APPENDIX 26
Memorandum submitted by the Home Office
EXECUTIVE SUMMARY
1. Public protection is core to the work
of the Home Office and its related services. In order to discharge
that duty, we need to be able to respond to 21st Century demands
to enable the better prevention and detection of crime, enhance
border security, detect immigration abuses and to meet new challenges
such as the emergence of new forms of criminal activity and increased
threats, whether it is terrorism, identity fraud or internet crime.
2. At the same time technological developments
have given us new tools which will help us rise to these challenges.
Proper use of these will help build public confidence and security.
But society is rightly concerned that these new developments are
being used appropriately and within a legal framework, with due
regard for individual privacy and rights. It is that balance between
privacy and protection that we seek to achieve in all our activities.
Public confidence clearly also depends on getting that difficult
balance right.
3. This Memorandum sets out the key areas
falling to the Home Office, including in particular, CCTV, ID
cards and secure passports, the National DNA database, and information
sharing. A key theme running through these areas is measures taken
to ensure proper and proportionate use, security and safeguards
against abuse.
CLOSED CIRCUIT
TELEVISION (CCTV)
4. Police experience and research studies
show that CCTV has considerable crime detection potential, when
used as part of a wider strategy. It can also reduce fear of crime.
Its use has attracted accusations of invasion of privacy.
5. The first legal control of CCTV in public
areas was the Data Protection Act 1998. The definitions in the
Act are broader than those of the Data Protection Act 1984 and
more readily cover images. The legally enforceable standards previously
applied to those processing personal data on computer now cover
CCTV and are based on the eight Data Protection Principles.[184].
6. The Information Commissioner will take
into account the extent to which the users have complied with
the CCTV Code of Practice when determining whether they have met
their legal obligations. The code deals with surveillance in areas
to which the public have largely free and unrestricted access.
7. Since February 2006, the Home Office,
with the Association of Chief Police Officers (ACPO), has been
conducting a review to develop a strategy for the future development
of public space CCTV.
8. The report of the review will be published
shortly.
AUTOMATIC NUMBER
PLATE RECOGNITION
(ANPR)
9. ANPR has proved to be a very successful
operational tool allowing the police to intercept a wide range
of criminals using the roads.[185]
10. There are a number of Government departments
and other organisations[186]
that operate ANPR systems. We aim to enable, through statutory
powers, the bulk sharing of information between such operators
and specified law enforcement agencies, to facilitate the prevention
and investigation of all levels of criminal offending (but particularly
terrorism and serious crime) while ensuring that effective safeguards
are in place.
THE NATIONAL
IDENTITY SCHEME
11. The Strategic Action Plan for the
National Identity Scheme[187]
set out the Government's plans to provide more secure and reliable
ways of proving identity, including more secure passports and
the introduction of Identity cards (ID cards). The Scheme is not
designed as a surveillance tool. It will protect individuals'
identities from abuse and provide a secure way for people to prove
their identity more reliably, helping to tackle illegal immigration,
crime and terrorism as well as improving public services.
12. The Identity Cards Act 2006 establishes
a National Identity Register which will hold the identity information,
including biometric information, of everyone issued with an ID
card. The Border and Immigration Agency (BIA) will start to issue
biometric immigration documents to foreign nationals in 2008 and
the Identity and Passport Service will begin to issue ID cards
to British citizens from 2009.
13. Checking National Identity Register
information: When a person applies for an ID card any information
to be recorded in the National Identity Register will be checked
against a number of public or private sector data sources[188]
to help verify the person's identity.
14. Verifying identity with consent:
The Scheme will also allow a more secure and reliable method for
individuals to prove their identity to private sector organisations,
(such as banks) by providing their ID card and, with the person's
consent, for this to be verified against the National Identity
Register. However the user organisation will not obtain access
to the National Identity Register.
15. Provision of information without
consent: The Identity Cards Act 2006 will also enable the
provision of information from the Register without an individual's
consent but only in strictly limited circumstances such as for
the prevention and detection of crime.
16. Safeguards: There are a number
of safeguards to ensure that the National Identity Register information
is held securely:
Separate IT systems will hold
National Identity Register biographical and biometric information
and will be accredited by the government's security authorities.
A National Identity Scheme Commissioner
will be appointed to oversee the operation of the Scheme. The
Intelligence Services Commissioner and Tribunal have a specific
remit to deal with how the intelligence services use any information
provided from the Register.
There will be rigorous auditing,
staff access restrictions, alerts and a range of technical controls
to guard against internal misuse.
Any unauthorised disclosure
of information from the Register will be a criminal offence.[189]
NATIONAL DNA DATABASE
17. The National DNA Database (NDNAD) is
a publicly owned police intelligence database,[190]
It is governed by a Strategy Board chaired by ACPO with membership
from the Home Office and the Association of Police Authorities.
The Custodian of the NDNAD is accountable to the Board ensuring,
amongst other things, that all profiles added to the NDNAD are
reliable and compatible. The standards and procedures for the
supplier laboratories are set by the Custodian.
18. Section 64 of the Police and Criminal
Evidence Act (PACE) provides that fingerprints, DNA profiles and
samples taken in connection with the investigation of an offence
may only be used for purposes related to the prevention
or detection of crime, the investigation of an offence, the conduct
of a prosecution, or the identification of a deceased person or
of the person from whom a body part came.
19. Companies which analyse DNA samples
and produce profiles for the NDNAD have to be accredited under
the International Quality Standard for Testing Laboratories, ISO
17025. The companies store DNA samples and profiles on completion
of analysis in case they need to be re-examined in the future
and are required to do so in a secure environment.
20. Existing safeguards for data use:
Safeguards are provided by the restrictions imposed by PACE and
the Data Protection Act, and the oversight provided by the NDNAD
Strategy Board and the Custodian. Further safeguards are to be
provided by an Ethics Group to be responsible for reviewing the
appropriateness of policy, decision making and practice.
21. Profiling: The DNA profile of
an individual consists of a code number which represents the person's
gender and ten markers from areas of DNA which do not play an
active role in determining personal characteristics. The NDNAD
therefore is not and will not be used in any attempt to correlate
particular genetic characteristics with propensity to commit crime.
However the NDNAD does allow different unsolved crimes to be linked
to the same offender or offenders, which is one of its important
benefits.
FACIAL MAPPING
22. A national facial image database is
currently being developed. This will enable police forces to share
more efficiently the images they currently hold on individuals
with each other for operational investigative purposes.
ELECTRONIC MONITORING
23. Electronic Monitoring (EM) has been
operating throughout England and Wales since 1999. The monitoring
service is provided by two private security firms under contract
to the Home Office. They also initiate enforcement action as necessary.
Contractor staff are subject to Criminal Record Bureau (CRB) checks.
24. EM is used predominantly to monitor
a curfew condition. Adults or juveniles can also be monitored
on bail, as a court-ordered community sentence or on release from
prison. The technology only monitors a person's presence or otherwise
at a specified address, not their general whereabouts.
25. Information on a subject's curfew record
can be provided to the police or other agencies involved in the
investigation or prevention of crime, in line with the Data Protection
Act. The release of such information must be approved by the Home
Office unless the subject is a Multi-Agency Public Protection
Arrangements (MAPPA) or Prolific or other Priority Offender (POPO)
case.
REGULATION OF
THE INVESTIGATORY
POWERS ACT
2000
26. The conduct by public authorities of
what might be described as "traditional surveillance"
which interferes with individuals' human right to respect for
private and family life is permitted by the Intelligence Service
Act 1994, Part III of the Police Act 1997 and Parts I and II of
the Regulation of Investigatory Powers Act 2000 (RIPA).
27. RIPA is used by a wide range of public
authoritiesthe security and intelligence agencies, the
police service, local authorities and government departments and
agencieswhich have necessary and proportionate requirements
to engage in conduct that can interfere with individuals' rights
for legitimate purposes whether to safeguard national security
or to prevent and detect crime.
28. Subject to various statutory safeguards
and oversight, this conduct includes:
interception of communications;
covert observation and eavesdropping
on conversations in private spaces, both premises or vehicles;
covert observation and eavesdropping
on conversations in public spaces and vehicle location tracking;
covert interference with private
property; and
acquisition and disclosure of
communications data.
29. This conduct may be undertaken only
when necessary for a legitimate aim and proportionate to that
aim and is subject to strict independent oversight by the Chief
Surveillance Commissioner, by the Interception of Communications
Commissioner and the Intelligence Services Commissionerall
of whom report to the Prime Minister and to Parliament. RIPA also
provides access for complainants to an independent tribunalthe
Investigatory Powers Tribunal.
CRIMINAL RECORDS
30. The Home Office has a policy interest
in the recording, retention, disclosure and quality of criminal
record information held by the police. In addition to sponsorship
of the Criminal Records Bureau and its parent legislation, this
includes the arrangements for the disclosure and notification
of such information, by the police, outside of the CRB disclosure
service.
DATA SHARINGGENERAL
Data-sharing between government departments and
agencies
31. The Data Protection Act 1998
(DPA) regulates the collection, use and distribution of personal
data. The Government is committed to more information sharing
between public sector organisations and service providers, and
is equally committed to ensuring that once data is shared it will
be kept safe and secure.
Existing safeguards for data use and whether they
are strong enough
32. Greater data sharing and proper respect
for an individual's privacy are compatible. Safeguards are essential
to prevent unnecessary or disproportionate intrusions into individuals'
privacy. The balance is maintained by the good legislative framework
we already have in place which allows data sharing but guarantees
individuals' legitimate rights to privacy through the Data Protection
and Human Rights Acts.
33. The Government is very keen to tackle
the misuse of personal data where it occurs. Following recommendations
by the Information Commissioner and a DCA consultation, Government
proposes to increase the penalties available to the Courts by
amending section 60 of the DPA. This will enable those guilty
of offences under section 55 of the DPA to be imprisoned for up
to 2 years on indictment and up to 6 months on summary conviction.
Government will seek to introduce legislation as soon as parliamentary
time allows.
INFORMATION SHARING
BETWEEN POLICE
FORCESIMPACT
34. The IMPACT Programme is introducing
new IT enabled business change to improve the ability of the Police
Service to manage and share its intelligence and other operational
information in order to prevent and detect crime. It will ultimately
deliver a national police database which will provide a single
source of operational information linking data currently held
on local systems with that held on national systems such as the
Police National Computer (PNC).
35. All forces and agencies sharing information
for policing purposes remain under a strict duty to conduct activities
in a lawful and appropriate manner and the Programme is addressing
the legal and policy issues in close partnership with the Service,
the Home Office, DCA and the Information Commissioner. A statutory
code of practice on the Management of Police Information (MoPI)
was introduced in November 2005.
MULTI-AGENCY
INFORMATION SHARING
36. The Crime and Disorder Act 1998 provides
the power to disclose information lawfully to enable crime and
disorder reduction partnerships to tackle crime and disorder.
More recently arrangements have been put in place for information
sharing to prevent serious violence.
37. Information sharing to prevent serious
violence:. Multi-Agency Public Protection Arrangements (MAPPA)
are the statutory arrangements set up in 2001, under the Criminal
Justice & Court Services Act 2000, to provide a mechanism
for agencies to work together when they are dealing with offenders
who are assessed as posing a high risk of harm to others or whose
risk management is exceptionally problematic.
38. The police, probation and prison services
constitute the "responsible authority" who must co-operate
with other specified agencies, and one form this co-operation
will take will be information-sharing.
39. The Home Office is currently rolling
out Multi-Agency Risk Assessment Conferences (MARACs) to provide
a standardised approach to public protection for victims of domestic
violence. The role of the MARAC is to facilitate, monitor and
evaluate effective information sharing.[191]
40. The Home Office is looking at ways in
which it might introduce processes to improve multi-agency risk
assessment, information-sharing, management, and interventions
to prevent serious violence in circumstances where MAPPA and MARACs
would not apply.
FRAUD AND
THE SERIOUS
CRIME BILL
41. The Serious Crime Bill provides a legislative
gateway for public authorities to share information for the purpose
of preventing fraud through a designated anti fraud organisation.
The Bill also provides a statutory gateway by which public and
private sector bodies can contribute their data to the Audit Commission
for the purposes of undertaking data matching in order to prevent
or detect fraud. It also makes the contribution of data for such
purposes mandatory for some bodies, in particular local government
and NHS bodies.
42. Existing safeguards for data use:
Neither provision authorises any disclosure of information
which contravenes the Data Protection Act 1998.
43. The Bill provides a specific offence
and penalty for wrongful onward disclosure of HMRC information
It imposes criminal sanctions in circumstances where an individual
discloses information in breach of statutory limitations. The
Bill also places a statutory duty on the Audit Commission to produce
a Code of Practice in relation to data-matching, and for all those
who are participating in data matching exercises to have regard
to this Code.
IMMIGRATION
44. The Border and Immigration Agency (BIA)
deals with a vast number of immigration applications every year,
including over one million in-country applications alone. All
immigration applications contain personal information which is
received, stored and used in a number of ways.
45. Intelligence: BIA's Intelligence
Directorate works to combat serious & organised immigration
crime, enhance border security and detect abuses of the immigration
system. This involves data sharing between Government Departments
and Agencies, the maintenance of secure intelligence databases
and profiling on the basis of intelligence and risk.
46. E-Borders Programme delivers
a modernised integrated secure border control system across all
modes of transport. It is a multi-agency approach to tackling
immigration and customs abuse, serious and organised crime and
counter-terrorism. Passengers can be identified, assessed and
cleared by relevant border agencies before departure to and from
the UK, using information gathered by airlines as part of their
current processes. Information sharing under the programme will
be governed by a code of practice which will be published and
laid before Parliament.
47. Iris Recognition Immigration System:
IRIS (Iris Recognition Immigration System) is delivering a biometrically
controlled automated border entry system for pre-registered travellers
at 9 airport terminals in the United Kingdom. The system provides
a fast, fraud-resistant way to pass through automated barriers
at UK immigration controls.
48. Enforcement: BIA's enforcement
priority is to remove the most harmful people first and the key
sanctions for high-harm immigration offenders are removal or deportation.
Electronic monitoring is used to maintain contact with individuals
both to encourage compliance with the asylum and immigration processes
and also enable an increase in the rate of removal. In 2007-08,
we intend to increase our use of electronic monitoring, in particular
the use of electronic tagging or voice verification.
49. UK Borders Bill: The UK Borders
Bill provides for information sharing between the Agency and the
HMRC and contains a specific criminal offence for the unlawful
disclosure of HMRC information to prevent the misuse of sensitive
tax data.
April 2007
184 Data must be: fairly and lawfully processed;
processed for limited purposes and not in any manner incompatible
with those purposes; adequate, relevant and not excessive; accurate;
not kept for longer than is necessary; processed in accordance
with individuals' rights; secure; not transferred to countries
without adequate protection. Back
185
The arrest rate is between nine and ten times higher than that
of general patrol officers, increasing the number of offences
brought to justice by three times the national average. Back
186
for example the Highways Agency and Transport for London. Back
187
Published in December 2006. Back
188
These provisions will be established in secondary legislation
under Section 9 of the Identity Cards Act 2006. Back
189
With a maximum penalty of two years imprisonment while tampering
with the Register will be subject to a maximum penalty of 10 years
imprisonment. Back
190
The database is operated by the National Policing Improvement
Agency which is a Home Office-sponsored Non-Departmental Public
Body which vested in April 2007. Back
191
In Cardiff, where a MARAC has been operating, repeat victimisation
has reduced from 30% to less than 10% from 2004-06. Back
|