In June 2013, The Guardian revealed explosive documents provided by NSA whistleblower Edward Snowden that set out the details of worldwide surveillance dragnets led by the USA and its partner the United Kingdom.
For some veteran activists the revelations were not quite as surprising as they might have been for the rest of us.
Instead the Snowden files served as an unfortunate validation that confirmed their fears and suspicions: technology was not liberating us. It was being used by nations and corporations to ensnare and monitor us to a greater degree.
Decades ago, NGOs began to emerge with concerns about an increasingly authoritarian approach to civil liberties.
By the early-mid 2000s, Britain was dressed with CCTV cameras. The Labour party was pushing for mandatory country-wide ID cards, with crime and the decade-defining war on terror providing the justification.
At the same time ‘web 2.0’ was gaining steam. New social networks like Facebook were entering a period of rapid growth, and user-generated content was becoming the new normal. Google started its quick swell from search engine of choice to IPO to the colossus it is today. Our world was, evidently, becoming more driven by digital data.
Now, just under two years since the Snowden leaks, the public are more aware than ever before on privacy and data. But a well-worn narrative – “if you’ve nothing to hide, you’ve nothing to fear” – has risen along with that consciousness.
And despite the well-documented existing powers of the intelligence agencies, the Conservative government in Britain is determined to push through the controversial Draft Investigatory Powers Bill, colloquially called the ‘Snooper’s Charter’.
So it has been a long slog for the groups that are fighting for digital rights and privacy, in both the physical and digital realms.
These NGOs are enduring the laborious but necessary clerical work surrounding policy, challenging the state-led security narrative, and placing political pressure onto authorities in the UK – the most surveilled state on the planet.
Techworld spoke to some of the individuals and organisations undergoing the mammoth task of a fightback, the groups taking on the twin powers of state surveillance and corporate muscle.
Anti-censorship protests in Turkey, 2011. Image: Özgür Elbir / Flickr
Harmit Kambo – campaigns director
Privacy International was founded 26 years ago when the internet was barely a footnote in our everyday lives. Campaigns director Harmit Kambo tells Techworld the organisation recognised, even back then, that with increasing technological sophistication there were going to be greater threats to our personal privacy.
Although it has an office in London, Privacy International currently has 16 partners that it works with on national issues worldwide, and it also works at the EU and UN level. The organisation is funded by charitable trusts and foundations and receives grants from statutory bodies. It turns away funding from private business.
In addition to its work examining the actions of governments, the organisation also researches, investigates and exposes the producing, selling and distribution of surveillance technology. It has a lot on its plate.
“There’s a whole industrial complex around surveillance in the private sector,” Kambo tells me.
“As the issues continued to evolve and mutate, one thing remains – technology is providing more and more means to undermine our privacy,” he continues.
“That’s something we rail against. We think personal privacy has been a very under-recognised human right. Until Privacy International arrived, and has worked hard to put privacy on the agenda, it wasn’t a human right that was given much consideration or credence.”
Data and control in a post-Snowden world
Before the Snowden leaks, when Privacy International raised the alarm about government surveillance, many of its critics labelled the group paranoid – a common thread for others proselytising digital rights early on.
“Many people thought we were paranoid,” Kambo says. “That there was no real issue. After June 2013, public perception has significantly shifted and recognises there is an issue here.”
But it’s “not just governments” that are breaching our right to privacy. The group also spends its time examining how household names use big data in ways their users are not usually aware.
Last year, for example, Facebook manipulated the emotions of some users by curating what they saw on their newsfeed. That’s concerning enough on its own, but the potential of the end results chime even more with something from sci-fi dystopia.
“The information we are presented with and selected for us can direct, influence and change our behaviour,” Kambo says. “This is being done without our consent. People were not giving their consent to have this data feed altered in that way.”
“What’s frightening about it is that this is about you as an individual, predicting your behaviour, and telling you what they think you should consume. Amazon already tells you that people who read this also read that. People find that useful.
"But how would we feel about Amazon telling you – based on data aggregated about you, where you live in terms of your postcode, in terms of your socio-economic status, established through your buying habits – that you should perhaps read 50 Shades of Gray, by E. L. James and someone else should be reading The Portrait of a Lady by Henry James?”
“You end up getting into an aspect of control and controlling people’s behaviour,” he says. “We have to take back control of our data. We can’t be manipulated in the way companies increasingly want to in order to become more powerful in the way they help us consume.”
People care about privacy
“I think the single biggest issue we face is about public attitudes towards privacy – people do care about privacy,” Kambo says. “Time and again we look at data from public polling and it’s overwhelmingly clear people care about personal privacy, but at the same time some are resigned to the idea privacy intrusions are unavoidable and that we can’t do anything about it. We want to change that perception. That’s one big challenge.”
Another challenge for Privacy International is squaring up to the argument of privacy versus security – that it’s impossible to have both.
“Governments across the world try to posit that we either have security or have privacy, they turn it into a binary argument and stoke up public fear,” Kambo says. “We simply do not accept this security versus privacy paradigm. We believe in security as well. But the evidence is very clear that mass surveillance does not increase our security – there is plenty of evidence to suggest it decreases our security. It puts more hay on the haystack and it makes the needles more difficult to find.”
Kambo goes on to explain that perpetrators of terror attacks had largely been known to intelligence groups, but this was the result of targeted surveillance and other methods. “There is evidence to suggest mass surveillance makes more noise for them, more information to sift through,” he says. “If you look at it in that context, that actually makes us less safe.”
Open Rights Group
Jim Killock, executive director
One thousand people pledged five pounds a month in 2005 in response to a lack of groups fighting for privacy rights in the UK. Five hundred delivered, and Open Rights Group was formed.
Data retention was just starting to become a hot topic and the Labour government was soon to push hard on its national ID card scheme.
“Something needed to be there all the time rather than movements coming and going,” Killock tells Techworld. “People wanted something to exist to campaign against it, to help government understand these issues better, and to make less mistakes, essentially.”
Over time it became apparent for Open Rights Group that this was not simply about governments making mistakes.
“It’s not a communication and information problem,” Killock asserts. “It’s about power and money, over-ambition – it’s systemic, I think, as well as simple misunderstandings.”
Open Rights Group is funded by private donations, the majority of which come from individuals paying a small subscription fee. The rest is from foundations, particularly the Joseph Rowntree Reform Trust and the Open Society Foundation. It recently opened its doors to small businesses but reserves the right to reject membership.
Explain to “anybody and everybody”
The day-to-day work of Open Rights Group might involve hosting public talks, engaging academia and government officials – and speaking with the people writing the policies.
Staff also meet with other NGOs to plan and discuss tactics, working out what the problems are and what is to be done. It means “explaining to anybody and everybody you can what the problem is, so it’s made clear what has to change.”
In addition to its core staff, the group now has “many, many” volunteers who work on a daily or weekly basis to support the group, whether that is organising local meetings, researching, or contacting their MPs. “There are many people for whom this is something they do in and around their work and daily lives,” Killock says.
Any organisation that wants to change policy has to undergo the “dull but important” work of responding to consultations and understanding what the government’s proposals are.
“It also means talking to politicians and the media,” Killock says. “What you have to do is show concerns are important enough and that it’s not worth taking certain risks – and when government does take risks you know are going to go wrong, that it’s been made plain to everybody that it will go wrong and how it will go wrong.”
Killock believes the biggest threats that the organisation focuses on are well known: “They are government surveillance, corporate surveillance, net neutrality, censorship in its many forms, whether from copyright blocking or from filtering,” he says.
“The underlying issue is that people feel government should be making decisions that are rightfully the decisions of individuals. They feel that they have a need to impose society-wide controls.
“I think that’s often very patronising and sometimes very dangerous, and I think there’s a degree of attitude shift that needs to take place,” he says.
Rather than playing “cat-and-mouse games” in an attempt to control entire technologies, Killock thinks that authorities should prosecute people who offend based on existing laws. He acknowledges that it’s “a bit of a fool’s errand” to persuade politicians they should be more realistic.
“There’s a tendency of governments to feel that they can’t really get it wrong on free speech, privacy, terrorism, detention, all these sorts of things,” he says. “And that their need to keep the country secure is far more important than the individual rights of criminals, as they see it.
“Because democracy in the UK is so embedded it couldn’t possibly be threatened by the sorts of policy they are espousing. Of course, that tends not to be how things play out.
"Innocent people get trapped by these laws. Police and others abuse people’s rights, because of their own institutional pressures. Whether it’s digital or other sorts of human rights, there’s a constant battle to keep governments in check.”
When asked Killock whether the sheer enormity of the topics ORG tackles is demoralising, he responds by saying the group has had some significant big wins.
The Internet Engineering Taskforce recently agreed to a draft error 451 page, which will signal when a website has been actively censored rather than removed or deleted.
“That establishes a global transparency standard for anybody serving or webpage or working as an ISP to tell a user when something has been censored due to a legal request, as opposed to a technical problem,” Killock says. “That is a huge win. That’s something we’ve been campaigning on for several years.” He adds that bots will be able to trawl the web and automatically detect when they encounter censorship – and this will enable ORG to investigate.
The group has also learnt the British government will rethink 10-year sentences for online copyright infringement. ORG was concerned that people who may have been sharing out of naivety or ignorance could have been roped in to disproportionate jail terms. And the definition of online criminal enforcement, according to Killock, appeared to favour the copyright owner – with vague standards.
“It’s hard to understand what the costs and financial implications of that would have been,” he says. “For people like that to have to face jail sentences seem to us to be disproportionate. We think the whole idea of copyright infringement at a criminal level needs to be reconsidered before sentences are made so harsh. Government has said they’re going to rethink that.”
Longer term, Killock points to the Digital Economy Act – the controversial copyright infringement bill that critics claimed was rushed through Parliament.
“Although it got passed it has never been put into operation, and that’s through our work as much as anything,” Killock says. “We have shown that a lot of that would be unworkable. That persistence, I think, has paid off.”
Sam Smith, Coordinator
MedConfidential was founded in 2013 by activists from existing organisations including NO2ID, Privacy International, and Big Brother Watch. Its focus is on health but, as with most sectors, this now involves data. One of the driving forces behind the group was the National Health Service's Care.data programme, a controversial, opt-out scheme that takes data from doctors' surgeries and allows it to be passed on to services outside of the NHS, including commercial organisations.
“For about ten years all the UK privacy groups said somebody should do something about health,” Sam Smith, coordinator, tells Techworld. “So founding members Phil Booth and Terri Dowty said: we’ll do it then – this was in response to Care.data and other NHS programmes looking at doing things with health records.”
“There shouldn’t be surprises to patients in the same way that if you went into hospital and were surprised – that would probably be a problem,” he says.
MedConfidential is not a membership organisation and so its wins are not necessarily hugely visible. “We care primarily about outcomes,” Smith says. “Some of our actual largest successes appear in our newsletter and that’s it – we’re trying to solve problems rather than necessarily make everybody aware that there is a problem.”
When the group started there was no record of patient data released by the NHS. Now there is a public register, which can be accessed here. “It’s not enough, as it doesn’t tell a patient what happened to data about them,” Smith says. “But it’s some progress.”
And in 2014, it was revealed that GPs will issue patients with letters telling them about Care.data and how to opt out. “This is still opposed by NHS England,” Smith says. “But we got it.”
“You get a lot of complexity in how you distil information down so people care about it,” Smith explains. “We actually have a relatively easy time because everybody cares about what happens to their medical records.”
But digital rights are “still not a thing in the UK in the way as is in the US” and there "hasn’t yet been that critical mass".
Twitter “disproportionately helpful” in levelling power
Public social networks like Twitter are instrumental to campaigning online. “Hashtags have meant that one person with some information can find out what’s going on and get in touch with people doing the work,” Smith explains. “Communities of interest can form, and the communities that form could not have formed anywhere else.”
Twitter, he says, has been “disproportionately helpful” – people in power are frequently held to account because they have to have Twitter accounts.
“Anybody can send a public question,” Smith says. “Are they going to ignore that? Mostly they ignore it. But a community asking the same questions with no answer is actually very motivating.”
And when there are those communities of interest forming, the real-time structure of Twitter can reveal that seemingly one-off incidents are actually indicative of endemic problems.
While he doesn’t compare the group’s campaign work to Black Lives Matter, he does cite the mass of activity on Twitter as a pertinent example. #BlackLivesMatter formed in response to police oppression and violence targeting people of colour in the United States.
“Black Lives Matter is one example, this was happening all over the place, twice a day in the USA,” he says. “That has got to be systematic.”
Big Brother Watch
Renate Samson – Chief executive
Big Brother Watch was launched in 2009 in response to the perceived privacy intrusions of the Labour government at the time. It began as a campaigning organisation designed to alert the public to the dangers of overbearing surveillance under that government.
Renate Samson joined the organisation in November 2014. She had previously worked on civil liberties and privacy at the office of Conservative MP David Davis. Big Brother Watch is funded by private donations and is not a membership organisation.
Although its leading staff have had ties to the Conservative party, when the Tory-Liberal Democrat coalition came to power in 2010 it was clear that these were not partisan issues.
“Prior to the 2010 election the Conservatives were making a lot of very positive noises about rolling back the surveillance state,” Samson tells Techworld.
“And yet we found that even when they were in power with the Liberal Democrats – who historically have been sound on this issue – we still had the Snooper’s Charter proposed. We still found ourselves with what are now secret courts.
“Whether it’s an issue with being in power or a sign of the times – we can all speculate – who do you turn to, to try strike a balance between privacy and security, bearing in mind they are two sides of the same coin?”
The organisation focuses on the UK alone. While it does not have a technical or legal background, it publishes regular research based on Freedom of Information requests, looking at data protection, surveillance technology, and the use or misuse of both by the likes of local authorities and the police. Samson claims the group intends to represent the grassroots, the man on the street.
“We did a report a while back about the use of CCTV in schools, we’ve raised awareness about the increased use of biometrics,” Samson says. “We’ve worked closely with government, parliament, police, local authorities, to engage as the privacy voice on plans for new ways of going about things – we’ve been involved in engaging about body-worn cameras.
“We have a relationship with a number of the different commissioners, such as the biometrics commissioner, the surveillance commissioner and so on. And we are a respected voice in parliament.”
The slow creep of technology
“Technology is so woven into our lives and the creep of it has been so slow, it’s been 20 years or thereabouts since Google,” Samson points out. “That’s a very, very short space of time.
“None of us can imagine not having a mobile. The services they offer are phenomenal yet seem to be an organic process, from making a call, to email, to being able to connect absolutely everything through apps.
“How do you make the public aware that the convenience it’s offering actually has a flipside to it?”
Samson believes this change will come as more individuals are negatively impacted by lost or mishandled data, cyber attacks on banks, the national grid, and other way we live our lives. “As it has an actual impact in the public’s day-to-day, I think what we say will have more resonance,” she says.
Detailing the bad with the good
Big Brother Watch got Section 5 of the public order act removed – a new power to do with the use of being able to use insulting words. The group argued that there should be a balanced approach to what can be said in public and had the amendment scrapped. “That was a massive win, it’s very rare you actually get a piece of legislation changed,” Samson says.
The group has also done a “great deal of work” in engaging both Parliament and public on the Draft Communications Data Bill – the so-called Snooper’s Charter, which home secretary Theresa May first proposed in 2012. “Everybody’s voice has made a massive difference,” Samson says. “We’ve very proud that Big Brother Watch was involved in that.”
According to Samson, Big Brother Watch is also proud of the way its reports are changing behaviour – for example, the engagement in data breaches by local authorities and the police, and on biometrics in schools. “I think we’re doing a reasonably good job of getting these issues out and about,” she says.
“You can see that because it’s no longer considered a niche issue, privacy, surveillance, and so on. Because of the rise of technology, it’s now just a part of life.
“It takes a lot of different voices to point out the benefits along with the negatives.”