A new YouGov poll commissioned by the Open Rights Group provides a response to Government proposals to force ISPs to disconnect suspected illegal downloaders.   Nearly 70% of those surveyed said someone suspected of illegal downloading should have a right to a trial in court before any restrictions on internet use were imposed.

Sion Simon, the minister for the internet, insists that disconnection is a last resort.   The growing backlash from internet users, camnpaign groups and now an all-party Parliamentary motion urging a rethink of the policy.   Barely 16% of respondents to the YouGov survey supported automatic curbs based on accusations by copyright holders such as musicians.

The core complains from ISPs is that the proposals require them to bear the costs of protecting a third party’s rights, namely the rights of the copyright holder.   In a context where illegal filesharers can avoid detection by encrypting traffic, or by hijacking someone else’s IP address or Wi-Fi network you can imagine the nighmare involved in policing the proposals.

In other results from the survey, 73% of respondents said they would find their ability to use vital commercial services, such as shopping and banking, completely disrupted or fairly harmed if they were disconnected.  

Last week’s inquiry into the issue of file sharing by the all-party Parliamentary communications group concluded:

“much of the problem with illegal sharing of copyrighted material has been caused by the rightsholders, and the music industry in particular, being far too slow in getting their act together and making popular legal alternatives available . . . . We do not believe that disconnecting end users is in the slightest bit consistent with policies that attempt to promote eGovernment, and we recommend that this approach to dealing with illegal filesharing should not be further considered.”

Ministers continue to stress that requiring Ofcom to demand ISPs take technical measures against people who repeatedly ignore the law, such as capping broadband speed or filesize, is a last resort.

• File Sharing: The Risks
• Music for life – get 50 free downloads

108 people have been prosecuted under UK hacking laws between 2003 and 2007.   Of these, sixty-one were convicted.   This is equivalent to a 56% conviction rate.

A junior minister at the Ministry of Justice, in a written response to a question from Cardiff Lib Dem MP Jennifer Willott, reported the number of successful prosecutions under the Computer Misuse Act.  

Section One, the least serious category, includes simple attacks like unauthorised access to a computer.   Section Two offences cover computer hacking.   Section three offences cover more serious issues like the creation of computer viruses and the instigation of denial of service attacks which can impair the operation of computers and website servers.

The figures only cover prosecutions where computer hacking offences were the principal offence being considered by the courts.   That is, those cases most likely to lead to the toughest punishment upon conviction.   Figures from both magistrate and crown court prosecutions are included in the figures.

The written answer on CMA prosecutions was made available online on Tuesday (22 September) by Hansard, the Parliamentary record of proceedings.

The 118800 service we and other media outlets reported on a fortnight ago still seems to be out of action.   The whole issue raises privacy and regulatory issues which, as digital citizens, we should all take up with the Information Commissioners Office and OFCOM.   The power is in your hands.

How it works: The 118800 service wasn’t designed to give out mobile numbers.   It works by contacting the requested party and letting them know the ‘requesting party’ is looking for them and asking if they wish to speak with/contact them.   This is enabled by text or a connecting call after the verification call completes.  

The company has provided a facility so people can op-out and become ex-directory . . . . except demand has clearly overtaken them and numbers now have to be emailed to them in order to prevent being contactable.   Nearly three weeks after going public the site is still down due to excessive demand.

The issues: This directory enquiry (call completion) service sits outside the regulatory framework for directories and directory enquiry services in the UK, which in turn fall under the remit of OFCOM.

OFCOM has established a national directory database managed by BT, called OSIS.  OSIS is the official database and also contains ex-directory numbers.

All 118 providers offering telephone numbers are entitled to access OSIS or receive the information from OSIS subject to the regulatory framework required by OFCOM.

Mobile operators pass subscriber information to OSIS under obligation but only where a customer has specifically requested that they want an entry in a directory or directory enquiry service.  

The 118800 service does not fall under any definitions of a directory enquiry service subject to the regulatory framework described above.   The company is not entitled to access OSIS data or receive data from OSIS or the mobile operators.   The 118800 service is a purely private system.

How many databases should you need opt-out of to become ex-directory?   Surely once is enough!

The 15 million names, addresses and numbers obtained from third parties are subject to two legal constraints:
 
Data Protection Act 1998 – the DPA.   Under the DPA those collecting your data need to make you aware in a clear manner of the intention to place your details in a directory service and the purposes of that directory and of any disclosures of your data.   You are entitled to make an informed decision whether you wish to be in the directory or not.   In short, your consent is required; an opt-in.   Neither 118800 or the company that collected your data has any legal obligation to process your data in this way.

Regulation 18 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 – the PECRs. Reg 18 states: The personal data of an individual subscriber shall not be included in a directory unless that subscriber has, free of charge, been -

(a) informed by the collector of the personal data of the purposes of the directory in which his personal data are to be included, and

(b) given the opportunity to determine whether such of his personal data as are considered relevant by the producer of the directory should be included in the directory.

In short, the party collecting your data should have told you about the 118800 service and given you the clear opportunity to agree – either by an opt-in box or by an opt-out box.

All 118 services are regulated by PhonePayPlus which is an agency of OFCOM, the telecoms and media regulator.   PhonePayPlus regulates services by a Code of Practice – the Code.   The 118800 service is incompatible with the Code which

(a) defines telephone directories as ones that supply phone numbers

(b) requires companies providing call completion services to disclose telephone numbers to persons who demand a number and

(c) requires that services must not or must not be likely to result in any unreasonable invasion of privacy.

• Opt-in consent has not been sought from any person in the 118800 directory
• Individuals listed in the directory without their knowledge or agreement will consider contact via the call completion service to amount to an unreasonable invasion of their privacy
• Those who consider they are already ex-directory under the official national OSIS database are not so as far as 118800 is concerned

If you are concerned: Ask 118800 to verify what data they have on you free of charge by emailing 118800 (the email address is in their privacy policy at 118800.co.uk)  

Points of Redress
Raise your concerns or complain directly to the Information Commissioners Office (ico.gov.uk)
Approach OFCOM with your concerns (ofcom.org.uk)
Contact PhonePayPayPlus too if you feel the need (phonepayplus.org.uk)

118800, or rather their legal representatves have been in touch with us. We are happy to offer a right of reply via this update (03/08/09 –  18.30pm). The content that follows is supplied by 118800’s owners, Connectivity, via their lawyers, Field Fisher Waterhouse LLP.
1.                  Privacy by design

You briefly refer to the 118800 service and how it works, but what you fail to point out is that 118800 is a leading example of “privacy by design”; in other words, a business model that has been developed to address the privacy and data protection issues affecting it. In case you are unaware of it, “privacy by design” is an initiative that is being championed by progressive regulators like the Canadian privacy commissioner and the UK Information Commissioner. 118800’s functionality has been specifically designed with privacy rights in mind and that is the reason why the numbers are not given out.

2.                  Regulatory framework

You state that 118800 ‘sits outside the regulatory framework for directories and directory enquiry services in the UK’.  This is factually incorrect. The 118800 service is regulated by the Information Commissioner, OFCOM and PhonePay Plus (previously ICTIS) and Connectivity has engaged with all of them since well before it started operating. Three years ago, Connectivity carried out a privacy impact assessment and sought advice from the Information Commissioner’s Office (“ICO”) to ensure that 118800 was both legally compliant and privacy-friendly.

3.                  118 800 does qualify as a directory enquiry service

PhonepayPlus and the ICO have both confirmed that 118800 qualifies as a directory enquiry service.

4.         Inaccuracies in your assertions about data collection and use

·                     Contrary to the implication of your article, UK law does not state that mobile operators must pass subscriber information “only where a customer has specifically requested that they want an entry in a directory or directory enquiry service”.  The law states that mobile operators are subject to data protection legislation that says that customers must be given the opportunity to determine which of their data may be included in the directory.  The ICO interprets this as the right to opt-out of being in a directory – so prior opt-in consent is, in fact, not the default legal position.

·                     Connectivity is indeed entitled to access OSIS data and receive data from OSIS or the mobile operators, subject to the data protection requirements mentioned above.

·                     There is nothing in the Data Protection Act that says that opt in consent is required to collect and use people’s data.  This is a massive misconception. There are a number of legal grounds that justify the collection and use of personal information beyond consent.

·                     In the context of directory enquiry services, the Privacy and Electronic Communications Regulations are very specific in this area and require both informing individuals and giving them the opportunity to say whether they are happy to be in the directory, which is exactly what happens when someone’s number is requested through 118800.

In summary, at all times during the provision of the 118800 service, privacy is paramount, and Connectivity is continuing to work and liaise with the regulators to ensure that 118800 follows the legal requirements and delivers a privacy-friendly and quality service to its customers.

Spotify, the streaming music service, announced a music download service for £120 a year (in iTunes terms that’s a touch more than 150 tracks).   It is likely that you will need to be a Premium member to use the Spotify iPhone/iPod Touch native client which is on the cusp of release, pending Apple approval.

The iPhone version of Spotify eschews the streaming model.   Users acquire music as with any proprietary music download player.   Songs will be pulled from the Spotify desktop client encrypted cache and synced to a mobile player.   The music remains within the Spotify properietary system.  

As yet, there is no indication that you will be able to sideload an extracted MP3 file from Spotify Premium to another device.   So, it’s DRM of a sort.   In that regard the new Spotify model is comparable to Virgin’s upcoming ISP download service.

Spotify are clearly in search of a viable revenue stream, and this may be its best hope.   The current ad funded ‘free’ streaming model plays ads to users every three tracks or so and to date seems to net them about 15pence per user, per month; hardly enought to cover the cost of royalties.

In the Times today the Prime Minster, Gordon Brown, writes that “a fast internet connection is now seen by most of the public as an essential service, as indispensable as electricity, gas and water.”

BT recently proposed connecting 10 million homes to fibre-optic.   Virgin Media retaliated with an offer to connect 12.5 million homes to fibre optic.   What was missed in the furore was that both companies are targeting the same homes in prosperous urban areas.   It’s far from ideal. The core issues is that many homes will still be without access to Broadband.

We are running a series of surveys on matters digital. We freely declare an interest in this; as an ISP all things digital are of understandable interest to us.

Early results from over 2,400 respondents to our survey show that the UK public rates Digital Literacy & Skills of most importance to the future success of the UK economy and are least concerned about the Elimination of P2P Piracy.

72% rate Digital Literacy & Skills as vitally or very important to the future of our economy while only 32% thought that the Elimination of P2P Piracy was vitally or very important. In fact 43% said that Elimination of P2P Piracy was hardly or not important at all.

Equal second to Literacy & Skills to respondents of our survey was Broadband in Every Home and Broadband Access for Every Child & Student in the UK. 70% thought Broadband access for all was vital or very important. Higher Broadband Speeds (50-100Mb) followed closely with 68%.

On proposals for a Digital Rights Agency, 47% said it was a good idea, 53% said it was a bad idea or didn’t care. However when asked who should fund a Digital Rights Agency, just 5% said it should be partly funded by ISPs along with Government and Rights Holders. 57% said a Digital Rights Agency should be funded by Rights Holders alone, while 24% said it was a stupid idea and no one should fund it.

Of Digital Britain’s five main recommendations, upgrading Broadband infrastucture was seen to be the most important issue for 39% of respondents.

The Tiscali Digital Lifestyles & Privacy Survey is ongoing so to add your voice to the views on Digital Britain and the wider issues such as Privacy and Social Networking you can visit www.tiscali.co.uk/members