1. FOI and Chinese CCTV cameras

    Big Brother Watch is a UK organisation that campaigns to defend civil liberties and privacy. As such, they keep a close eye on the ‘surveillance state’: the degree to which authorities are monitoring citizens, and the ever-more sophisticated technology that enables them to do so.  

    They have recently been investigating the use of Chinese-manufactured CCTV cameras in the UK, submitting Freedom of Information (FOI) requests via WhatDoTheyKnow Pro as one part of their research.

    In doing so they’ve uncovered the full extent to which this technology has permeated our schools and colleges, local and central government and beyond. Linked with information about both the capabilities of the tech, and the ways in which these companies support the human rights violations of the Chinese state, Big Brother Watch’s recent report makes for disturbing reading.

    The campaign has caught the attention of government, and driven a change in policy over their internal usage of cameras. Hearing of this positive outcome, we were keen to talk to Big Brother Watch and find out more about their use of FOI, and their Head of Research & Investigations Jake Hurfurt filled us in.

    What can they see?

    Big Brother Watch opposes the rise of surveillance in this country, pointing out that the UK is one of the most surveilled countries in the world with an estimated 6 million CCTV cameras across the nation. 

    As a society we may have become more accustomed to CCTV in public areas, but most people aren’t aware of recent rapid advances in surveillance functionality — such as facial, gender and even race recognition. And until there is widespread understanding of exactly what these cameras can do, there can’t be informed consent. 

    Because of its affordability, Hikvision is the most common provider of CCTV equipment in this country, with Dahua in second place. Both companies are known to supply surveillance equipment that has been used to target ethnic Uyghur minorities in the Chinese province of Xinjiang.

    Finally, Hikvision software has known vulnerabilities that could be exploited by hackers — and in countries like the US and Italy, breaches have been noted where cameras were found to be ‘communicating with China’.

    That’s the background: so what prompted Big Brother Watch’s investigation?

    Taking a closer look

    Jake says, “We’d become aware of Hikvision’s dominance of the UK market. We had also seen the US and Australia move to restrict Hikvision and Dahua, given their links to the atrocities in Xinjiang and their cybersecurity flaws, and were concerned of the risks this posed to privacy and civil liberties in the UK, so decided to dig deeper.”

    And, given the methods by which other countries had brought about change in this area, they knew they’d need to be looking at public authorities. That meant that FOI, which gives everyone the right to ask public bodies for the information they hold, was an obvious choice: 

    “From the start the project was designed as a public-sector focused investigation. We could see that successful restrictions on state-owned firms in other countries had originated in the public sector. It was clear from the beginning that we would ask questions using FOI.”

    As Big Brother Watch’s report states, “Over 5 months, [we] submitted more than 4,500 Freedom of Information requests to a range of public bodies to establish where Hikvision and Dahua equipment is in use and what advanced capabilities this equipment has. Some subsequent focused requests were submitted to public bodies who confirmed they do use Hikvision cameras.

    “The public bodies included all secondary schools and FE colleges in England, all UK universities, police forces, NHS Trusts, all Oxbridge Colleges, all central government departments, the House of Commons, the three devolved administrations and the Greater London Assembly.”

    A survey of surveillance

    Our WhatDoTheyKnow Pro service is designed for people making large scale investigative FOI requests: it makes it simpler to send FOI requests to specific types of authority in a single batch, and keeps all correspondence private until you are ready to go public.

    Jake says, “We used WhatDoTheyKnow Pro to send an initial wave of requests to police forces, government departments and the largest local authorities in the country, which acted as a scoping exercise to see how widespread Hikvision & Dahua are from a selection of public bodies. 

    “Batch requesting and WhatDoTheyKnow’s built-in reminders of when it’s time to chase up a response have been useful. It was also useful in sending requests to public bodies who are hard to contact, as the contact address database is amazing. 

    “The other helpful feature was the ability to look across requests others have made in the past, to compare responses and see what kind of wording worked and which did not – it’s something I always do when conducting large FOI projects as I can learn from other’s experience in the kind of questions that are successful, or start by knowing more than I would have done otherwise.”

    Getting results

    You can read Big Brother Watch’s full report for all the details, but their investigation revealed that three out of five schools, 60% of hospitals, 31% of police forces, 53% of universities, and 73% of councils use Hikvision and Dahua CCTV cameras, representing, in total, 60.8% of our public bodies.

    Once the full extent of their usage had been quantified, it was time to get the word out to the people capable of bringing about change — the UK’s elected representatives.

    Jake says, “We sent the report to MPs and held an event in Parliament to complement the launch of the report, and we had a good reception.

    “Around publication we also got dozens of Parliamentarians to back a pledge to ban Hikvision, and working alongside other NGOs we have been heavily involved in advocacy around a number of bills to push for this. Big Brother Watch does a lot of advocacy in Parliament and the report has supported these efforts.”

    Subsequently, with Oliver Dowden describing them as “current and future possible security risks”, the Chinese cameras were banned from being installed in or on government buildings.

    Still campaigning

    The government may have cracked down on their own use of these cameras, but that still leaves thousands of institutions and private companies who may not even be aware of the capabilities or implications of the cameras they’ve installed.

    Big Brother Watch are pressing for further action and you can find their campaign page here. If you are concerned, you can add your name to a petition to request that Parliament pass a law to ban this type of CCTV; and you can add sightings of the distinctive cameras to a collaborative Google map.

    Thanks very much to Jake for filling us in on the details of how WhatDoTheyKnow played a part in Big Brother Watch’s wider investigation.

    You might also be interested to read our 2019 post on Privacy International’s investigation into police use of facial recognition.


    Our services help people investigate the vital issues that affect us all. If you're able, please donate to help us keep them running.
    Donate now
  2. New in Alaveteli: hiding individual attachments

    At our Freedom of Information service WhatDoTheyKnow, when faced with requests to remove material, we operate on the principle of removing the minimum amount possible.

    Alaveteli, the codebase which underlies WhatDoTheyKnow and a number of other FOI sites around the world, gives moderators a range of options for removing content – with the ability to surgically remove text ranging from individual words and phrases, to individual messages, or even entire request threads. This is useful when we spot misuse of our service, for example.

    What we’ve been lacking, up until now, was a way to apply these types of removals to attachments.

    Back in the early days of WhatDoTheyKnow, attachments were less common, but now we see many more: there can often be several attachments to one individual message.

    Over the last few years, there have been occasions where we’ve had to remove an entire message, which may contain several useful attachments, just because of a small issue with one of them.

    We’d then go through an annoying manual process to download the publishable ones, upload them to our file server, and then annotate the request with the links – here’s an example.

     An FOI response, above which is the annotation: We have redacted a name from one of the released documents, acting in line with our published policies on how we run our service. We have republished the response and attachments in an annotation below.

    Back in 2013, when the original suggestion for enabling finer grained control was raised, the site contained around 400,000 attachments. There are now more than 3,500,000! We don’t remove content often, but at this scale it’s inevitable that we need to intervene now and then.

    After a little code cleanup we were able to make individual attachment removal a reality. This allows us much more control over how we balance preserving a historic archive of information released under Access to Information laws, and running the site responsibly and meeting our legal obligations under GDPR.

    As an example, let’s imagine that the FOI officer replying to our request inadvertently makes a data breach when releasing some organisation charts in `organisation chart b.pdf`.

    A fake FOI response in which the officer releases an organisational chart.

    Previously we’d have had to have hidden the whole response. Now, we can go into the admin interface and inspect each individual attachment.

    A list of file attachments

    We can then set our usual “prominence” value – offering a few options from fully visible to completely hidden – and include a reason for why the content has been hidden. We always seek to run the site transparently and explain any actions taken.

    Prominance: Hidden.Reason for prominence: attachment contains significant data breach

    On saving the form, you can see that only the problematic attachment has been removed, with the remainder of the response intact. This saves us considerable time when reviewing and handling material with potential data issues, and keeps as much information published as possible while we do so.

    Response with one hidden attachment

    As an extra bonus, since the main body text of emails is also treated as an “attachment” in Alaveteli, we’re now able to hide potentially problematic material there without affecting the attachments we present.

    A list of file attachments

    We’ve already used this feature several times to republish material where we’d previously had to hide the entire message due to the technical limitations at the time.

    Image: Kenny Eliason

  3. Notes: giving our users more information

    Alaveteli is our platform for running Freedom of Information websites — it underpins WhatDoTheyKnow as well as many other sites around the world. It’s made up of many interconnecting elements, but a key part is the database of public bodies.

    On WhatDoTheyKnow, we list over 42,000 public bodies that are subject to FOI and EIR – possibly one of the largest databases of public bodies in the country. Along with their name, we record information like their FOI request email address, publication scheme and disclosure log URLs, and we categorise them so that they’re easier to browse and make requests to.

    We often want to add additional insight to help citizens understand more about the public body. This can vary from body to body, from describing the information they hold, what they don’t hold, guidance around how to challenge their poor FOI-handling practices or why we list them when they’re not currently subject to FOI.

    We do this via what we call “notes” – a free-text field per authority that admins can update with whatever information is useful for the particular body.

    We often find we need to add or update the same note for a group of authorities — for example, we added the same note to all Business Improvement Districts to explain our reasons for listing them. 

    This can be a major challenge. We list nearly 300 BIDs, and updating each manually, one at a time, would be a several-hour ordeal. An alternative is for our developers to write a quick one-off script to update the text, but that comes with a coordination cost, and can be tricky to work around other text that may be present in the free text field that we want to preserve.

    One of the behind-the-scenes ways we manage the categorisation of authorities is through tags. Many of our other records have the ability to add tags too.

    A picture of several tags, including ones like 'Cardiff' and 'Wales'

    This led to the thought that it would be great to be able to apply a note based on a tag, rather than only having one note field per authority. This would allow us to more quickly add useful information to groups of authorities.

    Another issue we wanted to solve was to be able to add notes to content other than public bodies, like FOI requests for specific types of information and our category lists. In particular we wanted to be able to celebrate requests that led to particularly useful public interest information being released or having wider impact, and also to add clarification around requests that may be misinterpreted.

    We’ve received funding from the Joseph Rowntree Charitable Trust to help support marginalised communities to make more well-formed requests, and to more effectively use the information they obtain to engage with and influence authorities in a way that contributes to fairer decision-making. Thanks to this, we were able to add this underlying capability, which we can use to continue to help users more easily understand how to navigate the complexities of public authorities and what information they hold.

    The first step was to extract the existing notes to a new generic Note model that could be attached to any other record. Ruby on Rails makes this easy through its polymorphic associations.

    We then needed an interface to allow admins to list and search tags for each type of record that has them, and browse all records that are tagged with a particular tag.

    A list of authorities as tags, all starting with the letter A

    A list showing which tags have been applied to each authority

    As well as it being generally useful to be able to browse our database through our tags, this gave us a place to add our new functionality for adding a note based on a tag.

    While Rails’ polymorphic associations make creating a link between one record and another really easy, they don’t cover creating the link through a free-text tag. Fortunately, it took nothing more than a few lines of code to link up notes that are directly associated with a single record, and notes that are applied via a tag.

    Now our public bodies can have notes applied to them and only them, and also notes applied to several authorities based on their tag.

    An authority with two tags applied, as described in the text that follows

    In this example, the Environment Agency has some specific notes about it, but since it’s also a local lighthouse authority, we can apply the relevant notes simply by tagging the authority record and the notes for local lighthouse authorities will automatically get applied. Magic!

    What individual messages look like on the Environment Agency page - a box at the top

    We’ve also applied this pattern to information requests. Now, we can add notes to individual requests, like this example that points to another source for obtaining the information…

    ATOS Anne

    …or applied via a tag so that we can point citizens interested in the climate response to the authority’s CAPE page.

    ATOS

    So far we’ve created 46 notes that get applied via a tag. These notes are applicable to 7,998 requests and 15,283 authorities. Using a rough guess of 30 seconds to manually apply a note to a record, it would take 11,640.5 minutes – 8 full days, or 25 working days – to do so for each of these requests and authorities. This just wouldn’t have been possible before.

    This new feature unlocks a whole new avenue for us to support citizens and users that we just wouldn’t have had capacity for otherwise.

    Image: Keila Hötzel

  4. Scoring councils’ climate action: how FOI is helping

    Last year, mySociety provided technical support to Climate Emergency UK (CE UK) for their Council Climate Scorecards project, which marked every UK local authority’s climate action plan across 78 different areas. The resulting data made clear where plans were adequate, and where there was still work to do. It has informed campaigns, researchers, news stories and councils themselves, as well as feeding into government-level policy.

    But plans are one thing, and putting them into action is quite another — not to mention, rather more crucial. So this year, CE UK have set themselves the task of scoring councils on the progress they’ve made on climate action.

    To do so, they’ll be using many of the same methods they put to such good effect in the Action Plan Scorecards: they’re currently assembling teams of volunteers (want to get involved? See the end of this post) that they’ll train up with the research skills needed to scrutinise such a huge body of data accurately and with a good understanding of the issues at hand.

    Scoring the plans may have seemed like a big task, but at least they are documents which were  — to a greater or lesser extent — possible to find online. Action, of course, happens in the real world, so some different methods are required. 

    CE UK’s methodology for the Action Scorecards can be seen in detail here; it relies not just on the councils’ own reporting, but on a number of different documents and news reports. And where the information can’t easily be found in the public arena, they’ll be submitting Freedom of Information requests.

    Of course, this is an area in which we at mySociety have long experience, so our Transparency team is helping out. CE UK will be using our WhatDoTheyKnow Pro service to send the large batches of FOI requests and manage the responses; once the Action Scorecards are launched, the data will, of course, be made public for everyone to access.

    With our help, the requests have been refined to provide minimum disruption to busy council officers; at the same time, we hope that these requests, which are all for information that really should be available — energy standards for council-operated housing, for example, or numbers of staff members in climate-related roles — will encourage more proactive publication of data, so that it won’t need to be requested in future years.

    We’ve also been able to advise CE UK on forming good FOI requests that will surface the required information.

    Because of CE UK’s training strategy, we’re delighted that this knowledge will be passed on to their cohorts of volunteers, effectively informing a new tranche of citizens on how and why to use FOI responsibly.  They’ll be helping to classify the responses and compile useful datasets through our early-stage FOI collaboration tool.

    We’re proud to be supporting this important work from a climate perspective, too: councils have a crucial role to play in cutting emissions, and there’s an obvious public interest in how they go about doing so — how they allocate public funds, how effective their interventions are, and whether they are on track to reach carbon zero by their self-set deadlines.

    All in all, the small team at CE UK have embarked on a massive but vital task. Can it be done? Their approach, as always is: there’s only one way to find out, and that is to try it!

     —

    If you’re interested in helping out, there’s still time to apply to be a volunteer — closing date is this Thursday though, so hurry! You’ll be working from home, trained up via online webinars and then helping to collect data as part of this huge effort. Sounds good? More details are here.

  5. All the fun of the FOIA

    On 21 December, we added the National Centre for Circus Arts as a public authority on WhatDoTheyKnow, making it easy for anyone to send them a Freedom of Information request. We could have left it off the site and let our users find the email address themselves, but we didn’t want them to have to jump through hoops.⭕

    Joking aside, this is a valid addition to the site — see below for more details about why this college is subject to the FOI Act — and one where we can imagine some interesting requests being submitted.

    For example, one could ask for copies of the risk assessments used for the various circus skills taught to students — we imagine these would contain quite a bit of detail.

    A procurement list might throw up some items you wouldn’t see from other education institutions, like juggling equipment, unicycles or clown shoes.

    Prospective students who want to understand more about their chosen course’s application procedure and admission statistics often submit requests to UCAS, but applications for the National Centre for Circus Arts are handled directly (which makes sense: it would be hard to evidence circus skills on an UCAS form!).

    Instead, anyone looking for more information about how the application process works could submit an FOI request directly to the college. 

    In addition, there is a wide range of requests that can be sent to almost any public authority on matters such as the use of public money, minutes of meetings, policies, letters, emails and contracts. All of these might have uniquely circusy angles when applied to this particular institution!

    Some decisions are in-tents

    It’s not always easy to work out whether a body is subject to FOI. For some bodies it’s really simple: they’re listed by name in Schedule 1 of the Freedom of Information Act 2000 (or the Scottish equivalent). 

    The National Centre for Circus Arts isn’t named here, but Schedule 1 does include references to definitions contained in other laws.  

    In the course of recent work to find more bodies to add to WhatDoTheyKnow, our volunteers have read and interpreted three pieces of legislation and an official register to work out which higher education institutions are subject to FOI. 

    The upshot of our research is that we consider that all bodies listed on the Office for Students register as “Approved (fee cap)” are subject to FOI. This includes the National Centre for Circus Arts (registry entry). Helpfully, the Centre acknowledges the fact that it is subject to FOI on its website which not all higher education institutions do – kudos for that.

    UK higher education institutions walk a tightrope between the public and private sectors. They are subject to rules such as competition law that are normally relevant to private business, whilst at the same time being subject to laws that apply to the public sector such as the equality duty and FOI. It’s quite a lot to juggle. 🤹

    Interestingly, the debate about the role of circuses in public life goes back to Roman times where the provision of food and entertainment to the poor were used to gain political power.

    WhatDoTheyKnow lists a number of obscure public authorities on the site ranging from the Crown Estate Paving Commission to the Treasure Valuation Committee but the National Centre for Circus Arts is certainly one of the more unusual higher education institutions we list. There can’t be many places where people jump through fire for their graduation (page 13 of the 2023-24 prospectus).

    In conclusion, if anyone is planning to run away during 2023 then please be advised that with this addition, WhatDoTheyKnow has both the sea and the circus covered. 

    We wish all our users a happy and healthy 2023.

    Image: Jonny Gios

  6. The 12 days of FOI

    We’ve had 109,653 Freedom of Information  and Environmental Information Regulations requests made on WhatDoTheyKnow this year. In the run up to the end of 2022 here’s a countdown of 12 of the more unusual ones that have caught our eye this year…

    12: Bats

    National Highways released 1.25 TB of bat survey data carried out for the Arundel bypass scheme. This was made up of over 115,000 files, that included 786 videos – that’s over 250 hours of footage – 54,570 audio files, 354 spreadsheets and 2,532 images.

    We like this because we think it is the largest ever release of information, and as the climate crisis brings urgent challenges for our public institutions to address, access to environmental information will be increasingly valuable to businesses, campaign groups and the general public. You can read more about this release here.

    11: Vaccines

    Scientist in laboratory looking at samples

    The Medicines and Healthcare Products Regulatory Agency released the nucleotide sequences of the AstraZeneca & Pfizer/BioNTech Covid-19 vaccines used in the UK, after an initial refusal was overturned on review. The response says the companies involved consented to the release.

    We liked this because it is a great use of FOI to get such important medical information released and available in the public domain.

    10: Bins

    Squirrel sitting on a litter bin in a park in the autumn

    Sheffield City Council released the location of every public bin in the city.

    We liked this because not only is it really useful information; it is the sort of data that councils should be making freely available to citizens.

     

     

     

     

    9: Underground

    Diagram of Edinburgh City centre sewer and cable planEdinburgh City Council released the sewer and cable plans for parts of the city centre.

    We liked this because they are chaotically beautiful — not what you’d expect from an underground asset plan.

     

     

    8: Textbook

    The front cover of an Open University text bookThe Open University released a full textbook in response to a request for the information held on the Early modern Europe: society and culture c.1500-1780 module(s).

    We liked this because it’s not not often that you see full textbooks being released.

     

     

     

    7: Tower Bridge

    Tower Bridge in London with a partially cloudy skyThe City of London Corporation released a list of the past Tower Bridge lift dates, times, and vessel names from the start of 2022 until now.

    We liked this because it generated a long and sometimes amusing conversation on Reddit.

     

     

    6: War memorabilia

    Picture of a hand written world war two medal cardThe Ministry of Defence released a WW2 medal card.

    We liked this because we’ve never seen something like this obtained by FOI before.

     

     

     

     

    5: Honours board

    The Charter Trustees of the Town of Margate released their Freedom of the Town list in a more unusual format.

    We liked this because the information released was a photo of a painted wooden board. This is, after all, still a form of recorded information — and a nice permanent one.

     

     

     

     

     

    4: Seaside nuisance

    Brighton seafront in the sunshineBrighton & Hove City Council released a copy of all of the bye-laws that apply to the seafront.

    We liked this because of the phrase: “no annoying gramophones on the beach”, which may be a slightly outdated view of the worst possible noise nuisance.

     

     

     

    3: Big cats

    Panther sitting in the grassNorth Wales police released the details of big cat sightings in 2021.

    We liked this because the information disclosed in the request was used for a number of news articles in Wales.

     

     

     

    2: Library books

    person sat on a chair reading a book in a libraryOne of our users has been doing some research into the top 25 books borrowed from libraries in 2021; here’s an example of one of them.

    We liked this because it’s fascinating to see what books people are choosing to read, and how this varies between different areas of the country.

     

     

     

    1: Trains galore

    Engineering drawings

    And finally, here at WhatDoTheyKnow the team are all big fans of trains. This means we tend to notice the more interesting disclosures on train related topics. Here are some of our favourites from this year:

     

     

     

    a. Network Rail released the engineering drawings that were produced during the construction of the London & South Western Railway’s station at Branksome, near Bournemouth in the mid to late 1800. 

    We liked this because the drawings are beautifully crafted and not something that we get to see very often.

    b. Northern Trains Limited released the .wav file of the two jingles used for their station automated announcements system.

    We liked this because it’s unusual for audio files to be released and we’ve found so many uses for this!

    c. London North Eastern Railway Limited (LNER) released some information about the voiceover artists used for the automated announcements on the Class 800 and Class 801 fleet of trains

    We like this because it shows that FOI responses don’t need to be formal or complicated; they just provide, where possible, the information that the request-maker has asked for. LNER is  particularly good at this.

    d. Transport for London released 3D station layout drawings for the Elizabeth line.

    We liked this because it’s really interesting to see how the new stations on the Elizabeth line have been designed, and how the layout works with their surroundings.

     

     


    We hope you enjoyed 12(ish) of our favourite FOI requests from this year.

    You can find out more information about the WhatDoTheyKnow service and  how to make requests on our help pages.

    If you’d like to help WhatDoTheyKnow keep up their good work, you can help in two ways, either by volunteering us or by making a donation, any amount small or large is greatly appreciated.

    Image credits:

    Vaccines CDC; Bins Charlotte Harrison; Tower Bridge: R Spegel; Brighton seafront Tom Wheatley; Big cat: Mana5280; Library: Dollar Gill

  7. WhatDoTheyKnow Transparency report: 2022

    WhatDoTheyKnow is a project of mySociety, run by a small team of staff and dedicated volunteers.

    In 2022 WhatDoTheyKnow users made 109,653 Freedom of Information requests via WhatDoTheyKnow.

    Those requests, and the responses they received, are public on the website for anyone to see.  

    What’s not quite so visible is the work that the WhatDoTheyKnow team, which is largely made up of volunteers, do behind the scenes.  

    Some of their most difficult calls arise around the removal of information. WhatDoTheyKnow’s guiding principle is that it is a permanent, public, archive of Freedom of Information requests and responses, open to all.

    The team works incredibly hard to maintain the archive in the face of challenges, including the reduction of legal risks; dealing fairly and transparently when people ask for information to be removed from the site; answering users’ questions; supporting citizens to use their rights to FOI; dealing with misuse of the service which breaches our house rules inappropriate content and keeping everything ticking over.

    Our default position is not to remove substantive public information requests and responses; however, we act quickly if problematic content is reported to us. And, to help everyone understand exactly what has been removed and why, where possible we record these details on the request page.

    To allow for a full 12 months of data, the date range used throughout this report is 1 November 2021 to 31 October 2022.

    Headline facts and figures

    • 16,354,872 visits to WhatDoTheyKnow.com this year.
    • 16,217 new WhatDoTheyKnow user accounts created this year, taking the total number of accounts to 239,540. This represents an increase of 7.6% in the total number of site users since last year.
    • 8,912 total number of email threads in the support inbox in 2022… that’s an increase of 11.2%, making it all the more crucial that we continue to recruit volunteers to help spread the load.
    • 1,381 requests hidden from WhatDoTheyKnow in 2022
      …in the context of 109,653 requests made in the year, and a total of 867,303 requests currently published on the site.
    • 171 published requests where we redacted some material in 2022
      …usually due to the inappropriate inclusion of personal information, or defamation.

    And in more detail

    Requests made on WhatDoTheyKnow flagged for our attention

    The table below shows the reasons that requests were reported by our users via the site for admin attention this year. 

    Note that we also receive many reports directly by email, so while not comprehensive, this is indicative.

    Reason for attention report Total number
    Vexatious 117
    Not a valid request 109
    Contains personal information 89
    Request for personal information 85
    Contains defamatory material 33
    Other 642
    Total* 1,075

    *The number of requests flagged for attention this year is up 40% on last year. This is largely related to a single campaign of misuse.

    Material removed from the site

    The following tables show where members of the admin team have acted to remove or hide requests from WhatDoTheyKnow in the last year, and the reason why.

    At WhatDoTheyKnow  we have a policy of removing as little material as possible, while seeking to run the site responsibly and take different viewpoints into account. Removing substantive FOI requests and responses is a last resort and something we do very rarely. However, we act quickly to remove problematic material.

    Request visibility Total number
    Discoverable only to those who have the link to the request 2
    Visible only to the request maker 1,282
    Hidden from all site visitors 97

     

    Reason for removing from public view Total number**
    Not a valid FOI request 1,117
    Vexatious use of FOI 43
    Other (reason not programmatically recorded*) 221

    * Current processes do not create an easily retrievable list of reasons beyond the two above, however due to site improvements made in autumn of this year we expect to be able to provide more detailed information on this in the future.

    ** The number of requests hidden or removed from the site this year is up by 68% on last year. As above, this increase is largely related to a single campaign of misuse. 

    Censor rules (targeted redactions to hide the problematic part/s of a request) Total number
    Number of censor rules applied 746
    Number of requests with censor rules applied 171
    Number of requests with censor rules applied which are still publicly visible, but with problematic material hidden 165

    * Censor rules are used for many purposes, including redacting problematic content and removing personal data which should not be present

    Cases relating to GDPR rights 

    These are typically cases relating to requests to remove data published on the site as per the rights afforded under GDPR, the UK’s General Data Protection Regulations.

    Right type Total number of cases*
    GDPR Right to Erasure 214
    Data breaches by third parties 79
    GDPR Right to Rectification 15
    GDPR Right of Access 21
    Data breach – internal** 6
    GDPR Right to Object <5
    Total 340

    * Not all issues raised resulted in material being removed from the site.

    * “Data Breach – internal” refers to cases where WhatDoTheyKnow has identified that a data breach may have been caused due to our own staff actions. We take our obligations seriously, and use such instances as a learning opportunity, so these are recorded by us even if very minor, and often when they’re nothing more than a near miss.

    High risk concerns escalated for review 

    Our policies ensure that certain issues can be escalated for review by the wider team and, where more complex, by a review panel that includes mySociety’s Chief Executive. Escalation is typically prompted by threats of legal action, complaints, notifications of serious data breaches, potential defamation concerns, safeguarding, complex GDPR cases, or cases that raise significant policy questions.

    Case type* Total number
    Defamation 49
    Data breach 40
    GDPR Right to Erasure 33
    Complaints 19
    Safeguarding / Public harm 13
    Takedown 13
    GDPR Right of Access 9
    Police user data requests 7
    Site misuse 7
    Data breach – internal 5
    Other 39

    * Email threads may be either automatically categorised by the system, or manually categorised by the WhatDoTheyKnow admin team on the basis of the information given by the person reporting them. Some cases can relate to two types: for example a GDPR Right to Erasure request may also be a complaint. For the purposes of this table, such instances have been included in the counts for both concerns.

    Users

    User accounts Total 
    WhatDoTheyKnow users with activated accounts 239,540
    New user accounts activated in 2022 16,217
     
    Reason for banning users in 2022 Total 
    Spam 2,160
    Other site misuse 300
    Total number of users banned in 2022 2,460
     
    Anonymisation* Total 
    Accounts anonymised in 2022 139

    * Accounts are anonymised at the user’s request, generally to comply with GDPR Right to Erasure requests.

    Users are banned and their accounts may be closed due to site misuse and breach of the House Rules. Anonymised and banned users are no longer able to make requests or use their accounts.

    User data requests

    The table below shows the number of requests that we received from third parties for the personal data that we hold on our users in 2022. Details of which types of data we hold can be found in our privacy policy. As stated in our privacy policy, we do not provide this information to anyone else unless we are obliged to by law, or the user asks us to.

    Type of request Total 
    Police/law enforcement requests for user data 7
    Other requests for user data 6

     

    Material released Total 
    Number of requests, where court orders were produced and we provided the material as required 2

     

    Thank you for reading

    We produce this report as we demand transparency from public authorities and it’s only right that we also practise it ourselves. 

    Additionally, we hope that the report goes some way to showing the type of work the team do behind the scenes, and that running a well-used site like WhatDoTheyKnow is not without challenges.

    If there are specific statistics that you’d like to see in subsequent Transparency reports, or you’d like to know more about any of those above, do drop the team a line

    If you’d like to help WhatDoTheyKnow keep up their good work, please consider volunteering or making a donation. Any help small or large is greatly appreciated.

    Image: Meriç Dağlı

    .
  8. How to find out the history of an ex-military Land Rover

    Suppose you’ve bought a Land Rover but you don’t know anything of its history. Might it have had an exciting past as a military vehicle? Has it had any major faults in its previous life? Freedom of Information is one way to find out.

    And indeed, a number of people have been using WhatDoTheyKnow to discover more about the history of their ex-military Land Rovers by making a Freedom of Information request to the Ministry of Defence.

    What information is available?

    We’ve seen requests both for the military service history of a vehicle (for example which military units it was assigned to) and the maintenance record (details of inspections, servicing, faults and repairs). 

    Any information held is generally provided free of charge to anyone who asks — there is no requirement to prove that you are the owner or keeper of the vehicle. Here are some examples:

    How to make a request

    Freedom of Information (FOI) requests can be made in public by using the WhatDoTheyKnow website to  ask for information from the MOD. We would obviously prefer that people use our site, but FOI requests can also be made by writing a letter or sending an email.

    Many of the requesters include both the chassis number and the registration number in the request, to help the MOD identify any relevant information held. 

    Will I get the information I ask for?

    In some cases, information may be withheld using exemptions contained in the Freedom of Information Act 2000. For example, the MOD tends to redact the time taken to carry out repairs, to protect the commercial interests of the businesses they contract for this purpose. 

    In rare cases, information may be withheld in order to safeguard national security or to protect the UK’s defensive capabilities. 

    The MOD has publicly released a copy of the MERLIN database, in which details of military vehicles are recorded, and it may be worth checking that first if you are interested in making a request.

    In the case of some previous FOI requests, where no information is held, the MOD has advised requesters that the Royal Logistic Corps Museum may be able to assist with their research (see for example this MOD letter of 25 September 2018).

    Reasons that public authorities keep records about assets they no longer hold

    The requests about ex-military Land Rovers highlight the fact that public authorities often hold records about assets they no longer own, and that in some cases this information will be of value to the new owners.  

    There are various reasons why records are kept after the asset is sold or otherwise disposed of. One is to help people who may have queries in the future. A great example of this practice is referenced in a response by Aberdeen Council to an FOI request made through WhatDoTheyKnow in June 2021.

    The electronic record held by Aberdeen City Council […] not only lists everything we have, but also everything that we once had as well. This is to ensure that we have a records trail for future research/provenance etc”.

    Usage of FOI law in the UK

    We think the requests about ex-military Land Rovers are interesting because they show the versatility of the UK’s FOI legislation. 

    Not every FOI request has to be about holding public authorities to account: requests can simply be made for information that people find useful for their businesses, their hobbies or their everyday lives. Making such requests in public helps other people who might be interested in making a similar request themselves. In addition,  if there is an important public interest story hidden in the response, making the request in public maximises the chances that someone will find it.

    Image: AlfvanBeem, CC0, via Wikimedia Commons

  9. Help WhatDoTheyKnow find contact addresses for public authorities

    You can send Freedom of Information requests to more than 45,000 public authorities on WhatDoTheyKnow. For each of those authorities we need an email address to send those requests to, which means we often need to do some maintenance to keep everything up to date.

    For some authorities in our database we don’t have a working email address. We might have had one in the past but it’s now out of date, or the authority might have merged and taken on new contact details – there are many reasons for missing email addresses, but they all leave us in the same predicament: we don’t know where to send your FOI requests for those bodies.

    Can you help us find them?

    If you have a little time to spare, a small amount of Googling could be a really big help for our users. Just five minutes here and there is all that’s needed to do a little bit of research to find the correct address.  

    We’ve made a list of all authorities with a missing email address

    The best starting point is almost always the authority’s website. Look for a dedicated contact email address for Freedom of Information requests.

    Top tips for searching:

    • Check the contact page.
    • Check the footer on the homepage.
    • Try looking for Freedom of Information policies or Publication Schemes,  or sometimes an email address can appear in the privacy policy.
    • Remember some public authorities such as schools and parish councils have very similar names, so make sure you are looking at the right one.
    • If you can’t find a website for the authority itself, there are some other places that you can look: for example the NHS services site  or the Get Information about Schools site.

    Once you’ve found the right place, make a note of the contact email address. We prefer to use generic email addresses, for example that starting with foi@ or information@ as these tend not to change so often, so if there are multiple addresses given, these are the best ones to go for.

    Let us know

    If you find some of these missing email addresses please let us know.

    We need both the new email address and the source (website address) where you found it, so we can verify the information.

    You can send us this information by clicking on “Ask us to update FOI email” link on the public authority’s page. Just fill out the form with all the details that you’ve found.

    Screenshot of pubic authority page on WhatDoTheyKnow showing where you can find the “Ask us to update FOI email" link
    Then our team of volunteers will use your input  to update the database, and you’ll have ensured that people can make requests to the authority. That’s a really useful result.

    Time poor but rich in other ways?

    We know that your time is very precious and not everyone has the opportunity to help us out with tasks. If you are able to make a donation instead, that is also very helpful toward keeping our FOI service up and running.

    Your contributions, however small, really help. Donate here.

     

    Image: Marten Newhall 

  10. A change in the monarchy: how it does (and doesn’t) affect FOI

    [UPDATE: Since this post was published, the 19 September has been declared an official bank holiday – our assumption in the final section of this post, that ‘no bank holiday will be formally declared’, and the conclusions we came to as a result, were incorrect. We’ve updated the section accordingly.]


    On 8 September 2022, Buckingham Palace announced the death of Her Majesty Queen Elizabeth II. 

    mySociety runs the WhatDoTheyKnow website, which lists many authorities related to the monarchy, the Royal household and associated offices. 

    As a non-partisan UK registered charity, we recognise that some of our users will view the monarchy as being a political institution, while others will not. We ask all our users to be respectful in their communications and to continue to follow our House Rules.

    The constitution of the United Kingdom

    When a monarch dies in the UK, they are immediately succeeded by their heir, even before the coronation has taken place. The Demise of the Crown Act 1901 provides that the holding of any office under the Crown is not to be affected in any way by the death of the reigning monarch. 

    What this means in practice is that Government ministers, civil servants and military personnel continue to hold office and that public authorities will continue to exist without interruption. Where this becomes relevant to WhatDoTheyKnow is that FOI requests do not need to be resubmitted.

    The names of public authorities

    Where appropriate, our volunteers will update the names of public authorities and the notes on the site to reflect the fact that King Charles Ⅲ is now the Sovereign of the United Kingdom. For example, we will rename the Queen’s Printer for Scotland to the King’s Printer for Scotland when the authority publicly updates its name.

    Not all bodies with “Queen” in the name need to be renamed. For example, The Queen’s College, Oxford was named in honour of Queen Philippa of Hainault and does not require a change. A number of schools and other public bodies were named in honour of Queen Elizabeth II, such as the Queen Elizabeth II Conference Centre and we’d expect that they will continue to use their current names.

    We’ve also updated the site to take account of the fact that Prince William is now the Duke of Cornwall. Under a royal charter from 1337, the position of Duke of Cornwall is held by the eldest son to the reigning monarch provided he is heir to the throne.

    We have never listed the monarch as a public authority on WhatDoTheyKnow, but we continue to list the Royal Household.

    Accession Council

    We expect the Accession Council to convene shortly at St James’s Palace. The Accession Council is a body that meets twice following the death of a monarch. The purpose of the first meeting is to formally announce the death of the monarch and proclaim the succession of the new sovereign. The second meeting will be the first Privy Council meeting of the new monarch.

    National mourning

    The day of the state funeral will be a day of national mourning in the UK, and has now been formally declared as a bank holiday.

    This means that WhatDoTheyKnow will automatically treat 19 September as a non-working day for the purposes of calculating the time limits for complying with Freedom of Information requests. Even before we understood that the day would officially be a bank holiday, we had made this adjustment. This would have meant that our position differed from the position set out in FOI law; however, we believed it to be the most reasonable approach in the circumstances.

    Bank holiday matters aside, we encourage people making FOI requests to recognise that some employees of public authorities will have a higher than normal workload at present and to be patient and courteous when dealing with public officials.

    Image: Public domain, via Wikimedia Commons