Skip to content


“Accident Advice Helpline”, 0161 854 1173 , Where Did You Get My Number?

A Case of Curious Coincidences…

Put on your citizen’s journalism hats, because we’re about to go on an investigative adventure.

UPDATE: More unsolicited calls recently from 0161 854 1214 where no message is left — unverified as to whom this is at this stage. It seems reasonable to presume that this in the same range of phone numbers, given the MO.

I have received a number of calls from 0161 854 1173 recently (May 2018). A voicemail message is never left, but if you pick up, you always hear a very short extract of hold music before you are connected with a person (automatic dialer, perhaps?) The agent typically identifies themselves as from the “Accident Advice Centre” or “Accident Advice Helpline”.

I have made a number of call recordings of my interactions with this phone number. I stress that these recordings have been made lawfully, as incoming calls to my number automatically play a pre-recorded message “this call is recorded” before the ringing begins, thanks to my service provider. (A recorded message stating that the call is recorded is common practice in that it is similar to the recorded messages that one hears when calling up companies.)

I was of course curious who was calling and how my phone number had been obtained.

Me: “I’m just wondering really where the number that you’ve called came from? I mean, obviously —”

Agent: “Oh, your number, sorry, sir? Your number?”

Me: “Yes. Yeah, yeah, yeah.”

Agent: “Ah, right, I do apologise. I thought I — no — no worries. Yeah, we work off the Accident Portal1, sir. So when you ring your insurance and tell them about your accident, er, it comes under what you would call the Accident Portal. Now [inaudible] organisations that have access to the Accident Portal, OK? The DVLA, the Accident Advice Centre, that’s us, the Motor Insurance Bureau and the DVLA2. Sorry, the [inaudible], the DVLA and your insurers.”

Me: “You’re a government organisation?”

Agent: “We are a [government/governing]3 body, OK? Er, we were set up to make sure your insurance companies are doing their job correctly. Also just to make sure the complaints[?] OK and happy with your insurance [inaudible] and everything, and just to make sure you know, you’ve received all your requirements — your legal, erm, payments and stuff. Now—”

Me: “What I’ve [inaudible] is to find out information about your organisation, because I’ve struggled on a number of occasions to actually find out any more.”

Agent: “Say again, sorry?”

Me: “I’ve struggled on a number of occasions to actually find out any more information about your organisation.”

Agent: “Just bear with me one second, I’m going to get my manager, OK?”

Me: “I tend to start asking these questions and the call seems to be cut off.”

Agent: “Right, well, why did you think your call seems to be getting cut off?”

Me: “I don’t know.”

Agent: “Is this our company you’re talking about, or…?”

Me: “Yeah, calls from this number. The number you are calling from, and, yeah, I seem to ask for information about the organisation and then I don’t seem to — the call doesn’t seem to stay, uh, connected.”

Agent: “Are you just looking at the [inaudible], because that’s just an area code, so it could be a million, um, you know, a million people calling you.”

Me: “— the full phone number”

Agent: “Let me just see who’s called you in the past, give me one second.”

Agent: “Yeah, I can see that our, our, our, my colleague [name] tried contacting you. Erm, but she put it down to answering machine, like, we couldn’t get hold of you, and that’s why it’s come back through today.”

Me: “Yeah, as I said, it’s not the first call. I’ve had a number of calls, but, um…”

Agent: “Right, so are you aware of the compensation that has been set aside for you, Peter? — — Hello?”

Me: “Again, what I’m wondering about is more information about your organisation.”

Agent: “Right, like I said— That’s completely fine, obviously you’re only [inaudible] obviously want to know who we are and make sure we have your best interests at heart. Erm, just bear with me and I’m going to get my manager, she’ll just come over and give you a bit more of an explanation of who we are and why we are calling you, OK?”

Me: “That would be great, thank you.”

1: The closest thing to “Accident Portal” I can find is “Claims Portal Limited”, a “a tool for processing low value personal injury claims”. I have no evidence that this is the “portal” in question, however. Investigations into whether Claims Portal Limited have my data are ongoing. Unfortunately, this company’s website Terms of Use prohibit me from linking to them without prior consent, so you will have to use a search engine yourself. (“You may not provide a link to this web site from any other web site without first obtaining Claims Portal Ltd’s prior written consent.”)

2: It’s credible that there is a database of incidents for legitimate organisations like insurance companies. That data presumably would be processed for the purposes of the prevention and detection of fraud. It certainly would not be permitted to use the data for “leads” for claims management companies, especially if the data subject is not specifically aware of the data processing in the first place.

3: It’s not clear enough to distinguish between these two words in my recording. I did want a clear answer as to whether they were identifying themselves as some kind of official body, or as a for-profit company. We’ll discover more about the identity of the organisation later.

After a brief interlude, the manager spoke with me. I asked for the full organisation name and the registered office.

Manager: “It’s the Accident Advice Helpline, OK?”

Me: “OK, so that’s Helpline. Is that Limited?”

Manager: “It’s just the Accident Advice Helpline. So basically we make the follow-up calls, Peter —”

Me: “—  the name of the organisation.”

Manager: “Accident Advice Helpline. Yes?”

Me: “OK, so not Accident Advice Helpline Limited…”

Manager: “Yes. OK? So, basically what we do is we make the follow-up calls to make sure that each and every person that has been involved in a recent road traffic accident or an incident — is being looked after, and offered a 5-star service so they’ve got the courtesy vehicle in place and the car’s in the garage and that you’re happy with the recovery of the vehicle etc. And obviously we explain to them about the payment when it’s a non-fault incident, there’s a payment automatically set aside1 — erm — which is for minor discomfort2, so this payment has got nothing to do with your insurers, it comes from the third party, the fault driver’s insurance—”

Me: “—so the information you’ve received about my number. Where has that come from, please?”

Manager: “That basically is uploaded onto the database. When you pay your premium — and everyone in the UK and Scotland pays their 0.34% of all the premiums put together — creates the Accident Advice Helpline3, so we’re authorised4 to receive all the, basically, the details of incidents and make sure that you’re being offered a good service by your insurers and then obviously, like I said, we ask you about your courtesy vehicle, the recovery of your vehicle, if you’re happy with the services and then obviously if you’re non-fault we explain that you are entitled to a payment, which I believe [original person who called me]’s explained to you already for the minor discomfort — you’ve had your seatbelt on5, someone’s collided into your vehicle and you’ve been involved in a low-velocity impact collision you are automatically entitled to a payment from the third-party6. So, like I say, just to confirm — erm — and to reiterate, this has got nothing to do with your insurers, this is coming from the fault driver’s insurance. Does that make sense?”

Me: “Erm — so, does your organisation have a registered office?”

1: Automatically set aside by whom I wonder?

2: “Minor discomfort”. Remember that justification that has been given for the “payment”, as we’ll be coming back to it later.

3: If I’m understanding the manager correctly, she is stating that the organisation is created from funding from everyone in the UK and Scotland [sic] and, I presume I am meant to believe, that the “automatic payment” comes from those monies. There is no evidence for this.

4: I did not press this point during the call — I was conscious that asking too many awkward questions seems to correlate with early termination of the call — but I’d love to know by whom they were authorised to receive my details. The “database”?

5: Another reference to “minor discomfort”, but then we move away from that and get more specific. Indeed, this is the closest I have come to any suggestion of the type of claim they’d actually want to pursue on my behalf. Mentioning the seat belt suggests they might look to see if a whiplash claim was a possibility if I continued further with them.

6: Automatically entitled? And this is “coming from the fault driver’s insurance”? I don’t accept these statements are true.

I will spare you the details of me explaining that asking for the registered office meant that I wanted a street address!

I eventually got this registered office from the manager:

50-52 Chancery Lane

This address appears as the registered office address for an Accident Advice Helpline Limited, company 05121321. This doesn’t exactly match with the manager’s statement that it is “just the Accident Advice Helpline”, but the registered offices are the same.

The last filed accounts with Companies House were on 30th June 2017 and were accounts for a dormant company. I don’t think I can determine if the company is still dormant until they next file accounts in June.

(Coincidentally, Accident Advice Centre Limited (10275785), with registered office 8 Exchange Quay, Salford, United Kingdom, M5 3EJ, was dissolved on 13th June 2017, weeks before those dormant accounts were filed for “…Helpline”. I have a call recording from the same phone number, also from this month, where the agent identifies as from the “Accident Advice Centre” and confirms that this was the address of that organisation — “Yes, that’s our address”. So I’m still not sure who exactly is calling me from this same Manchester phone number — is it “Centre” or “Helpline”?)

I clicked on the name of the first company director for Accident Advice Helpline Limited listed on Companies House, and discovered this individual holds 36 directorships, almost all of them also with correspondence addresses of the London address as above.

Some of the more interesting ones:

I stress that all of the companies above can be reached at the 50-52 Chancery Lane address above.

The list seems rather comprehensive and efficient, in the sense that the whole process of lead generation, claims management, cost assessment and medical assessment for personal injury claims could, in theory, be administered all from this one building.

With all these companies physically located in the same building and with at least one common company director, I wonder how the issue of conflicts of interest is dealt with?

For example, I am sure that a “costs consultants” business would want to act in good faith to (I assume) estimate costs associated with an incident, but with such a close link to legal services firms and claims management firms that may be interested in maximising the assessment of costs… I will say that it raises ethical and procedural questions that I am sure the organisations involved will be happy to answer.

Back to my calls — I take the view that, while they may not want any money directly from me, that this is a marketing activity. They are a private company, trying to generate leads for business for personal injury claims.

My phone number is listed in the UK’s Telephone Preference Service. Let’s look at the legal obligations that this places on organisations:

Direct marketing telephone calls: it is unlawful for someone in business (including charities or other voluntary organisations) to make such a call to any Individual if that Individual has either told that business or organisation that he/she does not want to receive such calls or has registered with the Telephone Preference Service that they do not wish to receive such calls from any business or organisation.

I notified the manager that my number is in the TPS and that, therefore, I took the view that the call was unlawful.

Me: “Given that the number you have called is in in the Telephone Preference Service, um, list of numbers not to call, um, unfortunately the calls you’ve been making are actually unlawful under that relevant legislation1. When you said that this isn’t a marketing call—

Manager: “Oh for goodness sake.”

Me: “I’m sorry?”

Manager: “Do you want me to make a payment? Yes or no?”

Me: “Hello?”

Manager: “I assume no.”

Me: “Are you still there?”

[some confusion — I am asking “are you still there” because I am conscious that the call is likely to end soon]

Manager: “— so you don’t want to move forward with the payment, so I’m going to take you off the system, thank you — [hold music for ~0.5 seconds, then call disconnects]”


I’m struggling to think of another “helpline” would normally have managers who say “oh for goodness sake” to the people they “help”.

I do hope that she did indeed “take [me] off the system”. I should never have been on there in the first place — and if the company was checking numbers against the TPS list before making marketing calls, as they are legally required to do, this never would have been an issue.

My advice? Do not deal with this organisation, or any with a similar name and similar spiel. Perhaps calmly ask them a few questions about who they are, and see whether their story matches the ones above.

If any relevant official investigatory body wishes to contact me for further details regarding the way this organisation has identified itself, the calling of numbers listed in the TPS, etc., you are most welcome. Your call may be recorded. 🙂

Filesystem? What New Filesystem?

A quite legitimate criticism of iOS for some time has been the fact that you seem to end up with multiple gigabytes of unexplained “other” disk space usage after using the device for some time. It’s frustrating, especially on smaller devices.

Reinstalling iOS and restoring from your most recent backup would clear the mythical “other”, at least for a while.

It seems that the latest update to iOS, version 10.3, introduces a whole new filesystem technology, APFS. This wasn’t mentioned in the release notes, and is only really detectable by the end user in the form of a much longer upgrade process than would be needed for a typical iOS release.

Since upgrading a few devices, I have noticed a big jump in the available free space on those devices. The pesky “other” is still there, but appears to have shrunk significantly.

Hats of to Apple for fixing what was a criticism going a long way back, and for managing a quite potentially disruptive filesystem migration in such a transparent way for the end user.

May the “other” space usage forever remain small.

Let’s Encrypt on Windows with ACMESharp and letsencrypt-win-simple

The march of freely available TLS certificates for domain validation continues in the form of the Let’s Encrypt project and I’m very pleased that it does.

I’m very happy with the Certbot client on most systems where I need to deploy Let’s Encrypt, but on hosts facing the big wide world that are Windows-based, Certbot obviously is not an option!

Fortunately, I’ve had success with the ACMESharp library for PowerShell. What’s cool about the library is that it does break down the process into individual commands, meaning you can automate, script and report on your certificate status with a great deal of flexibility.

For simpler scenarios, though, the letsencrypt-win-simple client offers a nice friendly command line interface to the ACMESharp library and is a nice easy way to quickly retrieve and install a Let’s Encrypt certificate on a public-facing IIS instance. Automating the renewal process is easy too — just create a Task Scheduler task.

Yes, it’s a command line client, and there are Windows folks who may not be comfortable with that, but it walks you through every part of the process. No memorising of switches and flags are needed!

There really is no excuse — now is the perfect time to get everything on HTTPS!

Hopes for 2017

I hope for a world where we are able to actually keep calm and carry on in the face of significant challenges, rather than just displaying the aforementioned in poster form.

I hope for a world where those with all different political persuasions will have the courage to stand up for what is right, even when it is hard.

I hope for a world where we always remember to treat each other like human beings.

Happy New Year everyone.

The Investigatory Powers Act

I sincerely hope the UK Government plans to actually debate the “Repeal the new Surveillance laws (Investigatory Powers Act)” petition in Parliament now that it has reached 100,000 signatories, including myself.

Of course, the commitment they made is carefully worded such that attracting that number of signatures merely means it will be “considered” for debate.

Recent events in the United States and elsewhere demonstrate that maintaining the right balance of power between the state and the individual is more important than ever. I would not normally get political here, but the circumstances are anything but normal — the frightening jolt the western world seems to be making towards extreme right-wing authoritarianism means that maintaining that balance is nothing short of absolutely critical.

The list of organisations who can access internet connection records is enormously wide and includes bodies as mundane as the Food Standards Agency! This is way beyond something that could be argued as essential to maintaining the UK’s operational intelligence capabilities for preventing domestic acts of mass violence.

This law would be deeply, deeply troubling at any time, but is even more so as the US election shows us the threat of home-grown extremism that rises through established political bodies and gains the powers of high office.

Personally, I urge everyone to support efforts to mount legal challenges to this legislation.

Please consider supporting organisations like Open Rights Group.

QuickArchiver on Thunderbird — Archiving Messages to the Right Folder with One Click

QuickArchiver icon

Even despite the dominance of webmail, I have long used a traditional desktop email client. I like having a local mail archive should “the cloud” have trouble, as well as the ability to exert control over the user interface and user experience. (That might be partly a euphemism for not having to see ads!)

Apple’s built into macOS (going to have to get used to not calling it OS X!) has served me pretty well for quite some time now, alongside Thunderbird when I’m on Linux, and while offered the most smooth interface for the platform, it didn’t always have all the features I wanted.

For example, being able to run mail rules is more limited than I wanted in I could have rules run automatically as messages arrived in my inbox, or disable them entirely. But actually how I wanted to use rules was to be able to cast my eye over my inbox, and then bulk archive (to a specific folder) all emails of a certain type if I’d decided none needed my fuller attention.

Recently, I moved to Thunderbird on my Mac for managing email and discovered QuickArchiver.

As well as letting you writing rules yourself, QuickArchiver offers the clever feature of learning which emails go where, and then suggesting the right folder to which that message can be archived with a single click.

It’s still early days, but I am enjoying this. Without spending time writing rules, I’m managing email as before, and QuickArchiver is learning in the background what rules should be offered. The extra column I’ve added to my Inbox is now starting to populate with that one-click link to archive the message to the correct folder!

It’s just a nice little add-on if, like me, you (still??) like to operate in this way with your email.

The Windows 10 Experience

New Windows logo

I haven’t said much about Windows 10 here on this blog, but my day job brings me into contact with it quite extensively.

There is a huge amount about the Windows experience that this release improves, but also there are elements of Microsoft’s new approach to developing and releasing it that are problematic.

The Good

Installing Windows 10 across a variety of devices, it is striking just how much less effort is required to source and install drivers. In fact, in most cases no effort is required at all! Aside from the occasional minor frustration of bloated drivers that are desperate to add startup applications, this makes such a positive difference. Unlike in the past, you can typically just install Windows, connect to a network, and everything will work.

This is particularly notable in any environment where you have a large number of devices with anything more than a little bit of hardware diversity. Previously in an enterprise environment, hunting for drivers, extracting the actual driver files, removing unwanted ‘helper application’ bits and building clean driver packages for deployment was tedious and wasteful of time. Now, much of the time, you let Windows Update take care of the drivers for you over the network, all running in parallel to the actual provisioning process that you have configured!

There are numerous other pockets of the operating system where there really feels like there has been a commitment to improve the user experience, but from my “world of work” experience of the OS, this is the most significant. It’s true as well that many of the criticisms you could make about past versions of Windows no longer apply.

The Bad

I guess that the coalescing of monthly Windows Updates into a single cumulative update helps significantly with the ‘236 updates’ problem with (and atrocious performance of) Windows Update in 7. However, Microsoft’s recent history of updates causing issues (the recent issues with KB3163622 and Group Policy, for example) combined with the inability to apply updates piecemeal leaves some IT departments reluctant to apply the monthly patch. The result, if Microsoft continues to experience these kind of issues, or doesn’t communicate clearly about backwards-incompatible changes, is more insecure systems, which hurts everybody.

This leads me to my other main complaint. There have been reports about the new approach Microsoft is taking with software testing. An army of ‘Insiders’ seem to be providing the bulk of the telemetry and feedback now, but my concern is that this testing feedback doesn’t necessarily end up being representative of the all of the very diverse groups of Windows users. Particularly when deploying Windows 10 in an Enterprise environment, it has felt at times like we are the beta testers! When one update is a problem, you then have to put people at risk by rejecting them all. 🙁

(Yes, there is LTSB, but it hangs back a very long way on features!)

The Ugly

Windows 10 'Hero' image

At least you can turn it off on the login screen officially now. 🙂

Reverse Proxying ADFS with Nginx

In my recent trials and tribulations with ADFS 3.0, I came up against an issue where we were unable to host ADFS 3.0 with Nginx as one of the layers of reverse proxy (the closest layer to ADFS).

When a direct connection, or a cURL request, was made to the ADFS 3.0 endpoints from the machine running Nginx, all seemed well, but as soon as you actually tried to ferry requests through a proxy_pass statement, users were greeted with HTTP 502 or 503 errors.

The machine running ADFS was offering up no other web services — there was no IIS instance running, or anything like that. It had been configured correctly with a valid TLS certificate for the domain that was trusted by the certificate store on the Nginx machine.

It turns out that despite being the only HTTPS service offered on that machine through HTTP.sys, you need to explicitly configure which certificate to present by default. Apparently, requests that come via Nginx proxy_pass are missing something (the SNI negotiation?) that allows HTTP.sys to choose the correct certificate to present.

So, if and only if you are sure that ADFS is the only HTTPS service you are serving up on the inner machine, you can force the correct certificate to be presented by default, which resolves this issue and allows the Nginx reverse proxied requests to get through.

With that warning given, let’s jump in to what we need to do:

Retrieve the correct certificate hash and Application ID

netsh http show sslcert

You’ll need to note the appid and the certificate hash for your ADFS 3.0 service.

Set the certificate as the default for HTTP.sys

We’ll use netsh‘s interactive mode, as I wasn’t in the mood to figure out how to escape curly brackets on Windows’ command line!

You want the curly brackets literally around the appid, but not the certhash.

netsh> http
netsh http> add sslcert ipport= appid={appid-from-earlier} certhash=certhash-from-earlier

Verify the proxy_pass settings

Among other configuration parameters, we have the following in our Nginx server stanza for this service:

proxy_redirect off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header X-MS-Proxy the-nginx-machine;
proxy_set_header Host the-hostname-in-question

And, with that, we were successfully reverse proxying ADFS 3.0 with Nginx. 🙂

Forms-based ADFS 3.0 Endpoints Inexplicably Showing HTTP 503

Azure Active Directory logo

As with many other organisations, at my day job we are using the Office 365 service for email, contacts and calendars. There are a few ways to integrate 365 with your local Active Directory, and we have been using Active Directory Federation Services (ADFS) 3.0 for handling authentication: users don’t authenticate on an Office-branded page, but get redirected after entering their email addresses to enter their passwords on a page hosted at our organisation.

We also use the Azure AD Connect tool (formerly called Azure AD Sync, and called something else even before that) to sync the directory with the cloud, but this is only for syncing the directory information — we’re not functionally using password sync, which would allow people to authenticate at Microsoft’s end.

We recently experienced an issue where, suddenly, the endpoints for ADFS 3.0 that handle forms-based sign in (so, using a username and password, rather than Integrated Windows Authentication) were returning a HTTP 503 error. The day before, we had upgraded Azure AD Sync to the new Azure AD Connect, but our understanding was that this shouldn’t have a direct effect on ADFS.

On closer examination of the 503 issue, we would see errors such as this occurring in the AD FS logs:

There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.

The way that the ADFS web service endpoints are exposed is through the HTTP.sys kernel-mode web serving component (yeah, it does sound rather crazy, doesn’t it) built into Windows.

One of the benefits of this rather odd approach is that multiple different HTTP serving applications (IIS, Web Application Proxy, etc.) can bind to the the same port and address, but be accessed via a URL prefix. It refers to these as ‘URL ACLs’.

To cut a very long story short, it emerged eventually that the URL ACLs that bind certain ADFS endpoints to HTTP.sys had become corrupted (perhaps in the process of uninstalling an even older version of Directory Sync). I’m not even sure they were corrupted in the purely technical sense of the word, but they certainly weren’t working right, as the error message above suggests!

Removing and re-adding the URL ACLs in HTTP.sys, granting permissions explicitly to the user account which is running the ‘Active Directory Federation Services’ Windows service allowed the endpoints to function again. Users would see our pretty login page again!

netsh http delete urlacl url=https://+:443/adfs/
netsh http add urlacl url=https://+:443/adfs/ user=DOMAINACCOUNT\thatisrunningadfs

We repeated this process for other endpoints that were not succeeding and restarted the Active Directory Federation Services service.

Hurrah! Users can log in to their email again without having to be on site!

This was quite an interesting problem that had me delving rather deeply into how Windows serves HTTP content!

One of the primary frustrations when addressing this issue was that a lot of the documentation and Q&A online is for the older release of ADFS, rather than for ADFS 3.0! I hope, therefore, that this post might help save some of that frustration for others who run into this problem.

Isn’t it funny that so frequently it comes back to “turn it off, and turn it back on again”? 🙂

Staying Safe

I have written on this subject before, but as suspected, surveillance is back on Parliament’s agenda again.

Is the Investigatory Powers Bill the latest attempt at a “modernising” of existing laws and conventions, as is often claimed, or an unprecedented extension of surveillance powers?

I would argue strongly that the capability for your local council, tax enforcement authorities, and the myriad of other agencies that are proposed to have access to this data, to ‘see’ every thought you might have dared to research online is vastly more than would have been possible in human history. It’s also vastly more than any other country has sought the legal power to access.

Photo by Luz on Flickr. Licensed under CC-BY.

Photo by Luz on Flickr. Licensed under CC-BY.

Given what we know in a post-Snowden era, this proposed legislation is quite clearly not about ensuring a continued intelligence flow for the purposes of national security. That has been going on behind closed doors, away from any democratic process and meaningful oversight, for many years, and will no doubt continue. Whether or not the activities of military intelligence agencies have a strong legal foundation has apparently not stopped them from gathering what they need to do their job. It is important for me to note that I don’t doubt the hard work they do, and the success they have had over the last ten years in preventing violence in the UK. However, we know that overreach and abuse have occurred — at the kind of scale that undermines the very values our government and their agencies are there to protect.

It is clear to me that, given the secret and ‘shady’ nature of much of the activities of the security apparatus of perhaps every nation state, what we do not need to do as a democratic society is provide a strong legal protection for such morally ambiguous acts. If a tactic is invasive or aggressive, but genuinely necessary in a “lesser of two evils” sense, the fact that the actor has to take on the liability for it provides an inherent safeguard. If it is easy and low risk to employ that tactic, there is a stronger temptation for its abuse, or for its inappropriate extension into everyday investigations. When these laws are ‘sold’ to the people as being for national security and to keep us safe from violence, it cannot be acceptable that the powers are made available to other agencies for any other purposes, as the Bill proposes.

A nation state does not have the right to violate the sanctity of the boundary of someone’s home without strong justification — a warrant. A nation state similarly does not have the right to violate that boundary in the form of bulk data collection on an entire populace. The Internet connections we open and the data we transfer is something that we can keep private from our government, unless due process is followed to override that on an individual basis.

That must remain. That principle must be protected, or we’ve forgotten why we bother with this ‘free country’ thing.

It must be protected even when we face short- and medium-term risks to our safety. Why? Because it is not hyperbole to say that failing to do so lays the technical and legal foundations of a police state, which is a much more significant long-term risk.

Fortunately, there are many fighting against this Bill, which (even if you disagree with my arguments above) is widely regarded to be completely unfit for purpose.

I wholeheartedly support the Don’t Spy on Us campaign and its six principles, and I stand with them as a supporter of the Open Rights Group, one of the organisations behind the campaign.