APPENDIX 20
Memorandum submitted by the British Computer
Society
The British Computer Society (BCS) is pleased
to send its response to the Home Affairs Committee, House of Commons,
Inquiry on "A Surveillance Society?"
With almost 60,000 members, the BCS is the leading
professional and learned society in IT and computing.
BCS is also responsible for setting standards
for the IT profession. It is spearheading the IT in Professionalism
programme and is also leading the change in the public perception
and appreciation of the economic and social importance of professionally
managed IT projects and programmes. In this capacity, the Society
advises, informs and persuades industry and government on successful
IT implementation.
BCS, as a Learned Society, also has direct responsibility
for leading, encouraging, promoting, supporting and developing
all aspects of teaching, research and technology transfer in the
disciplines of, and relating to, computing, computer science and
information systems.
BCS is determined to promote IT as the profession
of the 21st century especially as IT is affecting every part of
our lives. Therefore, BCS is pleased to take this opportunity
to comment on such an important issue.
1. SCOPE
BCS has consulted its membership and particularly
targeted its security expertsamongst whom a number are
members of the BCS specialist Information Privacy Expert Panel
(IPEP) and who have provided much input in to this consultation.
(Information about IPEP is provided in the supplementary material
at the rear of this memorandum).
2. EXECUTIVE
SUMMARY
2.1 BCS is concerned about the amounts of
data being collected about individuals, often without their knowledge,
over a long period, how it is being collected and how it is being
usedincluding, for example, selling data on to third parties.
2.2 There are serious concerns that if combined,
this data can build up a comprehensive picture of an individual's
life which can potentially be misused.
2.3 BCS suggests that government should
build citizen-centric (rather than application-centric) multiple,
distributed databases, aimed at minimising the amount of data
collected and becoming more accurate.
2.4 BCS considers that a citizen's data
belongs to that individual citizen and accountability mechanisms
should be put in place to allow the citizen access to the data
kept on them.
2.5 BCS continues to be very concerned about
the security of the data being held as there is still little evidence
that effective mechanisms are in place to ensure un-authorised
access is not possible.
2.6 BCS would like to draw the committee's
attention to the paper "Identity Myths and Identity Management".
(See supplementary material).[160]
Comments
3. ACCESS BY
PUBLIC AGENCIES
TO PRIVATE
DATABASES
3.1 BCS members have expressed concern about
the way in which information is being gathered eg schools taking
children's fingerprints without reference to parents (http://education.independent.co.uk/news/article2434942.ece).
3.2 Members are concerned about the large
amounts of (individually) low value information being collected
over long periods that is (potentially) easily connected to an
individual (unlike CCTV images) and built into a comprehensive
picture of their life. Examples of such information include: mobile
phone location records, Oyster card usage records, credit card
transaction records, and indeed other telecommunications and Internet
usage records.
4. DATA-SHARING
BETWEEN GOVERNMENT
DEPARTMENTS AND
AGENCIES
4.1 BCS believes it is necessary to recognise
the difference between "data sharing" and "data
aggregation". Instead of seeking informed consent to create
links between existing databases, the government combines existing
data into new databases; the NHS spine and National Identification
Scheme are prime examples of this. In each case, a new, monolithic,
legacy system is created.
4.2 Instead of this approach to combining
data, we need to consider the federated approaches as currently
being adopted by industry. The goal should be to create multiple,
distributed databases, but with a minimisation of data such that
each item exists only once (or in as few occurrences as possible).
This will only be achieved by a fundamental rethink of government
attitudes towards data ie:
recognition that the data itself
belongs to the citizen, not the state;
building citizen-centric, rather
than application-centric, systems; and
aiming to minimise data and
achieve greater accuracy, rather than the current approach of
gathering as much data as possible.
4.3 Most importantly, we need to introduce
accountability mechanisms that allow citizens to see what data
has been stored, processed and shared and why. The Estonian ID
Card model is an example of this.
5. EXISTING SAFEGUARDS
FOR DATA
USE AND
WHETHER THEY
ARE STRONG
ENOUGH
5.1 BCS notes that there is very little
guidance on what is considered adequate security for the classes
of personal data. A blanket statement that conforming to an issued
standard should be OK is not sufficient, especially where the
standard is risk based and allows a wide range of attitudes to
risk.
6. THE MONITORING
OF ABUSES
Note comments made in Sections 5.1 and 7.1.
7. POTENTIAL
ABUSE OF
PRIVATE DATABASES
BY CRIMINALS
7.1 BCS continues to be concerned about
data security issues relating, for example, to ensuring that un-authorized
access to the data held on any widely assessable database(s) is
not possible. This is a huge topic in which much work is being
undertaken and yet there are still examples of successful un-authorised
access being possible.
8. THE CASE
FOR INTRODUCING
PRIVACY IMPACT
ASSESSMENTS
Risk basing for the type of security provision
mentioned in 5.1 above makes the privacy impact assessment a good
idea. BCS supports the introduction of mandatory (and published)
privacy impact assessments for all government data sharing and
government/ private sector data sharing.
9. PRIVACY-ENHANCING
TECHNOLOGIES (PETS)
9.1 BCS would like to direct the Committee's
attention to a vast literature on PET research which has developed.
Some surveys of privacy-enhancing technologies which have already
been carried out are listed below:
http://www.ipc.on.ca/images/Resources/up-1bioencryp.pdf
www.cosic.esat.kuleuven.be/publications/article-835.pdf
http://www.law.ed.ac.uk/ahrc/script-ed/vol3-1/mowbray.pdf
10. PROFILING
10.1 Although BCS members can see the benefit
of surveillance in many situations eg (hospitals, airports etc),
there is a concern about the general tracking of citizens in their
daily life since citizens are not in control of the data collection,
post processing and potential profiling.
10.2 Of special concern at this time are
vehicle tracking and DNA databases. Taken to its extreme, such
information could be used as a tool of suppression by a police
state.
11. ID CARDS
11.1 BCS believes that the National Identification
Scheme requires a fundamental re-think if it is to properly serve
the needs of both the state and the citizen. We have, to date,
witnessed a "binary" approach by government that assumes
that:
it is the responsibility of
the state to provide authoritative identity data on citizens;
an identity is either trusted
or not trusted, with no tolerance in between; and
private organisation will depend
upon governmentsupply identification data, even where there
is no liability upon government if that data proves to be false.
11.2 The role of government is not to identify
citizens in any context except for travel documents. It is, twofold:
to confirm uniqueness
of each individual: that is to provide assurance that an individual
has not claimed duplicate identities in order to exist as more
than one entity. Note that this does not prevent the use of pseudonyms,
since the individual may use as many names as they wish so long
as they exist only once within the National identification Register
(NIR).
To confirm eligibility
of the individual to exit with the NlR. This is not the same as
identifying the individual. Once enrolled, a separate database
may provide an audit trail of the enrolment, but personally identifiable
information should not be required.
11.3 The existence of such a "National
Uniqueness Register" would permit private organisations to
build their own identification systems, with assurance that individuals
cannot engage in multiple enrolments and hence claim false entitlement.
Corporate uptake of identification services would be greatly accelerated.
Furthermore, individuals would be far more likely to trust an
approach such as this that minimises data gathering and hence
the risk of misuse or modification of personal data.
12. CONCLUDING
REMARKS
12.1 A wide-ranging enquiry, such as has
been described in the announcement for this present one, can only
produce general answers. BCS believes that the ground rules
for security are already well documented and understood by government
IT professionals. BCS anticipates that a general enquiry by
MPs exploring `large strategic issues' will elicit very little
which is new and of value. This will result in the press picking
up again on some of the identified risks and accuse the IT industry
of incompetence once more.
12.2 BCS recommends that Committee members
first clarify what they want to do and what specific outcomes
(level of security/risk) they want to achieve under particular
legislation. MPs have the duty of ensuring that all legislative
changes are checked in detail for security/risk before they are
approved.
12.3 Only at this stage, will it be appropriate
for the BCS to comment on the critical technical aspects
of legislative changes. We would also be very happy to provide
further detailed input on the implications of proposed changes
to the technical environment or business requirements, as and
when the committee feels it to be appropriate.
Dr M G Rodd,
Director of External Relations at the British Computer
Society (BCS)
April 2007
160 Not Printed. Back
|