Friday 15 January 2016

Trolling Theresa May


The term 'trolling' on the internet was originally derived from the fishing term:-
A drawing of a fishing boat using outriggers to tow multiple trolling linesa method of fishing where one or more fishing lines, baited with lures or bait fish, are drawn through the water. This may be behind a moving boat, or by slowly winding the line in when fishing from a static position, or even sweeping the line from side-to-side, e.g. when fishing from a jetty.
In response to the 'Snooper's Charter' that is currently being steered through the House of Commons at the moment, I thought I'd have a go at trolling the Home Secretary Theresa May using Freedom of Information requests.

My first was this one on 4th November, on the WhatDoTheyKnow.com website, asking for:-
1) The date, time, and recipient of every email sent by the Home Secretary during October 2015.
2) The date, time, and sender of every email received by the Home Secretary during October 2015.
3) The date, time, and recipient of every internet telephony call (e.g. "Skype" call) made by the Home Secretary during October 2015.
4) The date, time, and sender of every internet telephony call (e.g. "Skype" call) received by the Home Secretary during October 2015.
5) The date, time, and domain address of every website visited by the Home Secretary during October 2015.
This was simply a re-write of an earlier request from a Matt Dodd in April 2012 which had asked for 12 months worth of metadata. It had been refused, quite rightly, because it would have cost over £600 to process. I figured asking for one month would have been a little more doable. Although in researching this write-up I note that a request for one day's worth of similar metadata was refused because of the cost back in 2012.

A few days later, on 7th November, a Ryan Elger made a similar request to my own, asking for the same metadata and additionally internet chat metadata.

Time passes, and except for a few boilerplate notifications that the FoI had been recieved, all was quiet. Come 15th December I submitted a new FoI  seeking just the email and web browsing metadata for November.

The very next day, 16th December a response to both of my FoI's was received refusing my requests:-
We have considered your requests and we believe them to be vexatious. Section 14(1) of the Act provides that the Home Office is not obliged to comply with a request for information of this nature. We have decided that your request is vexatious because it places an unreasonable burden on the department, because it has adopted a scattergun approach and seems solely designed for the purpose of ‘fishing’ for information without any idea of what might be revealed.

The requests are similar in nature to a request the Home Office received in 2014 that the Information Commissioners Office (ICO) agreed was vexatious. The decision notice in question can be found at this link:
https://search.ico.org.uk/ico/search/decisionnotice?keywords=FS50544833
So of course, I hooted and hollered, and tweeted a few journos, and received a few retweets.

That was pretty much the end of the matter, until a few days back when I noted an article in Teh Guardian which was essentially all about my FoI requests, without giving me any credit:-
It also follows the rejection of a Freedom of Information Act request to see the date, time and recipient of every email the home secretary sent, every Skype call she made and every website she visited during October and November last year on the grounds that it was “vexatious”. 
The Liberal Democrat leader, Tim Farron, said the rejection showed that the while the government wanted to push through powers in the bill to give the police and security services’ access to everyone’s weblogs, they were not prepared to release the home secretary’s records.
and whilst Alan Travis didn't mention me in his Guardian article, over on Buzzfeed Jamie Ross did a whole article about me back in December, which I've only just found, a month later:-
In response to the bill, Chris Gilmour submitted an FOI request for May’s internet history but, in a letter from the Home Office this week, was told the “vexatious” request has been rejected because it would put an “unreasonable burden” on the department.
Yeah, we get it, I'm being vexatious.

Over on Reddit in the discussion thread about Teh Guardian, my trolling was quickly seen through:-
[–]p7rLabour🌹 2 points 2 days ago
I presume you expected the FoI requests to be knocked back, and that was in fact the outcome you wanted? My understanding was that ministers were protected from this kind of request by the FoIA so even if they had the data they wouldn't provide it, but I like the point it made: one rule for them, another rule for everybody else.
My response was that it was a win:win situation, either the Home Office knock back the request and we get this story about hypocrisy and double standards, or get get to laugh at what sort of websites the Home Secretary looks at, and have a heap of interesting metadata to do fun datamining experiments on.

Anyhoo, in today's news Private Eye went to town on the Snooper's Charter:-



The piece points out that its not just web-browsers that connect to the internet, its everything on your wifi network, your iKettle, Smart TV, even children's dolls. Imagine, hypothetically, a terrorist plot, where the plotters communicated by messages left on children's dolls, how that could work, could you even just use them to arrange to meet friends?

So at the start of January, I soldiered on with another FoI in a similar vein to before, asking for:-
1) How many different devices with web-browsing functionality the
Home Secretary uses, for example desktop PC, laptop PC, tablets,
smartphones, games consoles.

2) Which Internet Service Providers (ISPs) provide the internet
connection to the devices enumerated in answer to 1) above.

3) The date, time, and domain address of every website visited by
the Home Secretary during December 2015.
Asking for December's web browser metadata was just to give the Home Office / Theresa May the chance to stop digging, to stop appearing as hypocrites. But I thought the first two questions were a bit more innocent, more practical. If it was going to be a case of the office intern doing a Ctrl+H on all of Theresa's devices, how long would it take? And if they did just whip round the office, would that only harvest the metadata on the House of Common's IP address, or were there several other ISPs involved?

Presumably the Home Secretary is issued a government smartphone which may or may not have the same ISP to the House of Commons estate. Forgive my ignorance but of the Home Office is a separate institution to the House of Commons do they use the same ISP. Theresa's constituency office, would possibly have again a different ISP, Also her Maidenhead home would have an internet connection, again, a different ISP, and if she has a flat in London, would that have again a different ISP.

I dunno.

But the Home Office has again refused to let me know.
We have considered your request and we believe it to be vexatious. Section 14(1) of the Act provides that the Home Office is not obliged to comply with a request for information of this nature. We have decided that your request is vexatious because on three previous occasions you have requested similar information for which you have received responses.
The emboldened text is a little interesting. my request was vexatious because previous requests were vexatious. I'm minded to seek clarification as to whether its just the web browsing metadata question is vexatious or all the questions. But frankly it chills me a little that GCHQ are going to be looking at my own browsing metadata if I push too much.

Is this too much?

So anyhoo, having a blog called Thick Creamy Discharge should be off-putting enough. But last night I had this great idea, registering urls where the address is just a randomly generated number, for example 530360.com that would be pretty awesome.

Say the snooper's charter becomes law, and it become's standard to have trivial browser plugin that sends out requests to millions of random webpages every time you look at a normal page, thus generating petabytes of incomprehensible metadata.

*******

As an addendum, from this FoI response from the House of Commons in 2013, it seems that the web browsing data is both anonymous and isn't retained by the House of Commons IT department.
4 Please confirm all data collected: for example
- Website URL
- Time/Date accessed
- IP address (sender & recipient)
- individual network user ID & status e.g. staff or MP
- the length of time the above information is retained
The website URL and time/date are held within the system managed by third party on our behalf.
5 Please confirm which individuals and departments were accessing these top 500 websites from within the HOC.
The data held covers both Houses of Parliament. It is not possible to break the data down by House or user type. As the data is anonymous the House of Commons does not hold the information you require.
Other than by having the office intern do Ctrl+H on all of Theresa's computers and tablets and phones and games consoles, they simply don't have the infrastructure to provide the web-browsing data. Maybe one day they will, but I think I'll refrain from making any more FoI requests to find out.