38 Degrees website (not a very snappy name - it could imply "one degree of fever" above normal body temperature of around 37°C) has launched, which hopes to somehow emulate the success of "grassroots" political campaign movements like MoveOn.org, which successfully harnessed the internet to recruit activists and supporters and to raise money, in the USA.
It seems to be initially funded by various "green" environmental backers, principally from the legacy left by Anita Roddick of the Body Shop retail empire, and claims not to be tied to any political party.
Is there really enough funding available during the Economic Recession, for Yet Another "grassroots" campaign organisation in the UK ? Will existing campaigns suffer as result of this American style new entrant ?
This may well be good and "progressive" (whatever that really means).
However, there is a lot of snooping on "communities",on "political opponents" and on "grass roots" political campaign activists:which goes on in the United Kingdom, and which is intensifying under the unpopular Labour Government's "scorched earth" policies on freedom and liberty, and the right to protest peacefully, whilst they cling on to power until the next General Election e.g.
- Spy Blog: Hazel Blears and Sergeant Flanderka - "tension monitoring" i.e. snooping on local communities
- Daily Mail: State 'spying on Heathrow critics' as dossiers compiled of legitimate objectors to third runway are handed to police
- FRAW :Britain's Secretive Police Forces - NETCU, WECTU and NPOIU
What Data Protection precautions are 38 Degrees taking, to protect the Security and Privacy of their supporters ?
The 38 Degrees Privacy Statement gives details of
The Data Protection Manager
38 Degrees
8 Angel Gate
City Road
London EC1V 2SJ
There does not (yet) seem to be a published Register of Data Controllers entry for 38 Degrees, but that may be just due to the usual Information Commissioner's Office backlogs and delays.
There is, however, a Register of Data Controllers entry No. 4251274 for "Progressive Majority", who operate from the same address.
This one has all of the Data Purposes set to Worldwide.
There are good reasons for hosting the web site and email systems of a political pressure group outside of the United Kingdom, to preserve some privacy from political snooping and harassment by this Labour Government, by Police bureaucracy and commercial vested interests.
However, the 38 Degrees Privacy Statement makes the false claim that:
5. International data transfers
We do not and have no plans transfer data to countries outside the EEC and will change our privacy policy should this situation change.
"EEC" normally means the obsolete European Economic Community. Do they really mean the European Union (EU) or the wider European Economic Area (EEA) , which is includes the EU and other neighbouring non-EU countries. It is the EEA which is normally cited under the Data Protection Act, as they have relatively strong Data Protection laws.compared with those in the USA etc.
38 Degrees mention Google Analytics and Paypal, in their Privacy Statement (although the website does not yet carry a PayPal link), which make a nonsense of the "International data transfers" statement, as these are both based in the USA.
Their email MX records point to Googlemail.com, also on the USA
The actual 38 Degrees website [www.38degrees.org.uk - 69.25.201.226] is hosted on Blue State Digital's infrastructure, which is also physically, logically and legally in the USA.
We always worry about Data Privacy, when we see that Blue State Digital are being employed by a UK Political Campaign or Non Governmental Organisation etc., on the back of their involvement with the Barack Obama US Presidential campaign, since part of their toolkit of sophisticated email tracking technology, operates without Prior Informed Consent and seems to be unethical and illegal in the UK.
See our previous blog article: How sneakily are Blue State Digital tracking NGO political campaign emails ?
Neither the Email Sign Up form, nor the Financial Donations Enquiry form, nor the Paid Job / Volunteer interest form, make use of SSL / TLS Digital Certificate session encryption (https://) i.e. your personal name, address, phone number and email details are sent over the Atlantic unencrypted, in plain text, and easily snooped on by your local systems administrator or UK or USA based Internet Service Providers, or by the UK or US Governments etc.
The 38 Degrees website also includes a feature which should be boycotted by any sane UK political activist, namely the Load Email Contacts feature on the Send to A Friend page.
This involves handing over your Username and Password to one or more of several popular web email accounts, just so that Blue State Digital can automatically access those email accounts and slurp your Contacts list, to save you the alleged "effort" of copying and pasting such contacts as you might wish to email a campaign support message to.
This seems to use a Google API, and targets Yahoo, Hotmail, Gmail, AOL, MSN, Fastmail, Lycos and Mac email accounts.
Since the Send to a Friend form is limited to 10 contacts, there really is no excuse that someone might want to upload their entire Email Contacts book in this stupidly insecure way, so the suspicion must be that it will simply be abused as an email harvesting system.
The idea appears to be to pester your friends and acquaintances with a political message which they may or may not be happy to get, very akin to email spam attacks.
Why should 38 Degrees and Blue State Digital ever be trusted with the passwords to your email account(s) ?
They do not appear to have heard of the Data Protection concept of "informed prior consent", nor of Communications Traffic Data snooping and "guilt by association", as practiced by the Labour Government and its apparatchiki here in the UK..
Unless and until 38 Degrees are more honest in their Privacy Policy, and take some cheap and easy precautions to safeguard your personal data in transit, such as SSL Digital certificates, and provide an assurance that the data collected on their servers is subsequently strongly encrypted, then you should think twice about signing up with them, in the UK Surveillance State.
The 38degrees web site shows the registered number of the company that owns it, but not the name or legally required registered address. In fact the owner is the Progressive Majority company.