Inhouse Pharmacy shut two sites, citing “anti-competitive practices”

In the latest twist in the saga of Inhouse Pharmacy, two of their web sites (inhousepharmacy.biz and inhousepharmacy-europe.com) unexpectedly disappeared from the internet some time in the last 48 hours. Yesterday morning, users started receiving the email reproduced below in which IHP cite “anti-competitive action in the USA” as the reason for the domains being unavailable.

Blocking domain names seems to be a relatively new tactic in the campaign – presumably orchestrated by big pharma – to try to shut down online pharmacies, which are the only source of HRT for many trans women. Previous efforts have concentrated on payment providers instead.

Fortunately, other similar sites appear unaffected.

We have changed our website name

Today due to anti-competitive action in the USA it is necessary for us to become:

www.inhousepharmacy.vu

We have done this to ensure you can continue to access our affordable medications from us in the same reliable manner you have grown to trust.

Our old domain www.inhousepharmacy.biz is no longer operating, but we are, just with our .VU domain name which stands for Vanuatu, the country where we are based in the tropical South Pacific.

Business is normal, the site and prices are just the same. We are the same people you have grown to trust and when you phone us you will be talking to the same customer service team. Please come on over to our new site at www.inhousepharmacy.vu. Please remember USA shoppers right now get a 10% additional discount if paying by eCheck – give it a try.

10% Special eCheck Discount

Website Login

Unfortunately we were not able to move your old account on www.inhousepharmacy.biz over to our www.inhousepharmacy.vu site. When you shop on www.inhousepharmacy.vu it may not recognise your email address so please kindly complete your purchase and choose the option at the end to save your details for next time.

Once your order is placed, our team will recognise it’s you.

A brief history of trans parliamentarians

Trans politicians were briefly in the news today, when it was claimed that the Labour candidate for Sutton and Cheam was the “first transgender candidate for Parliament”.

After a short session of fact-checking supplied by twitter, that’s now been reduced to “first openly transgender candidate for Labour” – but as this mistake keeps cropping up it appears that a brief history lesson might be useful.

The first openly trans candidate in current political memory appears to have been Alexandra (Sandra) MacRae, who stood in Glasgow Provan for the SNP back in 1992. Twenty three years isn’t just a long time in politics – it’s a lifetime, meaning the story of her candidature is now unclear. It was certainly known that she was trans by the date of the election, and it seems likely that it was known prior to her selection, as she had previously stood at least once before transitioning (in 1996) and possibly, according to some sources, as many as three times.

Arguably, she remains the best parliamentary record of a trans person to date, securing 21.7% of the vote and coming second to Labour. But don’t expect her to stand again any time soon following her conviction and jail sentence for fraud.

Second, if we are going by coming-out date, would be Stephanie Dearden.

There is a version of events that has Stephanie being “outed” Daily Mail in 2005, but there are earlier Guardian stories which mention her in connection with the July 2004 Leicester South by-election. The attack leaflets distributed at that time, showing the Liberal Democrat candidate shaking Stephanie’s hand, include a quote from her clearly revealing her trans status – suggesting she may have never been stealth.

Either way, she certainly was not stealth by the time of her selection for Tooting constituency for the Liberal Democrats on the 4th November, 2004 and she went on to come third with 19.5% of the vote.

Next up is Nikki Sinclair, who was an MEP until earlier this year and whose background is better known. She has stood four times post-transition and as an open lesbian but before coming out as trans – for UKIP in 2001 and 2005 for Westminster, in 2009 for the European Parliament when she was successfully elected as a UKIP MEP and again for Westminster as an independent in 2010, following her departure from UKIP.

She came out as trans in 2013, but lost her MEP re-election bid as part of the “We Demand a Referendum Party”.

Fourth and fifth are the Green Prospective Parliamentary Candidates Charlie Kiss – the first trans man anyone knows of – and Stella Gardiner, who has been a Green party member since 1993 and who transitioned in 2013.

Both Stella and Charlie have been selected for seats in London in May 2015, with Stella adding that she “took the decision from the start to be out and open about being trans“.

This puts the latest announcement sixth on the list – and with just under six months to run until the general election, I’m expecting that we’ll see at least one more trans candidate announced for May 2015. There were eight openly trans politicians who stood this May, and I would expect the total to be higher in a General Election year.

This post was updated on 10th December 2014 with links showing the date of Stephanie Dearden’s selection. Thanks to Jon Ball for finding this information.

Estonians most likely to want to be forgotten

The European “right to be forgotten” has been in the news recently as it has been a little over 6 months since Google launched their formal process, allowing individuals to request the removal of search results for their name. But which Europeans are most and least likely to request removal from Google search results?

Germany, the UK, Italy and France all feature highly based on raw numbers, but that is to be expected given those are also the most populous countries. Looking at the numbers based on population the answer is, surprisingly Estonia. Unless some Estonians are submitting more than one request, which would be odd given one request can list multiple URLs to be removed, nearly one in every thousand Estonians have contacted Google requesting removal. At the other end of the scale, Bulgarians are the least likely to want to be forgotten with less than one request in ten thousand people with Greeks being close behind.

The UK comes right in middle of the pack. Despite the national stereotype, it appears we are no more shy than any other Europeans when it comes to having our details online.

Right to be forgotten

Technical notes: Analysis is based on Google data as at 8th December, using World Bank population estimates from 2010. Countries with a population of less than 500,000 (Liechtenstein, Iceland) have been removed.

Gender Recognition Panel now engaging in human rights abuses

News emerged yesterday* that the Gender Recognition Panel (GRP) is delaying and possibly denying legal gender recognition because a trans person has had children whilst living in their new gender – an act which is completely unjustified, given that the Gender Recognition Act does not require someone who has transitioned to refrain from sex that may get them or their partner pregnant.

At best, this delay is of questionable legality and reveals a dangerous element of (hopefully inadvertent) transphobia in the decision making process of the panel, likely fueled by ill-informed and sensationalist media coverage.

But at worst, the panel are willfully intruding into the area of reproductive justice. Coercive sterilisation of trans people has long been a major concern, but one that was until yesterday limited to countries other than the UK. Questioning the commitment of any trans person who has the audacity to exercise their reproductive rights is simply an attempt to force de-facto sterilisation via the back door, something considered a human rights abuse by the Council of Europe.

What is also of concern is that the panel based the decision to request more information on the publication of a newspaper article. This has the effect of penalising those who engage with the media as part of a campaign for equality. It will also hinder people who, as is often the case with members of the trans community, have been outed without their consent and have had deliberately misleading or inaccurate information about them distributed in order to sensationalise a story.

In an older case, the panel delayed an application because a doctor correctly decided that the information that a trans person had a wife and children was of no relevance and did not include it in their report. Another doctor did mention it, and thus the panel decided it should investigate further to ensure the first doctor was giving his opinion “in light of the correct factual situation”.

It is entirely possible that the Gender Recognition Panel does not realise the gross errors it is making, as having any experience of trans matters is not a requirement to sit on the panel. According to the Gender Recognition Act, “the only persons who may be appointed to the [panel] are persons who have a relevant legal qualification (“legal members”), or are registered medical practitioners or registered psychologists“. There is no further requirement given, beyond specifying exactly what legal qualifications legal members needs.

That means that being a doctor or lawyer in any field whatsoever is a more necessary qualification for determining someone’s gender than having any first hand experience of the topic whatsoever.

PS. If you have had a similar experience with the Gender Recognition Panel delaying an application because you have had a child, UK Trans Info would like to hear from you – email info@uktrans.info.

The original tweet, although anonymous and not made by the original applicant, was removed the following day as the person to whom this happened is worried that publicity may affect their GRC application

What does the Home Office mean by “IP Address Matching”?

The Counter-Terrorism and Security Bill was published yesterday, along with a couple of supporting documents, but it is still unclear exactly what data the Home Office is proposing to retain.

There is a need for the government to clarify the language in the bill and supporting documents, because it will be difficult to have a debate about security vs. freedom without this information. (We would really have to assume the worse case option, numbers 2 & 3 below combined) It may also result in legal wrangling if a service provider objects at a later stage to the information they are being asked to collect.

There are three likely interpretations of the bill:

  1. They want to keep:

    • account-to-IP address mappings for broadband
    • source IP address and port for NAT on mobile and cloud networks
    • MAC addresses on cloud WiFi networks.

    Although the data does not seem particularly useful and would thus query the price tag, the civil liberties implications seem minor, given that this data may be being kept by the ISPs in many cases already.

  2. As (1), but also collecting data such as MAC addresses from end-user equipment where it is operated by an ISP. (E.g. BT Home Hub) This is troubling, as people will not expect that equipment in their own homes would be spying on them.
  3. As (1) or (2), but also keeping some element of destination information to allow matching with destination server logs – e.g. destination IP address and port. Although in many cases an IP address/port combination is ambiguous when it comes to what site is being visited that is not always the case. Collecting this data strays into the same territory as with the Communications Data Bill.

It has been suggested that there may be a provision somewhere to also require CSPs (Facebook, Twitter etc) to keep source port information in server logs, which would make the data from (1) more useful if the source and destination is also in the UK.

If they could also publish how many additional RIPA requests they would expect to be able to get a positive result from due to this bill, that would also be useful information.

(It’s also worth reading the Impact Assessment if you are researching all this)

Lee Rigby report expected Facebook to break US law

Yesterday saw the publication of the Intelligence and Security Committee report into the events leading up to the murder of Lee Rigby. On reading it, one gets a sense of naivety from the members of the committee on how the Internet works, particularly when it comes to international jurisdictions. (Communications data is p139 onwards)

Notably, the committee seemed surprised that wholly US companies did not consider themselves to be subject to UK laws. To emphasise that, here’s an extract.

242. The UK Government has always asserted that the Regulation of Investigatory Powers Act (RIPA) has implicit extra-territorial jurisdiction. The problem is that, whereas UK Communications Service Providers (CSPs – Facebook, Twitter and so on) accept that they are legally obliged to provide access to the communications of individuals, most CSPs based outside the UK do not accept that the UK legislation applies to them.

Many in the UK would be shocked if random foreign laws suddenly applied to them, so it’s a little concerning that the Home Office think the reverse might be true.

It continues:

The Home Office has explained the argument the US CSPs have made: “RIPA lacks explicit extraterritorial jurisdiction and cannot be argued to place any obligations onto CSPs based outside of the UK.

The Home Office explained the particular issue US CSPs have raised, that: “complying with RIPA would leave US companies in breach of US legislation (including the Wiretap Act in relation to lawful interception)

So the problem is not just that the Home Office believes it can pass UK laws compelling people in foreign countries to hand over data, but that it thinks UK law can compel people to break their own local laws. I usually only see that level of “we’re a world power” arrogance in Americans from particularly red states these days.

Even if we restrict the “our data laws should apply in your country” principle to US-UK relations and ignore countries like China or Russia, it quickly becomes clear that this would cause all sort of problems in areas where we do not agree on policy.

The section of the report that has been most covered is the part that blames an unnamed site, since revealed to be Facebook, for not alerting the security services to an exchange between one of the attackers and an associate. The whole analysis suggests a lack of knowledge of how the internet and social media works:

  1. Firstly, there is an assumption without discussion that Facebook has a “moral duty” to search all member communications for suspicious content. This assumption conveniently ignores:
    • That it’s possibly illegal under US Wiretap laws mentioned earlier
    • The huge problems associated with appointing a US company guardian of international morals (I am hoping that the ISC does not expect Facebook to examine content on the basis of the laws of the country the end-users are in, unless it thinks social media sites should be reporting LGBT people to the authorities in countries where that is illegal)
    • The rather robust freedom of speech the US has
  2. There is also an assumption that Facebook could have detected the exchange via automation. This is based on the closure of several other accounts for various reasons, some of them unconnected with terrorism even though the account the exchange took place in was not closed. It is not clear if the “automatically” closed accounts were due to a large volume of uncontested end-user complaints, because that sort of quasi-automation of complaints triggering account closures on social media will not help with private chat between individuals. What the US regards as terrorists another state might regard as freedom fighters, which also puts Facebook in a sticky situation deciding who to report.
  3. That determining which security service to tell is not easy. If a US citizen is on holiday in the UK and messages suspect content, do you tell the US or UK authorities? The Home Office expressed reluctance in it’s MLAT discussion to go via US authorities, but is it expecting Facebook to report everyone to UK police when it doesn’t have any way of knowing their nationality? The US government may not be too happy about that, given it would mean allowing the UK to spy on US citizens here on holiday or business.
  4. That blanket trawls for data can produce quite unjust outcomes, such as the Robin Hood airport case.
  5. That the information needs to get to the UK somehow when as noted earlier, this may be illegal under US Wiretap law.
  6. And that the UK security services would need to find time to look at a potentially huge amount of data, when the report already highlights the amount of data they have to sift through is more than they can handle

Fortunately, the committee did not entirely side with the Home Office.

The report includes a discussion on existing routes that UK security services can use to obtain data using US laws and the committee quizzed the Home Office on why the Mutual Legal Assistance Treaty (MLAT) was insufficient for data collection. The Home Office response included the following:

…the MLAT process would require the release of sensitive data to the US authorities, since “the intelligence case underpinning the warrant application [would have] to be considered by US authorities”. In addition, the US legal process would mean that the Secretary of State’s decision (i.e. the warrant) would be exposed to scrutiny by a US court. This would be at odds with RIPA which prohibits the disclosure of the existence of an interception warrant

The ISC did not have much time for the Home Office’s “we can’t be bothered with any of that due process stuff unless it’s not our process” response and suggested instead that MLAT was probably exactly the route we should be using.

Due to the tone of the report, I took some time to dig into the backgrounds of those MPs and Lords who sit on the committee. Shockingly, it is terribly unrepresentative even by parliamentary standards – five of the nine members are lawyers, one was a civil servant for his entire career and one appears to have never had a non-political job. Of the remaining two, one was a teacher and the other was very briefly an engineer back in the late 1960s/early 1970s before becoming a lecturer. The average age is 65 and none have any IT or Intelligence background that I can see.

This does not seem like an appropriate group of people to be scrutinising intelligence work in an increasingly digital world.

And as a parting note, I shall point out that there is nothing anywhere in the report that suggests increasing UK communication interception laws would have prevented the murder of Lee Rigby.

IP address matching: Just Communications Data by another name?

According to the Open Rights Group, (ORG) who are often right on soon-to-be-published legislation, the forthcoming bill on “IP Address Matching” is about mobile networks performing NAT.

There are probably a few reading this whose eyes have already started to glaze over, given the first paragraph mentions a three letter acronym. It is likely that a few civil servants and ministers suffered from the same. That is worrying because it is entirely possible that this bill may, if ORG are correct, involve collection of communications data – here’s why:

Network Address Translation (NAT) is a way of hiding many computers behind a single Internet address. It was invented because under the system of addressing currently in use in much of the world, there are not enough addresses for every computer to connect at once. Using the analogy of a telephone system, it is like a company having a few well-publicised phone numbers for their major services but hiding all their other staff behind a single generic phone number whenever they make an outbound call.

If someone is making nuisance calls that you are trying to trace, being told that the call came from your generic phone number is not much use. As with IP addresses hidden behind NAT, there could have been tens of thousands of phone calls being made outbound from that phone number at any point in time. You can only trace who made the call if you also logged which number each handset dialed.

Now, the internet also uses port numbers. They are fixed for servers (web servers typically run on port 80 or 443) but randomly assigned for outbound connections, so that the address and port will be unique for anyone talking to a particular service. This makes it theoretically possible to trace a user using both the address and port if you already know which service they were talking to.

Unfortunately for that approach, servers in the internet generally only record source addresses and not source ports.

If the Home Office want the data they are collecting to be useful, this means they will likely also be asking service providers to be storing destination addresses, which brings us back to having to store communications data. It would allow security services, police or even an anti-piracy company with a court order to ask a service provider questions such as “tell me everyone who accessed www.aljazeera.com in the last 12 months”.

Hopefully I’m wrong.

(Some further reading for the more technically inclined is over at ISPReview. The comments are also worth a read.)

Updated International snooper’s league tables

User data requests per country (Population adjusted)

I have been looking at transparency report data again recently, a task that is long overdue. The big change is that more data is available on government and law enforcement requests than used to be the case, when Google were the only company producing reports.

The most interesting category is, for me, social media networks. Unfortunately, only four major networks produce data that is independent – Facebook (Including Instagram), Twitter, LinkedIn and Tumblr. (Google+ comes under Google and Skype under Microsoft) So, which network is receiving the most queries for data per user? Before running the numbers, I would have expected networks to receive requests proportional to their size but this is far from true – the graph below is adjusted to take into account the number of users each site has and is based on requests from July 2013 to June 2014.

Social Media Networks - Data Requests
(Interactive version)

This discrepancy may be because of the kind of requests law enforcement is issuing. Although Twitter is far more political than Facebook, most serious crime is not political or terrorist – it’s run-of-the-mill violence. The bulk of (Non-piracy-related) requests received by Internet and Telephony Service Providers relate to people who had been assaulted, and the police were attempting to find out who the victim has communicated with recently. Although quite nasty threats are far too common on Twitter, Facebook “friends” are the kind of people who will be close enough to actually carry out threats, so will likely be the first port of call for police.

For the usual analysis of data requests per-country, Facebook alongside Microsoft and Google, but dropped Twitter due to their small size.

Sadly, many of the smaller companies are only permitted to release very vague figures by the US government which makes them all but useless – it is not particularly helpful to know that a network received some requests in a six month period, but that it was less than 1,000 requests.

The charts below are based on the first half of 2014 and adjusted for population size, and countries with a population below 2,000,000 (Where a handful of requests can skew the results) have been excluded.

User data requests per country (Population adjusted)
(Interactive version)

User data requests per country (Population adjusted, bar graph)
(Interactive version)

The UK is still an unenviable fourth in the league tables of most-snooped-on population, although we have dropped below Germany and France. (Malta and Luxembourg have been excluded this time as smaller countries, but did appear on the 2013 charts) The surprise first place, having not had a particularly bad data request rate in the past, is Singapore who have added

Miliband least popular coalition choice – Mail on Sunday poll

Mail on Sunday survey results

The Mail on Sunday have published a new survey into, amongst other things, who people would like to see leading a coalition government.

The article is relentlessly pro-UKIP, but includes a result similar to one already seen with Ashcroft polling in Cambridge if you look closely at the numbers: Liberal Democrats are popular as a coalition choice.

The raw numbers published by the Mail on Sunday list the combinations as Cameron/Farage 26%, Cameron/Clegg 23%, Miliband/Clegg 20%, Miliband/Farage 14%. (17% don’t knows) Converting them into ratings for individuals, we get:

Mail on Sunday survey results

  • Cameron: 49%
  • Clegg: 43%
  • Farage: 40%
  • Miliband: 34%

Worrying news indeed for Ed Miliband.

LGB, trans and marriage things that are now LibDem policy

Equalities Speech

For the last year I’ve had the good fortune to be able to serve as a member of the Liberal Democrat Equality Policy Working Group, and yesterday conference accepted the motion that came out of that, making it official party policy.

Equalities SpeechThere is lots of good stuff in there, but I did want to highlight the LGBT and marriage sections in particular. We heard much evidence from other groups too, and some of the awful statistics relating to education and stop-and-search for young Afro-Caribbean men in particular stick in my mind – but others deserve the credit for campaigning on those areas, so I’ll let them talk about them.

Remember, these are now official party policy. They are not just policy of the LGBT group or aspirational aims of a subgroup. Actual official party policy. (Some of these items were already party policy, but were restated in the policy document for clarity)

LGB and LGBT issues

  • Review the Blood Ban. We’re currently in the ridiculous situation where a man who has sex with other men, even safe sex, is banned from giving blood for 12 months. However, it doesn’t matter how many unsafe sexual relationships anyone else has as they can still give blood. Even more confusingly, if you are a woman married to (And having sex with) a bisexual man who has ever had sex with another man, you can not give blood ever. Even if your husband can.
  • An evidence-based approach to tackling *phobic bullying in schools. There is an evidence-gathering programme, started by LibDem Equalities Minister Jo Swinson MP, that will report back on how we can bet do this.
  • …mainstream discourses should consider more authentic ‘inclusive sexualities’ in advertising, media, and sport to help break down prejudice. and more specifically later on positive images of transgender individuals in central government publications. Hopefully self-explanatory!

Trans issues

  • ‘X’ (Unspecified) gender markers on passports. A big benefit for the non-binary community if we can make it a reality, but this is good for all trans and intersex people and society in general. There is no particular reason the state needs to concern itself with gender in the vasy majority of situations, especially when it comes to official ID. For example, did you know about the very patriarchal approach of the DVLA, which includes titles on women’s driving licenses but not men’s?
  • Ending the Spousal Veto. If you don’t know what the Spousal Veto is, Sarah Brown has an excellent primer here. In short, the veto was introduced by the Same-Sex Marriage Act and allows a partner to block legal gender recognition of a spouse who has transitioned and prevent them obtaining potection from employment discrimination, even after the two year wait required for the legal process.
  • Restoring stolen trans marriages. Under the pre-same-sex-marriage regime, even if a couple stayed together they were required to have their marriage annulled if one partner wanted to fully transition.
  • Removing the requirement for a diagnosis of gender dysphoria in order to obtain legal gender recognition. This would further reduce unwelcome medical gatekeeping when it comes to people’s identities, and also fix the mess that intersex people find themselves in. Currently, if you have an intersex condition and potentially had your legal gender assigned arbitrarily by a doctor at birth, you are unable to obtain a diagnosis of gender dysphoria (It’s a different diagnosis) and thus can not obtain a Gender Recognition Certificate.

Non-LGBT marriage issues

  • Allow the Church of England to decide itself if it wants to carry out same-sex marriage. At the moment, the Church of England is prohibited by law from carrying out same-sex marriage, but with the way things are going I can well see that changing in the not too distant future.
  • Allow Non-religious (Humanist) marriage ceremonies. Already permitted in Scotland, we would like to see this introduced in the rest of the UK.
  • Include both parent’s names on marriage certificates. Current certificates only list the father, which is a very outdated patriarchal approach.

You can download the full policy paper, in .docx format, here.