by ·0 Comments

The European “right to be forgotten” has been in the news recently as it has been a little over 6 months since Google launched their formal process, allowing individuals to request the removal of search results for their name. But which Europeans are most and least likely to request removal from Google search results?

Germany, the UK, Italy and France all feature highly based on raw numbers, but that is to be expected given those are also the most populous countries. Looking at the numbers based on population the answer is, surprisingly Estonia. Unless some Estonians are submitting more than one request, which would be odd given one request can list multiple URLs to be removed, nearly one in every thousand Estonians have contacted Google requesting removal. At the other end of the scale, Bulgarians are the least likely to want to be forgotten with less than one request in ten thousand people with Greeks being close behind.

The UK comes right in middle of the pack. Despite the national stereotype, it appears we are no more shy than any other Europeans when it comes to having our details online.

Right to be forgotten

Technical notes: Analysis is based on Google data as at 8th December, using World Bank population estimates from 2010. Countries with a population of less than 500,000 (Liechtenstein, Iceland) have been removed.

by ·5 Comments

News emerged yesterday* that the Gender Recognition Panel (GRP) is delaying and possibly denying legal gender recognition because a trans person has had children whilst living in their new gender – an act which is completely unjustified, given that the Gender Recognition Act does not require someone who has transitioned to refrain from sex that may get them or their partner pregnant.

At best, this delay is of questionable legality and reveals a dangerous element of (hopefully inadvertent) transphobia in the decision making process of the panel, likely fueled by ill-informed and sensationalist media coverage.

But at worst, the panel are willfully intruding into the area of reproductive justice. Coercive sterilisation of trans people has long been a major concern, but one that was until yesterday limited to countries other than the UK. Questioning the commitment of any trans person who has the audacity to exercise their reproductive rights is simply an attempt to force de-facto sterilisation via the back door, something considered a human rights abuse by the Council of Europe.

What is also of concern is that the panel based the decision to request more information on the publication of a newspaper article. This has the effect of penalising those who engage with the media as part of a campaign for equality. It will also hinder people who, as is often the case with members of the trans community, have been outed without their consent and have had deliberately misleading or inaccurate information about them distributed in order to sensationalise a story.

In an older case, the panel delayed an application because a doctor correctly decided that the information that a trans person had a wife and children was of no relevance and did not include it in their report. Another doctor did mention it, and thus the panel decided it should investigate further to ensure the first doctor was giving his opinion “in light of the correct factual situation”.

It is entirely possible that the Gender Recognition Panel does not realise the gross errors it is making, as having any experience of trans matters is not a requirement to sit on the panel. According to the Gender Recognition Act, “the only persons who may be appointed to the [panel] are persons who have a relevant legal qualification (“legal members”), or are registered medical practitioners or registered psychologists“. There is no further requirement given, beyond specifying exactly what legal qualifications legal members needs.

That means that being a doctor or lawyer in any field whatsoever is a more necessary qualification for determining someone’s gender than having any first hand experience of the topic whatsoever.

PS. If you have had a similar experience with the Gender Recognition Panel delaying an application because you have had a child, UK Trans Info would like to hear from you – email info@uktrans.info.

The original tweet, although anonymous and not made by the original applicant, was removed the following day as the person to whom this happened is worried that publicity may affect their GRC application

by ·0 Comments

The Counter-Terrorism and Security Bill was published yesterday, along with a couple of supporting documents, but it is still unclear exactly what data the Home Office is proposing to retain.

There is a need for the government to clarify the language in the bill and supporting documents, because it will be difficult to have a debate about security vs. freedom without this information. (We would really have to assume the worse case option, numbers 2 & 3 below combined) It may also result in legal wrangling if a service provider objects at a later stage to the information they are being asked to collect.

There are three likely interpretations of the bill:

  1. They want to keep:
    • account-to-IP address mappings for broadband
    • source IP address and port for NAT on mobile and cloud networks
    • MAC addresses on cloud WiFi networks.

    Although the data does not seem particularly useful and would thus query the price tag, the civil liberties implications seem minor, given that this data may be being kept by the ISPs in many cases already.

  2. As (1), but also collecting data such as MAC addresses from end-user equipment where it is operated by an ISP. (E.g. BT Home Hub) This is troubling, as people will not expect that equipment in their own homes would be spying on them.
  3. As (1) or (2), but also keeping some element of destination information to allow matching with destination server logs – e.g. destination IP address and port. Although in many cases an IP address/port combination is ambiguous when it comes to what site is being visited that is not always the case. Collecting this data strays into the same territory as with the Communications Data Bill.

It has been suggested that there may be a provision somewhere to also require CSPs (Facebook, Twitter etc) to keep source port information in server logs, which would make the data from (1) more useful if the source and destination is also in the UK.

If they could also publish how many additional RIPA requests they would expect to be able to get a positive result from due to this bill, that would also be useful information.

(It’s also worth reading the Impact Assessment if you are researching all this)

by ·2 Comments

Yesterday saw the publication of the Intelligence and Security Committee report into the events leading up to the murder of Lee Rigby. On reading it, one gets a sense of naivety from the members of the committee on how the Internet works, particularly when it comes to international jurisdictions. (Communications data is p139 onwards)

Notably, the committee seemed surprised that wholly US companies did not consider themselves to be subject to UK laws. To emphasise that, here’s an extract.

242. The UK Government has always asserted that the Regulation of Investigatory Powers Act (RIPA) has implicit extra-territorial jurisdiction. The problem is that, whereas UK Communications Service Providers (CSPs – Facebook, Twitter and so on) accept that they are legally obliged to provide access to the communications of individuals, most CSPs based outside the UK do not accept that the UK legislation applies to them.

Many in the UK would be shocked if random foreign laws suddenly applied to them, so it’s a little concerning that the Home Office think the reverse might be true.

It continues:

The Home Office has explained the argument the US CSPs have made: “RIPA lacks explicit extraterritorial jurisdiction and cannot be argued to place any obligations onto CSPs based outside of the UK.

The Home Office explained the particular issue US CSPs have raised, that: “complying with RIPA would leave US companies in breach of US legislation (including the Wiretap Act in relation to lawful interception)

So the problem is not just that the Home Office believes it can pass UK laws compelling people in foreign countries to hand over data, but that it thinks UK law can compel people to break their own local laws. I usually only see that level of “we’re a world power” arrogance in Americans from particularly red states these days.

Even if we restrict the “our data laws should apply in your country” principle to US-UK relations and ignore countries like China or Russia, it quickly becomes clear that this would cause all sort of problems in areas where we do not agree on policy.

The section of the report that has been most covered is the part that blames an unnamed site, since revealed to be Facebook, for not alerting the security services to an exchange between one of the attackers and an associate. The whole analysis suggests a lack of knowledge of how the internet and social media works:

  1. Firstly, there is an assumption without discussion that Facebook has a “moral duty” to search all member communications for suspicious content. This assumption conveniently ignores:
    • That it’s possibly illegal under US Wiretap laws mentioned earlier
    • The huge problems associated with appointing a US company guardian of international morals (I am hoping that the ISC does not expect Facebook to examine content on the basis of the laws of the country the end-users are in, unless it thinks social media sites should be reporting LGBT people to the authorities in countries where that is illegal)
    • The rather robust freedom of speech the US has
  2. There is also an assumption that Facebook could have detected the exchange via automation. This is based on the closure of several other accounts for various reasons, some of them unconnected with terrorism even though the account the exchange took place in was not closed. It is not clear if the “automatically” closed accounts were due to a large volume of uncontested end-user complaints, because that sort of quasi-automation of complaints triggering account closures on social media will not help with private chat between individuals. What the US regards as terrorists another state might regard as freedom fighters, which also puts Facebook in a sticky situation deciding who to report.
  3. That determining which security service to tell is not easy. If a US citizen is on holiday in the UK and messages suspect content, do you tell the US or UK authorities? The Home Office expressed reluctance in it’s MLAT discussion to go via US authorities, but is it expecting Facebook to report everyone to UK police when it doesn’t have any way of knowing their nationality? The US government may not be too happy about that, given it would mean allowing the UK to spy on US citizens here on holiday or business.
  4. That blanket trawls for data can produce quite unjust outcomes, such as the Robin Hood airport case.
  5. That the information needs to get to the UK somehow when as noted earlier, this may be illegal under US Wiretap law.
  6. And that the UK security services would need to find time to look at a potentially huge amount of data, when the report already highlights the amount of data they have to sift through is more than they can handle

Fortunately, the committee did not entirely side with the Home Office.

The report includes a discussion on existing routes that UK security services can use to obtain data using US laws and the committee quizzed the Home Office on why the Mutual Legal Assistance Treaty (MLAT) was insufficient for data collection. The Home Office response included the following:

…the MLAT process would require the release of sensitive data to the US authorities, since “the intelligence case underpinning the warrant application [would have] to be considered by US authorities”. In addition, the US legal process would mean that the Secretary of State’s decision (i.e. the warrant) would be exposed to scrutiny by a US court. This would be at odds with RIPA which prohibits the disclosure of the existence of an interception warrant

The ISC did not have much time for the Home Office’s “we can’t be bothered with any of that due process stuff unless it’s not our process” response and suggested instead that MLAT was probably exactly the route we should be using.

Due to the tone of the report, I took some time to dig into the backgrounds of those MPs and Lords who sit on the committee. Shockingly, it is terribly unrepresentative even by parliamentary standards – five of the nine members are lawyers, one was a civil servant for his entire career and one appears to have never had a non-political job. Of the remaining two, one was a teacher and the other was very briefly an engineer back in the late 1960s/early 1970s before becoming a lecturer. The average age is 65 and none have any IT or Intelligence background that I can see.

This does not seem like an appropriate group of people to be scrutinising intelligence work in an increasingly digital world.

And as a parting note, I shall point out that there is nothing anywhere in the report that suggests increasing UK communication interception laws would have prevented the murder of Lee Rigby.

by ·0 Comments

According to the Open Rights Group, (ORG) who are often right on soon-to-be-published legislation, the forthcoming bill on “IP Address Matching” is about mobile networks performing NAT.

There are probably a few reading this whose eyes have already started to glaze over, given the first paragraph mentions a three letter acronym. It is likely that a few civil servants and ministers suffered from the same. That is worrying because it is entirely possible that this bill may, if ORG are correct, involve collection of communications data – here’s why:

Network Address Translation (NAT) is a way of hiding many computers behind a single Internet address. It was invented because under the system of addressing currently in use in much of the world, there are not enough addresses for every computer to connect at once. Using the analogy of a telephone system, it is like a company having a few well-publicised phone numbers for their major services but hiding all their other staff behind a single generic phone number whenever they make an outbound call.

If someone is making nuisance calls that you are trying to trace, being told that the call came from your generic phone number is not much use. As with IP addresses hidden behind NAT, there could have been tens of thousands of phone calls being made outbound from that phone number at any point in time. You can only trace who made the call if you also logged which number each handset dialed.

Now, the internet also uses port numbers. They are fixed for servers (web servers typically run on port 80 or 443) but randomly assigned for outbound connections, so that the address and port will be unique for anyone talking to a particular service. This makes it theoretically possible to trace a user using both the address and port if you already know which service they were talking to.

Unfortunately for that approach, servers in the internet generally only record source addresses and not source ports.

If the Home Office want the data they are collecting to be useful, this means they will likely also be asking service providers to be storing destination addresses, which brings us back to having to store communications data. It would allow security services, police or even an anti-piracy company with a court order to ask a service provider questions such as “tell me everyone who accessed www.aljazeera.com in the last 12 months”.

Hopefully I’m wrong.

(Some further reading for the more technically inclined is over at ISPReview. The comments are also worth a read.)

by ·0 Comments

I have been looking at transparency report data again recently, a task that is long overdue. The big change is that more data is available on government and law enforcement requests than used to be the case, when Google were the only company producing reports.

The most interesting category is, for me, social media networks. Unfortunately, only four major networks produce data that is independent – Facebook (Including Instagram), Twitter, LinkedIn and Tumblr. (Google+ comes under Google and Skype under Microsoft) So, which network is receiving the most queries for data per user? Before running the numbers, I would have expected networks to receive requests proportional to their size but this is far from true – the graph below is adjusted to take into account the number of users each site has and is based on requests from July 2013 to June 2014.

Social Media Networks - Data Requests
(Interactive version)

This discrepancy may be because of the kind of requests law enforcement is issuing. Although Twitter is far more political than Facebook, most serious crime is not political or terrorist – it’s run-of-the-mill violence. The bulk of (Non-piracy-related) requests received by Internet and Telephony Service Providers relate to people who had been assaulted, and the police were attempting to find out who the victim has communicated with recently. Although quite nasty threats are far too common on Twitter, Facebook “friends” are the kind of people who will be close enough to actually carry out threats, so will likely be the first port of call for police.

For the usual analysis of data requests per-country, Facebook alongside Microsoft and Google, but dropped Twitter due to their small size.

Sadly, many of the smaller companies are only permitted to release very vague figures by the US government which makes them all but useless – it is not particularly helpful to know that a network received some requests in a six month period, but that it was less than 1,000 requests.

The charts below are based on the first half of 2014 and adjusted for population size, and countries with a population below 2,000,000 (Where a handful of requests can skew the results) have been excluded.

User data requests per country (Population adjusted)
(Interactive version)

User data requests per country (Population adjusted, bar graph)
(Interactive version)

The UK is still an unenviable fourth in the league tables of most-snooped-on population, although we have dropped below Germany and France. (Malta and Luxembourg have been excluded this time as smaller countries, but did appear on the 2013 charts) The surprise first place, having not had a particularly bad data request rate in the past, is Singapore who have added

by ·1 Comment

The Mail on Sunday have published a new survey into, amongst other things, who people would like to see leading a coalition government.

The article is relentlessly pro-UKIP, but includes a result similar to one already seen with Ashcroft polling in Cambridge if you look closely at the numbers: Liberal Democrats are popular as a coalition choice.

The raw numbers published by the Mail on Sunday list the combinations as Cameron/Farage 26%, Cameron/Clegg 23%, Miliband/Clegg 20%, Miliband/Farage 14%. (17% don’t knows) Converting them into ratings for individuals, we get:

Mail on Sunday survey results

  • Cameron: 49%
  • Clegg: 43%
  • Farage: 40%
  • Miliband: 34%

Worrying news indeed for Ed Miliband.

by ·3 Comments

For the last year I’ve had the good fortune to be able to serve as a member of the Liberal Democrat Equality Policy Working Group, and yesterday conference accepted the motion that came out of that, making it official party policy.

Equalities SpeechThere is lots of good stuff in there, but I did want to highlight the LGBT and marriage sections in particular. We heard much evidence from other groups too, and some of the awful statistics relating to education and stop-and-search for young Afro-Caribbean men in particular stick in my mind – but others deserve the credit for campaigning on those areas, so I’ll let them talk about them.

Remember, these are now official party policy. They are not just policy of the LGBT group or aspirational aims of a subgroup. Actual official party policy. (Some of these items were already party policy, but were restated in the policy document for clarity)

LGB and LGBT issues

  • Review the Blood Ban. We’re currently in the ridiculous situation where a man who has sex with other men, even safe sex, is banned from giving blood for 12 months. However, it doesn’t matter how many unsafe sexual relationships anyone else has as they can still give blood. Even more confusingly, if you are a woman married to (And having sex with) a bisexual man who has ever had sex with another man, you can not give blood ever. Even if your husband can.
  • An evidence-based approach to tackling *phobic bullying in schools. There is an evidence-gathering programme, started by LibDem Equalities Minister Jo Swinson MP, that will report back on how we can bet do this.
  • …mainstream discourses should consider more authentic ‘inclusive sexualities’ in advertising, media, and sport to help break down prejudice. and more specifically later on positive images of transgender individuals in central government publications. Hopefully self-explanatory!

Trans issues

  • ‘X’ (Unspecified) gender markers on passports. A big benefit for the non-binary community if we can make it a reality, but this is good for all trans and intersex people and society in general. There is no particular reason the state needs to concern itself with gender in the vasy majority of situations, especially when it comes to official ID. For example, did you know about the very patriarchal approach of the DVLA, which includes titles on women’s driving licenses but not men’s?
  • Ending the Spousal Veto. If you don’t know what the Spousal Veto is, Sarah Brown has an excellent primer here. In short, the veto was introduced by the Same-Sex Marriage Act and allows a partner to block legal gender recognition of a spouse who has transitioned and prevent them obtaining potection from employment discrimination, even after the two year wait required for the legal process.
  • Restoring stolen trans marriages. Under the pre-same-sex-marriage regime, even if a couple stayed together they were required to have their marriage annulled if one partner wanted to fully transition.
  • Removing the requirement for a diagnosis of gender dysphoria in order to obtain legal gender recognition. This would further reduce unwelcome medical gatekeeping when it comes to people’s identities, and also fix the mess that intersex people find themselves in. Currently, if you have an intersex condition and potentially had your legal gender assigned arbitrarily by a doctor at birth, you are unable to obtain a diagnosis of gender dysphoria (It’s a different diagnosis) and thus can not obtain a Gender Recognition Certificate.

Non-LGBT marriage issues

  • Allow the Church of England to decide itself if it wants to carry out same-sex marriage. At the moment, the Church of England is prohibited by law from carrying out same-sex marriage, but with the way things are going I can well see that changing in the not too distant future.
  • Allow Non-religious (Humanist) marriage ceremonies. Already permitted in Scotland, we would like to see this introduced in the rest of the UK.
  • Include both parent’s names on marriage certificates. Current certificates only list the father, which is a very outdated patriarchal approach.

You can download the full policy paper, in .docx format, here.

by ·0 Comments

The BBC have caused a bit of a stir by labeling anyone using encryption in the form of a VPN a “pirate”.

On that basis, almost anyone who works from home regularly – and whose laptop is likely to be backed up over a VPN as a result – is a potential pirate. Small offices with just a few staff in also often use broadband connections with VPNs back to HQ.

Snooping for heavy users of encrypted traffic will also pick up those using services such as Tor, to evade state surveillance and blocking. Such tools tend to be used more heavily in more oppressive regimes, but a more oppressive internet regime is exactly what the BBC is encouraging with this “ISPs should spy on users” approach.

Some may think that I’m being a bit harsh on old Auntie, but this isn’t the first time they’ve missed a trick when it comes to online issues. There’s the time they funded online organised crime. The ongoing campaign against online pharmacies, a lifeline for many trans people who are denied or delayed treatment by the NHS. Oh, and they’re a member of an organisation that refers to Harry Potter as “Adult Media”.

Media outlets reporting things badly is troublesome enough but still remains part of day-to-day life. It worries me when the same poor reporting spills over into official submissions to governments.

by ·5 Comments

Yesterday, Saturday, was the day of the big Stonewall-Trans meeting in London. The briefest bit of background is in order for those who are not engaged in LGBT politics, or who are reading this in ten years time and don’t know what the fuss is about: Stonewall UK are an LGB organisation, not an LGBT organisation.

Historically, this has caused problems.

But Stonewall is under new management in the form of Chief Executive Ruth Hunt, who is keen to work with the trans communities and build bridges. A few of us have worked with Ruth from when she was the number two at Stonewall, and knew her to be approachable and someone we could work with so we were not walking into this completely blind.

What the meeting was not

One point that is quite clear from all that has been said is that the meeting itself is not definitive. It has certainly been influential, not least as a rare gathering of so may trans people who agreed if not on the detail, at least on the general direction we’d like this to go in. But Ruth is keen to hear from as many people as possible and Stonewall are still looking for feedback from trans people. (As an aside, please don’t think Stonewall can solve every niche issue faced by every trans person any more than they can do the same for the LGB community. Such expectations can only lead to disappointment. What working with Stonewall will give is better trans activism overall, not perfection.)

Any closer working with Stonewall is also not about services. Stonewall do not provide individual support and do not pursue legal actions on behalf of individuals, except as part of a more strategic outcome. Stonewall’s modus operandi is strategic, UK-wide lobbying, research and education/training.

Finally, the meeting was not about cis people. The only non-trans people present were Ruth Hunt herself, Stonewall’s chair Jan Gooding and the facilitator, Caroline. A number of cis people who were involved in (LGB)T organisations did ask to turn up but were told this was a meeting for trans folk only.

Concerns have been raised over the inclusivity of the meeting. Whilst no group can ever be perfect, I can certainly say it wasn’t awful: About a two-to-one trans feminine vs masculine split, (Which is roughly representative of the trans communities in the UK) clear non-binary representation, a spread of religious beliefs and not excessively London-centric or exclusively white. There was certainly also some representation from people with disabilities and I believe intersex people, but being invisible traits I can’t say how numerous that representation was.

Stonewall does also intend to hold separate meetings with PoC and other groups.

The options

The day was mostly about the how, rather than the what. What’s needed is something we all had experience of and Ruth outlined three options on the how, which formed the focus of the day. These were:

1. Stonewall becomes fully LGBT. All Stonewall’s output is LGBT-inclusive, as is all their fundraising.

2. Stonewall does “a bit” of LGBT, but also supports the community in setting up a sibling organisation. For the first year or two, this would involve mentoring, initial fundraising and shared back-office (HR, IT) resources.

3. Stonewall does not do T. Instead, they gives grants to trans organisations.

There was also a number 4 on the list, which is simply “Stonewall is a better ally”. This wasn’t discussed because Stonewall have committed to do this anyway, as they feel comfortable that they don’t need a mandate just to Do The Right Thing.

Where the meeting went

I shall skip several hours of discussions, in which many excellent points were raised in the various smaller groups. The quickest one sentence summary is “nobody likes option three”. (The Stonewall-gives-grants option) Many reasons were given for this but it boils down to any attempt by an LGB organisation to give grants appearing paternalistic, as well as the trouble of how LGB folk are supposed to know where money for T issues is best spent.

A number of attendees with experience of small organisations obtaining grants also commented on how taxing navigating grant applications can be for such groups.

Which of option one or two is best is a much harder call, particularly given that is can be viewed more as a range of options rather than strictly either/or.

The positive points about option one, Stonewall becoming entirely LGBT, is that Stonewall tends to be a one-stop-shop, with large organisations focusing on LGB issues for a while before finding some other equalities issues to worry about. Despite such groups being told by Stonewall that T is separate, they don’t quite get around to thinking about gender identity but just tick the “We did LGBT!” box and move on. If Stonewall deliver LGBT rather than LGB training and include the T when lobbying government bodies, that’s immediately a great deal more than we are getting right now.

The obvious drawback on that option is lack of autonomy of the trans community. Work will inevitably be focused on what LGBT needs this year and next year, not what T needs this year and next year, and trans issues can often court controversy which Stonewall is likely to be uncomfortable with. For example, there is not likely to be another LGB-centric bill going through parliament in the next decade or two so Stonewall will be less likely to focus on lobbying, but there are still a significant number of legislative changes being sought by trans people.

Option two, Stonewall having a sibling organisation, gives back that autonomy. What it does lose is the commitment from Stonewall itself to carry on doing the “T” long term once it has spun off such an sibling group. It also results in the loss of the contacts and influence Stonewall has that enables it to go into large organisations via it’s Workplace Equality Index and other initiatives.

The sweet spot appears to be somewhere between option 1¼ and 1¾, with a range of ideas on how that might look. Where we seem to be heading is towards Stonewall starting to do trans-inclusive work now, where “now” in such a complex organisation is more like “over the course of the next year, because lots of staff training needs to happen“. There were no concrete ideas at this stage on how this work would engage with trans people – either as employees or outside advisers, but Ruth was consistently and repeatedly clear that Stonewall will not be attempting anything without trans involvement.

The inclusive work is things like education/training campaigns (e.g. Some People are Gay would have also included “Some People are Trans, Get Over It”) as well as any lobbying work and research.

That leaves the trans-exclusive work which does not overlap with LGB issues: Gender Recognition Act reform, Spousal Veto, Sexual Offenses legislation, Healthcare and so on. Under a pure “Stonewall does LGBT” approach, some of this could be picked up but as it would result in a more major shift in campaigning it would not be quick, would take at least a year to get going and risks diverting some funding that existing T-exclusive organisations are already receiving. However, it looks more likely that Stonewall will help to set up a sibling trans-specific organisation to handle these issues instead.

Where next

As mentioned earlier, there is still more consultation that Stonewall would like to do. They are aiming to produce a summary document in January, which the Stonewall board will look at and trans folk will have the chance to comment on further.

The final report, with a definitive statement on Stonewall’s future intentions, is expected in April.