Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software.
Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.
Recently Moxie, co-author of the Signal Protocol, came into possession of a Cellebrite Extraction Device (phone cracking kit used by law enforcement as well as by oppressive regimes who need to clamp down on dissidents) which “fell off a truck” near him. What an amazing coincidence! He went on to report, this week, that he’d partially reverse-engineered the system, discovering copyrighted code from Apple – that’ll go down well! – and, more-interestingly, unpatchedvulnerabilities. In a demonstration video, he goes on to show that a carefully crafted file placed on a phone could, if attacked using a Cellebrite device, exploit these vulnerabilities to take over the forensics equipment.
Obviously this is a Bad Thing if you’re depending on that forensics kit! Not only are you now unable to demonstrate that the evidence you’re collecting is complete and accurate, because it potentially isn’t, but you’ve also got to treat your equipment as untrustworthy. This basically makes any evidence you’ve collected inadmissible in many courts.
Moxie goes on to announce a completely unrelated upcoming feature for Signal: a minority of functionally-random installations will create carefully-crafted files on their devices’ filesystem. You know, just to sit there and look pretty. No other reason:
In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
Hi, ONS! I know we haven’t really spoken since you ghosted me in 2011, but I just wanted to clear something up for you –
This is not a mistake:
Back in 2011 you thought it was a mistake, and this prevented my partner, her husband and I from filling out the digital version of the census. I’m sure it’s not common for somebody to have multiple cohabiting romantic relationships (though it’s possibly more common than some other things you track…), but surely an “Are you sure?” would be better than a “No you don’t!”
We worked around it in 2011 by using the paper forms. Apparently this way you still end up “correcting” our relationship status for us (gee, thanks!) but at least – I gather – the originals are retained. So maybe in a more-enlightened time, future statisticians might be able ask about the demographics of domestic nonmonogamy and have at least some data to work with from the early 21st century.
I know you’re keen for as many people as possible to do the census digitally this year. But unless you’ve fixed your forms then my family and I – and thousands of others like us – will either have to use the paper copies you’re trying to phase out… or else knowingly lie on the digital versions. Which would you prefer?
For most of the last decade, one of my side projects has been FreeDeedPoll.org.uk, a website that helps British adults to change their name for free and without a solicitor. Here’s a little known fact: as a British citizen, you have the right to be known by virtually any name you like, and for most people the simplest way to change it is to write out a deed poll: basically a one-person contract on which you promise that you’re serious about adopting your new name and you’re not committing fraud or anything.
Over that time, I’ve helped thousands of people to change their names. I don’t know exactly how many because I don’t keep any logs, but I’ve always gotten plenty of email from people about the project. Contact spiked in 2013 after the Guardian ran an article about it, but I still correspond with two or three people in a typical week.
These people have lots of questions that come up time and time again, and if I had more free time I’d maintain an FAQ of them or something. In any case, a common one is people asking for advice when their high street bank, almost invariably either Nationwide or Santander, disputes the legitimacy of a “home made” deed poll and refuses to accept it.
When such people contact me, I advise them of a number of solutions and workarounds. Going to a different branch can work (training at these high street banks is internally inconsistent, I guess?). Getting your government-issued identity documents sorted and then threatening to move your account elsewhere can sometimes work. For applicants willing to spend a little money, paying a solicitor a couple of quid to be one of your witnesses can work. I often don’t hear back from people who email me about these banks: maybe they find success by one of these routes, or maybe they give up and go down one an unnecessarily-expensive avenue.
But one thing I always put on the table is the possibility of fighting. I provide a playbook of strategies to try to demonstrate to their troublemaking bank that the bank is in the wrong, along with all of the appropriate legal citations. Recent years put a new tool in the box: the GDPR/DPA2018, which contains clauses prohibiting companies from knowingly retaining incorrect personal data about an individual. I’ve been itching for a chance to use these new weapons… and over this last month, I finally had the opportunity.
I was recently contacted by a student (who, as you might expect, has more free time than they do spare money!) who was having trouble with Santander refusing to accept their deed poll. They were willing to go all-out to prove their bank wrong. So I gave them the toolbox and they worked through it and… Santander caved!
Not only have Santander accepted that they were wrong in the case of this student, but they’ve also committed to retraining their staff. Oh, and they’ve paid compensation to the student who emailed me.
Even from my position on the sidelines, I couldn’t help but cheer at this news, and not just because I’ll hopefully have fewer queries to deal with.
From a G7 meeting of interior ministers in Paris this month, an “outcome document“:
Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the rule law and due process protection. Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption;
There is a weird belief amongst policy makers that hacking an encryption system’s key management system is fundamentally different than hacking the system’s encryption algorithm. The difference is only technical; the effect is the same. Both are ways of weakening encryption.
The G7’s proposal to encourage encryption backdoors demonstrates two unsurprising things about the politicians in attendance, including that:
They’re unwilling to attempt to force Internet companies to add backdoors (e.g. via legislation, fines, etc.), making their resolution functionally toothless, and
More-importantly: they continue to fail to understand what encryption is and how it works.
Somehow, then, this outcome document simultaneously manages to both go too-far (for a safe and secure cryptographic landscape for everyday users) and not-far-enough (for law enforcement agencies that are in favour of backdoors, despite their huge flaws, to actually gain any benefit). Worst of both worlds, then.
Needless to say, I favour not attempting to weaken encryption, because such measures (a) don’t work against foreign powers, terrorist groups, and hardened criminals and (b) do weaken the personal security of law-abiding citizens and companies (who can then become victims of the former group). “Backdoors”, however phrased, are a terrible idea.
Mark Zuckerberg says regulators and governments should play a more active role in controlling internet content.
In an op-ed published in the Washington Post, Facebook’s chief says the responsibility for monitoring harmful content is too great for firms alone.
He calls for new laws in four areas: “Harmful content, election integrity, privacy and data portability.”
It comes two weeks after a gunman used the site to livestream his attack on a mosque in Christchurch, New Zealand.
“Lawmakers often tell me we have too much power over speech, and frankly I agree,” Mr Zuckerberg writes, adding that Facebook was “creating an independent body so people can appeal our decisions” about what is posted and what is taken down.
An interesting move which puts Zuckerberg in a parallel position to Bruce Schneier, who’s recently (and especially in his latest book) stood in opposition to a significant number of computer security experts (many of whom are of the “crypto-anarchist” school of thought) also pushed for greater regulation on the Internet. My concern with both figureheads’ proposals comes from the inevitable difficulty in enforcing Internet-wide laws: given that many countries simply won’t enact, or won’t effectively enforce, legislation of the types that either Zuckerberg nor Schneier suggest, either (a) companies intending to engage in unethical behaviour will move to – and profit in – those countries, as we already see with identity thieves in Nigeria, hackers in Russia, and patent infringers in China… or else (b) countries that do agree on a common framework will be forced to curtail Internet communications with those countries, leading to a fragmented and ultimately less-free Internet.
Neither option is good, but I still back these proposals in principle. After all: we don’t enact other internationally-relevant laws (like the GDPR, for example) because we expect to achieve 100% compliance across the globe – we do so because they’re the right thing to do to protect individuals and economies from harm. Little by little, Internet legislation in general (possibly ignoring things like the frankly silly EU cookie regulation and parts of the controversial new EU directives on copyright) makes the Internet a safer place for citizens of Western countries. There are still a huge number of foreign threats like scammers and malware authors as as well as domestic lawbreakers, but increasing the accountability of large companies is, at this point, a far bigger concern.
German chat platform Knuddels.de (“Cuddles”) has been fined €20,000 for storing user passwords in plain text (no hash at all? Come on, people, it’s 2018).
The data of Knuddels users was copied and published by malefactors in July. In September, someone emailed the company warning them that user data had been published at Pastebin (only 8,000 members affected) and Mega.nz (a much bigger breach). The company duly notified its users and the Baden-Württemberg data protection authority.
Interesting stuff: this German region’s equivalent of the ICO applied a fine to this app for failing to hash passwords, describing them as personal information that was inadequately protected following their theft. That’s interesting because it sets a German, and to a lesser extend a European, precedent that plaintext passwords can be considered personal information and therefore allowing the (significant) weight of the GDPR to be applied to their misuse.
It’s always been a bit of an inconvenience to have to do these things, but it’s never been a terrible burden: even when I fly internationally – which is probably the hardest part of having my name – I’ve learned the tricks I need to minimise how often I’m selected for an excessive amount of unwanted “special treatment”.
This year, though, for the very first time, my (stupid bloody) unusual name paid for itself. And not just in the trivial ways I’m used to, like being able to spot my badge instantly on the registration table at conferences I go to or being able to fill out paper forms way faster than normal people. I mean in a concrete, financially-measurable way. Wanna hear?
So: I’ve a routine of checking my credit report with the major credit reference agencies every few years. I’ve been doing so since long before doing so became free (thanks GDPR); long even before I changed my name: it just feels like good personal data housekeeping, and it’s interesting to see what shows up.
And so I noticed that my credit report with Equifax said that I wasn’t on the electoral roll. Which I clearly am. Given that my credit report’s pretty glowing, I wasn’t too worried, but I thought I’d drop them an email and ask them to get it fixed: after all, sometimes lenders take this kind of thing into account. I wasn’t in any hurry, but then, it seems: neither were they –
2 February 2016 – I originally contacted them
18 February 2016 – they emailed to say that they were looking into it and that it was taking a while
22 February 2016 – they emailed to say that they were still looking into it
13 July 2016 – they emailed to say that they were still looking into it (which was a bit of a surprise, because after so long I’d almost forgotten that I’d even asked)
14 July 2016 – they marked the issue as “closed”… wait, what?
I wasn’t in a hurry, and 2017 was a bit of a crazy year for me (for Equifax too, as it happens), so I ignored it for a bit, and then picked up the trail right after the GDPR came into force. After all, they were storing personal information about me which was demonstrably incorrect and, continued to store and process it even after they’d been told that it was incorrect (it’d have been a violation of principle 4 of the DPA 1998, too, but the GDPR‘s got bigger teeth: if you’re going to sick the law on somebody, it’s better that it has bark and bite).
My anticipation was that my message of 13 July 2018 would get them to sit up and fix the issue. I’d assumed that it was probably related to my unusual name and that bugs in their software were preventing them from joining-the-dots between my credit report and the Electoral Roll. I’d also assumed that this nudge would have them either fix their software… or failing that, manually fix my data: that can’t be too hard, can it?
Apparently it can:
Equifax’s suggested solution to the problem on my credit report? Change my name on the Electoral Roll to match the (incorrect) name they store in their systems (to work around a limitation that prevents them from entering single-character surnames)!
At this point, they turned my send-a-complaint-once-every-few-years project into a a full blown rage. It’s one thing if you need me to be understanding of the time it can take to fix the problems in your computer systems – I routinely develop software for large and bureaucratic organisations, I know the drill! – but telling me that your bugs are my problems and telling me that I should lie to the government to work around them definitely isn’t okay.
At this point, I was still expecting them to just fix the problem: if not the underlying technical issue then instead just hack a correction into my report. But clearly they considered this, worked out what it’d cost them to do so, and decided that it was probably cheaper to negotiate with me to pay me to go away.
Which it was.
This week, I accepted a three-figure sum from Equifax as compensation for the inconvenience of the problem with my credit report (which now also has a note of correction, not that my alleged absence from the Electoral Roll has ever caused my otherwise-fine report any trouble in the past anyway). Curiously, they didn’t attach any strings to the deal, such as not courting publicity, so it’s perfectly okay for me to tell you about the experience. Maybe you know somebody who’s similarly afflicted: that their “unusual” name means that a credit reference company can’t accurately report on all of their data. If so, perhaps you’d like to suggest that they take a look at their credit report too… just saying.
Apparently Equifax think it’s cheaper to pay each individual they annoy than it is to fix their database problems. I’ll bet that, in the long run, that isn’t true. But in the meantime, if they want to fund my recent trip to Cornwall, that’s fine by me.
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We’ve just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law. Section 702 was initially passed in 2008, as an…
When I first started working at the Bodleian Libraries in 2011, their websites were looking… a little dated. I’d soon spend some time working with a vendor (whose premises mysteriously caught fire while I was there, freeing me up to spend my birthday in a bar) to develop a fresh, modern interface for our websites that, while not the be-all and end-all, was a huge leap forwards and has served us well for the last five years or so.
Fast-forward a little: in about 2015 we noticed a few strange anomalies in our Google Analytics data. For some reason, web addresses were appearing that didn’t exist anywhere on our site! Most of these resulted from web visitors in Turkey, so we figured that some Turkish website had probably accidentally put our Google Analytics user ID number into their code rather than their own. We filtered out the erroneous data – there wasn’t much of it; the other website was clearly significantly less-popular than ours – and carried on. Sometimes we’d speculate about the identity of the other site, but mostly we didn’t even think about it.
Earlier this year, there was a spike in the volume of the traffic we were having to filter-out, so I took the time to investigate more-thoroughly. I determined that the offending website belonged to the Library of Bilkent University, Turkey. I figured that some junior web developer there must have copy-pasted the Bodleian’s Google Analytics code and forgotten to change the user ID, so I went to the website to take a look… but I was in for an even bigger surprise.
Whoah! The web design of a British university was completely ripped-off by a Turkish university! Mouth agape at the audacity, I clicked my way through several of their pages to try to understand what had happened. It seemed inconceivable that it could be a coincidence, but perhaps it was supposed to be more of an homage than a copy-paste job? Or perhaps they were ripped-off by an unscrupulous web designer? Or maybe it was somebody on the “inside”, like our vendor, acting unethically by re-selling the same custom design? I didn’t believe it could be any of those things, but I had to be sure. So I started digging…
I was almost flattered as I played this spot-the-difference competition, until I saw the copyright notice: stealing our design was galling enough, but then relicensing it in such a way that they specifically encourage others to steal it too was another step entirely. Remember that we’re talking about an academic library, here: if anybody ought to have a handle on copyright law then it’s a library!
I took a dive into the source code to see if this really was, as it appeared to be, a copy-paste-and-change-the-name job (rather than “merely” a rip-off of the entire graphic design), and, sure enough…
It looks like they’d just mirrored the site and done a search-and-replace for “Bodleian”, replacing it with “Bilkent”. Even the code’s spelling errors, comments, and indentation were intact. The CSS was especially telling (as well as being chock-full of redundant code relating to things that appear on our website but not on theirs)…
So I reached out to them with a tweet:
I didn’t get any response, although I did attract a handful of Turkish followers on Twitter. Later, they changed their Twitter handle and I thought I’d take advantage of the then-new capability for longer tweets to have another go at getting their attention:
Clearly this was what it took to make the difference. I received an email from the personal email account of somebody claiming to be Taner Korkmaz, Systems Librarian with Bilkent’s Technical Services team. He wrote (emphasis mine):
Dear Mr. Dan Q,
My name is Taner Korkmaz and I am the systems librarian at Bilkent. I am writing on behalf of Bilkent University Library, regarding your share about Bilkent on your Twitter account.
Firstly, I would like to explain that there is no any relation between your tweet and our library Twitter handle change. The librarian who is Twitter admin at Bilkent did not notice your first tweet. Another librarian took this job and decided to change the twitter handle because of the Turkish letters, abbreviations, English name requirement etc. The first name was @KutphaneBilkent (kutuphane means library in Turkish) which is not clear and not easy to understand. Now, it is @LibraryBilkent.
About 4 years ago, we decided to change our library website, (and therefore) we reviewed the appearance and utility of the web pages.
We appreciated the simplicity and clarity of the user interface of University of Oxford Bodlien Library & Radcliffe Camera, as an academic pioneer in many fields. As a not profit institution, we took advantage of your template by using CSS and HTML, and added our own original content.
We thought it would not create a problem the idea of using CSS codes since on the web page there isn’t any license notice or any restriction related to the content of the template, and since the licenses on the web pages are mainly more about content rather than templates.
The Library has its own Google Analytics and Search Console accounts and the related integrations for the web site statistical data tracking. We would like to point out that there is a misunderstanding regarding this issue.
In 2017, we started to work on creating a new web page and we will renew our current web page very soon.
Thank you in advance for your attention to this matter and apologies for possible inconveniences.
Or to put it another way: they decided that our copyright notice only applied to our content and not our design and took a copy of the latter.
Do you remember when I pointed out earlier that librarians should be expected to know their way around copyright law? Sigh.
They’ve now started removing evidence of their copy-pasting such as the duplicate Google Analytics code fragment and the references to LibraryData, but you can still find the unmodified code via archive.org, if you like.
That probably ends my part in this little adventure, but I’ve passed everything on to the University of Oxford’s legal team in case any of them have anything to say about it. And now I’ve got a new story to tell where web developers get together over a pint: the story of the time that I made a website for a university… and a different university stole it!
Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.
First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws…
Walter Arnold of East Peckham, Kent, had the dubious honour of being the first person in Great Britain to be successfully charged with speeding on 28 January 1896. Travelling at approximately 8mph/12.87kph, he had exceeded the 2mph/3.22kph speed limit for towns. Fined one shilling and costs, Arnold had been caught by a policeman who had given chase on a bicycle.
This blog post is the third in a series about buying our first house. If you haven’t already, you might like to read the first part. In the second post in the series, we’d put an offer on a house which had been accepted… but of course that’s still early days in the story of buying a house…
We hooked up with Truemans, a local solicitor, after discovering that getting our conveyancing services from a local solicitor is only marginally more-expensive than going with one of the online/phone/post based national ones, and you get the advantage of being able to drop in and harass them if things aren’t going as fast as you’d like. Truemans were helpful from day one, giving us a convenient checklist of all of the steps in the process of buying a house. I’m sure we could have got all the same information online, but by the time I was thinking about offers and acceptance and moving and mortgages and repayments and deposits and everything else, it was genuinely worth a little extra money just to have somebody say “next, this needs to happen,” in a reassuring voice.
Meanwhile, we got on with filling out our mortgage application form. Our choice of lenders – which Stefan, who I’d mentioned in the last post, had filtered for us – was limited slightly by the fact that we wanted a mortgage for three people, not for one or two; but it wasn’t limited by as much as you might have thought. In practice, it was only the more-exotic mortgage types (e.g. Option ARMs, some varieties of interest-only mortgage) that we were restricted from, and these weren’t particularly appealing to us anyway. One downside of there being three of us, though, was that while our chosen lender had computerised their application process, the computerised version wasn’t able to handle more than two applicants, so we instead had to fill out a mammoth 22-page paper form in order to apply. At least it weeds out people who aren’t serious, I suppose.
I revisited the house to check out a few things from the outside: in particular, I was interested in the front door, which had apparently been broken during a… misunderstanding… by the current owners, who are in the middle of what seems like a complicated divorce. The estate agent had promised that it would be repaired before the sale, but when I went to visit I found that this hadn’t happened yet. Of course, now we had lawyers on our side, so it was a quick job to ask them to send a letter to the seller’s solicitor, setting the repair of the door as a condition upon which the sale was dependent.
Our solicitors had also gotten started with the requisite local searches. One of the first things a conveyancing solicitor will do for you is do a little research to ensure that the property really is owned by the people who are selling it, that there’s no compulsory purchase order so that a motorway can be built through the middle of it, that it’s actually connected to mains water and sewers, that planning permission was correctly obtained for any work that’s been done on it, and that kind of thing. One of the first of these searches to produce results was the environmental search.
One of the things that was revealed be the environmental search was that the area was at a significantly higher-than-average risk of subsidence, had the construction not been done in a particular way – using subsidence-proof bricks, or something, I guess? I theorised that this might be related to the infill activities that (the environmental search also reported) had gone on over the last hundred and fifty years. The house is near a major waterway, in an area that was probably once lower-lying and wetter, but many of the small ponds in the area were filled in in the early part of the 20th century (and then, of course, the area was developed as the suburbs of central Oxfordshire expanded, in the 1980s). Conveniently, we have a librarian on our house-buying team, and he was able to pull up a stack of old OS maps showing the area, and we were able to find our way around this now almost-unidentifiable landscape.
Sure enough, there were ponds there, once, but that’s as far as our research took us. Better, we thought, to just pass on the environmental search report to a qualified buildings surveyor, and have them tell us whether or not it was made out of subsidence-proof bricks or shifting-ready beams or whatever the hell it is that you do when you’re building a house to make it not go wonky. Seriously, I haven’t a clue, but I know that there are experts who do.
Given that the house we’re looking at is relatively new, I don’t anticipate there being any problems (modern building regulations are a lot more stringent than their historical counterparts), but when you’re signing away six-figures, you learn to pay attention to these kinds of things.
Hopefully, the fourth blog post in this series will be about exchanging contracts and getting ready to move in to our new home: fingers crossed!
And just like that, it was over. The courts service kept me “on the hook” for a day or two, but after that: when I called the answerphone from which I receive my instructions, I was told that I’d been cleared. My jury service was over.
I filled in my expenses form. £5.71 for lunch (where do they get these numbers?) each day. 8.9 pence per mile cycled to and from the courthouse. Given that they give a mileage bonus to car shares, I wonder if they’d have given me a top-up if I’d have shared a tandem with another juror?
I heard the outcome of the trial second-hand, a few days later, on a local radio station. It somehow reminded me that the real world was connected to my time on a jury: something I’d sort-of forgotten at the time. Being pulled out from your daily routine and put onto jury duty feels sometimes surreal, and – like the blind spot in your eye that fills-in what you see with the colours around it – it’s hard to remember now that just last week I wasn’t just following my normal pattern. So when I heard about the result of a trial in which my ‘alter ego’ – Dan the juror! – took part, it was strangely jarring. For a moment, I said to myself: “Oh yeah; that happened.”
My jury service was a really interesting experience. I’d have appreciated less sitting around and being shuffled from place to place, and more-certainty about when I would and wouldn’t be needed, but that’s only a small issue. I got to see the wheels of justice turning from within the machine, and to take part in an important process of our society. And that’s great.
My second day of jury duty was more-successful than the first, in that I was actually assigned to a case, rather than spending the better part of the day sitting around in a waiting room. I knew that this was likely (though not certain, on account of the nature of the randomisation process used, among other things: more on that later) because I’d called the “jury line” the previous night. I suspect this is common, but the other potential jurors and I were given a phone number to call “after around 3:45pm to 4pm” each day, letting us know whether we’d be needed for the following day.
The jury assembly area now only contained the people who’d been brought in, like me, for the upcoming case: a total of 15 of us. I was surprised at quite how many of the other potential jurors showed such negativity about being here: certainly, it’s inconvenient and the sitting-around is more than a little dull if (unlike me) you haven’t brought something to work on or to read, but is it so hard to see the good parts of serving on a jury, too? Personally, I was already glad of the opportunity: okay, the timing wasn’t great… with work commitments keeping me busy, as well as buying a house (more on that later!), working on my course, (finally) getting somewhere with my dad’s estate, and the tail end of a busy release cycle of Three Rings, I already had quite enough going on! But I’ve always been interested in the process of serving on a jury, and besides: I feel that it’s an important civic duty that one really ought to throw oneself at.
If it were a job that you had to volunteer for, rather than being selected at random (and thankfully it isn’t! – can you imagine how awful our justice system would be if it were!), I’d have probably volunteered for it, at some point. Just not, perhaps, now. Ah well.
The jury officer advised us of the expected duration of the trial (up to two days), and made a note of each of our swearing-in choices: each juror could opt to swear an oath on the Bible, Koran, Japji Sahib, Gita, or to make an affirmation (incredibly the Wikipedia page on Jurors’ oaths lacked an entry for the United Kingdom until I added it, just now). In case they were they were empanelled onto a jury, the officer wanted to have the appropriate holy book and/or oath card ready to-hand: courtrooms, it turns out, are reasonably well-stocked with religious literature!
Once assembled, we were filed down to the courtroom, where a further randomisation process took place: a clerk for the court shuffled a deck of cards, and drew 12 at random, one at a time. From each, she read a name – having been referred to it so often lately, I had almost expected to continue to be referred to by my juror number, and had made sure that I knew it by heart – and each person thus chosen made their way to a seat in the jury benches. I was chosen sixth – I was on a jury! The people not chosen were sent back up to the assembly area, so that they could be called down to replace any of us (if our service was successfully challenged – for example, if it turned out that we personally knew the defendant), but were presumably dismissed after it became clear that this was not going to happen.
Then, each of our names were read out again, before each of us were sworn in. This, we were told, was the last chance for any challenge to be raised against us. About half of the jurors opted to affirm (including me: none of those scriptures have any special significance for me; and furthermore I’d like to think that I shouldn’t need to swear that I’m going to do the right thing to begin with); the other half had chosen to swear on the New Testament.
The trial itself went… pretty much like you’ve probably seen it in television dramas: the more-realistic ones, anyway. The prosecution explained the charges and presented evidence and witnesses, which were then cross-examined by the defence (and, ocassionally, re-examined by the prosecution). The defence produced their own evidence and witnesses – including the defendant, vice-versa. The judge interrupted from time to time to question witnesses himself, or to clarify points of law with the counsel or to explain proceedings to the jury.
The trial spilled well into a second day, and I was personally amazed to see quite how much attention to detail was required of the legal advocates. Even evidence that at first seemed completely one-sided could be turned around: for example, some CCTV footage shown by the prosecution was examined by the defence (with the help of a witness) and demonstrated to potentially show something quite different from what first appeared to be the case. The adage that “the camera never lies” has never felt farther from the truth, to me, as the moment that I realised that what I was seeing in a courtroom could be interpreted in two distinctly different ways.
Eventually, we were dismissed to begin our deliberations, under instruction to return a unanimous verdict. I asked if any of the other jurors had done this before, and – when one said that she had – I suggested that she might like to be our chairwoman and forewoman (interestingly, the two don’t have to be the same person – you can have one person chair the deliberations, and another one completely return the verdict to the courtroom – but I imagine that it’s more-common that they are). She responded that no, she wouldn’t, and instead nominated me: I asked if anybody objected, and, when nobody did, accepted the role.
I can’t talk about the trial itself, as you know, but I can say that it took my jury a significant amount of time to come to our decision. A significant part of our trial was hinged upon the subjective interpretation of a key phrase in law. Without giving away the nature of the case, I can find an example elsewhere in law: often, you’ll find legislation that compares illegal acts to what “a reasonable person” would do – you know the kind of things I mean – and its easy to imagine how a carefully-presented case might leave the verdict dependent on the jury’s interpretation of what “reasonable” means. Well: our case didn’t involve the word “reasonable”, but there are plenty of other such words in law that are equally open-to-interpretation, and we had one of these to contend with.
We spent several hours discussing the case, which is an incredibly exhausting experience, but eventually we came to a unanimous decision, and everybody seemed happy with our conclusion. As we left the court later, one of the other jurors told me that if she “was ever on trial, and she hadn’t done it, she’d want us as her jury”. I considered explaining that really, it doesn’t work like that, but I understood the sentiment: we’d all worked hard to come to an agreement of the truth buried in all of the evidence, and I was pleased to have worked alongside them all.
I stood in the courtroom to deliver our verdict, taking care not to make eye contact with the defendant in the dock nor with the group in the corner of the public gallery (whom I suspected to have been the alleged victim and their family). We waited around for the administration that followed, and then were excused.
The whole thing was a tiring but valuable experience. I can’t say it’s over yet; I’m still technically on-call to serve on a second jury, if I’m needed (but I’ve returned to work in the meantime, until I hear otherwise). But if nothing else of interest comes from my jury service, I feel like it’s been worthwhile: I’ve done my but to help ensure that a just and correct decision was made in a case that will have had great personal importance to several individuals and their families. I could have done with a little bit less of sitting around in waiting rooms, but I’ve still been less-unimpressed by the efficiency of the justice system than I was lead to believe that I would be by friends who’ve done jury duty before.