22 October 2017

UK and US Citizens: Please Request Your Personal Data Held By Cambridge Analytica

By now, many people have probably heard about the company Cambridge Analytica.  By its own admission, it played a major role in the success of Donald Trump.  There are also numerous indications that it was involved in the Brexit campaign.

Because Cambridge Analytica is intimately bound up with the London-based company SCL it is possible to make a subject access request in order to find out what information is held about you.  This applies to both UK and US citizens. 

I therefore urge as many people as possible to ask for that data - it only takes a few minutes, and can be done with a simple letter.  Obtaining this information will help us understand what exactly has been happening. Here's what I have sent; please feel free to use and/or modify it:

SCL Group Ltd
c/o Pkf Littlejohn 2nd Floor,
1 Westferry Circus,
Canary Wharf,
London,
United Kingdom, E14 4HD

22.10.17

Dear Sir,

Subject Access Request

I have read numerous reports in the press that you and/or your subsidiaries in the UK or elsewhere hold data on UK/US voters, which may include information about me.

In accordance with the UK Data Protection Act, I am writing to ask you to supply me with a copy of  the information you hold about me, please.

If there is a fee or you require more information in order to fulfil my request, please let me know.

Thank you for your help.

Yours faithfully,

Glyn Moody

You may also wish to make a contribution to this crowdsourced initiative to dig even deeper.  I've given, FWIW.

The stakes here are incredibly high: it is really no exaggeration to say that our democracy and freedom are at play.  I therefore hope you can spare a few minutes to help shed some light on what has happened here.

31 May 2017

Urgent: Please Write to MEPs to Stop Awful Copyright Proposals


Bad things could happen in the European Parliament next Thursday, when an important committee of MEPs votes on proposals for updating copyright for the digital age:

Today it was revealed that MEP Pascal Arimont from the European People’s Party (EPP) is trying to sabotage the Parliamentary process, going behind the negotiators of the political groups and pushing a text that would make the Commission’s original bad proposal look tame in comparison.

As that post from the Pirate Party MEP, Julia Reda, explains, there is an attempt to make two aspects of the copyright proposals even worse, using procedural tricks. The main threat is the imposition of blanket upload filters, with Internet sites essentially obliged to act as copyright police for everything. 

The other is to introduce a new ancillary copyright for publishers that would mean that they could demand licensing fees for using even tiny snippets from their articles for 50 years after they were published. Both of these would destroy the Internet as we know it.

I therefore urge you to write to all your nation's MEPs on the Internal Market and Consumer Protection (IMCO) Committee. You can find their names and nationalities here with links to pages that have ways of contacting them. Here's what I've sent:

This is just a quick email to ask you not to support Pascal Arimont's proposed amendments to the copyright directive. Leaving aside the general issue that they would undermine the authority and role of the IMCO committee, they would cause huge harm to the Internet in Europe and to EU startups in that field.

The amendments to Article 13 are, despite claims to the contrary, incompatible with recent CJEU rulings, and go against the E-commerce directive that has served the EU so well over the years. The proposals would be costly to impossible to implement, and would see startups flee the EU for more hospitable investment environments.

Similarly, the amendments to Article 11 make a bad idea even worse by extending the duration of ancilllary copyright, and narrowing the exceptions. The experience in both Germany and Spain has demonstrated beyond doubt that publishers will be harmed by such a move, especially smaller ones. The proposed amendments will make the damage to both them and to the Internet itself even more serious.

I therefore urge you to reject all of Pascal Arimont's proposed amendments, and to support Catherine Stihler’s compromise amendments on the copyright file.

18 May 2017

Tell the UK Government: No Backdoors in Crypto

The UK government seems to be pressing ahead with its idiotic plans to backdoor crypto. There is a (secret) consultation on the subject that closes tomorrow - write to investigatorypowers@homeoffice.gsi.gov.uk.  Here's what I've just sent:

I am writing in connection with UK government proposals to force tech companies and Internet providers to create government backdoors to encrypted communications.

Speaking as a journalist who has been writing about every aspect of computer technology for 35 years, and about the Internet for 20 years (https://en.wikipedia.org/wiki/Glyn_Moody), I cannot emphasise too strongly that this would be a very unwise and dangerous move.

There is no such thing as a safe backdoor that is only available to the authorities.  If a weakness is created in a program or service, it can be found be third parties.  That is hard, but not impossible, especially for well-funded state actors.

Even more likely is that details of backdoors will be leaked.  The recent experience of the WannaCry ransomware attack, which is based on an NSA exploit that was leaked earlier, show how devastating this kind of subversion can be.

There is another powerful reason not to force companies operating in the UK to weaken their security.  First, US companies may simply water down protections for UK users, while protecting those in the rest of the world.  Obviously that would leave UK users particularly vulnerable to attack, and make them prime targets.

Secondly, if British companies are forced to provide backdoors in their products, then no government or company elsewhere in the world will use UK software, since there will always be a risk that it contains intentional security flaws.  This is the surest way to sabotage the UK software industry, and to ensure that computer startups are located anywhere but in the UK.

As well as being harmful, moves to weaken the security of encrypted products are also unnecessary.  As recent events have confirmed, terrorists rarely use encryption, and when they do, they make mistakes that allow the security services to access communications.  Indeed, there are many ways to obtain access and information even when encryption is used, as a recent paper explained (https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html).

To summarise, the many and mighty harms caused by weakening encryption vastly outweigh any illusory benefits.  The UK government would be ill-advised to take this route.