EXECUTIVE SUMMARY

  1.  Public protection is core to the work of the Home Office and its related services. In order to discharge that duty, we need to be able to respond to 21st Century demands to enable the better prevention and detection of crime, enhance border security, detect immigration abuses and to meet new challenges such as the emergence of new forms of criminal activity and increased threats, whether it is terrorism, identity fraud or internet crime.

  2.  At the same time technological developments have given us new tools which will help us rise to these challenges. Proper use of these will help build public confidence and security. But society is rightly concerned that these new developments are being used appropriately and within a legal framework, with due regard for individual privacy and rights. It is that balance between privacy and protection that we seek to achieve in all our activities. Public confidence clearly also depends on getting that difficult balance right.

  3.  This Memorandum sets out the key areas falling to the Home Office, including in particular, CCTV, ID cards and secure passports, the National DNA database, and information sharing. A key theme running through these areas is measures taken to ensure proper and proportionate use, security and safeguards against abuse.

CLOSED CIRCUIT TELEVISION (CCTV)

  4.  Police experience and research studies show that CCTV has considerable crime detection potential, when used as part of a wider strategy. It can also reduce fear of crime. Its use has attracted accusations of invasion of privacy.

  5.  The first legal control of CCTV in public areas was the Data Protection Act 1998. The definitions in the Act are broader than those of the Data Protection Act 1984 and more readily cover images. The legally enforceable standards previously applied to those processing personal data on computer now cover CCTV and are based on the eight Data Protection Principles.[184].

  6.  The Information Commissioner will take into account the extent to which the users have complied with the CCTV Code of Practice when determining whether they have met their legal obligations. The code deals with surveillance in areas to which the public have largely free and unrestricted access.

  7.  Since February 2006, the Home Office, with the Association of Chief Police Officers (ACPO), has been conducting a review to develop a strategy for the future development of public space CCTV.

  8.  The report of the review will be published shortly.

AUTOMATIC NUMBER PLATE RECOGNITION (ANPR)

  9.  ANPR has proved to be a very successful operational tool allowing the police to intercept a wide range of criminals using the roads.[185]

  10.  There are a number of Government departments and other organisations[186] that operate ANPR systems. We aim to enable, through statutory powers, the bulk sharing of information between such operators and specified law enforcement agencies, to facilitate the prevention and investigation of all levels of criminal offending (but particularly terrorism and serious crime) while ensuring that effective safeguards are in place.

THE NATIONAL IDENTITY SCHEME

  11.  The Strategic Action Plan for the National Identity Scheme[187] set out the Government's plans to provide more secure and reliable ways of proving identity, including more secure passports and the introduction of Identity cards (ID cards). The Scheme is not designed as a surveillance tool. It will protect individuals' identities from abuse and provide a secure way for people to prove their identity more reliably, helping to tackle illegal immigration, crime and terrorism as well as improving public services.

  12.  The Identity Cards Act 2006 establishes a National Identity Register which will hold the identity information, including biometric information, of everyone issued with an ID card. The Border and Immigration Agency (BIA) will start to issue biometric immigration documents to foreign nationals in 2008 and the Identity and Passport Service will begin to issue ID cards to British citizens from 2009.

  13.  Checking National Identity Register information: When a person applies for an ID card any information to be recorded in the National Identity Register will be checked against a number of public or private sector data sources[188] to help verify the person's identity.

  14.  Verifying identity with consent: The Scheme will also allow a more secure and reliable method for individuals to prove their identity to private sector organisations, (such as banks) by providing their ID card and, with the person's consent, for this to be verified against the National Identity Register. However the user organisation will not obtain access to the National Identity Register.

  15.  Provision of information without consent: The Identity Cards Act 2006 will also enable the provision of information from the Register without an individual's consent but only in strictly limited circumstances such as for the prevention and detection of crime.

  16.  Safeguards: There are a number of safeguards to ensure that the National Identity Register information is held securely:

—    Separate IT systems will hold National Identity Register biographical and biometric information and will be accredited by the government's security authorities.

—    A National Identity Scheme Commissioner will be appointed to oversee the operation of the Scheme. The Intelligence Services Commissioner and Tribunal have a specific remit to deal with how the intelligence services use any information provided from the Register.

—    There will be rigorous auditing, staff access restrictions, alerts and a range of technical controls to guard against internal misuse.

—    Any unauthorised disclosure of information from the Register will be a criminal offence.[189]

NATIONAL DNA DATABASE

  17.  The National DNA Database (NDNAD) is a publicly owned police intelligence database,[190] It is governed by a Strategy Board chaired by ACPO with membership from the Home Office and the Association of Police Authorities. The Custodian of the NDNAD is accountable to the Board ensuring, amongst other things, that all profiles added to the NDNAD are reliable and compatible. The standards and procedures for the supplier laboratories are set by the Custodian.

  18.  Section 64 of the Police and Criminal Evidence Act (PACE) provides that fingerprints, DNA profiles and samples taken in connection with the investigation of an offence may only be used for purposes related to the prevention or detection of crime, the investigation of an offence, the conduct of a prosecution, or the identification of a deceased person or of the person from whom a body part came.

  19.  Companies which analyse DNA samples and produce profiles for the NDNAD have to be accredited under the International Quality Standard for Testing Laboratories, ISO 17025. The companies store DNA samples and profiles on completion of analysis in case they need to be re-examined in the future and are required to do so in a secure environment.

  20.  Existing safeguards for data use: Safeguards are provided by the restrictions imposed by PACE and the Data Protection Act, and the oversight provided by the NDNAD Strategy Board and the Custodian. Further safeguards are to be provided by an Ethics Group to be responsible for reviewing the appropriateness of policy, decision making and practice.

  21.  Profiling: The DNA profile of an individual consists of a code number which represents the person's gender and ten markers from areas of DNA which do not play an active role in determining personal characteristics. The NDNAD therefore is not and will not be used in any attempt to correlate particular genetic characteristics with propensity to commit crime. However the NDNAD does allow different unsolved crimes to be linked to the same offender or offenders, which is one of its important benefits.

FACIAL MAPPING

  22.  A national facial image database is currently being developed. This will enable police forces to share more efficiently the images they currently hold on individuals with each other for operational investigative purposes.

ELECTRONIC MONITORING

  23.  Electronic Monitoring (EM) has been operating throughout England and Wales since 1999. The monitoring service is provided by two private security firms under contract to the Home Office. They also initiate enforcement action as necessary. Contractor staff are subject to Criminal Record Bureau (CRB) checks.

  24.  EM is used predominantly to monitor a curfew condition. Adults or juveniles can also be monitored on bail, as a court-ordered community sentence or on release from prison. The technology only monitors a person's presence or otherwise at a specified address, not their general whereabouts.

  25.  Information on a subject's curfew record can be provided to the police or other agencies involved in the investigation or prevention of crime, in line with the Data Protection Act. The release of such information must be approved by the Home Office unless the subject is a Multi-Agency Public Protection Arrangements (MAPPA) or Prolific or other Priority Offender (POPO) case.

REGULATION OF THE INVESTIGATORY POWERS ACT 2000

  26.  The conduct by public authorities of what might be described as "traditional surveillance" which interferes with individuals' human right to respect for private and family life is permitted by the Intelligence Service Act 1994, Part III of the Police Act 1997 and Parts I and II of the Regulation of Investigatory Powers Act 2000 (RIPA).

  27.  RIPA is used by a wide range of public authorities—the security and intelligence agencies, the police service, local authorities and government departments and agencies—which have necessary and proportionate requirements to engage in conduct that can interfere with individuals' rights for legitimate purposes whether to safeguard national security or to prevent and detect crime.

  28.  Subject to various statutory safeguards and oversight, this conduct includes:

—    interception of communications;

—    covert observation and eavesdropping on conversations in private spaces, both premises or vehicles;

—    covert observation and eavesdropping on conversations in public spaces and vehicle location tracking;

—    covert interference with private property; and

—    acquisition and disclosure of communications data.

  29.  This conduct may be undertaken only when necessary for a legitimate aim and proportionate to that aim and is subject to strict independent oversight by the Chief Surveillance Commissioner, by the Interception of Communications Commissioner and the Intelligence Services Commissioner—all of whom report to the Prime Minister and to Parliament. RIPA also provides access for complainants to an independent tribunal—the Investigatory Powers Tribunal.

CRIMINAL RECORDS

  30.  The Home Office has a policy interest in the recording, retention, disclosure and quality of criminal record information held by the police. In addition to sponsorship of the Criminal Records Bureau and its parent legislation, this includes the arrangements for the disclosure and notification of such information, by the police, outside of the CRB disclosure service.

DATA SHARING—GENERAL

Data-sharing between government departments and agencies

  31.  The Data Protection Act 1998 (DPA) regulates the collection, use and distribution of personal data. The Government is committed to more information sharing between public sector organisations and service providers, and is equally committed to ensuring that once data is shared it will be kept safe and secure.

Existing safeguards for data use and whether they are strong enough

  32.  Greater data sharing and proper respect for an individual's privacy are compatible. Safeguards are essential to prevent unnecessary or disproportionate intrusions into individuals' privacy. The balance is maintained by the good legislative framework we already have in place which allows data sharing but guarantees individuals' legitimate rights to privacy through the Data Protection and Human Rights Acts.

  33.  The Government is very keen to tackle the misuse of personal data where it occurs. Following recommendations by the Information Commissioner and a DCA consultation, Government proposes to increase the penalties available to the Courts by amending section 60 of the DPA. This will enable those guilty of offences under section 55 of the DPA to be imprisoned for up to 2 years on indictment and up to 6 months on summary conviction. Government will seek to introduce legislation as soon as parliamentary time allows.

INFORMATION SHARING BETWEEN POLICE FORCES—IMPACT

  34.  The IMPACT Programme is introducing new IT enabled business change to improve the ability of the Police Service to manage and share its intelligence and other operational information in order to prevent and detect crime. It will ultimately deliver a national police database which will provide a single source of operational information linking data currently held on local systems with that held on national systems such as the Police National Computer (PNC).

  35.  All forces and agencies sharing information for policing purposes remain under a strict duty to conduct activities in a lawful and appropriate manner and the Programme is addressing the legal and policy issues in close partnership with the Service, the Home Office, DCA and the Information Commissioner. A statutory code of practice on the Management of Police Information (MoPI) was introduced in November 2005.

MULTI-AGENCY INFORMATION SHARING

  36.  The Crime and Disorder Act 1998 provides the power to disclose information lawfully to enable crime and disorder reduction partnerships to tackle crime and disorder. More recently arrangements have been put in place for information sharing to prevent serious violence.

  37.  Information sharing to prevent serious violence:. Multi-Agency Public Protection Arrangements (MAPPA) are the statutory arrangements set up in 2001, under the Criminal Justice & Court Services Act 2000, to provide a mechanism for agencies to work together when they are dealing with offenders who are assessed as posing a high risk of harm to others or whose risk management is exceptionally problematic.

  38.  The police, probation and prison services constitute the "responsible authority" who must co-operate with other specified agencies, and one form this co-operation will take will be information-sharing.

  39.  The Home Office is currently rolling out Multi-Agency Risk Assessment Conferences (MARACs) to provide a standardised approach to public protection for victims of domestic violence. The role of the MARAC is to facilitate, monitor and evaluate effective information sharing.[191]

  40.  The Home Office is looking at ways in which it might introduce processes to improve multi-agency risk assessment, information-sharing, management, and interventions to prevent serious violence in circumstances where MAPPA and MARACs would not apply.

FRAUD AND THE SERIOUS CRIME BILL

  41.  The Serious Crime Bill provides a legislative gateway for public authorities to share information for the purpose of preventing fraud through a designated anti fraud organisation. The Bill also provides a statutory gateway by which public and private sector bodies can contribute their data to the Audit Commission for the purposes of undertaking data matching in order to prevent or detect fraud. It also makes the contribution of data for such purposes mandatory for some bodies, in particular local government and NHS bodies.

  42.  Existing safeguards for data use: Neither provision authorises any disclosure of information which contravenes the Data Protection Act 1998.

  43.  The Bill provides a specific offence and penalty for wrongful onward disclosure of HMRC information It imposes criminal sanctions in circumstances where an individual discloses information in breach of statutory limitations. The Bill also places a statutory duty on the Audit Commission to produce a Code of Practice in relation to data-matching, and for all those who are participating in data matching exercises to have regard to this Code.

IMMIGRATION

  44.  The Border and Immigration Agency (BIA) deals with a vast number of immigration applications every year, including over one million in-country applications alone. All immigration applications contain personal information which is received, stored and used in a number of ways.

  45.  Intelligence: BIA's Intelligence Directorate works to combat serious & organised immigration crime, enhance border security and detect abuses of the immigration system. This involves data sharing between Government Departments and Agencies, the maintenance of secure intelligence databases and profiling on the basis of intelligence and risk.

  46.  E-Borders Programme delivers a modernised integrated secure border control system across all modes of transport. It is a multi-agency approach to tackling immigration and customs abuse, serious and organised crime and counter-terrorism. Passengers can be identified, assessed and cleared by relevant border agencies before departure to and from the UK, using information gathered by airlines as part of their current processes. Information sharing under the programme will be governed by a code of practice which will be published and laid before Parliament.

  47.  Iris Recognition Immigration System: IRIS (Iris Recognition Immigration System) is delivering a biometrically controlled automated border entry system for pre-registered travellers at 9 airport terminals in the United Kingdom. The system provides a fast, fraud-resistant way to pass through automated barriers at UK immigration controls.

  48.  Enforcement: BIA's enforcement priority is to remove the most harmful people first and the key sanctions for high-harm immigration offenders are removal or deportation. Electronic monitoring is used to maintain contact with individuals both to encourage compliance with the asylum and immigration processes and also enable an increase in the rate of removal. In 2007-08, we intend to increase our use of electronic monitoring, in particular the use of electronic tagging or voice verification.

  49.  UK Borders Bill: The UK Borders Bill provides for information sharing between the Agency and the HMRC and contains a specific criminal offence for the unlawful disclosure of HMRC information to prevent the misuse of sensitive tax data.

April 2007

185   The arrest rate is between nine and ten times higher than that of general patrol officers, increasing the number of offences brought to justice by three times the national average. Back

186   for example the Highways Agency and Transport for London. Back

187   Published in December 2006. Back

188   These provisions will be established in secondary legislation under Section 9 of the Identity Cards Act 2006. Back

189   With a maximum penalty of two years imprisonment while tampering with the Register will be subject to a maximum penalty of 10 years imprisonment. Back

190   The database is operated by the National Policing Improvement Agency which is a Home Office-sponsored Non-Departmental Public Body which vested in April 2007. Back

191   In Cardiff, where a MARAC has been operating, repeat victimisation has reduced from 30% to less than 10% from 2004-06. Back