Valuing the human…

When I heard that UKIP had forged an alliance with a Polish MEP who was, amongst other things, a Holocaust denier, a man who joked about beating wives and beating children, who thought disabled people shouldn’t be on TV, and that had described Hitler as a ‘rascal’, my first reaction was to sigh. Not because these things aren’t terrible – but because they are, and they’re sadly typical of something I see in so many places. It’s about a failure to place value on the human, but instead only on certain people.

The whole nature of the Holocaust was about that – and so is Holocaust denial. Don’t get me wrong, I don’t think UKIP is a party of Holocaust deniers – though I wouldn’t be at all surprised if there were a few in UKIP’s ranks – but that they don’t think Holocaust denial is such a big deal. Certainly not a ‘deal breaker’, as they’ve demonstrated by making their deal. Why would you not think it was a big deal? The most obvious reason is that the millions of deaths, the brutal and systematic nature of those deaths – not just of Jews but of Roma, of Slavs, of disabled people and others – simply don’t matter that much to you. For some people such an attitude is almost inconceivable – but for others, it seems long ago, those ‘people’ don’t really register as important enough to make a difference. They’re not valued.

Holocaust denial is one of the most obvious, but the failure to place value in the human is in all those other things. You can only joke about ‘wife beating’ if you don’t really value women – they don’t quite class as human, somewhere in your mind. The same for beating children. Saying that disabled people shouldn’t appear on TV can only really be because disabled people don’t count as quite, well, people. Human. And it’s part of a bigger pattern. Racism, ultimately, means thinking that people of one race are less valuable than others. Xenophobia, of the kind demonstrated by UKIP towards Romanians and Bulgarians, for example, says the same. ‘You know the difference’, as Nigel Farage said to James O’Brien, comparing Romanians to his German wife, is about valuing one kind of human above another.

It’s not just UKIP. Lord Freud’s comments about some disabled people being ‘worth’ less than the minimum wage has the same origin – and in some ways a more pernicious one. It takes the idea of value to a more calculated level, treating people not as humans but as ‘assets’ whose only ‘worth’ is their ability to contribute as productive economic units – and as a result finds them wanting. It’s not just treating disabled people as less than human – it’s treating all of us as less than human. It’s not valuing humanity at all. Labour’s Rachel Reeves gets in on the act too. In her recent speech on social security began by talking about ‘decent, hardworking people’ – which implies that there are some people who are not as valuable. Not decent. Not working hard enough – and hence not as valuable, not as worthy. That would include people who can’t work as hard – disabled people for example, older people, kids – and people whose lives are not filled with what is commonly described as ‘work': carers are perhaps the most obvious example, the majority of whom are women. These people, the indecent, non-‘hardworking’ people are seen as less ‘valuable’ than the decent, hardworking people, who ‘deserve’ support. The value’s in the ‘decency’ and the ‘hardworking’, not the ‘people’. Not the human.

That’s also why the Tories can see an attack on ‘human rights’ as something that’s not just politically acceptable but politically valuable. Many people seem to think that there isn’t any value in the human, just in certain kinds of human.  That’s why the recent survey that suggests many more Britons think that they should have the right to work anywhere in Europe than think Europeans should have the right to work in the UK. It makes sense – if you understand that we Brits are inherently more valuable, more worthy, more trustworthy than all those dodgy foreigners. We brought civilisation to the world, you know, of course we’re better than those Europeans – particularly those dodgy Romanians and Bulgarians, who are mostly beggars and thieves anyway. Even if people don’t articulate it in those terms, that’s what underlies it. ‘We’ are better than ‘them’.

We seem to see just the differences, and use them to ascribe value. We forget the human, and undervalue it. That’s why UKIP can just shrug off the Holocaust denial and the wife beating jokes. That’s why the casual racism inherent in the UKIP Calypso doesn’t matter – and why even if Lord Freud does eventually lose his job, the attitudes towards disabled people are seen by far too many as just common sense and economic reality. That, to me, is deeply sad.

Human rights and the trivial…..

The Conservative plan for a ‘Bill of Rights’ has been made public by David Allen Green (@JackofKent) here.

I’m sure there will be detailed analyses of it by people far more expert than me – but there was one particular thing in the proposals that drew my attention. The idea is to:

Limit the use of Human Rights laws to the most serious cases. They will no longer apply in trivial cases.

So what counts as trivial? Who decides what is trivial? This may seem like a trivial question, but it really isn’t, particularly when you consider the nature of human rights. What is trivial to one person is far from trivial to another – so who it is who makes that judgment, and on what basis, is critical. As someone who works primarily in the field of privacy, this is an issue that comes up all the time. Those who invade privacy often consider those invasions trivial – and don’t understand why other people complain about this. The ‘nothing to hide’ argument often hinges on this – only ‘bad’ people are bothered by privacy invasion, because the impact on other people is ‘trivial’.

Another example has come up in the last few weeks, with the conviction of Dave Lee Travis for indecent assault. There were a number of articles in newspapers (such as this one by Rosie Millard) suggesting that what he did was, effectively, trivial. The woman whose breasts he squeezed was, effectively, accused of making a mountain out a molehill in complaining. By most accounts it wasn’t trivial for her – she certainly didn’t think so. Whose view takes precedence? Who decides when things are trivial?

It’s not a trivial question. It matters – and if the upshot of the Conservative Bill of Rights is that decisions like this are made by the government, the ‘little people’ – the people that human rights are particularly needed to protect – are likely to be given short shrift. That isn’t a trivial matter.

Royal Babies…. and human rights!

Screen Shot 2014-09-08 at 13.34.58The news of another Royal Pregnancy – the Duchess of Cambridge is expecting a second child – has as usual provoked a lot of media attention. To say the least. Lots of cooing, lots of cute pictures (like this one of the last little prince to be born), a fair amount of cynicism about the timing of the announcement (in relation to the Scottish Independence referendum in particular) and so on. Flags will be waved, bells will be rung, tears will be shed – but when it comes down to it, will anyone ask the question that comes up so often in other circumstances: ‘won’t anyone think of the children?’ There are many, many reasons to object to the monarchy – but one rarely mentioned is that it’s inherently cruel to the children. Indeed, it might be argued that it breaches their human rights.

The institution of the monarchy brings into play a whole plethora of human rights. Looking at the European Convention on Human Rights (the ECHR), and glossing quickly over Article 4, which prohibits slavery and forced labour (the application of which I will leave to your own imagination), we can move on to Article 8, which covers the right to a private life.

Article 8: Right to respect for private and family life

“Everyone has the right to respect for his private and family life, his home and his correspondence.”

How much privacy does any Royal Prince or Princess get? As a child, their every move is watched – the huge excitement over Prince George’s first steps was just a start of a lifetime of being snooped on, stared at, scrutinised and analysed in every detail. Of course the Prince or Princess will have protection, and the vast wealth of the Royal Family and indeed the powers of the government will be brought into play, but even so, the level of privacy is minimal. What kind of an institution puts that kind of pressure on a child pretty much from the moment it’s conceived – and certainly from the moment the bump is noticed.

Article 9 – freedom of conscience and religion

“Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief and freedom, either alone or in community with others and in public or private, to manifest his religion or belief, in worship, teaching, practice and observance.”

What freedom does a Royal Prince or Princess have? Their religion is predetermined – after all, they might grow up to be Defender of the Faith. We often look down on religious fanatics who force their children to follow in their footsteps – but Royal Babies are every bit as restricted. No chance to change – even if it’s legally possible, the pressure not to change is so huge as to be almost insurmountable. It could bring about a constitutional crisis.

Article 10 – freedom of expression

“Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.”

Almost none of that for a Prince or Princess. One word out of place and the media will jump on them from a great height. Prince Charles has tried a bit, and been viciously attacked (yes, sometimes even by me) for doing so – but even he keeps his pronouncements to a pretty narrow range of topics. The expectation is clear – don’t say anything wrong. All statements in writing care carefully edited and vetted. Nothing political. Nothing that might be misconstrued. No real freedom at all….

Article 11 – freedom of association and assembly

“Everyone has the right to freedom of peaceful assembly and to freedom of association with others, including the right to form and to join trade unions for the protection of his interests.”

How can a Prince or Princess exercise freedom of assembly or association? They’re watched and monitored by the Royal Household, by the paparazzi, by a huge number of others. They can’t meet with who they want, when they want, or associate with who they want. Imagine a trade union for Princes and Princesses….

And the rest…

There’s Article 12, covering marriage,  and article 14 covering prohibition from discrimination, but even forgetting them we’re still left with the institution of the monarchy being deeply in breach of the human rights of Royal Babies.

There’s only one solution. The abolition of the monarchy. We must do it, for the sake of the children.

 

Privacy invasive law in Mexico – guest post by Lisa M Brownlee

I’ve written about this before – but things have moved on, and not in a good way. Some aspects of the law discussed are deeply troubling, and privacy activists around the world should be concerned. The following is by Lisa M Brownlee – an information security/privacy and intellectual property legal scholar and author residing in Mexico, and someone whose work is well worth following, as is Lisa herself, on Twitter, where her tag is @lmbrownlee1. Her work on an early version of the law being discussed was published in ArsTechnica.


 

Mexico’s new telecommunications law – including controversial surveillance and data retention provisions.

On Wednesday, August 13, in a 4-3 vote, Mexico’s personal data protection authority, IFAI, (Federal Institute for Access to Information and Data Protection) considered and voted against challenging the constitutionality of Mexico’s new telecommunications law, the Federal Telecommunications and Broadcasting Act (FTBA).

The National Human Rights Commission (CNDH) was also empowered to block the legislation on constitutional grounds but failed to do so by Wednesday’s challenge deadline. The Mexican legislature’s Chamber of Deputies, also empowered to prevent the law’s taking effect, was 12 signatures short of a vote to block the FTBA. FTBA therefore took effect on August 13.

Shortly after the vote, Mexico’s Secretary of Communications and Transport (SCT), Gerardo Ruiz Esparza welcomed the new law and hailed, among other provisions, the law’s authorization of SCT to establish new Internet connections in over 40,000 public places nationwide.

IFAI is mandated to protect the privacy and personal data of citizens, and thus had the authority to challenge the constitutionality of the data collection, retention and access provisions of FTBA Articles 189 and 190. During the hearing, IFAI members stated that the data collected and retained under the FTBA was not “personal data”, and that IFAI therefore lacked standing to bring the suit.

FTBA Article 189 requires telecommunications licensees and Internet service providers to provide real-time geographic location of any type of communication device to public servants and security officials at their request, without warrant. Article 190 provides for the collection of data pertaining to communications, including the-origin of calls, duration, location, text messages metadata, activity on the network, and for the retention of such data for up to 24 months. Both provisions provide warrantless access by a broad range of government and law enforcement personnel.

Human rights activists fighting the constitutionality of the FTBA’s geolocation and data retention and access provisions were disappointed in IFAI’s failure to take action. The Twitter hashtag #IFAIL arose shortly after the no vote, the tag being a play on IFAI’s name, designating failure to carry out its privacy and data protection authority.

The digital rights group R3D Mexico decried as indefensible the statement made by IFAI president Ximena Puente that the data retained by the telecommunications companies was not “personal data”, and later criticized the failure of IFAI, CNDH and the Chamber of Deputies to act.


 

We need to watch this space!

DRIP: web-mail and web-browsing….

One of the big questions concerning data retention and the hastily-passed DRIP is whether it applies to web-browsing activities. Indeed, Julian Huppert MP asked the question during that all-too-brief debate in parliament, and was assured that it did not. I was far from convinced by the answer, and remain far from convinced, particularly given the idea that this ‘update’ to powers is intended to cover activities like webmail and social networking messages. Some colleagues have been asking questions, and a reliable source within one of the US companies that operates webmail (amongst other things) told us that they don’t expect the data retention powers to apply, given that they have never done so and the government made clear that there was no change in that through DRIP. They added further that as a US company, they are in a very different situation to UK providers.

That leaves us in a very interesting situation. If you’re communicating by webmail or social networking, how can your activities be caught? I can see only two ways: directly from the webmail company, or by capturing web-browsing through the ISP. If there are other ways, I’d like to know… because in the current circumstances I can see only three options:

  1. That webmail and social networking will not be covered by DRIP. That’s almost inconceivable, given the intentions of DRIP and the extent to which communications of the kind that those behind DRIP want to capture take place on webmail and social networks; or
  2. That the non-UK webmail and social network providers have been misled, and DRIP will be used to compel them to gather and hold communications data concerning activities on their services; or
  3. That Julian Huppert – and parliament, and the people of the UK – has been misled, and DRIP will be used to gather web-browsing activities.

If there’s another option, I’d like to know it. It’s entirely possible, as I’ve been wrong often before, but I can’t see it immediately.

My instinct is that the third option is the most likely – and that the intent of DRIP was always to gather web-browsing activity. If we’d had proper time for scrutiny of the bill, and to get experts to ask questions in committee, we might know the answers – and make sure that appropriate balances and controls are put in place. We didn’t. I have a strong suspicion that was entirely intentional too.

DRIP: a shabby process for a shady law.

[An earlier version of this post appeared at The Justice Gap, here]

Thursday’s announcement by David Cameron and Nick Clegg that the coalition was going to expedite emergency surveillance legislation is something that should concern all of us, not just privacy activists. The speed with which the Data Retention and Investigatory Powers bill (‘DRIP’) is being brought into play, the lack of consultation and the breadth of its powers should matter to everyone. There is a reason that legislation usually requires time and careful consideration – and with a contentious issue like surveillance this is especially true. This is a shabby process, for what seems to be a very shady law. And, as David Davis MP has suggested, the ‘emergency’ is theatrical, not real. The need for new legislation was entirely predictable – and politicians and civil servants should have known this.

A predictable emergency

The trigger for the legislation was the ruling by the ECJ, on 8th April, that the Data Retention Directive was invalid – more than three months ago – but the signs that new legislation was needed have been there for far longer. The ruling by the ECJ exceeded the expectations of privacy advocates – but not that significantly, and the declaration that the directive was invalid should have been an outcome that civil servants and politicians were prepared for. Indeed, the Data Retention Directive has been subject to significant challenge since its inception in 2005. Peter Hustinx, the European Data Protection Supervisor in 2010 called it:

“…without doubt the most privacy invasive instrument ever adopted by the EU in terms of scale and the number of people it affects.”

Across Europe there have been protests and legal challenges to data retention throughout its history, from 30,000 people on the streets of Germany in 2007 to the declaration that data retention itself was unconstitutional in Romania. The challenge that eventually brought down the directive began in 2013.

The signs have been there in the UK too, and for far longer than three months. The Communications Data Bill – more commonly and appropriately known as the Snoopers’ Charter – was effectively abandoned well over a year ago, after a specially set-up parliamentary committee, after taking detailed evidence, issued a damning report. At that stage, even before the revelations of Edward Snowden reared their ugly head, the need for further legislation was evident.

So why, given all these warnings, has this emergency been manufactured, and why is legislation being pushed through so quickly? Is it that those behind the bill are concerned that if it received full and detailed scrutiny, the full scale and impact of the bill will become evident and, like the Snoopers’ Charter before it, it will fail? It is hard not to think that this has played some part in the tactics being employed here. What would there be to lose by delaying this a few months?

Companies like data too…

The suggestion that if the legislation isn’t pushed through this quickly then companies will suddenly start deleting all their communications data is naïve to say the least. Firstly, it’s hardly in most communications providers’ interest to delete all that data – actually, rather the opposite. Back in 2007, Google attempted to use the existence of data retention legislation as an excuse not to delete search logs – companies generally like having more data, as they (just like the authorities) believe they can get value from it. Moreover, businesses don’t often change their practices at the drop of a hat, even if they want to. They might, however, if they’re required to by law – and that may well be the real key here. Legal challenges to specific practices by specific companies in terms of data retention may well be in the offing – but this would take time, far more time than the few days – less than a week – that MPs are being given to pass this legislation.

Fundamental Rights

The underlying point here is that there is a reason that the Data Retention Directive was declared invalid by the ECJ, and a reason that both privacy advocates and academics have been concerned about it from the very beginning. The mass collection of communications data breaches fundamental rights – and DRIP, just like the Communications Data Bill before it, does authorise the mass collection of this data. It has the same fundamental flaws as that bill – and a few extras to boot. With the very limited time available to review the bill so far, it appears to extend rather than limit the powers available through the contentious Regulation of Investigatory Powers Act (RIPA) rather than limit them or modernise them (see for example the analysis by David Allen Green in the FT here – registration needed), and attempt to extend powers outside the UK in a way that is at the very least contentious – and in need of much more scrutiny and consideration.

Most importantly, it still works on the assumption that there is no problem with collecting data, and that the only place for controls or targeting is at the accessing stage. This is a fundamentally flawed assumption – morally, legally and practically. At the moral level, it treats us all as suspects. Legally it has been challenged and beaten many times – consistently in the European Court of Human Rights, in cases from as far back as Leander in 1987, and now in the ECJ in the declaration of invalidity of the Data Retention Directive. Practically, it means that data gathered is vulnerable in many ways – from the all too evident risks of function creep that RIPA has demonstrated over the years (dog-fouling, fly-tippers etc) to vulnerability to leaking, hacking, human error, human malice and so forth. Moreover, it is the gathering of data that creates the chilling effect – impacting upon our freedom of speech, of assembly and association and so forth. This isn’t just about privacy.

Safeguards?

Nick Clegg made much of the concessions and safeguards in the new bill, emphasising that this isn’t a Snoopers’ Charter Mark 2, but it is hard to be enthusiastic about them at this stage. There is a sunset clause, meaning that DRIP will expire in December 2016 – but there is nothing in the bill itself to say that it won’t be replaced by similar ‘emergency’ legislation, railroaded through parliament in a similar way. Moreover, December 2016 is well after the election – and the Lib Dems are currently unlikely to still have any influence at that stage. Julian Huppert in particular, my MP in Cambridge, is in a very precarious position. Without him, it’s hard to see much Lib Dem resistance to either the Tories or the Labour Party who set the ball rolling on mass surveillance state in the Blair years.

The rest of the safeguards are difficult to evaluate at this stage – they were originally said to be contained in secondary legislation that was not published with the bill itself, but when that secondary legislation was actually released, at around 4pm on Friday afternoon, it contained almost none of what had been promised. For example, the suggestion that the number of bodies able to use RIPA was to be restricted, was entirely absent. This list doesn’t just include the police and intelligence services, but pretty much all local authorities, and bodies like the food standards agency and the charities commission – another part of the function creep of RIPA. The breadth and depth of the surveillance that this bill, in combination with RIPA, would not only allow but effectively normalise, is something that should be of the deepest concern to anyone who takes civil liberties seriously.

The shabbiest of processes

This is just one part of the shabbiness of the process. Two more crucial documents,  ‘Impact Assessments’ performed by the Home Office concerning the data retention and interception aspects of the bill, were also released – but without even a mention, so that the first that was heard of them by most concerned people was early on Saturday morning, when vigilant investigators found them all but hidden on the Home Office website. Two documents, full of technical details looking at why the laws were ‘needed’ and what the risks and benefits of the laws would be, the alternatives and so forth, pretty much hidden away. These, together with the Bill itself and the Regulations, combine to produce something with a serious level of both legal and technical complexity – something that needs very careful study and expert analysis. And to do this analysis, we are given essentially one weekend, and no warning.

How serious this is was highlighted by a brief twitter conversation between David Allen Green and MP Julian Huppert this morning:

Screen Shot 2014-07-12 at 18.53.05

 

David Allen Green (@JackofKent) is asking a straight and direct, technical and legal question – and Julian Huppert can’t answer it. Julian is perhaps the most technically expert of the entire House of Commons – if he doesn’t understand the bill, its impact and how it changes the current situation, how much less can other MPs? And yet they are expected to debate the bill on Monday, and pass it almost immediately. This is patently wrong – and highlights exactly why parliament generally has significant time for analysis and for debate, and parliamentary committees call experts to give testimony, to tease out these kinds of answers. Julian Huppert should not be criticised for not knowing the answer to the question – but he should be criticised for supporting a bill without allowing the time for these questions to be asked, investigated and answered. They need to be.

This is an wholly unsatisfactory state of affairs. Indeed, the whole thing is highly unsatisfactory, and in a democratic society, it should be unacceptable. That our MPs seem willing to accept it speaks volumes.

——————–

The key documents can be found here:- study them if you have time!

The draft bill

The draft regulations

The impact assessment for interception

The impact assessment for data retention.

Surveillance: ten ways to fight back!

The-Day-We-Fight-Back-2-e1391612024967

Today, 11th February 2014, is ‘The Day We Fight Back” – a day of campaigning against mass surveillance. It’s a day where campaigners are trying to raise awareness of the issue – and begin fighting against it. The big question is how can we fight back – what can we actually do. It often seems as though privacy is dead, and that there’s nothing we can do about it. I don’t think so – there are lots of things we can do, lots of things we must do. Here are just ten….

1     Support The Day We Fight Back

One of the most important things in the whole fight is to raise awareness – and to take advantage of opportunities to spread the message that surveillance is a big issue. Days like The Day We Fight Back help to do that. Check out the website here. Tweet about it. Blog about it. Talk about it with your friends and colleagues. Make it something that people notice.

2     Lobby your politicians – or unseat them!

Let the politicians know that you care about this – because, ultimately, they are supposed to be your representatives. It may not feel as though they listen to you much – but if enough people tell them the same thing, if enough people bother them, then they may finally get up off their backsides and do something. And if they don’t, use your vote against them. Politicians make a difference here – or rather they could, if they could be bothered. Most of them don’t understand what’s going on – try to educate them! Help them to understand, and don’t let them get away with bland, meaningless reassurances.

3     Don’t let the corporations off the hook!

The Snowden revelations were shocking, revealing a degree of governmental surveillance that surprised many people, and made a lot of people angry with their governments – but we shouldn’t be fooled into thinking this is just about governments, or just about specific agencies like the NSA and GCHQ. The malaise is far deeper than that – and corporations are in it right up to their necks. In many ways corporate surveillance is worse than governmental surveillance – it can have real impact on people, messing with their credit ratings and insurance premiums, affecting their job prospects, the prices they pay for things and more.

The NSA and GCHQ to a great extent piggyback on the surveillance that the corporates do, utilise the tools that the corporates create, mine the data that the corporates hold – if the corporates weren’t doing it, the agencies couldn’t tap into it. What’s more, corporations actively lobby to undermine privacy law, obfuscate over their privacy policies and do a lot more to undermine the whole concept of privacy. We shouldn’t accept that – let alone allow themselves to portray themselves as the good guys in this story. They’re not. Right now, they’re the henchmen and sidekicks of the NSA and GCHQ – if they want our support, they need to start supporting us.

4     Don’t just demand transparency – demand less surveillance!

There’s a lot of talk of transparency, particularly in relation to governmental requests for data from the likes go Google, Facebook, Twitter etc. Transparency is great – but it’s not nearly enough. We shouldn’t let ourselves be fobbed off with talk of transparency – we need less surveillance. We need to demand that surveillance is cut back – not just that there is better accountability and transparency. Accountability often ends up in farces like the UK’s Intelligence and Security Committee’s hearing with the heads of MI5, MI6 and GCHQ – no real scrutiny at all, just a bit of lip service and a lot of back-slapping. It’s not enough. Not nearly enough.

5     Join or support civil society

Civil society groups all over the world are key players in this – and they need your support. Here in the UK, the Open Rights Group, Privacy International and Big Brother Watch have been in the forefront of the campaigns against surveillance. In the US the Electronic Frontier Foundation have been crucial. In the Netherlands Bits of Freedom have done wonders. These, however, are not groups with the scale or resources of the governments and corporations that are behind the surveillance – so they need every bit of support they can get.

6     Challenge the media!

The mainstream media, for the most part, have not played the part that they could in the fight against mass surveillance. The Guardian has been an honourable exception – and their role in making sure that the Snowden story has seen the light of day has been, for me, one of the most important pieces of journalism for many years – but generally the whole issue has been the subject of far less attention than it should have had. That’s sadly common – because reporting of almost all technology matters is pretty disappointing. We need to challenge that – and shame the media into doing a better job. When they misreport stories about surveillance they should be challenged – using the social media, for example. And, perhaps even more importantly, when they report on technology without seeing the privacy aspects we should challenge that too. One key example right now is the subject of ‘Smart Meters’ – they have deep problems in relation to privacy, but when you see a report in much of the media it only talks of the advantages, not the risks. That’s not good enough.

7     Educate yourself

Part of the reason that surveillance has grown, almost without our noticing, is that far too many of us – and I’m certainly one of them – have not kept ourselves up to date. This year is supposed to be the ‘Year of Code’ – and though that campaign is pretty farcical it does highlight the fact that most of us don’t really know how the tech we use works. If we don’t know how it works, it’ll be much harder for us to protect ourselves. I’m making a commitment right now that I’m going to learn cryptography – and that I’m going to use it.

8     Use and support privacy friendly tech

That brings the next point. There are a lot of privacy-friendly tools out there and we should use them. Search with duckduckgo or startpage rather than Google. Use Ghostery or Abine’s DoNotTrackMe to monitor or block those who are tracking you – remembering that commercial trackers can be hijacked by the authorities. These are just a few of the tools available – and there are more coming all the time – but they need to be used in order to succeed. They need support if they are to grow.

9     Keep your eye on the news

There are more stories about surveillance and other invasions of privacy appearing all the time – keep your eye on the news for them, and let other people know about them. It’s hard to keep up, but don’t give up. Don’t expect to know everything, but if we don’t keep up with the news we aren’t going to be in a position to fight. Information is power – which is a great deal of what surveillance is about. We need to be informed in order to fight back

10     Make sure the fightback isn’t just for a day

This is the most important thing of all. Campaigns for one day are pretty meaningless – and the authorities will generally let them ride, possibly with a few little comments but almost no action. Political pronouncement and political action needs long-term campaigning. Shifts in attitudes don’t happen in a day – so we need to keep this campaign going…. and expect it to be a long, attritional fight. It won’t be easy – but it’s worth it.