AccessDocs is now dormant!

Thanks for visiting the blog. I am no longer updating it, but will be leaving all the content online.

You can find out about my current journalism work (and contact details) on my website.

For reference, here are some links to the most frequently read articles on AccessDocs:

Thanks for reading,

Martin

How Scotland Yard monitors prying bloggers and journalists

Photo credit - Metropolitan Police

'You MUST obtain approval from press office', Scotland Yard's Freedom of Information team ordered

Although the police were happy to turn a blind eye to phone hacking at the News of the World, they’re making a habit of keeping tabs on innocent journalists and bloggers.

When a Freedom of Information (FOI) request is made it is meant to be dealt with “applicant and motive blind”. But, Scotland Yard have a system in place where requests from journalists are flagged up. The ‘High Profile Request’ list is circulated to all internal departments in the police force, along with the full name of each requester.

The Met have admitted: “The list includes the applicant and if they are a known journalist that information is included”.

FOI staff are banned from releasing any information to journalists without getting express “approval” from the Met’s Press Bureau. It is unclear whether any disclosures have ever been denied because of pressure from the Bureau.

An email to staff  said: “You MUST obtain approval… before release if this request is from a journalist or identified as high risk.” It said that “high risk” FOI requests include “any request involving an identified member of the media.” It also includes requests from “VIP’s (MP’s etc)”.

Another email, sent in November, again reminded FOI officers of the policy. It said: “All High Profile FOIA requests – particularly those from journalists – continue to be of interest to DPA [Directorate of Public Affairs].” The message continued:  if “you feel a request is generating issues which could result in media coverage and you have not already been contacted by DPA please contact Ed Stearns, Chief Press Officer.”

In a phone conversation I had with Ed Stearns in November he defended this policy. “We’d have to be aware if something is likely to become high-profile,” he said. “I don’t think that would be unusual to have that sort of flagged up.”

But how far does the Met pursue its interest in journalists and bloggers? Three individuals, who have asked to remain anonymous, have told this blog that Scotland Yard informally “investigated” them after they asked questions to the force. In one case, the Police Central E-Crime Unit (PCeU) scrutinised articles written by a political blogger after he had  talked to a police officer about his work. He claimed he was never charged for a crime and says he “found out accidentally” about the (informal) investigation when an officer “confessed” to having personally investigated his website.  The PCeU said there had been no formal investigations into online media.

In my phone conversation with the Met’s Cheif Press Officer, Ed Stearns, I asked him whether the Met made a habit of investigating bloggers.

“Can you categorically say that it’s not regular practice of the Press Office to find out information about journalists?”  

Well, I mean… if… umm… it depends, it depends what – I mean obviously if a journalist has… I mean… In what way do you mean ‘find out information’?”

“I wouldn’t rule it out that we would search on something like Twitter or Google News.”

This is probably fair enough – it is a press office after all. But the question is, does this research into journalists and bloggers affect what information is disclosed – and how quickly? Is this one reason for the Met’s continual FOI delays? After all, “flagging” is one thing, but why does the press office need to give “approval”? What happens if the Press Office does not grant approval?

The Met have attempted to justify their policy on FOI, saying: “The process is not intended to hinder or delay the release of information but to ensure that we release consistent information and are properly prepared for any potential consequences of the release.”

The Information Commissioner’s Office, meanwhile, states: “The correct approach in considering requests for information and the application of the exemptions and exceptions should be on the basis that the application could have been made by anyone, anywhere in the world, for any (non vexatious) reason.”

10 ways to save money on FOIs – without changing the act

Freedom of Information under threat

FOI under threat // Photo: Mark van Laere

The Freedom of Information Act is currently being reviewed by the Justice Select Committee, which is likely to suggest changes to the law. One of the main criticisms of the act is that it is a “drain on resources”.

From my experience of using FOI, I don’t think the law needs changing at all. If the government want to spend less on FOI here’s ten ways they can do it without changing the law:

 

1.  Publish more
By far the best way to reduce time and resources spent on FOI is to simply make more information available online in the first place. Authorities are generally not compelled to publish most information they hold, so huge caches of data are withheld from the public , accessible only through FOI. Although making more information routinely available will never solve every would-be request, the effect on many organisations would be enormous. (So much money is spent on web development anyway – such as Norfolk Police who spent £250,000 redesigning their website – why not spend some of that uploading some actual content?)

2.   Make information more accessible
It’s in everyone’s interests for information to be in easy to find, read, search and use. A lot of places publish data in huge unsearchable PDF files, rather than searchable spreadsheets, so people are more likely to send in FOIs. Similarly, it’s not uncommon for organisations to print out FOI responses, scan them and email them as image files. This scanned response from a council is almost incomprehensible. If published data was more accessible there’d undoubtedly be fewer requests.

3.   Disclosure logs
When organisations disclose information under FOI, why are so many reluctant to keep this off their websites? Some places like Ofcom, keep a full disclosure log updated regularly. But most organisations don’t – and some, like the Department of Culture, Media and Sport, when asked to provide copies of past FOI disclosures, treat that as an FOI in itself!

4.   Provide data, don’t crunch pre-published data
Following on from the above, organisations can save resources by rejecting FOI requests if the information is already published, or is due to be published (this includes disclosure logs). It is not an FOI officer’s job to pull specific data from publicly-available documents, but this often happens regardless.

5.   Cut FOI bureaucracy
Some FOI officers send huge documents filled with legal mutterings and comments on the data. Others just send a short email. Why waste time and resources?

6.   Respond on time
The statutory deadline for FOI responses is continually neglected by authorities, wasting vast amounts of time and resources. For instance, in this particularly painful exchange the Charity Commission delayed their response by 16 months. As a result of bad practice, some 875 decision notices were issued by the Information Commissioner’s Office last year. Each one takes ages and involves piles of paperwork.

7.   Centralise data
A big obstacle for requesters comes when data is spread across hundreds of different institutions. For instance, to get a national picture relating to hospitals, police forces, councils, etc. it is often necessary to send bulk requests. If more data was centralised it would mean far fewer FOIs and would particularly help councils who receive the majority of requests.

8.   Stop treating informal requests as FOIs
Freedom of Information is a great thing, but lots of places now push all questions to their FOI team to be treated as “formal requests”. Press offices are far to keen to tell journalists “you’ll have to FOI that,” if the answers are not right in front of them. Even clarifications to FOIs are often treated as fresh requests, creating a whole stack more paperwork and bureaucracy. A greater willingness to answer questions and provide information would save time for everyone.

9.   Advise FOI requesters
Many organisations do not provide phone numbers for FOI officers and offer little advice not only on whether the information would be available under FOI, but also whether an FOI is needed at all.

10.   Cut links between FOI offices and press offices
FOI requests are meant to be dealt with anonymously, but it is common for authorities to coordinate FOI responses with press officers. Not only is this not in the spirit of the act, it also means more work for the organisation. (More on this dodgy practice soon.)

Of course, aside from all this, should we really be putting a price on transparency and accountability?

I’d suggest not.

Phone Hacking: will Scotland Yard ever cough up their secretive stash of emails?

http://www.flickr.com/photos/ewancross/3025040152/

Nothing to hide? Scotland Yard delay the release of emails. Photo credit: Ewan Cross, CC license

The day after the revelations that Milly Dowler’s phone had been hacked, Scotland Yard announced that they could not disclose emails between police and the News of The World. They told this blog that all emails over three years old had been deleted.

But, when they were quizzed on this, they eventually admitted in September that the emails did still exist. They said the emails were “retained for business continuity purposes on tapes.”

It seems that politicians and journalists have not been able to get access to this secretive stash of emails. The constraints of the Freedom of Information Act (FOIA) restrict disclosure requests to ones that can be completed within 18 hours.

Particularly interesting would be Andy Hayman’s and John Yates’ correspondence while phone hacking was rife at News International. But the FOIA constraints appear to have prevented these from being scrutinised.

So, a new disclosure request to the Met was submitted for this blog. It was deliberately narrow, using the time allowances the Met themselves had stated, so that the request couldn’t be rejected. Although it would not retrieve very much, it was a test to see if the Met were really prepared to stick to information laws – and disclose any emails at all.

A day before the legal deadline for disclosure this month… the Met said they were delaying their response!

They said: “We are currently trying to establish what information the MPS holds, if any, and whether it can be retrieved within the cost threshold.” They could not provide a date when a disclosure would definitely be made.

The (tedious) saga continues…

Exclusive: Met Police website taken offline after AccessDocs exposes privacy breach

Offline: The Met website's disclosure log, after 105 files found with private data

Updated: 19/10/11

The Metropolitan Police has been forced to remove part of its website, after a mass privacy breach was exposed by this blog.

More than 100 documents had accidentally been published online containing confidential information in the files’ meta-data. This included names, email addresses and employment history of members of the public.

An “urgent investigation” has now been launched by police into the breach, and the entire section of the website has been taken down. The Information Commissioner has also launched its own investigation after receiving a number of complaints.

The documents had been online for months – free for anyone to read and find through Google. They were legitimately listed on a Freedom of Information disclosure log – but data within the files gave away people’s personal details.

The Met told AccessDocs: “The MPS has temporarily disabled the website whilst we carry out an urgent investigation. As an interim measure, we have removed all the PDFs that contain disclosure information from the server to ensure no further loss of personal information… We apologise for any inconvenience this may cause and aim to have the site restored as soon as possible.”

“NB – first indications show that email addresses may have been published.”

Police originally claimed to have “disabled” the website on Tuesday, but it later transpired that all the documents were still online. Instead of removing it, the home page of the information was simply moved. This meant that although old links to the data didn’t work, it could still be found through Google, or by editing the URL. This further error was reported on Tuesday evening, but it took around 12 hours to finally be taken offline.

Police also confirmed that one individual who had her personal details published has already registered a complaint. An email from the Met to the woman said: “It has been brought to our attention that your personal details have appeared on the Metropolitan Police Service website”.

Other people who had personal details published by the Met include an ex-policeman, a professor, a solicitor, an American student and a Daily Mirror journalist.

At least two people have now sent complaints to the Information Commissioner’s Office (ICO). A spokesman for the commissioner said: “We will be making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.” The ICO has the power to prosecute and impose penalties of up to £500,000 on organisations for private data breaches.

The Disclosure Log, which has been taken down as a result of the privacy breach, provides copies of the responses to Freedom of Information (FOI) requests that are sent to the Met.  Disclosure logs are a valuable and positive part of transparency – FOI campaigners will therefore be pleased that the Met have confirmed that this move is only a temporary one. A press officer for the police said that they would go through each of the hundreds of documents individually, if necessary – but that they would get the disclosure log back online as soon as possible. 

In future, Data Protection and Freedom of Information should not be an either/or. 

NB:  For all queries about this story, please contact me on mrw504@gmail.com , or see the ‘about’ page, or see my website.  

Exclusive: 100 private documents accidentally published on police website

File info showing name and email address of a member of public who had requested information from the police. (Here, the private details are blanked out, but they are still online on the Met's website).

Privacy breaches by the Metropolitan Police have left more than 100 documents online which contain confidential information.

Names, email addresses and employment details are among the private data which can still be viewed on the Met’s website.

Police publish all their responses to questions in an online disclosure log. But staff are routinely failing to remove personal information from the titles of files – leaving people’s details, and their questions, free to be found through Google and read by anyone.

The breaches include the details of an ex-policeman, a professor, a solicitor, an American student and a Daily Mirror journalist. In total, around 105 files contain privacy breaches, with a sharp increase in breaches since August.

Some of the documents also include whole paragraphs of personal information about the members of public making Freedom of Information (FOI) Requests. Police uploading responses to the internet have simply copied and pasted sections of correspondence which give personal information.

A rise in the number of privacy breaches follows record levels of FOI requests to the Met, suggesting that privacy is being overlooked. New figures show that requests rocketed this summer after the police force came under criticism over the hacking scandal and the August riots.

NB: Some people submitting FOI requests choose to make their information public by using whatdotheyknow.com, but a large number of requests are done confidentially for personal, journalistic or employment reasons. For instance, someone trying to gather information about an employer may not want to be ‘found out’ by future employers. 

See also:  ‘How police lost your personal data’ (from August 2011)

UPDATE: The Metropolitan Police have removed their entire online disclosure log as a result of this blog post. Several of the people who had personal details published have expressed their anger at the police. More updates to come. All enquiries to Martin Williams  – mrw504@gmail.com

BBC breaching transparency laws over Mark Thompson’s emails to Jeremy Hunt

Above the law: What does Mark Thompson have to hide?

The BBC is knowingly breaking Freedom of Information laws by refusing to release emails sent between the Director-General Mark Thompson and Culture secretary Jeremy Hunt.

The disclosure of communications was requested in June by AccessDocs, but the BBC has openly rejected transparency laws.

They said: “we need further time in which to consider the public interest in disclosing the information.” But, having already extended their response deadline by 20 days, they have now crossed the final legal deadline for response.

Despite warnings to the BBC stating that it’s intention to delay the disclosures would be a breach of the rules, staff remained defiant. “The BBC is of the view that the delay is justified,” a policy adviser said.

This was not the view of a source at the Information Commissioner’s Office (ICO) who said he couldn’t see how the behavior did not constitute a breach.

The ICO explain: “Public authorities should respond to a request for information within 20 working days. If they need to consider the public interest this may be extended to 40 working days, providing you have been informed.” More than a week has passed since the maximum 40-day deadline.

Exclusive: Metropolitan Police “deleted” phone-hacking emails

Hayman & Fedorcio at the Home Affairs Select Committee

The Metropolitan Police have “deleted” thousands of emails that may be central to the phone-hacking scandal.

Requests were made in June for the disclosure of emails sent in 2006 by Andy Hayman and Dick Federico, who have both given evidence to the Home Affairs Select Committee.  The requests asked for copies of correspondence between the two men, as well as between Hayman and News International.

But letters sent to AccessDocs have now revealed that the Met deliberately did not keep back ups of any of these emails. The Met said: “the information you have requested is not held by the MPS. Emails over three years old can not be retrieved as back ups are not held.”

When questioned about this policy, the Met took five weeks to provide an answer. Finally, in a letter sent today, the failure to keep email back-ups has been blamed on “cost management”. It explains that, although a form of back-ups are made, they are almost impossible to access – making it impossible for individual emails to be unearthed and examined in connection with phone-hacking.

The letter explains: “This is not a documented policy, it is a configuration setting for our backup software. For cost management reasons back up data is only held for a period of three years.”

“The back-ups referred to are the Exchange database back-ups which are retained for business continuity purposes on tapes – they are not directly searchable for individual e-mails. They are used to restore entire email accounts and take 7 hours. Finding specific emails in the account would then require an additional search would take 16 hours per month restored. Searching for specific key words in emails or for emails from certain named individuals would be in addition to the 23 hours. Therefore this is not something that could be completed within the time constraints of the Freedom of Information Act legislation.”

The letter also stated that “Emails that relate to a specific offence / investigation are captured and recorded on the relevant crime recording information systems.” This, however, does not seem to allow for the possibility that police officers themselves may be involved in criminal activity and cover-ups which might need investigating afterwards.

The documents:

View FOI rejection responses here.

View the MPS’s answers to questions about email back-up policies here.

See also on AccessDocs:

Metropolitan Police withheld dozens of sensitive documents

Andy Hayman’s drinking habits

Exclusive: Scottish politician tried to claim expenses for posting donations to charity

Scottish Parliament: claimed money for charity post, TV subscriptions and films

A member of the Scottish Parliament claimed expenses money for sending a “charity donations” package in the post.  The unnamed politician was denied the reimbursement attempt after his claim was rejected last year.

The details were revealed following a Freedom of Information request, along with 12 other rejected expenses claims from Scottish politicians.

The other items claimed for included a TV subscription package and a film, as well as money spent on breakfast and lunch.

This comes two years after Scottish politicians were criticised for doing the exact same thing. In January 2009, The Scotsman exposed Scottish Parliament’s rejected expenses claims dating between 2007 and 2009. They included one from Labour MSP Bill Butler who tried to claim back the money from a £1 charity donation he had made. Another MSP had tried claiming £290 for printing his own Christmas cards.

The new disclosure of rejected expenses claims reveals that Scottish politicians are still trying to use public money to pay for their personal expenses and to avoid charity contributions. It’s also notable that the number of rejected expenses claims tipled between 2009/’10 and 2010/’11.

You can view the documents here:

http://www.scottish.parliament.uk/Corporate/FOI/FOIDisclosureFiles/19100/2011-019100%202009-10%20Data.pdf (2009/2010)

http://www.scottish.parliament.uk/Corporate/FOI/FOIDisclosureFiles/19100/2011-019100%202010-11%20Data.pdf (2010/2011)