done at all, then hearings serve little purpose other than to spare the blushes of chastised officers. If the public are to have confidence in the police, they need to see the police live under the same laws as the rest of the population, and face consequences when those laws and codes are broken.
FOI requests submitted by the Times (£)
Update: Hacking collective Lulzsec have claimed the posting with their logo was not an ‘official’ hack by them but may have been the work of others getting on board their #AntiSec campaign. See http://www.guardian.co.uk/technology/2011/jun/21/lulzsec-census-2011-denial-twitter
Back in April I reported for the BBC’s Daily Politics show about the UK Census and why it was not only a waste of money as the data would already be outdated by the time it was useable, but also a security breach waiting to happen.
Yesterday, Lulz Security (LulzSec) a hacking group who describe themselves as “the world’s leaders in high-quality entertainment at your expense”, apparently claimed to have committed such a security breach, with an announcement posted on Pastebin of the acquisition of records of “every single citizen” who filled in the Census form. The anonymous hackers claimed they would reformat the data and make it available via The Pirate Bay.
Yesterday, LulzSec’s twitterfeed stated:
“Your tax money is being used to pay for things to not be secured so that people like us can take what you expect to be kept inaccessible.”
The group have previously released the X Factor contestants database and information from Fox.com and Sonypictures.com on their website.
The Met Police have confirmed reports that a 19-year-old they claim is one of the hackers behind LulzSec has been arrested in Wickford, Essex, though the group deny he was a leader.
The Office for National Statistics issued a weasely and vague statement that reveals some of the technical incompetence of this government organization. It seems they don’t even know whether or not they’ve been hacked:
We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this. The 2011 Census places the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that any such compromise has occurred.
To re-state the obvious. The only way information is truly secure is to not keep it in the first place. The Census should only have collected the absolute minimum needed to perform its function and most of this data was already available to government. Creating a central database of all UK citizen’s personal data (including their religion, race and sexual orientation) has served only to provide a convenient one-stop shop for miners of our personal information.
Jacqui Thompson, a campaigner and blogger, was arrested last week by Dyfed Powys Police after she refused to stop filming a council meeting. She was angered by the way that members of Carmarthenshire Council had dismissed a petition (presented by elderly campaigners trying to save a local day centre) and decided to start recording the meeting on her phone. In her words, the reason for this was obvious: “People need to know what is going on in that Chamber.”
Ms Thompson refused to leave; she was not disturbing the meeting in anyway, or breaking the law, or contravening the council’s standing orders. The police were called, four officers arrived and Ms Thompson was arrested for breaching the peace. She was taken to a police station 30 miles away and held in a cell for two hours. News of the arrest quickly made its way onto Twitter, where the discussion earned the hash tag #DaftArrest.
The circumstances of the arrest were indeed daft. Legal blogger David Allen Green submitted several questions to the Dyfed Powys Police press office calling for an explanation as to why and under what circumstances Ms Thompson was arrested. Four days later an official response was emailed back and issued on their website. It was riddled with factual inaccuracies and gave no proper reason for the arrest itself (you can read David Allen Green’s full breakdown of the response here).
Ms Thompson pointed out the real injustice when she said: “I can’t quite believe what happened to me for trying to film a public meeting.”
Filming a public council meeting is not a breach of the peace, a fact that even the police attending the scene were confused over. The members of the council who called the police, including the Chair, were uncomfortable at being recorded when attending to issues of public concern, one of which being the petition signed by 1500 local residents. Jacqui Thompson’s arrest, as she puts it, is about the wider issues of local government transparency. Surveillance is power, but for ordinary citizens to be empowered is dangerous in the eyes of the council. Local authorities are clearly not happy to be on the other side of the lens.