A.  INTRODUCTION

This submission

  1. This submission has been prepared by members of the national campaign against ID cards and the database state, NO2ID. Our volunteers study legislation and government proposals as well as near-government policies and technical developments as they appear, and endeavour to analyse their implications for a free society and individual liberty and privacy.

  2. The inquiry has scope to begin to address NO2ID's concerns and we welcome it.

About NO2ID

  3.  NO2ID (an unincorporated association) was founded in 2004 in response to the Government's stated intention to introduce the compulsory registration and lifelong tracking of UK citizens by means of a centralised biometric database. NO2ID brings together individuals and organisations from all sections of the community and seeks to ensure that an informed case against state identity control is put forward in the media, in national institutions and among the public at large.

  4.  NO2ID is supported by parliamentarians of all parties and more than 100 organisations, including trades unions, political parties, local authorities and special interest groups have made formal statements supporting the campaign. More than 30,000 individuals have registered their support. We are funded by membership fees, occasional merchandise sales and fundraising events, as well as grants from the Joseph Rowntree Reform Trust Ltd, the Andrew Wainwright Reform Trust Ltd and individual and collective donations.

5. The campaign is staffed entirely by volunteers and we have a growing network of local groups across the UK, currently in as many as 100 towns and cities.

NO2ID's remit

  6.  NO2ID is neutral on most political questions, and non-partisan. Our concern is the threat to privacy and liberty posed by mass surveillance, the collection, retention and collation of information that can be tied to individuals, whatever the ostensible or intended purpose. Information sharing or matching used to generate files on individuals without specific and reasonable cause and independent oversight is a special case of the broader problem.

  7.  We are not worried by data used in genuinely anonymised form, or in a statistical or collective manner for administrative or business planning or to make offers that can be refused or ignored. We hold that sophisticated market analysis techniques are not inherently intrusive, because they do not imply intervention in, or censure of, the lives and lifestyles of individuals.

  8.  On the other hand, we regard a loss of privacy or anonymity without good reason as potentially a fundamental threat to the free society. If you are being watched or followed over time by someone with the power to discipline you directly or indirectly, then your freedom of action is reduced. The more minutely and extensively you are watched, the greater the power of discipline.

B.  GENERAL REMARKS

  9.  The scope of the threat is, sad to say, much broader than the Home Office. Overspill into other departments is not merely incidental, as the terms of the inquiry might be taken to suggest. We believe that every select committee is potentially outflanked by a changing culture of government and changing methods that begin to evade scrutiny.

  10.  The creation of a surveillance state is inherent in the strategic conception of "Transformational Government", which is not simply an attempt to use new technology effectively, but is built around the idea of breaking boundaries between departmental functions by collecting and collating information on citizens across the whole of government. The Department of Constitutional Affairs's "Information Sharing Vision Statement" identifies the "barriers" to broad data sharing as human rights law, data protection, common law confidentiality, and the fundamental legal principle of ultra vires. NO2ID submits that if the culture of government is to regard those safeguards—which may yet be too weak—as problems, then something must be done about the culture of government.

  11.  Pending the abolition of all bounds to state power by Transformational Government, surveillance measures, particularly database surveillance measures have become routine. They are added piecemeal by new statutes, which are habitually drawn extremely widely and provide for extension by statutory instrument. Drafting will often include a catch-all provision, in effect permitting arbitrary other use of information. This is calculated to allow powers to multiply, interact, and evade proper scrutiny.

  12.  An example of deceptively broad drafting is in the Identity Cards Act 2006. The Government made great play of the use of the scheme being "limited" to the statutory purposes, but the statutory purposes happen to encompass any conceivable activity of any future government. Catch-all provisions include clause 8(2) of the UK Borders Bill which appears to grant the Secretary of State the power to use information gathered using very sweeping powers, for any purpose whatsoever. Steady extension (it is hard to see any diminution) of powers using secondary legislation can be seen in relation to the Regulation of Investigatory Powers Act 2000.

  13.  There is seldom a case made for the institution of broad data-sharing powers this way. It seems to be a matter of unconsidered administrative convenience in most cases. NO2ID would approach the problem from the other direction: information should not be stored or transmitted without good reason and limited purpose.

  14.  This area of public policy has developed rapidly and quietly, lacking not just a comprehensive legal framework, but even an adequate conceptual one available to most people. The promotion of the ID scheme has consistently blurred the distinction between authentication and identification, as if it doesn't matter. We urge not just the Home Affairs Committee, but all parliamentarians to take the question of the database state very seriously indeed.

C.  SPECIFIC QUESTIONS RAISED BY THE COMMITTEE

Access by public agencies to private databases

  15.  There is no reason to object to public agencies using private services on the same terms as private bodies, given proper protections in private databases. However, we are very concerned if either information not normally available on commercial terms is obtained without proper judicial oversight, warrant or court order, or if it is used for purposes other than those for which it was obtained, or if commercial datasets are combined with government ones in datamining exercises for government. The objections to using private data for government datamining are precisely the same as those in the following paragraph.

Data-sharing between government departments and agencies

  16.  In NO2ID's opinion this is the most significant threat to liberty we currently face. Our principal objection to the Identity Card Scheme is that it serves to enable the broadest data-sharing and data-matching across government. It is inherent in all such plans that information is used for purposes other than those for which it was given, which amounts to the requirement that citizens (and private corporations, too) give absolute discretion to government every time they provide information to it.

  17.  Government appears not to recognise that data-sharing and data-matching create problems of their own at any other than a technical level. We believe that it both radically increases the power of government over the citizen: information, direct oversight, being power; and that it creates the preconditions for `suspicion by computer' in which an arbitrary match is interpreted as cause for government intervention. This is already seen in embryo in the activities of TV Licensing, which presumes everyone has a television unless proved otherwise, and will harry the occupants of any address with no licence attributed to it.

Existing safeguards for data use and whether they are strong enough

  18.  Such safeguards as currently exist are liable to be overridden arbitrarily by statute. The Children Act 2004, for example, casually set aside all rules of confidentiality or data protection in establishing the Information Sharing Index (now unfortunately known as Contact Point). Because information sharing effects cannot by definition be localised, each such provision causes leakage.

  19.  We consider that regulatory oversight and punitive regimes can never be sufficient. This is not just a question of quantity, though the present Information Commissioner's Office is clearly overloaded, and would have to be many times its present size to catch up with the burgeoning database culture. The nature of the dangers is not susceptible to post-hoc management by regulation. They are either secret abuse of data in individual cases or systemic failures arising from the unpredictable impact of over-broad powers. It is better to use structural institutional means to pre-empt and limit difficulties, than try to cope with the consequences.

The monitoring of abuses

  20.  NO2ID is of the opinion that monitoring abuses, while it might help assess the scope of problems, is generally going to be too late. It is very hard to dismantle systems once established, particularly in the public sector. Better prevent and minimise abuses—both by avoiding collecting and collating data unnecessarily, and by technical means to increase security—and to provide for proper redress for those affected.

  21.  Proper redress for victims of abuses is critical in creating an incentive for the design of good systems. Prescribing punishment for an abuser is of relatively little value if he doesn't believe he will get caught or if the gain is sufficiently attractive. Liability for the operators of databases directly to the victims of abuse is much more likely to be effective in prevention.

Potential abuse of private databases by criminals

  22.  All databases are potentially subject to abuse. The more comprehensive they are the greater potential for abuse. NO2ID is surprised, therefore, that the inquiry narrowly specifies private databases. Those cases that we are aware of involving threats to individuals other than financial loss arose out of misuse of public databases to obtain personal information. Private databases place direct value on the information involved, and can go out of business if they are not trustworthy, so have incentives to audit use carefully.

The case for introducing privacy impact assessments

  23.  We do not consider that this is likely to be of any value. Examination of the regulatory and race equality impact assessments that appear with existing legislation suggests that such exercises are uninformative and provide no brake on government. In some cases (notably that in 2004 for the then Identity Cards Bill) they are used to propagandise for the legislation rather than provide useful information. Unless any such assessment is carried out by a body independent of the department sponsoring the legislation, and in the light of clear definitions of privacy, it is hard to see what it could add at all.

Privacy-enhancing technologies

  24.  NO2ID naturally supports technology to increase privacy. We note that the principal enemy of privacy-enhancing technologies has always been government. Government objects to pseudonymous and anonymous transactions and fungible identities, often for quite legitimate reasons, but rather than designing taxation and law enforcement around new technology, or on an assessment of risk, it has chosen to scotch new technology, or at least has failed to aid its adoption. In particular government has been exceedingly hostile to the use of strong encryption in commercial and private contexts since it became publicly available, and comprehensively undermined its commercial use in the Electronic Commerce Regulations.

  25. Government should remove barriers it has deliberately set up to distributed trust and encryption technology. It should be prepared, just as it is in the financial system, to be an issuer of sound certificates and "lender of last resort" in that it will underwrite digital identity for those lacking it otherwise—and then to stand back. Everybody recognises that it is neither necessary nor desirable—indeed completely contrary to the point of money—for the Bank of England to have a record of every time a note is backs changes hands. The same needs to be made "obviously" true for authentication transactions.

Profiling

  26.  NO2ID's attitude to profiling depends crucially on what is meant by "profiling". As indicated in our general remarks, we do not regard data-analysis for market segmentation or other statistical purposes as harmful. What is of great concern is patterns in data being used to determine the treatment of individuals. Creation of suspect- or watch-lists on the basis of associations or abstract models of behaviour is dangerous. It erodes the idea that individuals are responsible for their own actual conduct and free unless they transgress the law. We submit that any use of profiling that involves direct or indirect intervention by government agencies (or their proxies) in individual lives must be justified on a case-by-case basis, and that it should not be accrued or accumulated in any way. Being suspected should never in itself be ground for further suspicion.

D.  ADDITIONAL QUESTIONS

  27.  We would like to draw the committee's attention to two further causes for concern in the conduct of government.

  28. Quasi-private databases: Official powers are being used to require private organisations to carry out surveillance on behalf of the authorities. This can be formal and explicit, as with telecoms data retention requirements, or, perhaps more disturbing, indirect as where licensing authorities make participation in a fingerprinting and ID scheme imposed on customers a condition of a liquor license.

  29. Pseudo-voluntary processing: Whereas third party use of data without proper permission has largely died out in the private sector It is commonplace for forms for public purposes to waive data protection in effect, while being in practice impossible to decline to fill in. Committee members have an example to hand in the "security" forms for attendees at party conferences, where data is not limited to use for the event, but may be used for any police purpose.

E.  NO2ID'S RECOMENDATIONS

  30.  This area is still not well understood. We recommend all involved in policy formation and scrutiny exercise skepticism with regard to claimed trade-offs between privacy and government efficiency. Modern communications and IT offer scope to improve efficiency while still maintaining segregation between separate agencies.

  31.  The common law doctrines of ultra vires and confidentiality have grown up precisely as protection for the individual against abuse of power. They should be guarded.

  32.  In addition consideration should be given to new personal privacy and information privity laws, giving direct redress for improper surveillance or sharing.

  33.  There should be a presumption against government data-sharing with case by case approval and external oversight whenever it is permitted.

  34.  We beg parliament to be vigilant against catch-all purposes and broad drafting.

  35.  Regulatory safeguards; rules, references, tribunals, appeals, are not likely to be sufficient. Institutional structures which make those in a position to prevent problems liable if they fail to do so are desirable.

  36.  A privacy impact assessment is unlikely to be of value, more a diversion of scrutiny.

  37.  Government should assist rather than attack private use of encryption technologies.

F.  FURTHER INFORMATION

  This is a vast and growing topic. We will naturally provide what further information we can on request and witnesses if required.

April 2007