Friday, 23 March 2012

OMG! My personal data’s just been breached by the ORG!

I’m not making this up. I wish I were but, let’s face it, it happens to everyone.

I was quite looking forward to attending the Open Rights Group’s conference in Central London tomorrow. Now, I’m really looking forward to the event.


Because I know who else will be there.

Yes, early this morning, some overworked conference organiser sent me an email reminding me about tomorrow, and carelessly circulated my email details to everyone by using a .cc list, rather than a .bcc list. So now I have the email addresses of at least 145 people who may be attending. One minute later, at 3.18am, the sender realised that a mistake had been made, and a full apology was offered to all.

No harm done. Not to me, anyway. Some of the email addresses are quite revealing, though, It shows just what a great sense of humour a number of the people attending the event evidently have, if they have registered those domain names to themselves. No, I’m not going to be giving any names - or domain names away. That would be naughty. Great fun, but a bit naughty.

Anyway, if you are free, I hope to see you there. According to the conference blurb, you’ll get a chance catch up with everything digital rights related, while meeting the brilliant minds of Lawrence Lessig, Cory Doctorow, Wendy Seltzer, Ross Anderson, Tom Lowenthal and many more. From the government snooping on your data to default internet blocking and monitoring to the corporate capture of state and democratic institutions –the ORG will be covering vast regions of the digital rights sphere. And there may even be a competition or two!

Ironically they’ll be a session on the current campaign to: “Stop the government snooping on every email and Facebook message”. Signatures are being requested for an e-petition to explain to David Cameron, Nick Clegg and Theresa May: "I do not want the government to try to intercept every UK email, facebook account and online communication. It would be pointless – as it will be easy for criminals to encrypt and evade – and expensive. It would also be illegal: mass surveillance would be a breach of our fundamental right to privacy. Please cancel the Communications Capabilities Development Plan."

It is explained to me that, by becoming an ORG member, my personal data is safe. Paragraph 3 of its privacy policy explains that: “We shall never voluntarily share your information with a third party for their own use, and will fight to the degree that we are able any legal or government action that attempts to obtain such data. We will keep a public list of any third party service providers that we use to further our stated purposes. Supporters will be given 14 days notice before any changes to this list.”

And paragraph 4 goes on to explain that: “We will not transfer any information that we hold on you to anyone outside the European Economic Area. Unless there is an equivalent data protection regime, as provided for example by the US Safe Harbour agreement.”

So that’s all right then. I can trust them with my personal data, then. I just hope they don’t exact too cruel a punishment from the poor conference organiser who fouled up so early this morning.

A more appropriate punishment that a savage kicking, I think, would be for the miscreant to offer to donate £20 to the drinks kitty when the most loyal of the ORG members gather for a celebratory pizza after the conference, tomorrow night.