Customize

Operation: Data Protection Shield

Discussion in 'Projects' started by Anonyunderpants, May 12, 2008.

  1. This is a repost of the original planning thread here:
    http://forums.whyweprotest.net/26-think-tank/euro-folks-data-protection-laws-lulz-7983/

    Updates
    19/04/08 - DPA request letter confirmed delivery
    10/05/08 - Initial reply containing 2 further breaches of DPA (see next post)
    13/05/08 - Confirmed delivery - Scientologys LAWYERS have recieved my reply.
    17/05/08 - Another reply recieved
    11/06/08 - Both Theta_Omega and myself have filed complaints with the information commissioner for breaches of the data protection act.

    What's the idea?
    We intend to use the Data Protection Act to do one of two things - either to provide 100% complete and utter protection from fair gaming in the UK (and most likely in all EU countries), or we will catch them with their pants down their ankles, arseholes lubed up with spread cheeks as they break the data protection act and incur a full investigation into all procedures and practices by the Information Commissioner.

    What's the drawback?
    To do this you WILL be made known to them. If you're being fair gamed already then it's not going to make any difference. If you're not being fair gamed then you're handing all the details they need to fair game you on a silver platter with a "please rape me" sign on. However. If they do rape you, there will be a full investigation including incredibly hefty fines as well as the complete and utter loss of the right to hold personal data by the cult. Oh, and you'll be entitled to a very very nice sum of compensation which will be a slam dunk court case.

    So what's the theory?
    The Data Protection act provides you with a certain amount of rights with regards to personal information held about you anywhere in the UK as well as placing harsh restrictions on companies on how they hold and use that information.

    You can read the full act here:
    Data Protection Act 1998 (c. 29)

    You can read the information commissioners explanation of the act as well as their summary of your rights here:
    The Data Protection Act - Information Commissioner's Office - ICO


    The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

    Should an individual or organisation feel they're being denied access to personal information they're entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner's Office for help. Complaints are usually dealt with informally, but if this isn't possible, enforcement action can be taken.

    What this means is that the private data that Scientology uses to track and harrass critics must be correct and must be processed in line with your basic rights. They CANNOT give out your personal information without your consent and they can only use the information ever given to them for the purpose that it was given to them. If you gave them any personal information say, to request something that you're entitled to under, it would be very very illegal for them to use that information to fair game you.

    So, the particular parts that we're looking at.

    1. You have the right to request a copy of all the information held on yourself by a company. This includes all personal information, any internal documents or memos about yourself, CCTV and photos etc. To do this is called a Data Subject Request. Companies are allowed to charge up to £10 to provide you with this information and must do so within 40 days of recieving a request.
    Source: How to access information - Information Commissioner's Office (ICO)

    2. You have the right to request them to stop processing your information if you have good reason to believe it will cause you unnecesary distress. This is fair game. You have the right to tell them to stop fair game, and if they do not then the information commisioner will wade in, lawyers first. This does not cost anything and simply takes the form of a letter. They have 21 days to confirm that they have stopped processing your information or provide the reason that they have not. If the reason is not good enough or you believe it is false, then you can send the information commisioner in.
    Source: How to access information - Information Commissioner's Office (ICO)

    I spoke to the information commissioners office on the phone (08456 30 60 60) and confirmed the following:
    - The Church Of Scientology would not be allowed to post your personal information including, but not limited to, age, date of birth, photos, address, phone number, sexual preferences, past convictions, current convictions, ailments and accusations to the general public or to other companies without your consent.
    - Regardless of the other illegalities of fair gaming and harrasing you and your friends, fair game is more than enough justification to tell them to stop processing your information and the Church Of Scientology must comply by law. The lass that I spoke to confirmed that she could think of no reason, unless we had signed a contract or agreement with them, that they could overule the argument of fair game.
    - The cult MUST provide all documentation on yourself including personal information but also internal memos and documents and if those documents implicate them as breaking the law, you can use that as evidence against them.
    - If you believe that they are withholding information about yourself, you can lodge a complaint with the information commissioners and they will barge in and find out for you.
    - If they break the law again (they have been in breach before) then they will lose all rights to hold personal data in the UK and will receive HUGE fines.

    So is this just in the UK?
    No. There are data protection laws in all EU countries which follow similar principles.

    Dub provided us with this list:
    So how do we do this?
    Ok, you need to send two letters as Scientology is registered twice in the UK. Here are the addresses (thanks Theta-Omega):
    Information Commissioners - Data Protection Register - Entry Details and Information Commissioners - Data Protection Register - Entry Details

    - Make sure you use recorded delivery. Post the letters from a post office and use recorded delivery. This means that you can track the letter and have 100% proof that they have accepted it and have the letter. This is all the proof that the information commissioner requires that you have made a subject access request (source: the lass on the phone in the commssioners office).
    - I'd recommend sending 3 copies of the letter to yourself, but they don't have to be recorded delivery. Now the copies of the letter are there if Scientology tries to pin bomb threats/anthrax letters on you. If it comes down to it, you will have 3 copies of the letter that will be postmarked by the post office. When you recieve these back, DO NOT OPEN THEM. Keep them and keep them safe. They are not 100% reliable in court but coupled with Scientologys history and citing Operation Freakout, I don't see any court case siding against you.
    - If possible, only seal the envelope in the post office and get witnesses. Preferably police, obviously not always possible, and show the contents of the letter to the clerk before sealing it.
    - Include a £10 postal order with each letter. Do not send a cheque for obvious reasons. £10 is the maximum that a company can charge for a subject access request and we know they will charge the maximum if they acknowledge your request.

    Here are the points that you need to cover in your letters:
    - You are making a subject access request for any and all personal information on yourself. They have 40 days to provide the information and you have included the £10 postal order to pay for this. They have your name and address at the top of the letter but I would recommend that you provide a little more information just to make sure they cant throw back "Well we just couldnt find them!". I gave a brief summary of my activities in the York protests and am including a passport photograph.
    - You are telling them to stop processing information on the grounds of fair game. You must provide adequette explanation of fair game and why this might effect you. Cite the case of Bonnie Woods:
    Scientologists pay for libel | UK news | The Guardian
    They have 21 days to confirm they have stopped or give the reason why they have not.
    - The information you give in the letter is to be used only to track down other data held by scientology and must not be stored for any longer than it takes them to make copies of your personal information.

    Here is the letter that I sent. You can copy/paste this letter if you wish but obviously change the paragraphs relating to me:
    What happens then
    By Law, Scientology responds saying they have ceased all information processing by yourself. They also provide you with a copy of all internal documents on yourself which would include any memos or notes as to what they intend to do with the information. You are 100% safe from Fair Game and they drop their attacks if they are already fair gaming your or they stop any planned attacks. You may also have evidence that they were planning illegal activities with the information.

    We all know that Scientology bends, if not breaks the law constantly. So here are the other outcomes:
    - Scientology ignores your request for copies of personal information or takes longer than 40 days to respond.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology sends you copies of some information but you suspect it isn't everything, e.g. there's no memos saying what they're going to do with that information or they have taunted you with that information.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology ignores your request to cease all processing or takes longer than 21 days to respond.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology doesn't give you a good enough reason why they aren't stopping their processing.
    Action: Phone the information commissioner and complain.
    Outcome: The Information Commissioner speaks to Scientology and sets the record straight. If Scientology does not comply then they get fined and lose the right to hold personal information in the UK. You are entitled to compensation.
    - Scientology says they have stopped processing information then later they give you reason to believe they have not.
    Action: Phone the information commissioner and complain.
    Outcome: Scientology gets fined and loses the right to hold personal information in the UK. You are entitled to compensation.
  2. Re: Operation: Data Protection Shield

    [SIZE="6"]I have a reply![/SIZE]

    dscf3069rt0.th.jpg

    WELL Scientology. I don't know if you've been keeping track of time, but you recieved the requests exactly 21 days ago today. By law, you had to tell me that you'd stopped processing any information on me or why not. THAT DOESNT APPEAR TO BE IN THIS LETTER.

    Just checked one of my copies and WHOOPS I didnt include a date. Oh well - the timer goes from when it's recieved anyway.

    I need to check with the information commissioner on Monday but I am 99.9999999999999% certain that they do NOT need a copy of my passport.

    I can see 3 breaches of the Data Protection Act:
    - They have not responded to my order to cease processing information
    - They have passed my personal details onto a 3rd party company which does not have anything to do with this and certainly without my permission.
    - They have request a copy of my passport which is more excessive personnal information.

    I am thinking of the following reply until I can confirm all 3 points are breaches:

    Thoughts?
  3. anonymoose Member

    Re: Operation: Data Protection Shield

    Excellent stuff! Great idea.

    Comments:

    Well, obviously check with the Info Commissioner first that your interpretation of what's happened is sound and they actually have broken the law in they way it seems they have.

    attourney = attorney.

    Perhaps a matter of taste, but I would not go into attacking mode just yet. If for any reason this gets up in front of a court you don't want to look all tinfoil hatty and like you have a beef with the CoS. You want to be able to say they didn't respond to a polite and reasonable request. No room for polemic here imho.

    ETA: plus, you do not need to justify why you want the information- it's your right to have it.

    You've asked for an "immediate" reply with an apology- I think that might be unreasonable. I would drop the apology request and demand a reply within two weeks of receipt. Also, do say what you intend to do if you do not hear from them within the stated 2 weeks. Get information on what the next step would be from the Info Commissioner, and then tell them in the letter that you will take the next step.

    Not sure, but I think these might not be reasonable or applicable requests as these things do not relate specifically to you, it's not personal information. Also, what I said above about not being deliberately antagonising. Too easy for them to paint you as a frivolous troublemaker - troll basically. Take it deadly seriously- this is your personal info we're talking about.

    Oh, and your request for photos of the protest- you need to specify photos of you. Photos of other people won't be your personal info.

    HTH.
  4. Sanjuricus Member

    Re: Operation: Data Protection Shield

    Sweet. The second I'm namefagged I'll be doing this.... :)
  5. Re: Operation: Data Protection Shield

    Thanks Anonymoose - I've decided to be very luvy dubby with my next letter.

    Confirmed:
    - They have broken the law by not responding within the 21 days (and this isn't a "people make little mistakes" timescale - this is the LAW. Information commissioner guy offered to file a complaint there and then)
    - Asking for a passport is excessive information.
    - They do have the right to pass my information onto their lawyers.

    Here's my reply after running it past the ICO:

  6. anonymoose Member

    Re: Operation: Data Protection Shield

    :yay:

    I have only pedantic notes this time-

    - "memos" does not have an apostrophe

    - if the letter you received from the CoS was signed by a specific person, your letter should be addressed directly to them and read Dear <their name>, not Dear Sir

    - if you're using Dear Sir, the correct sign-off is Yours Faithfully. Yours Sincerely is for when you're using someone's name.

    Told you it was pedantic.

    Right, enough of my anal banter, get ye to a post office, post haste!
  7. Re: Operation: Data Protection Shield

    Are you sure they have an SP declare? I know you want that, but it *should* be included if you say 'all documents and memos' relating to yourself.
  8. Re: Operation: Data Protection Shield

    Yeah the letter I got from the solicitors was just signed off as the solicitors.

    Sent the reply with "memos", "Yours faithfully" and "all documents and memos". Thanks for the suggestions guys :)
  9. Re: Operation: Data Protection Shield

    Good letter. Any lulz in putting a DPA request in with the solicitors at some point?
  10. PrestonFag Member

    Re: Operation: Data Protection Shield

    Nice work. Eagerly awaiting any good done on this front.
  11. Re: Operation: Data Protection Shield

    If this is successful then it sets a precedent for the rest of the UK. They would never be able to reply to OVER 9000 requests for all data on that person to be removed, within the 21 days. We would force them to break the law!
  12. Randomness Member

    Re: Operation: Data Protection Shield

    I love Anonymous.
  13. IJANON Member

    Re: Operation: Data Protection Shield

    This is pure win.

    You sir, are made of awesome and anti-aids.
  14. notapplicable Member

    Re: Operation: Data Protection Shield

    Are there any ex-sci's around who could do this? Seeing how the scifags record everything that happens in auditing sessions etc, the paper trail should be both immense and incriminating. Especially if they've tried to fair game said ex-sci.
  15. anonypuffs Member

    Re: Operation: Data Protection Shield

    post this shit on exscikids and ocmb stat! this is loving awesome.
  16. Re: Operation: Data Protection Shield

    Thanks for the support guys.

    I'll start posting it around the other sites when I gets home :)

    onemorenewanon, this isn't really for Lulz now - as much as the original thread was. This is pretty serious. You're no longer anonymous and they certainly have the means to fair game. I'm fairly confident that they can't destroy my life but still...
  17. Helios. Member

    Re: Operation: Data Protection Shield

    Do America have the same Data Protection laws?

    If so, Mark Bunker and Tory Christman's fair game information would take longer than 21 days for scientology to find.

    Ex-scientologists who were in scientology for many years will be the most useful if they do this, because of the amount of information from auditing sessions, course details etc.
  18. asagai Member

    Re: Operation: Data Protection Shield

    It's been posted by someone on exscn.net
    Fair Game and Data protection Act - Ex Scientologist Message Board
  19. xenubuster Member

    Re: Operation: Data Protection Shield

    Epic win detected - stay on target.
  20. dickdoll Member

    Re: Operation: Data Protection Shield

    I'm a regular on the Ex-Scn Message Board (ESMB) and a long-term ex-scifag. I followed a link on ESMB to this thread. Good work, guys. Heh.

    I was in the Sea Org for 23 years, 13 years at Saint Hill in England and 10 years in Los Angeles, so am very familiar with CofS standard procedures. SP Declares aren't simply written and sent out like letters. It is rare for them to be issued on non-Scientologists. I was declared in the US in 2004, but they wouldn't even send me a copy, fearing (I assume) it would end up on the Internet. So if you are simply an Anon who is annoying them by attending a protest or making a data request, don't expect an SP Declare.

    Questions welcome. :)
  21. Snuffy Member

    Re: Operation: Data Protection Shield

    smooth
  22. Theta Omega Member

    Re: Operation: Data Protection Shield

    I still haven't received anything from them... oh dear, oh dear, oh dear oh dear. Not looking good for them with the ICO, is it?
    You don't need to use a solicitor. All you need to do is send a registered letter. Go ahead and send one, if nothing else it'll get them to go through all their crap searching for you- which will consume a huge amount of admin resources.
  23. Silent Member

    Re: Operation: Data Protection Shield

    Hay guise, just thought i'd let you know that we are doing this very thing in Denmark. They have a history with our version of the ICO here, have been in trouble several times because of this.

    THIS CAN BE DONE EASILY, FOR FREE IN EVERY EUROPEAN COUNTRY!
    THIS CAN BE DONE EASILY, FOR FREE IN EVERY EUROPEAN COUNTRY!
    THIS CAN BE DONE EASILY, FOR FREE IN EVERY EUROPEAN COUNTRY!
    THIS CAN BE DONE EASILY, FOR FREE IN EVERY EUROPEAN COUNTRY!
    THIS CAN BE DONE EASILY, FOR FREE IN EVERY EUROPEAN COUNTRY!

    GO FUCKING DO IT!
  24. Re: Operation: Data Protection Shield

    Not even anything from the solicitor Theta?! Fantastic! They have absolutely no bloody idea how to respond to these requests.

    Delivery of my reply confirmed today 13/05/08.

    Nice to know it works in other countries Silent - would you mind writing up a summary of what Danish anons need to do for the OP?
  25. Helios. Member

    Re: Operation: Data Protection Shield

    ESMB
    Yes it does, but if you don't want to take my word for it read the first post where you can follow the link and read the entire Data Protection Act.

    Ex-scientologists - you need to do this.
  26. Re: Operation: Data Protection Shield

    Well, got another photo of me being snapped at TCR.

    This time I'll actually get my request sent off.
  27. IJANON Member

    Re: Operation: Data Protection Shield

    It covers electronic data. It was ruled that electronic data is data all the same, therefore the act applies to it.

    I can't find / dont know the link to any info, but it is so, at least in the EU.
  28. Theta Omega Member

    Re: Operation: Data Protection Shield

    It covers all forms of data in the UK, whether it be written on paper, stone tablets, cassette recorders, microfilm, steel plates at the bottom of mineshafts, whatever. I would guess that Danish law would be the same, since it all comes from the EU Directive.
  29. IJANON Member

    Re: Operation: Data Protection Shield

    surprisingly UK and Danish law comes under EU law... :roll:
  30. BahamutXone Member

    Re: Operation: Data Protection Shield

    Maybe someone should get this DPA info over to John Sweeny and the BBC. I'm sure they'd have some REAL fun with this.
  31. taurelilomea Member

    Re: Operation: Data Protection Shield

    QFT
  32. Re: Operation: Data Protection Shield

    Question: if they're not allowed to collect data on people doing this, where does that leave their tactic of photo/videoing everyone? Can I go up to them after the protest and ask to be anonymised in all this footage? Or ask them to delete? Or wtf?
  33. Sanjuricus Member

    Re: Operation: Data Protection Shield

    That is actually a fairly good point you make there....hmmmm.

    LegalAnons?
  34. asagai Member

    Re: Operation: Data Protection Shield

    No. They are allowed to collect data, but are restricted over what they can do with it and have to tell you what data they have on you, if you ask for it.

    What you can do is submit a "data subject request" as anonyunderpants has done. But this involves giving them your name and address. So in effect you are "outing" yourself to them. If you want to do this, then you can ask for any photos and notes that they have on you.

    Really you should only do this if you think they have already id'ed you from their photos. This is what anonyunderpants thought might have happened.

    Basically stay anonymous, unless you think your identity has been discovered by them. The masks are there for good reason. Stay anonymous unless they target you specifically.
  35. Re: Operation: Data Protection Shield

    Oh I get all that (the DPA is all over any computer-related course these days) but this instance I've not seen addressed anywhere - as when you file for it you also request no further data about yourself is collected. Photos/videos are more data. So I'm curious how they'd act on this as in thery, they'd have to remove or anonymise anyone who has submitted a request.

    I'm pretty sure they've got an ID on me as I was namefagged by my flickr account and that ended up in me talking to 2 "parishioners" from TCR. Fun times!
  36. Re: Operation: Data Protection Shield

    I don't think that it's been tested in court yet and I certainly wouldn't want to push the issue. We want to stay away from cases which need to be tested in court because the info commissioner will not back you up in that. It's only if there's been a breach of established law (which scientology has done already with my reply and Theta's lack of reply) that the info commissioner will back you up.
  37. anonymoose Member

    Re: Operation: Data Protection Shield

    I was wondering about the filming, but I can't seem to find any relevant info online.

    Anyone is permitted to film in a public place, and once a person is in a public place they have no right to privacy and cannot demand that someone stops filming them. If the filmer wanted to put the film on TV (with you as the "focus" of it) they would need permission. I think.

    However, filming someone could count as harassment under the protection from harassment laws, if done more than once, and i would imagine particularly if it involved following the person as well. But then, if it is applicable, the reverse is true- Anons following and filming Scilons would come under the same law.

    I also wonder about any laws regarding what the Scilons intend to do with images of people. Firstly- do you get to ask that under the DPA?

    Secondly, they have on 4 separate occasions (maybe more- flash raids?) filmed and photographed protesters. On none of those occasions have they been threatened with or experienced violence from protesters or anything else that might require film evidence.

    They, however, have a provable policy and history of harassing and smearing critics. I wonder if, theoretically, the combination of our harmlessness and their past history of harassment would be enough to bring an injunction preventing their filming/photographing us or gathering information.

    Idle speculation- I know nothing about law and we couldn't do anything about it even if it were possible.
  38. asagai Member

    Re: Operation: Data Protection Shield

    What anonyunderpants said.

    Push them on unchartered legal issues and they will tie you up for years in litigation. My advice as an ex-scio is don't do it!

    What anonyunderpants is doing is entirely different. BTW several exes are looking at this and considering whether they want to do what anonyunderpants has done.

    Meanwhile keep wearing those masks and ... get those Pirate costumes. What anon is doing is fantastic, keep picketing, but stay masked.
  39. anonymoose Member

    Re: Operation: Data Protection Shield

    Just been reading the DPA. Am I right in thinking that data would not be considered "obtained fairly" if it was obtained by following you home to get your address?

    Furthermore:
    So you can ask them what their specified purpose is for having details on you, then.
  40. Re: Operation: Data Protection Shield

    It's iffy and certainly a fine line. You being in public means that information gathered is fair game. While following you is certainly harrasment, I'm not sure that it would be a breach of DPA.

    I'm not sure about asking what their purpose is. I know on the info commissioners entry they say they retain data for understanding complaints and documenting crime. I'm pretty sure that's all they'd have to say since that's all they've reported to the DPA.

    They're both fairly good points. Try giving the info commissioner a ring and see what they say - they give solid advice and are friendly trust me :) Spoken to em twice now.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins