The security and privacy advice comparison website Comparitech.com is encouraging people that feel helpless in the wake of the Investigatory Powers Act to make their privacy concerns heard this Data Privacy Day on the 28th of January. The Act is supposed to protect national security; however, recent FOI requests reveal that it has been used to secretly spy on UK residents as reported in the Guardian bringing into question its abuse.
Over the course of last year, the UK government made it legal for the “interception of communications, equipment interference and the acquisition and retention of communications data, bulk personal datasets and other information”. This means that communications companies will store the records of websites visited by every customer for 12 months, making them accessible to police, security services and other public bodies with a warrant. The act applies to all UK residents, except it seems politicians – where any warrants to access their information will need the extra layer of the Prime Minister’s approval.
Lee Munson, security researcher at Comapritech.com says that “businesses of all sizes are obligated to look after the personal information under their control, but we have seen countless cases including TalkTalk, where this information has been breached. Now, with the government requiring communications companies to store more than just personal identifying information – information that points to habits, likes/dislikes and internet browsing history – privacy for UK citizens is eroding very quickly. If there are ways for the ‘good’ guys to access this information at will, you can bet the bad guys aren’t far behind. People have the right to know what information is being stored on them and what steps are being used to secure that information.”
The best ways for the public to take back some power over privacy:
- Send a subject access request under the Data Protection Act to your Internet Service Provider (ISP) or phone company to ask them to provide you with the data that is being stored on you and which government departments have had access to it.
- Sign the petition to repeal the Law, then
- Write a letter to your MP expressing your wish for repeal of the law that was branded unconstitutional by the European Court of Justice. Ask your MP if s/he thinks it is right that s/he is exempt from the law while the rest of the public faces this attack on privacy.
- Make sure you use a Virtual Private Network (VPN) to protect your privacy online. Pick a VPN that isn’t based in the UK, doesn’t keep log files and scores highly for privacy.
Comparitech.com surmises that if thousands of people submit requests and make their concerns tangible, then it will force the government to look more closely at the issue to protect its citizens not only from the threats of acts of terror, but from cybercriminals or nation state actors that might exploit their information.
Data Privacy Day is held every 28th of January and is an international effort to encourage Internet users to consider the privacy implications of their online actions and encourage prioritizing data protection in all corporate fields.
“The hope is that, with enough people showing concern for their privacy, the government will have to consider it. It’s not just about names on a list that can be easily ignored – these requests will require action,” said Munson.
Comparitech.com has submitted its own Freedom of Information request to the government which will be made available when the answers are forthcoming.
The full blog post with details of how to submit a subject access request and a sample letter to an MP, please see the blog.