Sunday, September 01, 2013
Trading our personal data
Today's Telegraph contains a shocking report on the vulnerability of data held on all of us by private companies and public bodies. They say that that the authorities have investigated more than 700 cases of sensitive data
being obtained illegally from organisations such as mobile telephone companies,
councils and the NHS in the last five years.
They add that these cases cover the details of hundreds of thousands of individuals, and include instances where confidential medical information was stolen from official databases. In some cases the personal information was sold on to marketing firms, providing leads for Britain’s burgeoning cold-calling industry, whilst many records were stolen by employees seeking a profit. In other cases, staff used the data in personal feuds:
The Sunday Telegraph, assisted by Big Brother Watch, a privacy campaign group, analysed all prosecutions brought against people for breaching section 55 of the Data Protection Act in the last five years.
The legislation makes it an offence to “knowingly or recklessly” obtain or disclose personal information without the permission of the organisation responsible for the data.
The Information Commissioner is able to prosecute under the Act, while the Crown Prosecution Service generally carries out such prosecutions when police have also brought charges of another offence considered more serious, such as misconduct in a public office.
The analysis disclosed that prosecutors had brought charges for 714 alleged breaches of section 55 in the last five financial years.
The CPS is unable to disclose how many resulted in convictions, but the Information Commissioner’s Office (ICO) has separately, successfully sought convictions for an additional 82 offences.
In total, 14 people were convicted as a result of ICO prosecutions between 2008 and 2013. The CPS was unable to say how many individuals were involved in its prosecutions.
Those prosecuted by the ICO include Darren Hames, a former area manager for T-Mobile, who made thousands of pounds selling details of half a million customers to a former colleague, David Turley. Turley then sold the information on to a company that targeted customers to switch to a rival operator.
The dossier underlines the strength of the case being made by Christopher Graham, the Information Commissioner, to overhaul the Data Protection Act and introduce tougher penalties for abuses. The sooner the government does this the better.
They add that these cases cover the details of hundreds of thousands of individuals, and include instances where confidential medical information was stolen from official databases. In some cases the personal information was sold on to marketing firms, providing leads for Britain’s burgeoning cold-calling industry, whilst many records were stolen by employees seeking a profit. In other cases, staff used the data in personal feuds:
The Sunday Telegraph, assisted by Big Brother Watch, a privacy campaign group, analysed all prosecutions brought against people for breaching section 55 of the Data Protection Act in the last five years.
The legislation makes it an offence to “knowingly or recklessly” obtain or disclose personal information without the permission of the organisation responsible for the data.
The Information Commissioner is able to prosecute under the Act, while the Crown Prosecution Service generally carries out such prosecutions when police have also brought charges of another offence considered more serious, such as misconduct in a public office.
The analysis disclosed that prosecutors had brought charges for 714 alleged breaches of section 55 in the last five financial years.
The CPS is unable to disclose how many resulted in convictions, but the Information Commissioner’s Office (ICO) has separately, successfully sought convictions for an additional 82 offences.
In total, 14 people were convicted as a result of ICO prosecutions between 2008 and 2013. The CPS was unable to say how many individuals were involved in its prosecutions.
Those prosecuted by the ICO include Darren Hames, a former area manager for T-Mobile, who made thousands of pounds selling details of half a million customers to a former colleague, David Turley. Turley then sold the information on to a company that targeted customers to switch to a rival operator.
The dossier underlines the strength of the case being made by Christopher Graham, the Information Commissioner, to overhaul the Data Protection Act and introduce tougher penalties for abuses. The sooner the government does this the better.
Labels: ID
Saturday, August 03, 2013
Telecoms companies passing details to GCHQ
Yesterday's Guardian reports that some of the world's leading telecoms firms, including BT and Vodafone, are secretly collaborating with Britain's spy agency GCHQ, and are passing on details of their customers' phone calls, email messages and Facebook entries.
They say that BT, Vodafone Cable, and the American firm Verizon Business, together with four other smaller providers, have given GCHQ secret unlimited access to their network of undersea cables. The cables carry much of the world's phone calls and internet traffic:
On Friday Germany's Süddeutsche newspaper published the most highly sensitive aspect of this operation – the names of the commercial companies working secretly with GCHQ, and giving the agency access to their customers' private communications. The paper said it had seen a copy of an internal GCHQ powerpoint presentation from 2009 discussing Tempora.
The document identified for the first time which telecoms companies are working with GCHQ's "special source" team. It gives top secret codenames for each firm, with BT ("Remedy"), Verizon Business ("Dacron"), and Vodafone Cable ("Gerontic"). The other firms include Global Crossing ("Pinnage"), Level 3 ("Little"), Viatel ("Vitreous") and Interoute ("Streetcar"). The companies refused to comment on any specifics relating to Tempora, but several noted they were obliged to comply with UK and EU law.
The revelations are likely to dismay GCHQ and Downing Street, who are fearful that BT and the other firms will suffer a backlash from customers furious that their private data and intimate emails have been secretly passed to a government spy agency. In June a source with knowledge of intelligence said the companies had no choice but to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.
Together, these seven companies operate a huge share of the high-capacity undersea fibre-optic cables that make up the backbone of the internet's architecture. GCHQ's mass tapping operation has been built up over the past five years by attaching intercept probes to the transatlantic cables where they land on British shores. GCHQ's station in Bude, north Cornwall, plays a role. The cables carry data to western Europe from telephone exchanges and internet servers in north America. This allows GCHQ and NSA analysts to search vast amounts of data on the activity of millions of internet users. Metadata – the sites users visit, whom they email, and similar information – is stored for up to 30 days, while the content of communications is typically stored for three days.
GCHQ has the ability to tap cables carrying both internet data and phone calls. By last year GCHQ was handling 600m "telephone events" each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.
Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.
This operation is carried out under clandestine agreements with the seven companies, described in one document as "intercept partners". The companies are paid for logistical and technical assistance.
The identity of the companies allowing GCHQ to tap their cables was regarded as extremely sensitive within the agency. Though the Tempora programme itself was classified as top secret, the identities of the cable companies was even more secret, referred to as "exceptionally controlled information", with the company names replaced with the codewords, such as "GERONTIC", "REMEDY" and "PINNAGE".
However, some documents made it clear which codenames referred to which companies. GCHQ also assigned the firms "sensitive relationship teams". One document warns that if the names emerged it could cause "high-level political fallout".
Germans have been enraged by the revelations of spying by the National Security Agency and GCHQ after it emerged that both agencies were hoovering up German data as well. On Friday the Süddeutsche said it was now clear that private telecoms firms were far more deeply complicit in US-UK spying activities than had been previously thought.
The source familiar with intelligence maintained in June that GCHQ was "not looking at every piece of straw" but was sifting a "vast haystack of data" for what he called "needles".
He added: "If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other." The source said analysts used four criteria for determining what was examined: security, terror, organised crime and Britain's economic wellbeing."The vast majority of the data is discarded without being looked at … we simply don't have the resources."
Nonetheless, the agency repeatedly referred to plans to expand this collection ability still further in the future.
Once it is collected, analysts are able to search the information for emails, online chats and browsing histories using an interface called XKeyscore, uncovered in the Guardian on Wednesday. By May 2012, 300 analysts from GCHQ and 250 NSA analysts had direct access to search and sift through the data collected under the Tempora program.
Documents seen by the Guardian suggest some telecoms companies allowed GCHQ to access cables which they did not themselves own or operate, but only operated a landing station for. Such practices could raise alarm among other cable providers who do not co-operate with GCHQ programmes that their facilities are being used by the intelligence agency
What is not clear is the extent to which these companies are voluntarily co-operating with this operation and to what extent they have been coerced. Nevertheless, although sources say that GCHQ is not listening to everything, it is clear that any use of telecommunications is not secure. Always assume you are being listened to.
They say that BT, Vodafone Cable, and the American firm Verizon Business, together with four other smaller providers, have given GCHQ secret unlimited access to their network of undersea cables. The cables carry much of the world's phone calls and internet traffic:
On Friday Germany's Süddeutsche newspaper published the most highly sensitive aspect of this operation – the names of the commercial companies working secretly with GCHQ, and giving the agency access to their customers' private communications. The paper said it had seen a copy of an internal GCHQ powerpoint presentation from 2009 discussing Tempora.
The document identified for the first time which telecoms companies are working with GCHQ's "special source" team. It gives top secret codenames for each firm, with BT ("Remedy"), Verizon Business ("Dacron"), and Vodafone Cable ("Gerontic"). The other firms include Global Crossing ("Pinnage"), Level 3 ("Little"), Viatel ("Vitreous") and Interoute ("Streetcar"). The companies refused to comment on any specifics relating to Tempora, but several noted they were obliged to comply with UK and EU law.
The revelations are likely to dismay GCHQ and Downing Street, who are fearful that BT and the other firms will suffer a backlash from customers furious that their private data and intimate emails have been secretly passed to a government spy agency. In June a source with knowledge of intelligence said the companies had no choice but to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.
Together, these seven companies operate a huge share of the high-capacity undersea fibre-optic cables that make up the backbone of the internet's architecture. GCHQ's mass tapping operation has been built up over the past five years by attaching intercept probes to the transatlantic cables where they land on British shores. GCHQ's station in Bude, north Cornwall, plays a role. The cables carry data to western Europe from telephone exchanges and internet servers in north America. This allows GCHQ and NSA analysts to search vast amounts of data on the activity of millions of internet users. Metadata – the sites users visit, whom they email, and similar information – is stored for up to 30 days, while the content of communications is typically stored for three days.
GCHQ has the ability to tap cables carrying both internet data and phone calls. By last year GCHQ was handling 600m "telephone events" each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.
Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.
This operation is carried out under clandestine agreements with the seven companies, described in one document as "intercept partners". The companies are paid for logistical and technical assistance.
The identity of the companies allowing GCHQ to tap their cables was regarded as extremely sensitive within the agency. Though the Tempora programme itself was classified as top secret, the identities of the cable companies was even more secret, referred to as "exceptionally controlled information", with the company names replaced with the codewords, such as "GERONTIC", "REMEDY" and "PINNAGE".
However, some documents made it clear which codenames referred to which companies. GCHQ also assigned the firms "sensitive relationship teams". One document warns that if the names emerged it could cause "high-level political fallout".
Germans have been enraged by the revelations of spying by the National Security Agency and GCHQ after it emerged that both agencies were hoovering up German data as well. On Friday the Süddeutsche said it was now clear that private telecoms firms were far more deeply complicit in US-UK spying activities than had been previously thought.
The source familiar with intelligence maintained in June that GCHQ was "not looking at every piece of straw" but was sifting a "vast haystack of data" for what he called "needles".
He added: "If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other." The source said analysts used four criteria for determining what was examined: security, terror, organised crime and Britain's economic wellbeing."The vast majority of the data is discarded without being looked at … we simply don't have the resources."
Nonetheless, the agency repeatedly referred to plans to expand this collection ability still further in the future.
Once it is collected, analysts are able to search the information for emails, online chats and browsing histories using an interface called XKeyscore, uncovered in the Guardian on Wednesday. By May 2012, 300 analysts from GCHQ and 250 NSA analysts had direct access to search and sift through the data collected under the Tempora program.
Documents seen by the Guardian suggest some telecoms companies allowed GCHQ to access cables which they did not themselves own or operate, but only operated a landing station for. Such practices could raise alarm among other cable providers who do not co-operate with GCHQ programmes that their facilities are being used by the intelligence agency
What is not clear is the extent to which these companies are voluntarily co-operating with this operation and to what extent they have been coerced. Nevertheless, although sources say that GCHQ is not listening to everything, it is clear that any use of telecommunications is not secure. Always assume you are being listened to.
Labels: ID
Sunday, July 21, 2013
More data protection questions
Over at Politics Home, Helen Goodman MP has outlined a fairly disturbing case which she says highlights the inadequacy of the UK's data protectoin laws:
On 12 May, The Sunday Times reported that EE had sold to Ipsos MORI the personal data of 27 million mobile phone users, including their gender, age and postcode, the websites they visited, the time of day texts were sent, and the location when the texts were sent. Customers were clearly not aware that their data were being handed on and used in this way. Ipsos MORI then met with the Metropolitan police to discuss selling the data on. These data go beyond anything the police can get without an application under the Regulation of Investigatory Powers Act 2000, of which in 2011 only 2,911 such orders were given.
The day after reading that article, I wrote to Ed Vaizey asking whether he had had a report from the Metropolitan police, whether the Government believe that it is right that a larger range of data are being used and sold than is allowed under RIPA, and what action the Government are taking to protect our citizens.
Because I did not receive an answer for two months, I wrote to the mobile phone companies and the Information Commissioner’s Office, most of which provided full responses. All the companies said they believed that their practices fell within the Data Protection Act 1998 and that the data had been anonymised as defined in that Act. The ICO said that having datasets with names or addresses stripped out and aggregated into groups of 50 “does not enable particular individuals to be identified”.
Unfortunately that is not the case. By combining these data with other datasets—for example, those of the Land Registry—individual people can be identified. In March this year, Nature published a report by academics which concluded that:
“in a dataset where the location of an individual is specified hourly…four spatio-temporal points are enough to uniquely identify 95% of the individuals...”
The current law is inadequate to protect people’s privacy, partly because there has been significant technological change since 1998. Furthermore, the current consent rules are completely inadequate. For consent to be meaningful, it needs to be explicit, informed and freely given, not buried somewhere in paragraph 157 of the terms and conditions.
I think Helen Goodman is right. 1998 is an age away in new technology terms. Things have moved on significantly. We need a full expert review and a new Act of Parliament that gives people back control over their own data, especially that held by private companies.
On 12 May, The Sunday Times reported that EE had sold to Ipsos MORI the personal data of 27 million mobile phone users, including their gender, age and postcode, the websites they visited, the time of day texts were sent, and the location when the texts were sent. Customers were clearly not aware that their data were being handed on and used in this way. Ipsos MORI then met with the Metropolitan police to discuss selling the data on. These data go beyond anything the police can get without an application under the Regulation of Investigatory Powers Act 2000, of which in 2011 only 2,911 such orders were given.
The day after reading that article, I wrote to Ed Vaizey asking whether he had had a report from the Metropolitan police, whether the Government believe that it is right that a larger range of data are being used and sold than is allowed under RIPA, and what action the Government are taking to protect our citizens.
Because I did not receive an answer for two months, I wrote to the mobile phone companies and the Information Commissioner’s Office, most of which provided full responses. All the companies said they believed that their practices fell within the Data Protection Act 1998 and that the data had been anonymised as defined in that Act. The ICO said that having datasets with names or addresses stripped out and aggregated into groups of 50 “does not enable particular individuals to be identified”.
Unfortunately that is not the case. By combining these data with other datasets—for example, those of the Land Registry—individual people can be identified. In March this year, Nature published a report by academics which concluded that:
“in a dataset where the location of an individual is specified hourly…four spatio-temporal points are enough to uniquely identify 95% of the individuals...”
The current law is inadequate to protect people’s privacy, partly because there has been significant technological change since 1998. Furthermore, the current consent rules are completely inadequate. For consent to be meaningful, it needs to be explicit, informed and freely given, not buried somewhere in paragraph 157 of the terms and conditions.
I think Helen Goodman is right. 1998 is an age away in new technology terms. Things have moved on significantly. We need a full expert review and a new Act of Parliament that gives people back control over their own data, especially that held by private companies.
Labels: ID
Saturday, July 20, 2013
Cat out of the bag?
The claim by a Conservative peer, whilst speaking in the House of Lords that that he uses friends in the Driver and Vehicle Licensing Agency to track down drivers he spots littering the road and admonish them has caused a bit of a sensation.
That is not because of the extraordinary sense of citizenship demonstrated by Lord Selsdon in tracking down British families driving 4x4 cars to go skiing in the Alps who, he says are amongst the most prolific vehicle-based litterers, but for the data protection implications of his alleged actions.
The Independent reports that a spokesperson for the DVLA denied Lord Selsdon's assertion that he accessed telephone numbers through the agency. The spokesperson contended that the Agency takes its responsibility to protect information seriously. Adding that information is only provided under strict controls to those who are legally entitled to it, such as local authorities and the police.
However, that categorical denial later transmuted into a holding position with a second statement saying: "We are writing to Lord Selsdon to ask him for further information. Depending on his reply we will then decide on whether or not it is necessary to conduct a full investigation."
I await further developments with interest.
Update: Lord Selsdon has now issued an apology in which he said that his suggestion that he "might have been provided with the personal data of motorists by the DVLA" was "unintentional", and added: "I would like to confirm I have not, at any time, asked for or been given by the DVLA any information which is not in the public domain.
"In particular, I have not been given names or particulars of vehicles.
"I much regret that my speech, without text or notes, should have given rise to press speculation to the contrary and I would like to apologise to the House."
That is not because of the extraordinary sense of citizenship demonstrated by Lord Selsdon in tracking down British families driving 4x4 cars to go skiing in the Alps who, he says are amongst the most prolific vehicle-based litterers, but for the data protection implications of his alleged actions.
The Independent reports that a spokesperson for the DVLA denied Lord Selsdon's assertion that he accessed telephone numbers through the agency. The spokesperson contended that the Agency takes its responsibility to protect information seriously. Adding that information is only provided under strict controls to those who are legally entitled to it, such as local authorities and the police.
However, that categorical denial later transmuted into a holding position with a second statement saying: "We are writing to Lord Selsdon to ask him for further information. Depending on his reply we will then decide on whether or not it is necessary to conduct a full investigation."
I await further developments with interest.
Update: Lord Selsdon has now issued an apology in which he said that his suggestion that he "might have been provided with the personal data of motorists by the DVLA" was "unintentional", and added: "I would like to confirm I have not, at any time, asked for or been given by the DVLA any information which is not in the public domain.
"In particular, I have not been given names or particulars of vehicles.
"I much regret that my speech, without text or notes, should have given rise to press speculation to the contrary and I would like to apologise to the House."
Labels: ID
Sunday, July 14, 2013
The right to seize phone data
The Telegraph reports on a disturbing development at Britain's borders in which thousands of innocent holidaymakers and travellers are having their phones seized and personal data downloaded and stored by the police.
The paper says that officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data. They add that the blanket power is so broad olice do not even have to show reasonable suspicion for seizing the device and can retain the information for “as long as is necessary”. Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages:
David Anderson QC, the independent reviewer of terrorism laws, is expected to raise concerns over the power in his annual report this week.
He will call for proper checks and balances to ensure it is not being abused.
It echoes concerns surrounding an almost identical power police can use on the streets of the UK, which is being reviewed by the Information Commissioner.
However, in those circumstances police must have grounds for suspicion and the phone can only be seized if the individual is arrested.
Mr Anderson said: “Information downloaded from mobile phones seized at ports has been very useful in disrupting terrorists and bringing them to justice.
“But ordinary travellers need to know that their private information will not be taken without good reason, or retained by the police for any longer than is necessary.”
Up to 60,000 people a year are “stopped and examined” as they enter or return to the UK under powers contained in the Terrorism Act 2000.
Like David Anderson I can see that this is a useful tool in the fight against terrorism but it must be used appropriately and proportionately, be open to challenge and review and be subject to clear rules as to how it it utilised.
The paper says that officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data. They add that the blanket power is so broad olice do not even have to show reasonable suspicion for seizing the device and can retain the information for “as long as is necessary”. Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages:
David Anderson QC, the independent reviewer of terrorism laws, is expected to raise concerns over the power in his annual report this week.
He will call for proper checks and balances to ensure it is not being abused.
It echoes concerns surrounding an almost identical power police can use on the streets of the UK, which is being reviewed by the Information Commissioner.
However, in those circumstances police must have grounds for suspicion and the phone can only be seized if the individual is arrested.
Mr Anderson said: “Information downloaded from mobile phones seized at ports has been very useful in disrupting terrorists and bringing them to justice.
“But ordinary travellers need to know that their private information will not be taken without good reason, or retained by the police for any longer than is necessary.”
Up to 60,000 people a year are “stopped and examined” as they enter or return to the UK under powers contained in the Terrorism Act 2000.
Like David Anderson I can see that this is a useful tool in the fight against terrorism but it must be used appropriately and proportionately, be open to challenge and review and be subject to clear rules as to how it it utilised.
Labels: ID
Saturday, June 08, 2013
Big Brother is back in the news
Nick Clegg may have killed off the Snooper's Charter but that does not mean that it is not business as usual for the spooks at GCHQ and their American allies in the routine monitoring of communications traffic.
The Independent reports on claims that thousands of Britons could have been spied on by GCHQ under what they describe as a “chilling” link to a secret American operation covertly collecting data from the world’s largest internet companies.
They say that under a progranme called Prism, American agents were able to glean data, including the contents of emails and web-chats, direct from the servers of major providers including Facebook, Google and Yahoo:
It emerged that some of the information had been passed to GCHQ, raising fears that the agency had been sidestepping the usual legal process for requesting intelligence material about UK nationals. The agency insists it operates within a “strict legal and policy framework”.
According to documents, GCHQ received 197 intelligence reports through the Prism system in the 12 months to May 2012, a rise of 137 per cent on the previous year.
Clearly, this raises many questions some of which will be asked in Parliament over the next few weeks. I don't suppose we should be surprised that this activity goes on, what is shocking is the extent of it, that there is no legislative framework for it and the fact that the UK Government, although complicit, had no oversight of the process and method of collection of the data.
The Independent reports on claims that thousands of Britons could have been spied on by GCHQ under what they describe as a “chilling” link to a secret American operation covertly collecting data from the world’s largest internet companies.
They say that under a progranme called Prism, American agents were able to glean data, including the contents of emails and web-chats, direct from the servers of major providers including Facebook, Google and Yahoo:
It emerged that some of the information had been passed to GCHQ, raising fears that the agency had been sidestepping the usual legal process for requesting intelligence material about UK nationals. The agency insists it operates within a “strict legal and policy framework”.
According to documents, GCHQ received 197 intelligence reports through the Prism system in the 12 months to May 2012, a rise of 137 per cent on the previous year.
Clearly, this raises many questions some of which will be asked in Parliament over the next few weeks. I don't suppose we should be surprised that this activity goes on, what is shocking is the extent of it, that there is no legislative framework for it and the fact that the UK Government, although complicit, had no oversight of the process and method of collection of the data.
Labels: ID
Saturday, December 08, 2012
Committee warn that internet snooping law could infringe privacy
The report of a joint committee of MPs and peers due to be published next week has underlined why so many Liberal Democrats are opposed to a new law that will enable the government to monitor and record internet traffic in the interests of national security.
Supporters of the scheme say that it is simply a matter of collecting details of an e-mail or a message and storing it. They say that the authorities will be able to see who is in contact with whom and when, but not the content of any communication. However, according to the Telegraph the committee will warn it may not always be possible to separate such details:
It is possible to examine basic information for phone calls, text messages and emails without accessing the content but the committee will say there are concerns when it comes to other web use such as messages on social media sites and blogs.
The report will warn it may not be possible to distinguish between who is in contact with who and the content of those messages.
In these circumstances the Liberal Democrats will have little choice but to send civil servants back to the drawing board. The only way such a bill would get through would be if Labour were to revert to their illiberal ways and support it.
Supporters of the scheme say that it is simply a matter of collecting details of an e-mail or a message and storing it. They say that the authorities will be able to see who is in contact with whom and when, but not the content of any communication. However, according to the Telegraph the committee will warn it may not always be possible to separate such details:
It is possible to examine basic information for phone calls, text messages and emails without accessing the content but the committee will say there are concerns when it comes to other web use such as messages on social media sites and blogs.
The report will warn it may not be possible to distinguish between who is in contact with who and the content of those messages.
In these circumstances the Liberal Democrats will have little choice but to send civil servants back to the drawing board. The only way such a bill would get through would be if Labour were to revert to their illiberal ways and support it.
Labels: ID
Friday, November 30, 2012
Opposing the snooper's charter
Amongst all the controversy about Leveson and the Welsh Government seeking to censor Pobl y Cwm, another piece of important news slipped out yesterday that may have even greater repercussions for the future of the Coalition Government.
The Independent reports that controversial moves to give sweeping new powers to the police and security services to monitor phone, email and internet use are set to be opposed by Nick Clegg.
The paper says that the Deputy Prime Minister is expected to veto the draft Communications Data Bill, which has been denounced by critics as a “snooper’s charter”:
Theresa May, the Home Secretary, insists the moves are essential to keep track of terrorists and major criminals that are increasingly using Skype, email and social networks to evade the authorities. It wants the new powers to be in place by 2014.
But an all-party group of MPs and peers scrutinising the draft Bill will list a series of serious criticisms of the plans in a report next month. One Whitehall source said: “The committee is becoming more sceptical.”
It will accuse the Home Office of failing to make a “compelling case” for the proposals, which it warns could infringe civil liberties and create a pool of confidential information that could be open to abuse.
The committee will also warn of the potential cost to telecommunications companies and internet service providers from having to store the required data for 12 months.
Sources close to the committee are understood to believe the Bill cannot survive in its current form and may have to be dropped altogether.
Given the enthusiasm of the Home Office for this legislation this could lead to yet another confrontation behind the doors of number 10. And quite rightly so.
The Independent reports that controversial moves to give sweeping new powers to the police and security services to monitor phone, email and internet use are set to be opposed by Nick Clegg.
The paper says that the Deputy Prime Minister is expected to veto the draft Communications Data Bill, which has been denounced by critics as a “snooper’s charter”:
Theresa May, the Home Secretary, insists the moves are essential to keep track of terrorists and major criminals that are increasingly using Skype, email and social networks to evade the authorities. It wants the new powers to be in place by 2014.
But an all-party group of MPs and peers scrutinising the draft Bill will list a series of serious criticisms of the plans in a report next month. One Whitehall source said: “The committee is becoming more sceptical.”
It will accuse the Home Office of failing to make a “compelling case” for the proposals, which it warns could infringe civil liberties and create a pool of confidential information that could be open to abuse.
The committee will also warn of the potential cost to telecommunications companies and internet service providers from having to store the required data for 12 months.
Sources close to the committee are understood to believe the Bill cannot survive in its current form and may have to be dropped altogether.
Given the enthusiasm of the Home Office for this legislation this could lead to yet another confrontation behind the doors of number 10. And quite rightly so.
Labels: ID
Monday, April 02, 2012
A red line Liberal Democrats should not cross
It is difficult to know why plans for the government to be able to monitor the calls, emails, texts and website visits of everyone in the UK has been put out in the public domain now, in advance of the Queen's speech, other than perhaps to test the water.
Apparently the idea is to legislate so that internet firms will be required to give intelligence agency GCHQ access to communications in real time. The law would not allow GCHQ to access the content of emails, calls or messages without a warrant, but it would enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited.
This revival of a proposal mooted by the last Labour Government underlines the inertia of Government. Once an idea is fixed in the minds of advisors and civil servants, they keep revisiting it until they find politicians prepared to take it forward. Liberal Democrat Ministers should not be those politicians.
Both the Liberal Democrats and the Conservatives opposed this legislation when we were in opposition, we should not now succumb to false arguments that a mass surveillance state somehow guarantees our safety.
The director of campaign group Big Brother Watch, Nick Pickles is absolutely right when he describes this move "an unprecedented step that will see Britain adopt the same kind of surveillance seen in China and Iran".
"This is an absolute attack on privacy online and it is far from clear this will actually improve public safety, while adding significant costs to internet businesses," he said.
It is not proportionate, does not respect freedom of expression nor does it take account of the privacy of users.
Apparently the idea is to legislate so that internet firms will be required to give intelligence agency GCHQ access to communications in real time. The law would not allow GCHQ to access the content of emails, calls or messages without a warrant, but it would enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited.
This revival of a proposal mooted by the last Labour Government underlines the inertia of Government. Once an idea is fixed in the minds of advisors and civil servants, they keep revisiting it until they find politicians prepared to take it forward. Liberal Democrat Ministers should not be those politicians.
Both the Liberal Democrats and the Conservatives opposed this legislation when we were in opposition, we should not now succumb to false arguments that a mass surveillance state somehow guarantees our safety.
The director of campaign group Big Brother Watch, Nick Pickles is absolutely right when he describes this move "an unprecedented step that will see Britain adopt the same kind of surveillance seen in China and Iran".
"This is an absolute attack on privacy online and it is far from clear this will actually improve public safety, while adding significant costs to internet businesses," he said.
It is not proportionate, does not respect freedom of expression nor does it take account of the privacy of users.
Labels: ID
Sunday, February 19, 2012
Liberal Democrats should oppose this latest threat to privacy
It was known, even before 'Yes Minister' that it is not the politicians who run this country, it is the senior civil servants. Even when a politicians puts up resistance to an idea or policy, it keeps resurfacing in one form or another until opposition amongst government ministers is ground down.
That certainly appears to be the story around the latest revived plan to have details of every phone call and text message, email traffic and websites visited online stored in a series of vast databases on the pretext that it is necessary to counter terrorism. Isn't the whole point of GCHQ to monitor this sort of traffic amongst terrorist suspects anyway? Why then do we need a catch-all provision.
The Telegraph reminds us that the scheme is a revised version of a plan drawn up by the Labour government which would have created a central database of all the information:
The idea of a central database was later dropped in favour of a scheme requiring communications providers to store the details at the taxpayers’ expense.
But the whole idea was cancelled amid severe criticisms of the number of public bodies which could access the data, which as well as the security services, included local councils and quangos, totalling 653 public sector organisations.
Labour shelved the project - known as the Intercept Modernisation Programme - in November 2009 after a consultation showed it had little public support.
Only one third of respondents backed the plan and half said they feared the scheme lacked safeguards and technical rigour to protect highly sensitive information.
At the same time the Conservatives criticised Labour’s “reckless” record on privacy.
A report, called Reversing the Rise of the Surveillance State by Dominic Grieve, then shadow home secretary and now Attorney General, published in 2009, said a Tory government would collect fewer personal details which would be held by “specific authorities on a need-to-know basis only”.
And yet now, here we are again with proposals that landline and mobile phone companies and broadband providers will be ordered to store data for a year and make it available to the security services.
The paper says that the databases will not record the contents of calls, texts or emails but the numbers or email addresses of who they are sent and received by.
They add that for the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook. Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.
Frankly, this scheme is as flawed as it was when it was first mooted. It is a major threat to our privacy as well as an invitation to 'private entrepreneurs' to try and hack the information for their own profit. It should be opposed by Liberal Democrats at every turn, including those in government.
That certainly appears to be the story around the latest revived plan to have details of every phone call and text message, email traffic and websites visited online stored in a series of vast databases on the pretext that it is necessary to counter terrorism. Isn't the whole point of GCHQ to monitor this sort of traffic amongst terrorist suspects anyway? Why then do we need a catch-all provision.
The Telegraph reminds us that the scheme is a revised version of a plan drawn up by the Labour government which would have created a central database of all the information:
The idea of a central database was later dropped in favour of a scheme requiring communications providers to store the details at the taxpayers’ expense.
But the whole idea was cancelled amid severe criticisms of the number of public bodies which could access the data, which as well as the security services, included local councils and quangos, totalling 653 public sector organisations.
Labour shelved the project - known as the Intercept Modernisation Programme - in November 2009 after a consultation showed it had little public support.
Only one third of respondents backed the plan and half said they feared the scheme lacked safeguards and technical rigour to protect highly sensitive information.
At the same time the Conservatives criticised Labour’s “reckless” record on privacy.
A report, called Reversing the Rise of the Surveillance State by Dominic Grieve, then shadow home secretary and now Attorney General, published in 2009, said a Tory government would collect fewer personal details which would be held by “specific authorities on a need-to-know basis only”.
And yet now, here we are again with proposals that landline and mobile phone companies and broadband providers will be ordered to store data for a year and make it available to the security services.
The paper says that the databases will not record the contents of calls, texts or emails but the numbers or email addresses of who they are sent and received by.
They add that for the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook. Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.
Frankly, this scheme is as flawed as it was when it was first mooted. It is a major threat to our privacy as well as an invitation to 'private entrepreneurs' to try and hack the information for their own profit. It should be opposed by Liberal Democrats at every turn, including those in government.
Labels: ID
Sunday, November 06, 2011
Illegal stop and search?
When I saw a tweet a few days ago from a reputable source suggesting that passengers at a London transport venue were being asked for identification by police I thought it was strange but, as I had no more details I moved on.
Today though, a story in the Observer leads me to believe that it could have been part of an operation whereby Border agency officials are conducting unlawful passport checks on buses and other public transport to try to catch illegal immigrants.
The paper says that documents it has seen suggest that staff from the UK Border Agency have been "regularly" targeting coaches at bus stations "to prevent illegal migrants from making use of the public transport network".
They add that the practice appears to be illegal, with officials only authorised to examine passengers at air or sea ports. One bus passenger subjected to the identity checks is quoted as describing them as "harassment" and behaviour that had no place in a democratic society.
One victim of these checks wrote to complain and gave an account of what happened to him:
British-born Pete Clark, 56, from Liverpool, has described that he had no idea who the officials were when they physically blocked him leaving a National Express coach travelling to the city from Leeds until the passengers revealed identification "deemed suitable."
"None of the persons involved gave an explanation of who they were, what they were doing and on which authority." he said "Their attempt to prevent passengers from going about their lawful business amounts to harassment."
He said that he had recently been working in Africa and had witnessed the heavy-handed behaviour of police and state officials acting on suspicion of illegal behaviour: "I have always considered the country of my birth to be free of this sort of constant intimidation. Sadly, this seems not to be the case. Such routine actions under repressive regimes worlwide have no place in a free democracy such as the UK."
In a letter to Clark, the UKBA explain that the intelligence operations on coaches were permitted under the immigration act 1971. Yet the act itself states only: "An immigration officer may examine any persons who have arrived in the United Kingdom by ship or aircraft."
This is a very worrying development. Day-to-day operations of agencies are not of course supervised by politicians but, now that this is in the open, the Government should investigate and put a stop to any illegal practices.
Today though, a story in the Observer leads me to believe that it could have been part of an operation whereby Border agency officials are conducting unlawful passport checks on buses and other public transport to try to catch illegal immigrants.
The paper says that documents it has seen suggest that staff from the UK Border Agency have been "regularly" targeting coaches at bus stations "to prevent illegal migrants from making use of the public transport network".
They add that the practice appears to be illegal, with officials only authorised to examine passengers at air or sea ports. One bus passenger subjected to the identity checks is quoted as describing them as "harassment" and behaviour that had no place in a democratic society.
One victim of these checks wrote to complain and gave an account of what happened to him:
British-born Pete Clark, 56, from Liverpool, has described that he had no idea who the officials were when they physically blocked him leaving a National Express coach travelling to the city from Leeds until the passengers revealed identification "deemed suitable."
"None of the persons involved gave an explanation of who they were, what they were doing and on which authority." he said "Their attempt to prevent passengers from going about their lawful business amounts to harassment."
He said that he had recently been working in Africa and had witnessed the heavy-handed behaviour of police and state officials acting on suspicion of illegal behaviour: "I have always considered the country of my birth to be free of this sort of constant intimidation. Sadly, this seems not to be the case. Such routine actions under repressive regimes worlwide have no place in a free democracy such as the UK."
In a letter to Clark, the UKBA explain that the intelligence operations on coaches were permitted under the immigration act 1971. Yet the act itself states only: "An immigration officer may examine any persons who have arrived in the United Kingdom by ship or aircraft."
This is a very worrying development. Day-to-day operations of agencies are not of course supervised by politicians but, now that this is in the open, the Government should investigate and put a stop to any illegal practices.
Labels: ID
Monday, October 31, 2011
Big Brother is here after all
As somebody who has always been concerned about the growth of the surveillance state, I am aware that no matter how friendly a government is to civil liberties, new technology will always outstrip new legislation in its ability to intrude on people's lives.
This seems to have been confirmed by this story which suggests that Britain's largest police force is operating covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area.
They say that the surveillance system has been procured by the Metropolitan police from Leeds-based company Datong plc, which counts the US Secret Service, the Ministry of Defence and regimes in the Middle East among its customers:
Strictly classified under government protocol as "Listed X", it can emit a signal over an area of up to an estimated 10 sq km, forcing hundreds of mobile phones per minute to release their unique IMSI and IMEI identity codes, which can be used to track a person's movements in real time.
The disclosure has caused concern among lawyers and privacy groups that large numbers of innocent people could be unwittingly implicated in covert intelligence gathering. The Met has refused to confirm whether the system is used in public order situations, such as during large protests or demonstrations.
Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, warned the technology could give police the ability to conduct "blanket and indiscriminate" monitoring: "It raises a number of serious civil liberties concerns and clarification is urgently needed on when and where this technology has been deployed, and what data has been gathered," he said. "Such invasive surveillance must be tightly regulated, authorised at the highest level and only used in the most serious of investigations. It should be absolutely clear that only data directly relating to targets of investigations is monitored or stored," he said.
There are issues of legality and proportionality here that need to be addressed. As the paper points out covert surveillance is currently regulated under the Regulation of Investigatory Powers Act (Ripa), which states that to intercept communications a warrant must be personally authorised by the home secretary and be both necessary and proportionate. The terms of Ripa allow phone calls and SMS messages to be intercepted in the interests of national security, to prevent and detect serious crime, or to safeguard the UK's economic wellbeing.
How such wide ranging and indiscriminate technology fits into this frameowrk is difficult to see. There must be some clarity from government on how this device is used, what authorisation is required and how the rights of innocent civilians are protected.
This seems to have been confirmed by this story which suggests that Britain's largest police force is operating covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area.
They say that the surveillance system has been procured by the Metropolitan police from Leeds-based company Datong plc, which counts the US Secret Service, the Ministry of Defence and regimes in the Middle East among its customers:
Strictly classified under government protocol as "Listed X", it can emit a signal over an area of up to an estimated 10 sq km, forcing hundreds of mobile phones per minute to release their unique IMSI and IMEI identity codes, which can be used to track a person's movements in real time.
The disclosure has caused concern among lawyers and privacy groups that large numbers of innocent people could be unwittingly implicated in covert intelligence gathering. The Met has refused to confirm whether the system is used in public order situations, such as during large protests or demonstrations.
Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch, warned the technology could give police the ability to conduct "blanket and indiscriminate" monitoring: "It raises a number of serious civil liberties concerns and clarification is urgently needed on when and where this technology has been deployed, and what data has been gathered," he said. "Such invasive surveillance must be tightly regulated, authorised at the highest level and only used in the most serious of investigations. It should be absolutely clear that only data directly relating to targets of investigations is monitored or stored," he said.
There are issues of legality and proportionality here that need to be addressed. As the paper points out covert surveillance is currently regulated under the Regulation of Investigatory Powers Act (Ripa), which states that to intercept communications a warrant must be personally authorised by the home secretary and be both necessary and proportionate. The terms of Ripa allow phone calls and SMS messages to be intercepted in the interests of national security, to prevent and detect serious crime, or to safeguard the UK's economic wellbeing.
How such wide ranging and indiscriminate technology fits into this frameowrk is difficult to see. There must be some clarity from government on how this device is used, what authorisation is required and how the rights of innocent civilians are protected.
Labels: ID
Friday, October 07, 2011
The DNA of the coalition government
There are two issues with this morning's article in the Telegraph about the Government's plans to reform the way that DNA is stored by the Police. One relates to the age-old complaint about any government legislation, namely that discretionary powers are given to Ministers and questions as to how they plan to use them now or in the future. The second is a bit more fundamental.
The paper focusses on the report of the committee scrutinising the legislation which would give ministers a discretionary power to “rewrite” rules of entry at will. Ministers say they will use these powers to curb officials’ rights of entry. There are currently about 1,200 separate legal powers of entry, from serving from court warrants to protecting trademarks.
However, the committee have latched onto the fact that the opposite is also true. A Minister could if they so wanted actually use this power to extend officials’ ability to enter homes. The solution as ever is either to put the powers on the face of the bill, alter the powers or, more likely, insist that any regulations must have the prior approval of Parliament. This sort of stuff is meat and drink when it comes to scrutinising bills.
The second issue is a bit more worrying. It is that the restrictions do not go far enough. The Home Secretary says that plans to curb the state’s right to intrude in private lives would see the names of one million innocent people removed from the DNA database. Only adults convicted or cautioned would have their DNA stored indefinitely, while those charged but later cleared would have their profiles stored for up to five years.
However the committee are worried that this will create “a significant risk of incompatibility with the right to a private life’’. They say that the Bill will also “create a broad catch-all discretion for police to authorise the retention of material indefinitely for reasons of national security’’ and go on to caution: “We are concerned that the minister has not provided a justification of why this power is necessary and proportionate, particularly in light of specific measures targeted towards retention in relation to counter-terrorism and immigration. Without further justification or additional safeguards, these measures should be removed from the Bill.’’
Clearly, if such a provision is to be included in the Bill it needs to be justified. In my view there can be no good reason why the DNA of innocent people is retained by the Police and I would expect the new legislation to reflect that.
The paper focusses on the report of the committee scrutinising the legislation which would give ministers a discretionary power to “rewrite” rules of entry at will. Ministers say they will use these powers to curb officials’ rights of entry. There are currently about 1,200 separate legal powers of entry, from serving from court warrants to protecting trademarks.
However, the committee have latched onto the fact that the opposite is also true. A Minister could if they so wanted actually use this power to extend officials’ ability to enter homes. The solution as ever is either to put the powers on the face of the bill, alter the powers or, more likely, insist that any regulations must have the prior approval of Parliament. This sort of stuff is meat and drink when it comes to scrutinising bills.
The second issue is a bit more worrying. It is that the restrictions do not go far enough. The Home Secretary says that plans to curb the state’s right to intrude in private lives would see the names of one million innocent people removed from the DNA database. Only adults convicted or cautioned would have their DNA stored indefinitely, while those charged but later cleared would have their profiles stored for up to five years.
However the committee are worried that this will create “a significant risk of incompatibility with the right to a private life’’. They say that the Bill will also “create a broad catch-all discretion for police to authorise the retention of material indefinitely for reasons of national security’’ and go on to caution: “We are concerned that the minister has not provided a justification of why this power is necessary and proportionate, particularly in light of specific measures targeted towards retention in relation to counter-terrorism and immigration. Without further justification or additional safeguards, these measures should be removed from the Bill.’’
Clearly, if such a provision is to be included in the Bill it needs to be justified. In my view there can be no good reason why the DNA of innocent people is retained by the Police and I would expect the new legislation to reflect that.
Labels: ID
Tuesday, July 26, 2011
Whose DNA is driving this coalition?
It is always difficult to establish the exact truth of what is going on in Government from early newspaper reports, but if this Daily Telegraph article is correct then Nick Clegg may be in for a rough ride at the Liberal Democrat Conference in September.
The paper says that the DNA of more than one million innocent people will not be wiped from police records despite a clear Coalition Agreement commitment to delete all innocent profiles, apart from those accused of violent or sex crimes, from police databases. Instead the police will retain DNA profiles in anonymised form, leaving open the possibility of connecting them up with people's names:
Currently, in England and Wales, the DNA profiles of everyone arrested for a recordable offence are retained by the police, regardless of whether they were charged or convicted.
This has meant that the police’s national DNA database holds more than five million profiles, including one million people with no criminal conviction.
Experts say storing the DNA of innocent people gave them an unfair “presumption of guilt” in the eyes of the police.
The Coalition agreement last May said the Government would “adopt the protections of the Scottish model for the DNA database”.
DNA samples from innocent people would be deleted, apart from those accused of a sexual or violent offences, which would be held for five years.
However, Home Office minister James Brokenshire admitted to MPs on a committee which is considering the legislation that police forces will retain innocent profiles.
Mr Brokenshire said he had won agreement from the information watchdog that the DNA profiles could be retained by forensic science laboratories.
This would mean that the profiles would “be considered to have been deleted (even though the DNA profile record, minus the identification information, will still exist)”.
However Mr Brokenshire admitted that it would be still be possible to identify the anonymised profiles.
A Home Office spokesman has insisted that profiles will be completely deleted from the national DNA database. However, as the paper points out, within individual police systems, profiles are recorded in batches and it is not possible to delete one without affecting the rest, including convicted offenders.
The spokesman may be saying that the Government position has not changed and that they will retain the DNA of the guilty, not the innocent but from where everybody else sits that does not look to be the case. Either the Government needs to give us more detail as a credible reassurance or else they should rethink and keep the original promise.
The paper says that the DNA of more than one million innocent people will not be wiped from police records despite a clear Coalition Agreement commitment to delete all innocent profiles, apart from those accused of violent or sex crimes, from police databases. Instead the police will retain DNA profiles in anonymised form, leaving open the possibility of connecting them up with people's names:
Currently, in England and Wales, the DNA profiles of everyone arrested for a recordable offence are retained by the police, regardless of whether they were charged or convicted.
This has meant that the police’s national DNA database holds more than five million profiles, including one million people with no criminal conviction.
Experts say storing the DNA of innocent people gave them an unfair “presumption of guilt” in the eyes of the police.
The Coalition agreement last May said the Government would “adopt the protections of the Scottish model for the DNA database”.
DNA samples from innocent people would be deleted, apart from those accused of a sexual or violent offences, which would be held for five years.
However, Home Office minister James Brokenshire admitted to MPs on a committee which is considering the legislation that police forces will retain innocent profiles.
Mr Brokenshire said he had won agreement from the information watchdog that the DNA profiles could be retained by forensic science laboratories.
This would mean that the profiles would “be considered to have been deleted (even though the DNA profile record, minus the identification information, will still exist)”.
However Mr Brokenshire admitted that it would be still be possible to identify the anonymised profiles.
A Home Office spokesman has insisted that profiles will be completely deleted from the national DNA database. However, as the paper points out, within individual police systems, profiles are recorded in batches and it is not possible to delete one without affecting the rest, including convicted offenders.
The spokesman may be saying that the Government position has not changed and that they will retain the DNA of the guilty, not the innocent but from where everybody else sits that does not look to be the case. Either the Government needs to give us more detail as a credible reassurance or else they should rethink and keep the original promise.
Labels: ID
Saturday, February 12, 2011
A blow for freedom
Yesterday's announcement that the DNA of up to one million innocent people will be wiped from the national database is a victory for commonsense and liberalism.
Under the new regime only the profiles of people suspected of serious offences of sex or violence will be retained and only for a maximum of five years. Other proposals include a significant scaling back of vetting and criminal record checks, more powers for the public around CCTV, making it a criminal offence to wheel-clamp vehicles on private land and a major reduction of state powers to snoop on people.
A major culling of the 1,200 different powers available to officials to enter a home and a ban on schools fingerprinting children without their parent's consent are also planned.
There will also be a new law allowing homosexuals who were convicted for having consensual sex with anyone over the age of 16 when it was illegal to have their criminal record wiped clean.
The period a terror suspect can be detained without charge will be halved to 14 days.
Police will no longer be able to stop and search people without reasonable suspicion under terror laws unless there is "reasonable suspicion" that an atrocity will take place.
There is a long way to go of course on the details in the Freedom Bill but it is outcomes like this that made it worthwhile for the Liberal Democrats to enter Government in the first place. There may be downsides but a lot of good can come of taking responsibility as well.
Under the new regime only the profiles of people suspected of serious offences of sex or violence will be retained and only for a maximum of five years. Other proposals include a significant scaling back of vetting and criminal record checks, more powers for the public around CCTV, making it a criminal offence to wheel-clamp vehicles on private land and a major reduction of state powers to snoop on people.
A major culling of the 1,200 different powers available to officials to enter a home and a ban on schools fingerprinting children without their parent's consent are also planned.
There will also be a new law allowing homosexuals who were convicted for having consensual sex with anyone over the age of 16 when it was illegal to have their criminal record wiped clean.
The period a terror suspect can be detained without charge will be halved to 14 days.
Police will no longer be able to stop and search people without reasonable suspicion under terror laws unless there is "reasonable suspicion" that an atrocity will take place.
There is a long way to go of course on the details in the Freedom Bill but it is outcomes like this that made it worthwhile for the Liberal Democrats to enter Government in the first place. There may be downsides but a lot of good can come of taking responsibility as well.
Labels: ID
Monday, January 03, 2011
A data rich society
I have written before about the habit of the Police of keeping on their databases details of people who have been charged with offences and then found not guilty. However, it seems that the forces of law and order have taken their obsession with the retention of data even further.
According to this morning's Western Mail millions of innocent people have had their details stored on police databases after reporting a crime.
The paper says that forces across England and Wales have amassed data about people who dial 999 or non-emergency numbers to report their concerns or pass on information:
West Midlands Police, the second largest force, holds 1.1 million records of people who have reported offences over the past 12 years. Others, including Lancashire, Cleveland, Avon and Somerset, Gloucestershire, West Mercia and North Wales, hold more than 150,000 each.
Senior officers admitted the information could be used against people as part of any future police investigation. They insisted gathering the data was necessary to fight crime, protect the vulnerable and ensure concerns were dealt with properly.
But critics said the vast databases were further evidence of a creeping database state in which information on the innocent was held alongside criminals and suspects.
Personally, I do not go as far as Gus Hosein, of Privacy International, who is quoted as saying: "There's a point where the police stop seeing members of the public as the people to be protected and rather see them all as potential criminals. Until now, this only happened in non-democratic states, but I fear that this line has been crossed in ours. This only goes to show how far the last government went in promoting this view that we are all criminals, and my understanding is that while this government has cut the NPIA, which is a first step, a culture change in the way we are governed and protected is the next one."
However, clearly there is a need for the Police to properly justify the holding of any data, no matter how innocuous, and their suggestion that 'most people would expect police to hold on to it' just does not cut it as a sufficient reason.
What is needed is transparency and accountability, in which there are proper policies in place for handling and accessing this data, for authorising it to be cross-referenced or not, for allowing people to inspect, challenge and delete any data held on them and for reviewing and removing data after suitable time periods, depending on its nature. There also has to be the facility for a fuss-free independent review of any case and of the whole policy framework. These policies and the safeguards surrounding them need to be widely publicised.
So far I have seen no evidence that any of this is in place. Until it is then none of us can easily believe that our details are being safely and properly stored or that such data is not being misused.
And after all if you know that by dialling 999 or cooperating with a police investigation, no matter how innocent you are, that you are going to end up on a database, then why bother? Where is the mutual trust that the police need to properly enforce law and order in this country? They cannot have it both ways.
According to this morning's Western Mail millions of innocent people have had their details stored on police databases after reporting a crime.
The paper says that forces across England and Wales have amassed data about people who dial 999 or non-emergency numbers to report their concerns or pass on information:
West Midlands Police, the second largest force, holds 1.1 million records of people who have reported offences over the past 12 years. Others, including Lancashire, Cleveland, Avon and Somerset, Gloucestershire, West Mercia and North Wales, hold more than 150,000 each.
Senior officers admitted the information could be used against people as part of any future police investigation. They insisted gathering the data was necessary to fight crime, protect the vulnerable and ensure concerns were dealt with properly.
But critics said the vast databases were further evidence of a creeping database state in which information on the innocent was held alongside criminals and suspects.
Personally, I do not go as far as Gus Hosein, of Privacy International, who is quoted as saying: "There's a point where the police stop seeing members of the public as the people to be protected and rather see them all as potential criminals. Until now, this only happened in non-democratic states, but I fear that this line has been crossed in ours. This only goes to show how far the last government went in promoting this view that we are all criminals, and my understanding is that while this government has cut the NPIA, which is a first step, a culture change in the way we are governed and protected is the next one."
However, clearly there is a need for the Police to properly justify the holding of any data, no matter how innocuous, and their suggestion that 'most people would expect police to hold on to it' just does not cut it as a sufficient reason.
What is needed is transparency and accountability, in which there are proper policies in place for handling and accessing this data, for authorising it to be cross-referenced or not, for allowing people to inspect, challenge and delete any data held on them and for reviewing and removing data after suitable time periods, depending on its nature. There also has to be the facility for a fuss-free independent review of any case and of the whole policy framework. These policies and the safeguards surrounding them need to be widely publicised.
So far I have seen no evidence that any of this is in place. Until it is then none of us can easily believe that our details are being safely and properly stored or that such data is not being misused.
And after all if you know that by dialling 999 or cooperating with a police investigation, no matter how innocent you are, that you are going to end up on a database, then why bother? Where is the mutual trust that the police need to properly enforce law and order in this country? They cannot have it both ways.
Labels: ID
Sunday, January 02, 2011
Labour's ID card trial fiasco
Now that the UK Coalition Government has quite rightly fulfilled its promise to abolish ID cards details are now emerging of the fiasco that was the trial that Labour ran in Greater Manchester.
According to the Manchester Evening News, civil servants were urged to sign up their own families for ID cards in an effort to stop the controversial scheme flopping. They say:
By April this year, only 15 per cent of airside workers had enrolled for a card.
Reports reveal how the airport took the unusual step of appointing a full-time ‘National Identity Card Administrator’ to drive up demand and considered a competition to promote the scheme.
The report also said: “One participant complained that the identity card interfered with other cards kept in the same wallet.”
Considering that the Government spent £292m on the ID card scheme before it was finally axed, this is a major failure. It seems that people did not just reject Labour in May, they also rejected their flagship scheme, their control freakery and their assault on individual liberties.
According to the Manchester Evening News, civil servants were urged to sign up their own families for ID cards in an effort to stop the controversial scheme flopping. They say:
- Senior Whitehall officials were urged to email friends and relatives encouraging them to buy cards because of fears about the level of demand;
- UK and overseas border guards refused to recognise the cards – with one traveller chased through an Italian airport after trying to use one as ID;
- The Home Office discovered the cards could stop some credit cards from working properly.
By April this year, only 15 per cent of airside workers had enrolled for a card.
Reports reveal how the airport took the unusual step of appointing a full-time ‘National Identity Card Administrator’ to drive up demand and considered a competition to promote the scheme.
The report also said: “One participant complained that the identity card interfered with other cards kept in the same wallet.”
Considering that the Government spent £292m on the ID card scheme before it was finally axed, this is a major failure. It seems that people did not just reject Labour in May, they also rejected their flagship scheme, their control freakery and their assault on individual liberties.
Labels: ID
Sunday, October 24, 2010
The continuing threat to civil liberties
This morning´s Sunday Telegraph is a timely reminder that it is not just government that poses a threat to our privacy and our civil liberties.
They report that Google has admitted that it downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.
It is bad enough having one´s home pictured on the internet for all to see without this sinister off-shoot. The paper reports for example that individuals could be seen in the photos included a man emerging from a sex shop in London's Soho; children throwing stones at a house in Musselburgh, Scotland; a man vomiting outside a pool hall in east London; and three police officers arresting a man in Camden, north London.
Apparently, the vans had also been gathering information about the location of wireless networks, and as an unintended consequence also harvested entire emails and URLs, as well as passwords from those networks that were not protected by a password.
The lesson is clearly to secure your wireless network but that is not enough. This is a clear breach of British data protection laws and the company should be prosecuted.
They report that Google has admitted that it downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.
It is bad enough having one´s home pictured on the internet for all to see without this sinister off-shoot. The paper reports for example that individuals could be seen in the photos included a man emerging from a sex shop in London's Soho; children throwing stones at a house in Musselburgh, Scotland; a man vomiting outside a pool hall in east London; and three police officers arresting a man in Camden, north London.
Apparently, the vans had also been gathering information about the location of wireless networks, and as an unintended consequence also harvested entire emails and URLs, as well as passwords from those networks that were not protected by a password.
The lesson is clearly to secure your wireless network but that is not enough. This is a clear breach of British data protection laws and the company should be prosecuted.
Labels: ID
Monday, July 05, 2010
Rolling back Big Brother
The influence of the Liberal Democrats on the UK Government was evident yesterday with the announcement that Home Secretary, Theresa May, has ordered that a national police camera network that logs more than 10 million movements of motorists every day be placed under statutory regulation.
The Observer says that her decision means that a "Big Brother" police database that currently holds a mammoth 7.6 billion records of the movement of motorists using more than 4,000 cameras across the country will have to be operated with proper accountability and safeguards:
Each entry on the database includes the numberplate, location, date, time and a photograph of the front of the car, which may include images of the driver and any passengers. These details are routinely held for two years.
The options being looked at by the Home Office for regulating the system, known as automatic number plate recognition (ANPR), include establishing a lawful right for the police to collect and retain such details as well as defining who can gain access to the database and placing a legal limit on the period information can be stored for.
Regulation is also expected to require the police to be more open with the public over the number and locations of cameras, with exceptions made for legally authorised covert police operations.
The current situation is unique in Europe and although these cameras assist in combatting crime the uncontrolled growth in their installation around the country does raise a number of concerns. Privacy campaigners believe that it amounts to the routine surveillance of millions of innocent motorists. Better accountability and transparency is therefore welcome.
The Observer says that her decision means that a "Big Brother" police database that currently holds a mammoth 7.6 billion records of the movement of motorists using more than 4,000 cameras across the country will have to be operated with proper accountability and safeguards:
Each entry on the database includes the numberplate, location, date, time and a photograph of the front of the car, which may include images of the driver and any passengers. These details are routinely held for two years.
The options being looked at by the Home Office for regulating the system, known as automatic number plate recognition (ANPR), include establishing a lawful right for the police to collect and retain such details as well as defining who can gain access to the database and placing a legal limit on the period information can be stored for.
Regulation is also expected to require the police to be more open with the public over the number and locations of cameras, with exceptions made for legally authorised covert police operations.
The current situation is unique in Europe and although these cameras assist in combatting crime the uncontrolled growth in their installation around the country does raise a number of concerns. Privacy campaigners believe that it amounts to the routine surveillance of millions of innocent motorists. Better accountability and transparency is therefore welcome.
Labels: ID
Saturday, May 29, 2010
Blunkett loses perspective
Former Home Secretary, David Blunkett showed yesterday what a sore loser he really is when he threatened to sue the Government for the £30 cost of his ID card. He is upset that holders of the documents will not be compensated when they are abolished.
He is still under the illusion that these cards will make a difference to National Security or to the fight against crime despite all the evidence to the contrary.
It is a useful indication that whoever wins the Labour leadership contest is going to have a long fight to reform that party so as to put them into a position to take the reins of power again.
He is still under the illusion that these cards will make a difference to National Security or to the fight against crime despite all the evidence to the contrary.
It is a useful indication that whoever wins the Labour leadership contest is going to have a long fight to reform that party so as to put them into a position to take the reins of power again.
Labels: ID
