Exclusive: HQ admin slip suggests Labour ‘scraping’ member social media info

labour scrape.png

An admin slip by a functionary has raised fears that the Labour’s right-dominated HQ is ‘scraping‘ – collating from various sources without obvious links – the social media information of members in readiness for a future repeat of the ‘purges’ that suspended and expelled members during the party’s last two leadership elections.

The SKWAWKBOX exclusively revealed audio last month that appeared to show a ‘compliance’ operative indicating that the party had ways to access even protected social media feeds. Labour denied that this was the case.

But new evidence seems to suggest that Labour is conducting some kind of collation of social media from various sources, even where social media accounts are unconnected to email addresses used on members’ party accounts.

Labour’s handling of members’ social media feeds for disciplinary purposes earned the party a rebuke by the Information Commissioner’s Office (ICO) and General Secretary Ian McNicol issued guidance to Labour officials warning them that use of social media without permission would breach the DPA (Data Protection Act).

However, party insiders have suggested recently that Labour’s HQ believes it has a way to continue to use such information legally – even though the party’s refusal to disclose how it intends to do this is almost certainly a breach of its obligations under the DPA to handle data in a ‘fair and transparent’ way.

Whatever the details of its plan, however, ‘scraping’ seems extremely unlikely to form part of any legal methodology – but the evidence suggests that Labour’s bureaucracy is engaged in it.

A source – which for reasons that will be obvious must remain anonymous – contacted the SKWAWKBOX with an apparent ‘smoking gun’ and details of how it came about:

I noticed a while ago that they were definitely scraping and collating info from multiple sources – and they’ve just proven they’re doing it again.

I have taken to regularly changing my twitter handle / account name etc to see whether their scrapers can handle it – and it looks like they can.

They’ve managed to conflate my Labour party email address with my twitter account (my Twitter account does not have the same email as the address I use for Twitter, and I am not searchable by email address anyway).

Hilariously the end result is that they seem to be using people’s Twitter names as their real names for email purposes.

I dont know how they’re scraping or keeping things in sync given that I’ve been deliberately changing account and contact info, but it might be worth seeing if others end up in similar situation.

I expect they’re using some kind of 3rd-party system which can analyse social media accounts given a single piece of contact info – take a look at [redacted].com/ for an example of something like that.

It feels sloppy – I’m not sure what kind of lack of understanding you need in order to override someone’s real name with their twitter handle, but hey ho. So I imagine they’re doing it in at least some kind of semi-automated way and either aren’t checking the names or don’t care enough to check

They must be keeping the info updated relatively regularly too, since I change names often and the email contained the latest version.

The source sent this blog a screenshot of an email received from the Labour Party, in which the ‘name’ used was the same as the Twitter account name – which is clearly not a real human name.

To protect the identity of the source, the details cannot be shown here, but imagine an email addressed to ‘Dear Hamster Resistance‘ and you’ll have the right kind of level of obviousness – and remember that there is no link between the Twitter name and the email address registered with the Labour Party, nor has the member’s real name been used on the Twitter account.

The most likely explanation for the appearance of the Twitter name is that the ‘scraping’ software used by Labour captured the Twitter name for entry against the member’s file details – but the employee entering the details screwed up the process and put the Twitter account details into the First_name/Last_name field by mistake.

Giving away the fact that Labour have those details, when it otherwise would have been kept hidden.

The fact that Labour appear to be doing this will be of serious concern to many members – and anyone concerned with privacy and proper data handling.

It’s almost unimaginable that ‘scraping’ of this kind will be compliant with the DPA, as at least some information collected has not been given to Labour by the data subjects at all, let alone permission given to use it for anything.

However, Labour HQ and the ICO will be contacted for comment when they reopen on Monday.

In the meantime, if you have been similarly affected, please contact the SKWAWKBOX via direct message on Twitter or Facebook with details – your anonymity will be guaranteed if required.

The SKWAWKBOX needs your support. This blog is provided free of charge but depends on the generosity of its readers to be viable. If you can afford to, please click here to arrange a one-off or modest monthly donation via PayPal. Thanks for your solidarity so this blog can keep bringing you information the Establishment would prefer you not to know about.


  1. Observations:

    1) “Labour denied that this was the case (that the party had ways to access even protected social media feeds)” No, they didn’t. As I pointed out in the comments of your previous article, the supposed denial you refer to was nothing but mealy-mouthed claptrap, pure smoke and mirrors, and interesting only for what it did NOT say.

    2) Your correspondent has caught them bang to rights linking party email addresses to social media accounts via a mechanism which is easily discovered by a quick Google search … and which constitutes a use of personal information for which HQ has no consent.

    3) McNicol et al. will continue in this manner until they are dragged out of Southside by their feet. Personally, that’s exactly how I’d like to see them dealt with.

    I remain convinced that the only way to make a breakthrough against McNicol and his ilk is to dig up the toxic waste of their misconduct during the leadership challenge and put it on public display.

    They’re trying to more be circumspect these days so the chances of catching them red-handed conspiring against Jeremy’s supporters are much lower but, during the heady days of the leadership challenge, they absolutely covered themselves in filth … and, with only a bit of luck, the evidence is still there to be dug up and used against them to devastating effect.

    I remain convinced that a crowdfunded whistleblower reward for informations (emails, chat logs etc) on their conduct during the leadership challenge is the right way to go after McNicol and a whole bunch of other Project Anaconda hacks

    WikiLeaks has a similar campaign running (https://wikileaks.org/WikiLeaks-offers-award-for-LabourLeaks.html) but their reward is only £20k – and not crowdfunded, which I think that is the key.

    A reward in the region of £100k sounds more like the sort of money that would overcome any residual Honor Among Thieves and get the co-copspirators ratting on each other (and what a sight that would be!)

    Skwawkbox, you’ve got the platform and the audience to make something like this happen. If it was me, I’d have done it months ago =)

    1. McNicol will always have a friend, albeit an unwitting one in the soft touch ICO “regulator”, whose modus operandi is to very publicly hammer the little guy (e.g. small business cowboys) with massive fines as a deterrent to others, but to pass by on the other side or wave through local authorities, banks or similar moneyed data controllers who would be in a position to muddy the water or mount a legal defence, placing a burden on already limited public funds.

      Not once in their existence have the ICO referred a local authority, political party, bank or similar to the High Court, although they blow hard and threaten this regularly within their correspondence.

      1. Thanks Wirral In It Together, I didn’t realise that.

        The scope and enforcement of DPA, FOI, privacy rights, and similar legislation, is a policy area on which I wish Jeremy’s Labour party would be more much more vocal and active.

        At times, I’ve heard more supportive rumblings from the LibDems, of all people, so Labour needs to do a lot more.

  2. Remember NationBuilder that Labour uses nationally, regionally, and some CLPs, can do Twitter scraping. You might be seeing this. NationBuilder can do limited, or extensive scraping.

    In simple scraping NationBuilder is linked to a Twitter account, eg a CLP twitter account – actually it sort-of controls the twitter account as it has the password. Then NationBuilder can (I think this is enabled by default) import into its contacts database the twitter handle of: a) followers b) anyone who has mentioned your handle c) anyone who has retweeted you. I cannot see how it issues a DPA fair processing notice to Twitter users sucked into the database. But I don’t think it automatically links these handles to Labour membersnet email addresses, so they are separate NationBuilder data items without a real name attached unless that is publicly given. It probably does similar for Facebook.

    I am quite uneasy that this is DPA compliant, but it is a debatable area perhaps. An ICO ruling on NationBuilder usage would be good.

    In the US NationBuilder has tried doing extensive scraping, and I hope national Labour has not tried this. To quote an article on the NationBuilder official blog:

    The must-know campaign strategy of 2016: Twitter imports

    Earlier this year we expanded our social media tools to include a recurring Twitter import capability, which allows you to pull the entire following of any Twitter account into your database for prospecting … [now] connected to powerful search and CRM tools. With this functionality, Twitter becomes a giant online phonebook and reaching people is as easy as clicking.

    We set up Goptwitter, an import that automatically pulls in followers of the RNC, Jeb Bush, Rand Paul, Heritage, the NRA, and many more for a total of almost 4 million records. Demtwitter pulls in followers of OFA, Elizabeth Warren, Emily’s List, the Sierra Club, Hillary Clinton, and many others for a total of over 7 million active accounts.

    By combining these records with NationBuilder’s powerful filtering tool, we viewed individual bio’s, mapped followings, and identified top social influencers.

    Here’s a quick example of how to execute a direct contact strategy using Twitter imports in 7 easy steps … that can all be done from the NationBuilder platform. …

    I think the ICO would be very displeased if anyone tried this in the UK.

    If you want to read more, google the title name of this article. Also google “site:nationbuilder.com How to connect Facebook and Twitter to a broadcaster” leads you into the online NationBuilder manual in this area.

    1. The ICO only shows its displeasure against those not in a position to put up a fully funded legal defence. Okay, it may be defending our personal data in these cases, but it is a bully that “lives within its means” talking big and shrinking away from the big bruisers.

  3. Actually the default setup for Nationbuilder as a back end for CLP websites is to do exactly this. All it needs is some personal details and then NationBuilder will do a fuzzy search of social media.

  4. Surely there’s a plaster out there to cover the scraping and stop the itching?
    Or send them a worm that will infect their nosey goings on when interfering with our free speech?

Leave a Reply

%d bloggers like this: