Operation: Data Protection Shield

Discussion in 'Projects' started by Anonyunderpants, May 12, 2008.

  1. Helios. Member

    Re: Operation: Data Protection Shield

    speculation: If my memory serves me well, they have to make it clear to anyone they keep personal information on, where they are storing it, for how long they are storing it, and for what purpose.

    As I said, ex-scientologists who are already known to scientology and used to be in scientology for many years will provide the greatest use for the operation. As scientology will have the most information on the ex OTs from every auditing session, course details, stats, SP declarations etc therefore it will take longer time to gather the ex scientologists information in 21 days.

    Imagine if Mark Bunker/Tory Christman did this, all the documentation they had on him/her would take a very long time to find. The amount of memos and documentation they have on him/her must be huge. The first post explains the operation really well for all who are interested in doing this.
  2. goldenrodanon Member

    Re: Operation: Data Protection Shield

    A couple of thoughts on this.

    First, what a fantastic tool, potentially.

    Although, it seems a bit like doing a DPA request of the Mafia. "play nice and reveal all your nasty plans for me."

    I recall reading years ago, an account by (I believe) Jessie Prince, where he talks about being ordered to "pulp" a stack of PC folders being demanded by a court in the US in a case by (I believe) Larry Wollersheim. (I'm not clear, so my memory isn't perfect).

    They won't play by the rules and go along and release incriminating evidence on themselves.

    But the pressure that could be brought to bear on them by the authorities would still make it well worth the effort.

    Also, I'm not sure how the whole US headquarters thing would play into it. For example, could they claim that it was their US agents who collected the data on people and it was therefore not transmitted abroad? And could they refuse to release data they have on the same basis?

    Just a couple of thoughts. But what a great idea.
  3. danaBanana Member

    Re: Operation: Data Protection Shield

    You don't need to rely on your memory - just read the law.

    And I don't understand why you're talking about not taking them to court on this. This is the whole point - a legal way of getting them into trouble.

    Because it is illegal to keep information on someone, without giving the person 1) notification you're doing it, 2) an oppurtunity to review the information and 3) an option to delete it.

    I'm just waiting for proof that Scientologists have taken a picture of me personally, and a letter to the sci-building, plus a complaint to the Data Protection Agency will be on it's way.

    It's also illegal for them to keep files on former members. Scientology was hit pretty hard on this in Denmark in 1984. They took the DPA to court, but lost.

    This is the way to do it.
  4. Re: Operation: Data Protection Shield

    We aint talking about not taking them to court over clear breaches of the DPA, it's the things that haven't been tested in court before. While many companies will gladly test these principles in court, Scientology won't and will drag out the legal process and bankrupt you. It's simply not worth it so we hit them with the info commissioner and lawsuits on the clear cut breaches of DPA.
  5. MongoLloyd Member

    Re: Operation: Data Protection Shield

    DashboardMonk 2 happened across an interesting tidbit which he posted here:

    It's the docket entry of an appealed decision of Datatilsynet - the Norwegian authority that enforces data protection laws.. Translation follows:

    Does this seem interesting? I think so.. These documents could provide a useful source of documentation on what data the CoS wants to export on their members. Given the fact that they were banned from giving up the data, it seems like there's a good chance of getting similar decisions elsewhere.

    What do you guys think?
  6. ínnominata Member

    Re: Operation: Data Protection Shield

    Hmm... This gets me thinking. Now, the obvious reason for the Co$ to take pictures of protesters is for security/surveillance reasons. I am pretty damn sure (as in, I am trained in records management) that there are legal limits to how long you can keep surveillance images. I sadly cannot remember what they are right now, but it is worth someone (me? <wince>) checking up on this -- if they have over-ripe CCTV/pics/vid, then it may be a reason to get the IC in.

    Shit, where do I find records retention schedules for stuff like that...?

    Are there any UK OG who'd be willing to file a DPA request to test it?
  7. Theta Omega Member

    Re: Operation: Data Protection Shield

    Actually the DPA works on CCTV tapes (really, really expensive to extract :) ) and surveillance photos as well. Mark Thomas used it against the government there in the UK. He held a competition for the most hilarious piece of CCTV footage. We should do that. :)
  8. Re: Operation: Data Protection Shield

    Yep, comes under the DPA and the clauses on time and relevance. Security companies are alllowed to keep footage for 10 years, in case an employee is suspected of theft and so they can look back over their career for any patterns. Other companies... it's much much lower.
  9. asagai Member

    Re: Operation: Data Protection Shield

    I know of 5 ex-scios watching this and considering doing it. Future epic win!
  10. Anonifus Member

    Re: Operation: Data Protection Shield

  11. danaBanana Member

    Re: Operation: Data Protection Shield


    The CoS already know your names and where you live - what's to lose?
  12. Re: Operation: Data Protection Shield

    What's to lose?

    COS Will KNOW that they're active against Scientology and will have plenty of information to blackmail them. Anyone who submits a DPA request WILL become a target and while you will win in the end, you will go through hell with fair game.

    Please don't anyone think that this is good for lulz. This is serious business...
  13. danaBanana Member

    Re: Operation: Data Protection Shield

    Oh come on! Quit your bawwwwwing!

    Scientology won't DARE try to fairgame anyone sending in a DPA-request. Know why? Because the DPA is serious fucking business!

    They will bend Scientology over a barrel and go nuts. Seriously. And I'll help them.
  14. ínnominata Member

    Re: Operation: Data Protection Shield

    Yes, I know (and now I'm having flashbacks to my RM module...). The problem is finding out *how long* a business that is not, say, a bank or a security company is legally allowed to keep CCTV footage etc. I *want* to say it's as low as a year, but I don't *know* that. And I no longer have access to UCL's ARM library to try to find out. Could someone please send me the number of the IC?

    And let's be honest: who here thinks that the CO$ is really gonna nuke its surveillance footage on time, honest gov?
  15. Re: Operation: Data Protection Shield

    Scientology has proven again and again that it blatently disregards the law. I believe they will try to fair game anyone who goes through with this. The Commissioner will shit things up for them, but it is dangerous.

    On a side note, I may have just found something else but don't want to play my cards yet... Can a well spoken US anon, preferably an ex please PM me?
  16. anonymoose Member

    Re: Operation: Data Protection Shield

    Hey, have you heard, there's this fabulous new idea on the web called a "search engine"!

    Anonypants - PM Magoo, she both is and will know plenty of US exes.
  17. SP_thats_me Member

    Re: Operation: Data Protection Shield

    Have any of you considered they might have broken "Not transferred to other countries without adequate protection" if they sent information to Flag or the AOLA?
  18. unidentified Member

    Re: Operation: Data Protection Shield

    No you can send info to US, its on the EU's list of acceptable countries (can't remember what it's called).
  19. ínnominata Member

    Re: Operation: Data Protection Shield

    OK. I have my hot sticky mitts on the 2008 version of the CCTV code of practice. The first thing it mentions is an "impact statement" that decides for you whether the benefits of CCTV outweigh its damage to the privacy of Joe Q Public. Now, I have the following questions:

    1. Is an organization installing CCTV *mandated* to produce an impact statement?

    2. Must it submit that statement to the IC?

    3. Can the IC take action against an organization that has excessive/inappropriate CCTV?

    4. Are there Scilon CCTV cameras outside TCR/QVS? ARE THEY MARKED WITH SIGNS?!? If not, they are in the shit.

    Also, if they have CCTV pointing out into the street, they need a public space surveillance license from the Security Industry Authority. Otherwise, they are in contravention of the Private Security Industry Act 2001.

    Sadly, none of these things cover plain old cameras. And there's no maximum retention set in the DPA, more's the pity. So it looks like I or Pants need to have a chat with the IC.

    One final thing: if you're using a mobile or want a national-rate number for the IC, it's 01625 545475.
  20. Re: Operation: Data Protection Shield

    It's a bit more complicated on this. I don't want to say too much to tip off the OSA but I'm working on it.

    Edit: Do you want to cover that innominata, I'm looking into overseas transfers at the moment.
  21. anonymoose Member

    Re: Operation: Data Protection Shield

    Nobody has a right to privacy on the street- an individual filming or photographing people in public is perfectly within his/her rights. (Provided they're not going to broadcast or sell the result or something- don't know the exact terms but basically if the images are private it's not illegal).

    The Protection from Harassment act may cover repeated filming and photographing of the same person/group of people (perhaps only if specifically used to intimidate- getting all up in your face with the camera etc, but I don't know), but then that would equally apply to Anons filming Scilons.

    The keeping of those images would fall under the DPA, right?
  22. unidentified Member

    Re: Operation: Data Protection Shield

    The pedant in me is forcing me to point out there are some very narrowly defined circumstances in which certain people have a right to privacy whilst walking down a public street.
  23. anonymoose Member

    Re: Operation: Data Protection Shield

    You're out-pedanting a pedant! That's great cos I'm not a law person - but would these narrowly defined circumstances cover Anon protests? If not- GTFO! ;)

    I was going to say something else then and I've forgotten what it was.

    Oh yeah, the CCTV Code of Practice. I'm not sure, but I'd say a Code of Practice wouldn't force anybody to do anything. Otherwise it would be regulations. Depending on its status, someone not following the Code might have to explain why they aren't, otherwise it's just like a Best Practice guide.

    That's my guess. Legal pedants please feel free to rip to shreds! :)

    eta; I looked it up myself. The Into to the Code says:
    So you should be able to tell what's a requirement and what's not within the text.
  24. ínnominata Member

    Re: Operation: Data Protection Shield

    Yes, yes it is. It also has to do with how sensitive the info is and what you're gonna do with it. The LCD is that if you send the info over, generally it has to be used anonymised (JISCmail is *good* for something?! :eek:hface:)

    Yeah, no problem. It may be tomorrow or next week. Is anyone going to have a problem with my throwing the question to the Society of Archivists' email list? as well?

    Here is my understanding of the law and RM deal with the piccies: Yes, it is legal to take pictures of people in a public street, and no, a public street isn't private. However, if you are going to use those pictures for illegal purposes, you can be busted. Harassment is illegal. Moreover, you *can't* keep info forever, and the more sensitive it is, the shorter a time you can keep it. Additionally, the more sensitive the info is, the fewer people who can see it (trust me, if I let someone see, say, a prison register, that's less than 100 years old, I'd get *so* busted). Finally, you are only allowed to keep sensitive info for specific, reasonable, legal reasons. Harassing, stalking, and wrecking people doesn't count.

    I say we get the IC into QVS/TCR/St. Hill ASAFP -- it's an excellent way to bust their asses.

    The other thing is that, well, if an OG member ponies up their details, and the CO$ tries to fair game them... They're over. Done. That's an *immense* breach of the DPA, not to mention a metric fuckload of other laws. Which means that their Smaug-esque horde of info gets broken up, my preciousssssss... :grin:

    tl;dr: the chances of them actually meeting the requirements of the DPA in terms of how/how long/why they gather and hold info are about as great as Xenu impregnating me with LRH's reincarnation in a shower of gold while the archangel Gabriel sings the Ave Maria over Virgin Radio. And catching them at it = EPIC WIN.
  25. Theta Omega Member

    Re: Operation: Data Protection Shield

    You can only send data to the US if (a) you have listed it in your DPR registration (they have) and (b) the information will be handled in a manner equivalent to that mandated by the Data Protection Act.

    Go read the Act. They are fully in breach.
  26. ladybug2 Member

    Re: Operation: Data Protection Shield

    I hear the steady hum of a paper shedder
  27. Re: Operation: Data Protection Shield

    And also c) if they inform you that they are transferring the data.
  28. asagai Member

  29. unidentified Member

    Re: Operation: Data Protection Shield

    And how do you work out whether it'll be handled in a manner equivalent to that mandated by the DPA? You look at one of several lists of countries that the EU has said is acceptable or you put a standard contract term (helpfully supplied by the EU) into the contract transferring the data.
  30. Theta Omega Member

    Re: Operation: Data Protection Shield

    It's not that straightforward, though, is it? Since the country isn't the question, it's the company using the data that is important.

    I think it's fairly clear at this point that the CoS is flagrantly in breach of the DPA, and this is just one of the ways. Passing data to the US in order to avoid the DPA is, in and of itself, a breach of the DPA.
  31. unidentified Member

    Re: Operation: Data Protection Shield

    What proof is there that they're handing info to the US for the purposes of avoiding the DPA though? To me them passing info to the US is classic FLAG being paranoid and wanting access to absolutely everything. I would imagine that is their motivation rather than avoiding the DPA (which they can't do). Yes they appear to be breaching the DPA in how they're dealing with the requests made in this thread, yes they probably don't delete data when they should, but I've yet to see anything even implying they're breaching the DPA with this transfer of data.
  32. [SIZE=&quot;7&quot;]I have another reply[/SIZE]


    Oh Scientology you do make me blush! Even if I would send it, I don't have a current passport and I don't actually have current valid forms of photo ID I intend to send a bank statement (not my main bank account).

    So, it's quite obvious that they intend to disregard the notice the cease processing of information. That's interesting and I'll be complaining to the info commissioner. Here's my next planned reply:

  33. Re: Operation: Data Protection Shield

    Yeesh, tl;dr incarnate

    However, thats fine cos its going to a lawyer and they get raging hard ons over shit like that. This is looking more and more like epic win
  34. unidentified Member

    Re: Operation: Data Protection Shield

    long letter is long.

    In the section where you talk of Anonymous' crimes I'd change it to 'purported' crimes as you're granting them legitimacy otherwise.

    'it is entirely reasonable that you will not include information gathered on me since I sent the first request in.'

    Do you mean it is entirely reasonable that you WILL include...?

    Try to condense the examples, they're sooooo long.
  35. Spork Member

    Re: Operation: Data Protection Shield

    Polite constructive criticism: everything is great so far but I think this last letter is heading off in the wrong direction.

    Next step should be actually to make the complaint with the Info Commish you mentioned you were hesitating over in post #5 above.

    Before that happens it's not worth replying to the last letter at all IMHO. COS is merely stalling.

    I think (again IMHO IANAL) the next letter you send them, if any, should be on the letterhead of a solicitor. Otherwise it will appear to them that you're toothless.

    Making the complaint to the Info Commish shows them you mean business. Going on about the history of Scn abuses isn't directly relevant to the content of your first two letters.
  36. Anonqwerty Member

    Re: Operation: Data Protection Shield

    What they said. Stay on target, no need to demand apologies, list their crimes or anything like that. Check if they are actually able to require a photo, and if they are, send one.

    Also, WTF!!!
    That sounds pretty fucking threatening to me.
  37. anonymoose Member

    Re: Operation: Data Protection Shield

    Nothing to see here, move along...
  38. Spork Member

    Re: Operation: Data Protection Shield


    Anonyunderpants, please don't send them a bank statement or any other personal details about you! Don't tell them where you work; that's none of their frackin' business. You shouldn't concede the point that they need any more info about you.

    Besides wasn't the whole point of the first letter to get them to stop harvesting info about you ... and now you want to send them _more_?
  39. anonymoose Member

    Re: Operation: Data Protection Shield

    Does the law say anything about its OK to cause a "reasonable amount" of distress and damage in using personal data?! Otherwise this sentence just seems bizarre. It's subtlely suggesting you've done something wrong or something. Weird. Get a lawyeranon to take a look at that- what does it mean?
  40. unidentified Member

    Re: Operation: Data Protection Shield

    They're referring to this

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins