APPENDIX 7
Memorandum submitted by The Institution
of Engineering and Technology
The Institution of Engineering and Technology
(IET) is pleased to respond to the Home Affairs Committee consultation
on "A Surveillance Society".
The IET was formed in March 2006 through a merger
of the Institution of Electrical Engineers (IEE) and the Institution
of Incorporated Engineers (IIE). The IET has in excess of 150,000
members worldwide drawn from a broad range of science and engineering
disciplines. The membership represents a wide range of expertise,
from technical experts to business leaders, encompassing a wealth
of professional experience and knowledge, independent of commercial
interests.
INTRODUCTION
1. The best advice the IET can give the
Committee is to consult the excellent report published in March
2007 by the Royal Academy of Engineering, entitled Dilemmas
of Privacy and Security. Several of the Working Group members
who produced this report are Fellows of the IET and we endorse
their report as a comprehensive and thoughtful study.
2. Arriving at an acceptable balance between
security and privacy requires dialogue and understanding between
policy makers, technologists and the public. As members of the
Committee are in a prime position to influence this dialogue,
we give our views below on where the responsibilities should lie.
TECHNOLOGY CONSIDERATIONS
3. The fundamental principles of security
are already well documented and understood. Every database is
vulnerable to data corruption and data theft. These risks become
very significant if the database is widely accessible, particularly
if it is connected to the Internet. In these circumstances, if
the database contains personal data about many people, or vulnerable
people, the database access software should be developed to very
high standards of security engineering. The necessary standards
far exceed normal commercial software quality.
RESPONSIBILITIES
OF POLICY
MAKERS AND
OFFICIALS
4. It is important to remember that databases
are an implementation technology, not an end in themselves. In
each instance, it is vital to analyse and define the desired outcomes
and the business changes that are needed to achieve these outcomes,
before deciding whether a new database is a suitable solution
and moving on to define its scope. Any such project should be
managed as a business change project enabled by technology, not
as a technology development project.
ROLE OF
PARLIAMENT
5. MPs need to be very clear about what
they are aiming to achieve and what the specific outcomes of legislation
will be, including the level of security/risk. It should be the
role of MPs to ensure that all legislative changes are checked
in detail for security/risk, and to understand the implications
of this, before they are approved.
6. The IET is well placed to advise on the
critical technical aspects of legislative changes.
CONCLUSION
7. The report Dilemmas of Privacy and
Surveillance, published last month by the Royal Academy of
Engineering, aims to ensure that policy makers, government and
other organisations are aware of the potential problems so that
they can be prepared to confront them. It also offers suggestions
for technological and regulatory solutions to privacy issues which
are intended to stimulate debate and research into protecting
and designing for privacy.
8. The IET commends this report to the Committee.[77]
April 2007
77 Dilemmas of Privacy and Security-Challenges of
Technological Change. Royal Academy of Engineering, March 2007.
http://www.raeng.org.uk/policy/reports/default/htm Back
|