UK Liberty

Intercept Modernisation Programme delayed until after next election

Posted in politicians on liberty, privacy, surveillance society by ukliberty on November 11, 2009

The Independent (and other outlets):

Plans to store information about every phone call, email and internet visit in the United Kingdom have in effect been abandoned by the Government.

The Home Office confirmed the “Big Brother” scheme had been delayed until after the election amid protests that it would be intrusive and open to abuse. Although ministers publicly insisted yesterday that they remained committed to the scheme, they have decided not to include the contentious measure in next week’s Queen’s Speech, the Government’s final legislative programme before the election.

Sorry Henry but this is what shielding is for

Posted in database state, politicians on liberty, privacy, relates to ordinary people by ukliberty on March 30, 2009

Henry Porter in the Guardian:

.. If someone can without much trouble lift this data, does it not follow that databases like the national identity register and the children’s database, ContactPoint, are similarly insecure?

Even if Smith is unlikely to absorb this message now, MPs who worry about their personal information leaking to the press may like to think again about the merits of big, centralised databases. For that reason, we should welcome the Mail on Sunday’s scoop. Smith’s embarrassment is a fringe benefit, which we may think of as repayment to the taxpayer.

But special people will be ‘shielded’ by ContactPoint and we know that special people have “additional protection” from HMRC.  

Also, our representatives don’t want us to know where they live.

All for security purposes of course.

That many of us would like the same security is of no account, unless we can prove we are particularly vulnerable.

Otherwise we remain subject to a greater security risk than our representatives.

It really is a case of one rule for them and another for the rest of us.

Man watches Ocean’s 13… twice

Call for resignation.

Alix Mortimer makes a more sober comment:

… And why, you might ask, am I, um, handwringing over this in quite so prurient a fashion?

Simple. This is just the kind of happy little vignette that it’s apparently just fine for three hundred thousand civil servants and ministers to know about the rest of us. Every internet transaction, every site visit, every email.  So what if outrage, mortification and a publicly damaged relationship results? At least the government have been able to verify to their own satisfaction that you’re not doing anything wrong. …

Guido says they don’t like it up ’em:

Note that the anger MPs are feeling about the expenses revelations is directed not at those MPs who are abusing the system and bringing them all into disrepute, but at those who are exposing them. Labour MPs are convinced there is a “Tory mole”* in the fees office, others think that digitised versions of their soon to be released receipts are being shopped around the papers. …

And what about that ‘court of public opinion’, asks Mark Reckons:

When Harriet Harman was being questioned about Shred’s pension she said that although his contract may be enforceable by law, it is not enforceable in the “court of public opinion” and hence the government would “step in”. I wonder whether she takes a similar view about Jacqui Smith trousering over £100K by claiming that a room in her sister’s house is her main residence whilst she has a huge house in Redditch where her husband and children live. It is clear that is also not enforceable in the “court of public opinion. Is she now going to “step in”?

Anderson vs Wills

Posted in database state, DNA database, politicians on liberty, privacy, surveillance society by ukliberty on March 23, 2009

Professor Ross Anderson:

Database State is a report we’ve [the FIPR] written for the Joseph Rowntree Reform Trust on the failings of public-sector IT in Britain, and how to fix them. There’s press coverage in the Guardian, the Mail, the Independent, and the Telegraph. … 

More news coverage in the Daily India, the Standard and elsewhere.

Do read William Heath’s comments – he helped write the report. In particular,

In summary, Transformational Government comes from a bad place. There may or may not be implementation problems, but that’s not the point. (Correction – there are and will be huge implementation problems. But it’s still not the point). It was never designed, in any formal sense, to help us. And the political class and the CIO community seems to be oblivious or to have overlooked the fact that much of what they are undertaking is illegal.

I’ve made a transcript of Professor Anderson’s appearance on the Today programme on Radio 4.  I’ve made a couple of comments in-line.

Presenter Jim McNaughtie (JM): Just because I’m paranoid it doesn’t mean they aren’t out to get me. So runs the old joke. Today’s report on government databases from the Joseph Rowntree Reform Trust suggests it’s perfectly rational to be worried about the way the government collects and holds information about us all. Its conclusions will be welcome news to people like Steven Clark, who was arrested last September after taking pictures at the Labour Party conference in Manchester. He was released without charge but his DNA remains on record. 

Steven Clark: It’s worrying that they would keep everyone’s DNA the way they did. I think if someone is arrested like that and there isn’t even a charge brought against them they shouldn’t take the DNA in the first place. They should only take the DNA if there is a charge and they should only keep it if there is a conviction. Even though I wasn’t charged with an offence, and even though the European Court of Human Rights has ruled that they’ve actually abused my human rights by keeping it. 

JM: I’m joined by Professor Ross Anderson from Cambridge, who wrote today’s report, and Michael Wills, the Minister in the Justice Department responsible for this area. Good morning to you both. 

Ross Anderson (RA): Good morning. 

Michael Wills (MW): Good morning. 

JM: Professor Anderson, what exactly did you look at and what did you find? 

RA: We looked at the 46 databases that hold information on all or most of us, which have been built or expanded in the last ten years. We assessed them firstly for safety, secondly for privacy, thirdly for effectiveness and value for money, and fourthly whether they complied with European Law. What we found was about a quarter of these databases and systems are clearly almost certainly in breach of the European Convention on Human Rights, including as our caller said, the DNA database which was actually convicted in the European Court. And more than half of them have got serious question marks over them. 

JM: And why exactly in your view are they illegal? What do they – what offence do they commit, if you like? 

RA: European law gives us the right to privacy in the sense that our sensitive personal information about your health, your sex life, your religion and so on, can only be shared either with your consent, or under a law which is sufficiently tightly drawn to let you tell what will be done with information you supply and which is proportionate and necessary in a democratic society. Unfortunately our own data protection law doesn’t come up this standard, and in effect privacy regulation in Britain is broken just as banking regulation was. 

JM: Well in a moment I’m going to ask Michael Wills to respond to some of that. But can you just focus our minds on this – give me an illustration of when one of us might find that a bit of information that is held about us is misused in the manner you are talking about. 

RA: Well, we have a particularly distressing example from a pregancy charity in Oxford, which has reported that now that GPs are sharing information with social workers in some parts of the country, where new systems have been rolled out, that poorer women are reluctant to tell GPs about post-natal depression, because they’re worried that the social workers will take their baby away. 

JM: And GPs are reporting that is a fact, that they are observing? 

RA: This is being reported by [inaudible] which is a pregancy charity in Oxford. 

JM: Well Michael Wills, that’s a very vivid illustration of the broader problem that Professor Anderson says he’s identified. Do you accept his basic charge, that a number of these databases, a quarter in fact, are not operating within the law? 

MW: No, I don’t. What I do accept is that we’ve always got to be concerned about this area. We’ve always got to be concerned about these issues of privacy. But what the report doesn’t do is tell you what some of the advantages of these databases are, and this isn’t just about- 

JM: Sorry, it’s important you should say that, but I just want you to answer first his charge that these things are illegal. 

MW: Well, I’ve just answered his charge- 

JM: What, by just saying no? 

MW: Which is no, and I’m going to go on and say that I think it’s also important that in this very very sensitive area, that we understand that the government has to strike a balance in all these things. Of course we’re concerned about the things Professor Anderson is concerned about. We must be. It’s very important to people, it’s about their privacy. But we don’t just enter into this area trying to compromise privacy. There is a balance to be struck between all the advantages of these databases and you cannot talk about this topic without understanding that there are real advantages for the public. And that isn’t just about the more effective delivery of public services, it’s also about the detection of crime.

 

I think public sector databases already get a lot of positive publicity from the Government, don’t you?

But it’s curious that Michael Wills criticises the report for not talking about the benefits – although in fact the report does say what the databases are intended to do – when I don’t recall him criticising the Government for not talking about the disadvantages.

 

And it’s also, as we saw last week, about preventing and remedying miscarriages of justice. If it was not for the existence of DNA and DNA databases, innocent people might still be in jail.

Ah.  Now who’s qualifying what he’s saying?  Last week’s case, that of Sean Hodgson, has little if anything to do with the DNA database. Hodgson was cleared of a 30 year old murder because a sample from the scene was retested using modern techniques and compared against his sample (11 years after the Forensic Science Service said they no longer had the relevant samples). A better – but rather more of a counterpoint – is the case of Kevin Reynolds. His DNA profile, already on the National DNA Database, together with evidence from the scene, provided exculpatory evidence that the authorities proceeded to ignore.

JM: OK, all right, I understand all that, but could you just expand a bit on your reason for simply saying that Professor Anderson is wrong to say that these things are illegal, and he does so as you heard him say, on the grounds that the rules for governing what happens to our information are not sufficiently tight and don’t comply with European law? 

MW: Well, the problem with this report is that it’s a dramatic headline and not much argument behind it- 

JM: Well would you care to deal with that one? 

MW: I was going to carry on and say exactly why I think that. I want to say the reasons for that, of course we will scrutinise the report with great care, we will provide a response to all the allegations, we will send them to Professor Anderson and we’ll give him a chance to reply to that response. So we’re not complacent about this and we will respond line by line to this report. But as it stands, it’s not at all clear what evidence the Professor and his colleagues have relied upon to reach the judgements they’ve made, it’s not clear what the methodology is that they’ve used to make their judgements. He says and I quote, “it’s almost certainly illegal”, and those words are very telling, “almost certainly”- 

RA: All right, well he’s here so let’s ask him. What is your evidence? 

RA: Well, the evidence is in the report, it’s 64 pages and a couple of hundred footnotes. On the legal argument we produced an earlier report on children’s databases that set that out in enormous detail. The evidence rests on particular judgements from the European Court, such as I v Finland, which gives us the right to medical privacy. That is clearly broken by two of the large NHS databases that we rate as red. There are also other judgements which lead us to give red assessments to nine other large government systems. But- 

JM: Michael Wills points out that you use the phrase “almost certainly illegal”. Why that qualifier if you’re so sure of your ground? 

RA: Well, there’s nothing ever certain in litigation and even a case that you think is certain can always be lost. But it must be said that one of these databases, the National DNA Databases, has actually been found to be in contravention last year by the European Court of Human Rights [S & Marper v UK] and we think it’s almost inconceivable that the two NHS databases we rate as red would not be found to be in contravention of the law. 

JM: Michael Wills, I think you wanted to come in there. Go ahead. 

MW: Well I do, I do, because we’re hearing all these qualifications. Neither the Professor nor none of his colleagues are lawyers. There is no evidence in the report of the way they have reached this conclusion.

I’m sure people will make their own minds up about that.

In some cases they have speculated about databases that don’t exist yet on the basis of speculative newspaper reports. If they want to provide us with the methodology and the detailed evidence – he talks about all the pages but he deals with 46 databases in that, it’s not a very extensive argument, a lot of the evidence he gives for his conclusions are actually just descriptions of the databases and sometimes speculative descriptions of databases that don’t exist. 

Why is this so unreasonable?  If one was to describe a database that involved the blanket and indefinite retention of everyone’s personal data, it’s reasonable to claim – based on precedent – that such a database would almost certainly be found illegal.

JM: I don’t think we’re going to settle that question here. Michael Wills can you deal just briefly with the specific example of reports that doctors are finding that poorer women are reluctant to report cases of post natal depression because they fear that information will go to social workers. 

MW: Well of course that must be a matter for concern and we’ll look into it. And when we have specific examples of unintended consequences, and this appears to be just that, of course we’ll look into it and if necessary we’ll change the way that database operates. We can’t be oblivious to the consequences and that’s why we’ll take this report and every other such report extremely seriously. If changes need to be made we will make them. 

JM: Michael Wills, Professor Ross Anderson, thank you both.

Effectively no enforcement of data protection act

Posted in database state, privacy by ukliberty on March 9, 2009

Lewis Page in the Register:

A subject-matter expert has said that “there is effectively no enforcement” of the Data Protection Act, and suggested that corporate data losses or breaches are even more prevalent than in the public sector. …

Even where a UK firm was caught bang to rights losing or revealing data there was little comeback, said Sharpe.

“In other fields, companies go to lawyers to make sure they are complying with the law,” he said. “Nobody comes to me to make sure they’re complying with the Data Protection Act, because there’s no downside for them if they screw up.

“If somebody loses your data, or leaks it, or gives it to someone you didn’t want to have it, don’t come to me – don’t expect the law to do anything… there is effectively no enforcement.”