APPENDIX 12
Memorandum submitted by Ross Johnson
EXECUTIVE SUMMARY
The shift in the authority of
surveillance from public to private will continue. The most significant
danger arises from private access to public data, and not the
reverse. In return for the provision of such access, private bodies
could agree to disclose data they hold to public agencies. Most
people will encounter surveillance in larger part from private
rather than public bodies. A major risk is that compliance with
surveillance will bring its own rewards to the individual.
The Government appears obsessed
with data sharing. The amount of data and the number of persons
and bodies to whom it is proposed access will be granted is on
an entirely unprecedented scale. Ministers have a poor attitude
towards rules designed to protect data from being shared too widely,
and propose weak reasons for linking all departments in the transmission
of personal information.
Surveillance should become the
subject of legislative regulation over and above current laws
on data protection. Legislation should recognise the social and
civil rights aspects of surveillance, and not merely the security
of the data gathered by it. A new law should be introduced to
provide for a "balancing" test in each case of surveillance.
Reforms should also be made to current data protection law to
provide for the better empowerment of the individual.
Mass surveillance is becoming
a pervasive problem, and needs to be checked. Aside from new regulation
there should be a strongly-empowered regulator such as the Information
Commissioner. Public understanding of the issue of surveillance
and its importance to them needs to be improved.
Increased data sharing and wider
access to information will lead to more cases of criminal abuse,
but the more important issue is what is happening legally.
Privacy impact assessments should
be introduced.
Privacy-enhancing technologies
are a good idea, but should not be relied upon.
Profiling poses significant
risks with potentially far-reaching, undesirable consequences.
INTRODUCTION
1. I submit this memorandum as written evidence
to the Home Affairs Committee in its inquiry entitled "A
Surveillance Society?" announced in its call for evidence
on 27 March 2007.[121]
2. I am a member of the public who takes
a particular interest in the subject matter of this inquiry. I
have followed the Parliamentary progress of legislation such as
the Identity Cards Act 2006, and have read about the wider issues
in the media and other sources.
3. The memorandum includes a section on
each of the points set out in the inquiry's terms of reference,
and begins with an executive summary.
ACCESS BY
PUBLIC AGENCIES
TO PRIVATE
DATABASES
4. The Government's proposed National Identity
Register (NIR) provides wide scope for intrusions of the State
into private life. A detailed audit trail of the use of a NIR
entry may be built up,[122]
necessarily resulting in information that would otherwise be stored
only in private databases becoming available to public authorities.
5. Examples of public use of private data
beyond its stated purpose include the disclosure of Oyster card
logs[123]
and London Congestion Charge[124]
information to the Metropolitan Police.
6. As the ICO report[125]
points out at paragraph 26.2, we should assume that "the
shift of power from public to private" will continue. I suggest
to the Committee that the immediate danger is not greater use
by public agencies of private data, but use by private bodies
of public data. I agree with the report that private sector "governance",
in particular commercial organisations and employers, will become
increasingly powerful.[126]
One's day to day encounters with "authority" are with
these bodies rather than the State, and the Government may sell
or otherwise make available information to such bodies too freely;
"44 000 user organisations" are expected to apply for
access to the NIR.[127]
7. A very clear risk is that, in exchange
for public data, the private sector could agree to make data it
controls available to public bodies, so creating and perpetuating
a dangerous cycle. Business and employers would together provide
a great deal of detailed personal information.
8. I was most surprised when a colleague
informed me that the supermarket chain Tesco charges its customers
up to £70 for overstaying a limit of three hours in their
car parks,[128]
and uses ANPR[129]
and the DVLA database to enforce it. This appears to be a flagrant
abuse of personal data held for entirely unconnected purposes,
yet it is legal[130]
and a fee may be imposed for access.[131]
9. The danger posed by increasingly detailed
and shared private databases is very well described in the ICO
report, which speaks of "compliance bringing rewards".[132]
We face devastatingly bad consequences if its predictions on personal
RFID "chipping" are borne out. Becoming implanted to
obtain "rewards" and discounts, and as a "status
symbol,"[133]
perfectly sums up the Information Commissioner's own description
of "sleepwalking into a surveillance society".[134]
DATA SHARING
10. The Government proposes a vast increase
in data sharing powers beyond anything we have seen before. For
example, the Digital Switchover (Disclosure of Information) Bill
would authorise provision to the BBC and others of information
about individuals such as dates of birth and National Insurance
numbers in order to assist in upgrading their television sets.[135]
11. It is becoming increasingly popular
to include data sharing powers in legislation, such as in the
Serious Crime Bill,[136]
the Statistics and Registration Service Bill[137]
and the UK Borders Bill.[138]
Sections 17 to 21 of the Identity Cards Act provide extensive
powers for the unprecedented disclosure and duplication of information
between a large number of public authorities.
12. The NIR itself is now to be constructed
through data sharing,[139]
as a cost-saving measure, despite its being originally heralded
as a single, new, clean database.[140]
13. The Government have further announced
the creation of a "single database" for the interface
of the citizen with the State,[141]
essentially total data sharing using the NIR as a basis. This
is very widely opposed by the Opposition parties and the media;
The Sun called it "an open invitation to fraud and
corruption".
14. Consolidating all of our personal information
into a single network and allowing access to it by an increasingly
large number of operatives puts us at greater, not lesser, risk
of identity theft and over-intrusive levels of surveillance. Data
would be more vulnerable due to more frequent duplication and
disclosure, and any benefit would be outweighed.
15. The Government points out that the NIR
cannot contain certain types of data, such as DNA, but there is
nothing to prevent the NIR Number being used to link from other
databases such as the National DNA Database and the road pricing
ANPR log of every car journey. There is also a desire to improve
the quality of CCTV images in order that they can be linked to
the NIR via the facial biometric.[142]
Proposed fingerprint "fishing expeditions"[143]
have serious implications for the burden of proof and our traditional
liberties. The NIR audit log will gather a very detailed collection
of evidence on innocent people, available for search at the State's
convenience. The public interest does not justify such intrusion.
16. There is cause for concern when Ministers
describe current data protection law restricting data sharing
as "over zealous"[144]
and, offensively, as a "barrier... to information sharing".[145]
17. In the provision of public services
the Government appears very eager to collect, share and disclose
information almost without limit, and the issue warrants very
close attention.
SAFEGUARDS AND
REGULATION
18. The Data Protection Act 1998 is often
thought to offer more protection than it does. A particular example
of note is the highly controversial issue of fingerprinting schoolchildren.[146]
Nevertheless, the Act does provide us with a very good starting
point in the protection of personal data.
19. I agree with the ICO report that the
issue of "surveillance" is wider than that of mere "privacy",
and propose that strong and robust new regulation should be introduced
to guard against incursions on social principles such as human
dignity and autonomy.
20. To create such a new regulatory regime
a definition of surveillance will be required. I consider the
comprehensive definition set out in the ICO report[147]
to be a sound one.
21. I think the appropriate test to apply
in regulation is one of "balance". An appropriate formulation
may be that surveillance should only be permitted where it is
a proportionate response to a given aim, in a similar vein to
the qualified rights articles in the ECHR and, in one respect,
the DPA.[148]
22. I think a word is due on one particular
aspect of the DPA that I find unsatisfactory. Paragraph 1 of Schedule
2 provides a general "get out" where the data subject
agrees to processing, which is used in some contracts of employment
to provide for blanket agreement to data processing under the
Act. Likewise agreement to data processing of any sort can be
imposed as a condition for receiving goods or services, for example
the provision of one's name and address. Such cases should be
determined on the merits using paragraph 6(1), and the data controller
should not be able to force agreement.
THE MONITORING
OF ABUSES
23. It is not hard to spot abuses. Barely
a week seems to go by when Ceefax does not report some further
extension proposed to the surveillance society; the latest is
the idea of tagging dementia sufferers.[149]
Such things together add up to the pervasive surveillance described
in the ICO report.
24. We are seeing an increasingly large
amount of data about innocent people being routinely, easily and
cheaply logged.
25. We risk surveillance becoming normalised
in the minds of future generations . As if we hadn't already seen
enough de-sensitisation, there are now proposals to fingerprint
for identification children aged 11 to 15,[150]
a highly sinister move that the balance must clearly lie against.
26. Too often the purposes for which data
is processed change after it has been collected, with those who
defend the integrity of such data challenged to say why it should
not, for example, be used in a police investigation.
27. There are anomalies in the balance.
For example, whilst we have a proposed universal NIR, a DNA database
containing details of millions of innocent people including children[151]
and four million CCTV cameras, there is no requirement that CCTV
systems themselves be registered.
28. "Mass surveillance" is becoming
a pervasive problem.[152]
with proposals now for CCTV systems that not only listen to what
we say[153]
but also tell us what to do.[154]
That Hertfordshire's ANPR system runs every one of its scans through
40 different databases[155]
is nothing short of frightening.
29. Yet the whole surveillance model does
not eradicate social bads. Those who break the rules will continue
to break the rules. It is the law-abiding who will provide the
information to the authorities that can be used against them,
as was seen recently with speeding.[156]
30. Public understanding of issues around
privacy and surveillance needs to be improved. I found the point
made in the ICO report about "slow social suicide"[157]
very apt. An over-reliance on surveillance and requiring everyone
to prove everything they claim leads to the rule of the computer
and a downward spiral of impersonal dealings and mistrust. Yet
there is a distinct lack of public concern.
31. A particularly interesting case of public
attitude arose this month at the Walkabout Inn in Cardiff,[158]
where there were ID checks and data retention on all patrons of
the pub for spurious reasons. In a rather chilling quote on the
burden of proof, the deputy manager Kylie Scobie said,
"There are two reasons people don't want
to provide ID. Either they aren't old enough or they are planning
to cause trouble".
32. The only proper way in which to address
these problems is through the use of a strong statutory regulator,
with the Information Commissioner being the obvious choice.
POTENTIAL ABUSE
OF PRIVATE
DATABASES BY
CRIMINALS
33. I think the major issue that faces us
is not fraudulent data use, but interference with our rights as
citizens through entirely legal uses of surveillance by both public
and private bodies.
34. Nevertheless, I have little doubt that
the provision of access to an ever-increasing amount of data to
an ever-increasing number of civil servants and others will only
make for a higher risk of the theft and abuse of data. This would
be a far cry from the stated intention of such reforms, which
is ostensibly to somehow make us all safer.
PRIVACY IMPACT
ASSESSMENTS
35. I entirely approve of the concept of
privacy impact assessments (PIAs), and support their introduction
as a statutory requirement in cases involving surveillance. The
ICO report definition I mentioned earlier would be the appropriate
one to determine when the requirement is to apply.
36. Marx's questions, as set out in the
Appendices to the ICO report, offer a comprehensive basis for
conducting a PIA (or SIA). We must do what we can to ensure that
a PIA/SIA is conducted rigorously and is effective in stopping
or limiting excessive surveillance.
37. The concept is a very good one, though
it should not replace the strong form of regulation that I have
already proposed.
PRIVACY-ENHANCING
TECHNOLOGIES
38. Technologies used to protect and enhance
privacy are a useful safeguard, which I support. We must not however
consider them to be the end of the story, and they should not
be used to justify things that would not have been acceptable
without them.
PROFILING
39. Before reading the ICO report I honestly
had no idea of the extent to which both public and private bodies
used profiling. Like the characters in the report's scenarios
I was not aware of the amount of data that was held on me.
40. Profiling has the potential to make
very significant impacts upon our lives. The image of estates
separated by statistics is very easy to picture. The idea of "Personal
Behaviour Schemes" set out in the ICO report[159]
is I am afraid to say an entirely plausible one, the arguments
for which I can imagine being made.
41. The potential of profiling for marketing
is great, and may contribute to discrimination in the provision
of goods and services.
42. Profiling gives a significant chunk
of power to those in authority to question us on what we do and
ask us to justify what they consider on their own criteria to
be "unusual" behaviour. Whereas we ought only to be
challenged if there is reasonable suspicion of an offence, this
type of surveillance provides the means for essentially anything
an operative chooses to form the basis of an investigation, and
hence further surveillance, putting them in an increasingly powerful
position. That is not the sort of society that I want to live
in.
April 2007
121 HAC press notice no 18. Back
122
Identity Card Act 2006 (c 15), Sch 1, para 9. Back
123
Oyster data is "new police tool", BBC News, 13 March
2006; http://news.bbc.co.uk/1/hi/england/london/4800490.stm Back
124
London charge zone is security cordon too, says mayor, The Register,
17 February 2003; http://www.theregister.co.uk/2003/02/17/london-charge-zone-is-security/ Back
125
A Report on the Surveillance Society for the Information Commissioner
by the Surveillance Studies Network, September 2006. Back
126
Ibid, at para 3.9. Back
127
Identity Card Technologies: Scientific Advice, Risk and Evidence,
House of Commons Select Committee on Science and Technology, 4
August 2006, HC (2005-06), at Appendix 15, para 7. Back
128
HC Deb (2005-06), 14 December 2005, Vol 440, cols 451WH-458WH. Back
129
"Automatic Number Plate Recognition", a CCTV system
that recognises vehicle registration marks. Back
130
Road Vehicles (Registration and Licensing) Regulations 2002,
r 27(1)(e). Back
131
Ibid, at r 27(2). Back
132
At para 32.3. Back
133
At footnote 232. Back
134
Watchdog's Big Brother UK warning, BBC News, 16 August
2004; http://news.bbc.co.uk/1/hi/uk-politics/3568468.stm Back
135
Explanatory Note, Bill 3 EN 06-07. Back
136
HL Bill 27 2006-07, Schedule 6. Back
137
Bill 8 2006-07, clause 38. Back
138
Bill 53 2006-07, clauses 36-41. Back
139
Giant ID computer plan scrapped, BBC News, 19 December
2006; http://news.bbc.co.uk/1/hi/uk-politics/6192419.stm Back
140
Eg David Blunkett, HC Deb (2004-05), Vol 428, cols 377-387. Back
141
Whitehall plan for huge database, BBC News, 14 January
2007; http://news.bbc.co.uk/1/hi/uk-politics/6260153.stm Back
142
"Better CCTV needed for ID" march, BBC News,
11 May 2006; http://news.bbc.co.uk/1/hi/uk-politics/4761519.stm Back
143
Government response to petition "ID cards", 19 February
2007. Back
144
Ibid. Back
145
Government spins data sharing, The Register, 14 September
2006; http://www.theregister.co.uk/2006/09/14/dca-information-sharing/ Back
146
Schools warned on fingerprinting, BBC News, 7 February
2007. Back
147
At paras 3.1-3.2. Back
148
At Schedule 2, para. 6(1). Back
149
Tag dementia sufferers-minister, BBC News, 19 April 2007;
http://news.bbc.co.uk/1/hi/uk/6570511.stm Back
150
Child fingerprint plan considered, BBC News, 4 March
2007; http://news.bbc.co.uk/1/hi/uk/6417565.stm Back
151
Under-18s DNA records to continue, BBC News, 16 February
2006; http://news.bbc.co.uk/1/hi/uk-politics/4720328.stm Back
152
Mass surveillance-United Kingdom, Wikipedia, the free
encyclopedia; http://en.wikipedia.org/wiki/Mass-surveillance£United-Kingdom Back
153
Olympics audio surveillance row, BBC News, 26 November
2006; http://news.bbc.co.uk/1/hi/uk-politics/6186348.stm Back
154
"Talking" CCTV scolds offenders, BBC News,
4 April 2007; http://news.bbc.co.uk/1/hi/england/6524495.stm Back
155
ICO report, para 10.4.5. Back
156
Camera-caught drivers not fined, BBC News, 19 April 2007;
http://news.bbc.co.uk/1/hi/uk/6568813.stm Back
157
At para 2.8.2. Back
158
Drinkers asked to have ID scanned, icWales.co.uk, 16
April 2007; http://icwales.icnetwork.co.uk/southwalesecho/news/tm-headline=drinkers-asked-to-have-id-scanned&method=full&objectid=18912996&siteid=50082-name-page.html Back
159
At para 32.2. Back
|