FIPR - Welcome

foundation for information policy research

Welcome

The Foundation for Information Policy Research is an independent body that studies the interaction between information technology and society. Its goal is to identify technical developments with significant social impact, commission and undertake research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe.

Hot topics: [Surveillance][Copyright][e-democracy][Health privacy]

Announcements

Surveillance, the Database State, Online Crime ... What Next?

27 May 2008

The Foundation for Information Policy Research was set up in May 1998 to bring together engineers, lawyers, economists, policy people and others who are interested in the interaction between technology and society. It has become the UK's leading Internet policy think tank.

On May 27th 2008 we will be celebrating our tenth birthday with a conference at the JZ Young Lecture Theatre, University College London, from 2:00 -- 5:30pm, followed by a reception. The first two sessions will discuss the big information policy challenges of the last ten years, while the third may attempt some crystal ball gazing. Admission is free to the public, but space is limited: registration details are here.

Home Office Guidance "misleading"

23 April 2008

The Foundation for Information Policy Research (FIPR) has written to the Home Office, asking them to withdraw their incomplete and misleading guidance on the controversial behavioural advertising system developed by Phorm Inc.

FIPR's has published its own legal analysis of the Phorm system, which show that the operation of Phorm's systems involves illegal interception of communications, fraud, and unlawful processing of sensitive personal data.

Read the letter, and the Press Release.

Continuing concerns about Phorm

6 April 2008

The Foundation for Information Policy Research (FIPR) has responded to the Information Commissioner's Office (ICO) recent statement on the controversial behavioural advertising system developed by Phorm Inc.

The ICO has acknowledged that there was "considerable public concern" about the user profiling system, but their statement appeared to give the go-ahead for upcoming trials of the system by BT, the country's largest Internet Service Provider.

FIPR has reiterated its opinion that the Phorm system involves illegal interception, and sincerely hopes that the Information Commissioner will reconsider what appears to be a green light for lawbreaking.

Read the full press release here.

Open Letter to the Information Commissioner on the legality of Phorm's advertising system

17 March 2008

FIPR has today released the text of an open letter to Richard Thomas, the Information Commissioner (IC) on the legality of Phorm Inc's proposal to provide targeted advertising by snooping on Internet users' web browsing.

The controversial Phorm system is to be deployed by three of Britain's largest ISPs, BT, Talk Talk and Virgin Media. However, in FIPR's view the system will be processing data illegally.

Read the letter, and the Press Release.

Submission to Thomas/Walport Data Sharing Review

15 February 2008

FIPR has submitted a response to the Data Sharing Review being conducted by Richard Thomas and Dr Mark Walport

FIPR does not accept the apparent assumptions of this review. We do not agree that data sharing is simply a matter of utilitarian tradeoffs, supervised by national governments. Privacy is founded in human rights -- specifically in the European Convention on Human Rights, as refined in the Data Protection Directive and imported into UK law by the Human Rights Act. The Government of the day cannot extinguish these rights short of withdrawing from the ECHR, repealing the Human Rights Act, and quite possibly withdrawing from the European Union. Britain is going out on a limb by sharing data between public-sector databases far beyond the limits of what other European countries consider acceptable or even useful.

Read the full response here.

Submission to consultation on the National Payments Plan

4 February 2008

The UK Payments Council have set out a National Payments Plan as a strategic vision for the UK payments industry. FIPR's view is that the protection that bank customers enjoy against fraud and error is being eroded; there are growing problems with payment system security and resilience -- and these two issues are linked.

When payment service providers are able to externalise fraud risks by transferring them to customers, the incentives to protect systems properly are undermined. Further complications include the breakdown of the system of evaluation and accreditation of security systems. The problems extend from card payments to online financial services, and affect not just retail customers but also SMEs.

This is an example of regulatory failure. Payment service providers act in what they perceive to be their own best interests by minimising liability for transaction disputes, However the global result is far from socially optimal. Card fraud is rising; customer complaints are rising; consumer confidence is being eroded; and ultimately the UK will become a less attractive place to do business.

FIPR is concerned that the National Payments Plan, as outlined in the consultation document, will make matters worse. Read the full reponse here.

Submission to the Hunt Review of the Financial Ombudsman Service

16 January 2008

The Hunt Review of the Financial Ombudsman Service (FOS) is the latest three-yearly review of the FOS, looking particularly at the quality and effectiveness of its engagement with the public and industry. FIPR believes that the service is "quite unsatisfactory" and the decisions made are "an affront to reason and justice".

The particular problem that FIPR has concentrated on is the handling of disputes about cash machine (ATM) withdrawals -- in a number of cases the Ombudsman has been accepting at face value secondary and inaccurate evidence (provided by the banks) and applying the doctrine "bank systems are secure", before finding against the customers. In a world in which criminals attach skimmers to ATMs, or rig chip and pin terminals to capture transaction information, this shows "ignorance of technical detail". When combined with "defective" legal reasoning about the burden of proof, this creates an "unsustainable system".

The full version of the FIPR submission including (with permission) case papers from the case of Donald and Hazel Reddell, can be read here.

The Government misses the point on Poynter

17 December 2007

The Government's response to the interim Poynter report shows that they just don't understand what has gone wrong. Their refusal to abandon the headlong rush towards Transformational Government -- the enormous centralised databases being built to regulate every walk of life -- is not just pig-headed but profoundly mistaken.

Read the full press release here.

Evidence submitted to the House of Commons Select Committee on Health

25 April 2007

FIPR has submitted evidence to Select Committee on Health Inquiry into the Electronic Patient Record. FIPR believes that electronic medical records already bring many benefits, via faster communications, better record availability, and reduced errors. However, the Committee is warned not to confuse these benefits with the centralisation agenda.

"Centralisation is principally about power and control in the management of the health service. It is driven by the conflict between administrative convenience and professional autonomy. The Department seeks to resolve this conflict by controlling all information systems. The inevitable side-effects -- mediocre systems and the destruction of patient privacy -- would be severe. Patient trust in the medical profession will be undermined, and the Department would be vulnerable to challenges under European law. However, the strategy is not working, and is not likely to. It is time for it to be abandoned, and for CfH to return to providing the standards and infrastructure for interoperable systems, as its equivalents do elsewhere."

The evidence is available here, on Parliament's web pages.

Response to the e-Government Framework for Information Assurance

14 March 2007

FIPR has responded to the UK Government's recent consulation on its e-Government Framework for Information Assurance.

There are four things seriously wrong with this Framework: an obsolete model of online threats, a failure to treat harm to government employees on the same basis as harm to other citizens, a failure to draw a clear distinction between identity and authority, and a security policy model that is often inappropriate.

Read the full response here.

IT systems designed to protect kids will put them at risk instead

22 November 2006

New government policies designed to safeguard children could put them at increased risk by diverting resources and creating a surveillance culture where parents are sidelined, according to a report produced by FIPR and published today by the Information Commissioner.

The report, "Children's Databases: Safety and Privacy", analyses the databases being built to collate information on children in education, youth justice, health, social work and elsewhere. These systems are linking up through the new Information Sharing Index.

Read the full press release and the report itself (PDF format).

Opting out of the Central NHS Database

3 November 2006

The Guardian ran major stories on Wednesday and Thursday on how the government is trying to centralise the nation's medical records. As an example of the harm that thoughtless centralisation can do, read the story of Helen Wilkinson who was falsely labelled as an alcoholic by existing central systems. FIPR has since last year encouraged patients to refuse consent to the uploading of your records; a similar opt-out campaign in Iceland derailed a similar plan to centralise everything there.

In June 2005, FIPR developed an opt-out letter to send to the Secretary of State. People who sent this off have been fobbed off. We now recommend that you opt out via your GP. Ask your GP to enter into your record the code 93C3 ("refused consent for upload to national shared electronic record"). You can also ask for your address and phone number to be kept off the NHS internal directory, and for your hospital records also to not be uploaded to central systems: see here for details. We encourage you to opt out even if you have nothing to hide; if only people who do have something embarrassing in their records opt out, then doing so will carry a stigma.

Response to Select Committee Inquiry into 'Personal Internet Security'

23 October 2006

The House of Lords Select Committee on Science and Technology are holding an inquiry into 'Personal Internet Security'. You can read FIPR's written evidence, which suggests that misaligned incentives are the underlying cause of the harms that can occur when using the Internet. The Government cannot micromanage the information security business, most of which is in any case outside the UK. What it can do, and should do, is to ensure that people and companies have the necessary incentives to take responsibility for the consequences of their actions, online as well as offline.

Response to Home Office Consultation on 'New Powers Against Organised and Financial Crime'

17 October 2006

The FIPR response to the Home Office consultation on 'New Powers Against Organised and Financial Crime' is generally critical of the proposals. The consultation seems to view consent to data sharing to be irrelevant, which is wrong as a matter of Data Protection Law and Human Rights Law. The mechanisms proposed for dealing with problems such as 'phishing' websites are opaque, allocate legal risks incorrectly, will erode consumer confidence and deepen the digital divide. The surrogate offences put forward for those who encourage or assist crime are bad policy, and the proposals to 'take away the computers' of criminals will be of limited impact. Finally, FIPR strongly advises against pursuing ideas requiring client services to be suspended without making those clients suspicious.

Read the full reponse here

Responses to Home Office Consultations on the RIP Act 2000

1 September 2006

The FIPR responses to the two Home Office consultations relating to the Regulation of Investigatory Powers Act 2000 have now been submitted.

The response on the Code of Practice for accessing communications data under RIP s22 makes a number of detailed criticisms of what is in the Code of Practice, and what -- such as a requirement to ensure that misuse of powers is appropriately punished -- is entirely missing. You can read the response here.

The second consultation was on bringing Part III into force -- permitting Law Enforcement to request encrypted material be put into an "intelligible form" and, sometimes, requiring that encryption keys be handed over. The response here is far simpler -- we do not believe it should be activated at all! and if ministers are determined to be seen to be "doing something" by activating Part III, they should not mandate access to keys. You can read our reasoning here.

Scrambling for Safety 8

14 August 2006

'Scrambling for Safety 8' is an open meeting on the current Home Office consultations relating to the Regulation of Investigatory Powers Act 2000. One consultation is on the Code of Practice for accessing communications data under RIP s22 and the other is on bringing Part III into force -- permitting Law Enforcement to request encrypted material be put into an "intelligible form" and, sometimes, requiring that encryption keys be handed over. A number of FIPR Advisory Council members will be speaking.

Full details of this free event (including the speaker presentations) are here.

FIPR supports WEIS, PET & WOTE

June 2006

FIPR is providing sponsorship and assistance to the Fifth Workshop on the Economics of Information Security (WEIS 2006), the Sixth Workshop on Privacy Enhancing Technologies (PET 2006) and the IAVoSS Workshop On Trustworthy Elections (WOTE 2006). These academic conferences all run in the week of 26--30 June at Robinson College, Cambridge.

FIPR evidence to the Gowers Inquiry

27 April 2006

FIPR has submitted evidence to the Gowers Review of Intellectual Property. FIPR's view is that the balance between rightsholders' interests and the public domain has swung too far towards the rightsholders. This is hampering innovation and growth in a number of ways.... read more.

FIPR evidence to the Home Affairs Select Committee

14 February 2006

FIPR will be giving oral evidence today to the Home Affairs Select Committee inquiry into Terrorism Detention Powers. The Home Affairs Committee Press Release gives details and provides links to other material on the inquiry.

FIPR's written evidence is available online; FIPR does not believe there is a sound technological argument for increasing detention time limits -- what is necessary instead is for the police to be funded (and adopt the necessary cultural changes) to get abreast of the opportunities that digital evidence provides.

FIPR evidence to the APIG Inquiry into DRM

13 January 2006

The All Party Internet Group (APIG) is holding an inquiry into Digital Rights Management. FIPR has submitted evidence to the inquiry. The FIPR/EDRI copyright report which is cited can also be found at http://www.edri.org/campaigns/copyright.

Drop IPR Enforcement Directive, says FIPR

26 September 2005

IPRED2, the second "Intellectual Property" Rights Enforcement Directive, mandates the following:

"Member States shall ensure that all intentional infringements of an intellectual property right on a commercial scale, and attempting, aiding or abetting and inciting such infringements, are treated as criminal offences."
(Article 3. Page 6 of the dossier: com(2005)276)

There are many reasons why this is a bad idea.

See also the Press Release, 4 October 2005

NHS data sharing opt-out letter

29 June 2005

The NHS is storing more and more of your personal health information centrally. However you now have the right to opt out, and ensure that your medical records are only available to your GP and to any hospital doctors who may treat you. FIPR has been involved in drafting a letter you can use to exercise your right to health privacy, while ensuring that your doctors can continue to look after you.

The letter is available in PDF format and as a Word document. Print it out, fill in your details, sign it and post it off to Whitehall. You should also give a copy to your GP or, in the case of a hospital, its Medical Director. Medical privacy has been a long-running FIPR campaign; health minister Caroline Flint finally acknowledged your opt-out right in Parliament on the 16th June 2005.

The Crypto Wars are Over!

25 May 2005

The "Crypto Wars" are finally over -- and we've won! Read our press release as the sunset clause in the Electronic Communications Act removes the last vestiges of Government control over cryptography from the statute book.

Response to OFCOM Spectrum Framework Review Consulation

15 February 2005

FIPR, along with a number of other organisations, has signed the Consultation Response produced by OpenSpectrumUK, an ad hoc coalition of non-profit organisations engaged in community wireless networking and the promotion of license-free access to the public airwaves.

Response to Copyright Consultation

1 November 2004

As a direct result of the workshop that FIPR recently organised on Copyright in Europe, FIPR was able to develop a response to the European Commission consultation on the review of copyright law. This response was then endorsed by 20 other organisations under the banner of EDRI (European Digital Rights) and has now been jointly submitted to the Commission.

The response effectively sets out an agenda for NGO activity on copyright issues in Europe for the next five years and is therefore of considerable significance.

Further information is available on the EDRI site, along with the text of the response itself (and the list of supporting organisations). The text is also available as a PDF and translated into Italian.

Workshop: Copyright in Europe

9-10 October 2004

The Foundation for Information Policy Research (FIPR) will host a European workshop on the consultation currently being run by the European Commission on the EU legal framework in the field of copyright and related rights (whose deadline is at the end of October).

This workshop is supported by the OSI IPR and Public Domain Program.

This is an opportunity to discuss our responses with consumer and user interest groups, academics and other European partners in an open, informal forum. Participants from the new EU member states are especially welcome. Please forward this message as appropriate.

As well as discussing the issues in the Commission Staff Working Paper, we have an opportunity to put forward our own vision of the future. Topics might include the repeal of the Database Directive, DRM and competition policy, the relationship between contract and copyright, compulsory licensing, a fruit-of-the-poisoned-tree clause, the reform of collecting societies, the term of protection, and a campaign for a Digital Rights Directive.

The seminar will take place in Cambridge, UK on 9-10 October 2004. An agenda and further information is now available -- click here.

NB: Thanks to the generosity of our sponsors, attendance at the Conference is FREE.

EU pushes for more expensive electronics

21 September 2004

The European Commission was criticised today by the Foundation for Information Policy Research (FIPR) for making a great flourish of liberalising the market in car components, such as exhausts and door panels, while quietly pushing for law changes that will make the more expensive electronic accessories pricier still.

FIPR's views were expressed in a response to an EU consultation on rights-management technology, which is available in full online at: http://www.fipr.org/copyright/ipr-consult.html
and the full press release is here.

Mistaken Identity: public meeting on ID card proposals

4 May 2004

The government has introduced draft legislation for a national identity card. The card system will cost at least £3 billion and is likely to become an essential part of life for everyone residing in the UK. If the draft legislation is accepted by Parliament, everyone will be required to register for a card. Biometric scans of the face, fingers and eye will be taken. Personal details will be stored in a central database. A unique number will be issued that will become the basis for the matching of computer systems.

Join us at this free public meeting to hear from key figures in the fields of law, politics, security, technology and human rights. Decide for yourself whether this is a plan that should be supported.

ID card scheme an expensive flop

26 April 2004

The Home Office has today published plans for a compulsory national ID card scheme. Its 120-page consultation document again contains no evidence that the scheme will help prevent terrorism or illegal immigration. But it is full of evidence that the scheme will cost many billions of pounds that might be better spent on targeted investigations by the intelligence agencies and police.

Ian Brown, Director of FIPR, commented: "It is unfortunate that the Home Office is fixated on ID cards when there are many more workable measures that could be taken to fight terrorism. We can only hope that the Cabinet members that have opposed these plans take this last opportunity to stop this legislation going forward."

IPR enforcement directive improved, but could be better

9 March 2004

The European Parliament has today passed an improved but still problematic version of the Intellectual Property Rights enforcement directive. FIPR has been producing briefings and analyses of the directive for MEPs and other interested groups since last summer, and is pleased that some of its concerns have been taken on board. The problematic section on Technical Protection Measures, which have caused controversy in related US and EU legislation, has been removed from the final legislation. Criminal sanctions have also been deleted. But the scope of other parts of the Directive have unfortunately been widened to cover non-commercial infringement.

FIPR will continue to monitor the progress of the Directive as it is implemented into Member State laws. You can read our briefing for EDRi on remaining problems with the Directive, along with our press archive.

FIPR responds to medical privacy consultation

30 January 2004

In a response to a NHS consultation, FIPR has commented that the NHS must desist from centralising all personal health information, leave the information in the hands of its natural custodians (the general practices, hospitals or other carers), redesign payment systems so that settlement occurs locally, and delete transient administrative data (such as payment details) promptly. The guiding principles for regulation in this field must be ethical, and founded on informed consent. They should be enunciated clearly and in public, and applied in a consistent and joined-up way across health research and administration, so that the law continues to uphold the principle of patient consent...

FIPR gives evidence on ID cards to Home Affairs Committee

8 January 2004

In written and oral evidence to the Home Affairs Committee hearings on ID cards, FIPR has commented that the Home Office proposals seek to create an authentication token with the flexibility of a Swiss Army Knife. But a Swiss Army Knife is not a very good knife, nor a very good screwdriver, nor a very good corkscrew. If a tool is going to be used at all often, it is best to have one designed for the job. A one-card-fits-all solution to all authentication and fraud prevention problems across many public and private services is likely to be second-best for all of them, as well as more expensive... We therefore urge the Committee to advise the Home Secretary to either abandon the proposed scheme, or come back with a modified proposal that focuses exclusively on identity cards, that has a clear specification, whose benefits are shown to be achievable on a preponderance of all the empirical evidence. Finally, these benefits must show that ID cards are a better use of Home Office funds than an equivalent increase in the police budget.

FIPR calls for "spychip" moratorium

20 November 2003

FIPR and over 30 other European and US consumer, privacy, and civil liberties organizations have endorsed a position statement on the deployment and uses of RFID tags. These tiny devices can be embedded in all kinds of consumer products and scanned from 5-10 feet away, revealing information about the product and potentially other information about the product owner. We are calling for a voluntary moratorium on RFID tagging of consumer items until a formal technology assessment process involving all stakeholders, including consumers, can take place.

New campaign calls for safe e-voting

4 November 2003

A coalition of technical, legal and political experts including FIPR has today launched a campaign to ensure that electronic voting can be trusted by voters and politicians across Europe. You can sign-up to our campaign and and get more information from our e-democracy pages.

"Electronic life records" must support not attack human rights

30 October 2003

FIPR has called on the government to ensure that a new electronic database of life events — births, marriages, deaths etc. — supports rather than reduces privacy and liberty. Read our response to the Office of National Statistics' consultation on these plans...

New FIPR report finds problems with EU copyright law

8 September 2003

European citizens could find many common activities banned as the EU Copyright Directive becomes law, a new FIPR report reveals. Transferring songs from a copy-protected CD to a Walkman or computer could be illegal, as could watching a DVD on a computer running Linux.

"Implementing the EU Copyright Directive", published today, reports on legal developments across the EU as member states change their laws to comply with the Directive...

NHS Systems Fail to Protect Patient Confidentiality

5 February 2003

FIPR has called for much greater privacy protection for patients' medical information in a response to a National Health Service (NHS) consultation.

Current NHS strategy is focused on creating a central electronic patient record. There is already a "clearing" database that records payments made for all hospital treatment, along with the names and addresses of patients. Other medical databases available to ministers and civil servants contain enough information to identify the vast majority of the patients. FIPR believes that making this information available to so many NHS administrators and civil servants is unethical and will lead to growing abuse.