The Institution of Engineering and Technology (IET) is pleased to respond to the Home Affairs Committee consultation on "A Surveillance Society".

  The IET was formed in March 2006 through a merger of the Institution of Electrical Engineers (IEE) and the Institution of Incorporated Engineers (IIE). The IET has in excess of 150,000 members worldwide drawn from a broad range of science and engineering disciplines. The membership represents a wide range of expertise, from technical experts to business leaders, encompassing a wealth of professional experience and knowledge, independent of commercial interests.

INTRODUCTION

  1.  The best advice the IET can give the Committee is to consult the excellent report published in March 2007 by the Royal Academy of Engineering, entitled Dilemmas of Privacy and Security. Several of the Working Group members who produced this report are Fellows of the IET and we endorse their report as a comprehensive and thoughtful study.

  2.  Arriving at an acceptable balance between security and privacy requires dialogue and understanding between policy makers, technologists and the public. As members of the Committee are in a prime position to influence this dialogue, we give our views below on where the responsibilities should lie.

TECHNOLOGY CONSIDERATIONS

  3.  The fundamental principles of security are already well documented and understood. Every database is vulnerable to data corruption and data theft. These risks become very significant if the database is widely accessible, particularly if it is connected to the Internet. In these circumstances, if the database contains personal data about many people, or vulnerable people, the database access software should be developed to very high standards of security engineering. The necessary standards far exceed normal commercial software quality.

RESPONSIBILITIES OF POLICY MAKERS AND OFFICIALS

  4.  It is important to remember that databases are an implementation technology, not an end in themselves. In each instance, it is vital to analyse and define the desired outcomes and the business changes that are needed to achieve these outcomes, before deciding whether a new database is a suitable solution and moving on to define its scope. Any such project should be managed as a business change project enabled by technology, not as a technology development project.

ROLE OF PARLIAMENT

  5.  MPs need to be very clear about what they are aiming to achieve and what the specific outcomes of legislation will be, including the level of security/risk. It should be the role of MPs to ensure that all legislative changes are checked in detail for security/risk, and to understand the implications of this, before they are approved.

  6.  The IET is well placed to advise on the critical technical aspects of legislative changes.

CONCLUSION

  7.  The report Dilemmas of Privacy and Surveillance, published last month by the Royal Academy of Engineering, aims to ensure that policy makers, government and other organisations are aware of the potential problems so that they can be prepared to confront them. It also offers suggestions for technological and regulatory solutions to privacy issues which are intended to stimulate debate and research into protecting and designing for privacy.

  8.  The IET commends this report to the Committee.[77]

April 2007