House of Commons - Home Affairs

Select Committee on Home Affairs Written Evidence

APPENDIX 12

Memorandum submitted by Ross Johnson

EXECUTIVE SUMMARY

— The shift in the authority of surveillance from public to private will continue. The most significant danger arises from private access to public data, and not the reverse. In return for the provision of such access, private bodies could agree to disclose data they hold to public agencies. Most people will encounter surveillance in larger part from private rather than public bodies. A major risk is that compliance with surveillance will bring its own rewards to the individual.

— The Government appears obsessed with data sharing. The amount of data and the number of persons and bodies to whom it is proposed access will be granted is on an entirely unprecedented scale. Ministers have a poor attitude towards rules designed to protect data from being shared too widely, and propose weak reasons for linking all departments in the transmission of personal information.

— Surveillance should become the subject of legislative regulation over and above current laws on data protection. Legislation should recognise the social and civil rights aspects of surveillance, and not merely the security of the data gathered by it. A new law should be introduced to provide for a "balancing" test in each case of surveillance. Reforms should also be made to current data protection law to provide for the better empowerment of the individual.

— Mass surveillance is becoming a pervasive problem, and needs to be checked. Aside from new regulation there should be a strongly-empowered regulator such as the Information Commissioner. Public understanding of the issue of surveillance and its importance to them needs to be improved.

— Increased data sharing and wider access to information will lead to more cases of criminal abuse, but the more important issue is what is happening legally.

— Privacy impact assessments should be introduced.

— Privacy-enhancing technologies are a good idea, but should not be relied upon.

— Profiling poses significant risks with potentially far-reaching, undesirable consequences.

INTRODUCTION

1. I submit this memorandum as written evidence to the Home Affairs Committee in its inquiry entitled "A Surveillance Society?" announced in its call for evidence on 27 March 2007.[121]

2. I am a member of the public who takes a particular interest in the subject matter of this inquiry. I have followed the Parliamentary progress of legislation such as the Identity Cards Act 2006, and have read about the wider issues in the media and other sources.

3. The memorandum includes a section on each of the points set out in the inquiry's terms of reference, and begins with an executive summary.

ACCESS BY PUBLIC AGENCIES TO PRIVATE DATABASES

4. The Government's proposed National Identity Register (NIR) provides wide scope for intrusions of the State into private life. A detailed audit trail of the use of a NIR entry may be built up,[122] necessarily resulting in information that would otherwise be stored only in private databases becoming available to public authorities.

5. Examples of public use of private data beyond its stated purpose include the disclosure of Oyster card logs[123] and London Congestion Charge[124] information to the Metropolitan Police.

6. As the ICO report[125] points out at paragraph 26.2, we should assume that "the shift of power from public to private" will continue. I suggest to the Committee that the immediate danger is not greater use by public agencies of private data, but use by private bodies of public data. I agree with the report that private sector "governance", in particular commercial organisations and employers, will become increasingly powerful.[126] One's day to day encounters with "authority" are with these bodies rather than the State, and the Government may sell or otherwise make available information to such bodies too freely; "44 000 user organisations" are expected to apply for access to the NIR.[127]

7. A very clear risk is that, in exchange for public data, the private sector could agree to make data it controls available to public bodies, so creating and perpetuating a dangerous cycle. Business and employers would together provide a great deal of detailed personal information.

8. I was most surprised when a colleague informed me that the supermarket chain Tesco charges its customers up to £70 for overstaying a limit of three hours in their car parks,[128] and uses ANPR[129] and the DVLA database to enforce it. This appears to be a flagrant abuse of personal data held for entirely unconnected purposes, yet it is legal[130] and a fee may be imposed for access.[131]

9. The danger posed by increasingly detailed and shared private databases is very well described in the ICO report, which speaks of "compliance bringing rewards".[132] We face devastatingly bad consequences if its predictions on personal RFID "chipping" are borne out. Becoming implanted to obtain "rewards" and discounts, and as a "status symbol,"[133] perfectly sums up the Information Commissioner's own description of "sleepwalking into a surveillance society".[134]

DATA SHARING

10. The Government proposes a vast increase in data sharing powers beyond anything we have seen before. For example, the Digital Switchover (Disclosure of Information) Bill would authorise provision to the BBC and others of information about individuals such as dates of birth and National Insurance numbers in order to assist in upgrading their television sets.[135]

11. It is becoming increasingly popular to include data sharing powers in legislation, such as in the Serious Crime Bill,[136] the Statistics and Registration Service Bill[137] and the UK Borders Bill.[138] Sections 17 to 21 of the Identity Cards Act provide extensive powers for the unprecedented disclosure and duplication of information between a large number of public authorities.

12. The NIR itself is now to be constructed through data sharing,[139] as a cost-saving measure, despite its being originally heralded as a single, new, clean database.[140]

13. The Government have further announced the creation of a "single database" for the interface of the citizen with the State,[141] essentially total data sharing using the NIR as a basis. This is very widely opposed by the Opposition parties and the media; The Sun called it "an open invitation to fraud and corruption".

14. Consolidating all of our personal information into a single network and allowing access to it by an increasingly large number of operatives puts us at greater, not lesser, risk of identity theft and over-intrusive levels of surveillance. Data would be more vulnerable due to more frequent duplication and disclosure, and any benefit would be outweighed.

15. The Government points out that the NIR cannot contain certain types of data, such as DNA, but there is nothing to prevent the NIR Number being used to link from other databases such as the National DNA Database and the road pricing ANPR log of every car journey. There is also a desire to improve the quality of CCTV images in order that they can be linked to the NIR via the facial biometric.[142] Proposed fingerprint "fishing expeditions"[143] have serious implications for the burden of proof and our traditional liberties. The NIR audit log will gather a very detailed collection of evidence on innocent people, available for search at the State's convenience. The public interest does not justify such intrusion.

16. There is cause for concern when Ministers describe current data protection law restricting data sharing as "over zealous"[144] and, offensively, as a "barrier... to information sharing".[145]

17. In the provision of public services the Government appears very eager to collect, share and disclose information almost without limit, and the issue warrants very close attention.

SAFEGUARDS AND REGULATION

18. The Data Protection Act 1998 is often thought to offer more protection than it does. A particular example of note is the highly controversial issue of fingerprinting schoolchildren.[146] Nevertheless, the Act does provide us with a very good starting point in the protection of personal data.

19. I agree with the ICO report that the issue of "surveillance" is wider than that of mere "privacy", and propose that strong and robust new regulation should be introduced to guard against incursions on social principles such as human dignity and autonomy.

20. To create such a new regulatory regime a definition of surveillance will be required. I consider the comprehensive definition set out in the ICO report[147] to be a sound one.

21. I think the appropriate test to apply in regulation is one of "balance". An appropriate formulation may be that surveillance should only be permitted where it is a proportionate response to a given aim, in a similar vein to the qualified rights articles in the ECHR and, in one respect, the DPA.[148]

22. I think a word is due on one particular aspect of the DPA that I find unsatisfactory. Paragraph 1 of Schedule 2 provides a general "get out" where the data subject agrees to processing, which is used in some contracts of employment to provide for blanket agreement to data processing under the Act. Likewise agreement to data processing of any sort can be imposed as a condition for receiving goods or services, for example the provision of one's name and address. Such cases should be determined on the merits using paragraph 6(1), and the data controller should not be able to force agreement.

THE MONITORING OF ABUSES

23. It is not hard to spot abuses. Barely a week seems to go by when Ceefax does not report some further extension proposed to the surveillance society; the latest is the idea of tagging dementia sufferers.[149] Such things together add up to the pervasive surveillance described in the ICO report.

24. We are seeing an increasingly large amount of data about innocent people being routinely, easily and cheaply logged.

25. We risk surveillance becoming normalised in the minds of future generations . As if we hadn't already seen enough de-sensitisation, there are now proposals to fingerprint for identification children aged 11 to 15,[150] a highly sinister move that the balance must clearly lie against.

26. Too often the purposes for which data is processed change after it has been collected, with those who defend the integrity of such data challenged to say why it should not, for example, be used in a police investigation.

27. There are anomalies in the balance. For example, whilst we have a proposed universal NIR, a DNA database containing details of millions of innocent people including children[151] and four million CCTV cameras, there is no requirement that CCTV systems themselves be registered.

28. "Mass surveillance" is becoming a pervasive problem.[152] with proposals now for CCTV systems that not only listen to what we say[153] but also tell us what to do.[154] That Hertfordshire's ANPR system runs every one of its scans through 40 different databases[155] is nothing short of frightening.

29. Yet the whole surveillance model does not eradicate social bads. Those who break the rules will continue to break the rules. It is the law-abiding who will provide the information to the authorities that can be used against them, as was seen recently with speeding.[156]

30. Public understanding of issues around privacy and surveillance needs to be improved. I found the point made in the ICO report about "slow social suicide"[157] very apt. An over-reliance on surveillance and requiring everyone to prove everything they claim leads to the rule of the computer and a downward spiral of impersonal dealings and mistrust. Yet there is a distinct lack of public concern.

31. A particularly interesting case of public attitude arose this month at the Walkabout Inn in Cardiff,[158] where there were ID checks and data retention on all patrons of the pub for spurious reasons. In a rather chilling quote on the burden of proof, the deputy manager Kylie Scobie said,

"There are two reasons people don't want to provide ID. Either they aren't old enough or they are planning to cause trouble".

32. The only proper way in which to address these problems is through the use of a strong statutory regulator, with the Information Commissioner being the obvious choice.

POTENTIAL ABUSE OF PRIVATE DATABASES BY CRIMINALS

33. I think the major issue that faces us is not fraudulent data use, but interference with our rights as citizens through entirely legal uses of surveillance by both public and private bodies.

34. Nevertheless, I have little doubt that the provision of access to an ever-increasing amount of data to an ever-increasing number of civil servants and others will only make for a higher risk of the theft and abuse of data. This would be a far cry from the stated intention of such reforms, which is ostensibly to somehow make us all safer.

PRIVACY IMPACT ASSESSMENTS

35. I entirely approve of the concept of privacy impact assessments (PIAs), and support their introduction as a statutory requirement in cases involving surveillance. The ICO report definition I mentioned earlier would be the appropriate one to determine when the requirement is to apply.

36. Marx's questions, as set out in the Appendices to the ICO report, offer a comprehensive basis for conducting a PIA (or SIA). We must do what we can to ensure that a PIA/SIA is conducted rigorously and is effective in stopping or limiting excessive surveillance.

37. The concept is a very good one, though it should not replace the strong form of regulation that I have already proposed.

PRIVACY-ENHANCING TECHNOLOGIES

38. Technologies used to protect and enhance privacy are a useful safeguard, which I support. We must not however consider them to be the end of the story, and they should not be used to justify things that would not have been acceptable without them.

PROFILING

39. Before reading the ICO report I honestly had no idea of the extent to which both public and private bodies used profiling. Like the characters in the report's scenarios I was not aware of the amount of data that was held on me.

40. Profiling has the potential to make very significant impacts upon our lives. The image of estates separated by statistics is very easy to picture. The idea of "Personal Behaviour Schemes" set out in the ICO report[159] is I am afraid to say an entirely plausible one, the arguments for which I can imagine being made.

41. The potential of profiling for marketing is great, and may contribute to discrimination in the provision of goods and services.

42. Profiling gives a significant chunk of power to those in authority to question us on what we do and ask us to justify what they consider on their own criteria to be "unusual" behaviour. Whereas we ought only to be challenged if there is reasonable suspicion of an offence, this type of surveillance provides the means for essentially anything an operative chooses to form the basis of an investigation, and hence further surveillance, putting them in an increasingly powerful position. That is not the sort of society that I want to live in.

April 2007

121 HAC press notice no 18. Back

122 Identity Card Act 2006 (c 15), Sch 1, para 9. Back

123 Oyster data is "new police tool", BBC News, 13 March 2006; http://news.bbc.co.uk/1/hi/england/london/4800490.stm Back

124 London charge zone is security cordon too, says mayor, The Register, 17 February 2003; http://www.theregister.co.uk/2003/02/17/london-charge-zone-is-security/ Back

125 A Report on the Surveillance Society for the Information Commissioner by the Surveillance Studies Network, September 2006. Back

126 Ibid, at para 3.9. Back

127 Identity Card Technologies: Scientific Advice, Risk and Evidence, House of Commons Select Committee on Science and Technology, 4 August 2006, HC (2005-06), at Appendix 15, para 7. Back

128 HC Deb (2005-06), 14 December 2005, Vol 440, cols 451WH-458WH. Back

129 "Automatic Number Plate Recognition", a CCTV system that recognises vehicle registration marks. Back

130 Road Vehicles (Registration and Licensing) Regulations 2002, r 27(1)(e). Back

131 Ibid, at r 27(2). Back