Examination of Witnesses (Questions 300
TUESDAY 26 JUNE 2007
Q300 Patrick Mercer: I am referring
exactly to that sort of case. Do you think there is a real danger
that a focus on automated data-sharing can actually make getting
across essential information harder, and there is simply too much
information out there? It confuses rather than helps.
Mr Russell: The thing we said
on the children's index was actually, in principle, there is nothing
wrong with a children's index, if it is a targeted database. Targeted
amounts of information on children at risk can be helpful. The
problem is, when you have got every child on a database, as Shami
said, it is incredibly difficult to see the wood for the trees.
In certain circumstances, yes, a database is important, but we
need to be. These human right principles that we started
off withis this necessary, is there a legitimate aim, is
it going to workthose are the questions we think Parliament
should be asking when a new proposal for a new government database
is being proposed.
Chairman: Thank you, Margaret Moran.
Q301 Margaret Moran: I, like David,
am interested in the evidence base of some of the things you have
been asserting to us. You say in your submission to us that the
extent to which every person in the UK is subjected to surveillance
has increased disproportionately to any justified social need
or benefit. Could you give us the research evidence for that just
as a reference? If you cannot do it now could you, please, send
it to us? You also make reference to the National DNA Database
and say that there is an intention to make that database compulsory.
Could you give us what evidence you have for that statement?
Ms Chakrabarti: It is, of course,
compulsory even now as a matter of law, because this is a criminal
justice policing measure. Your DNA is compulsorily taken from
you under pain of criminal sanction if you do not agree to it
Q302 Margaret Moran: I think the
suggestion is that it implies universally?
Ms Chakrabarti: That there be
a desire in certain quarters to make it
Q303 Margaret Moran: You have stated
that you believe that a compulsory universal DNA database
Ms Chakrabarti: The present, soon
to be outgoing, Prime Minister has stated that he thinks it would
be desirable to have a universal DNA database after a public debate.
Various chief constables have taken that view. It is a perfectly
respectable, if slightly terrifying, view. There is logic to it.
There is a logic that says, "Let us have the DNA of every
man, woman and child in the country, and then, when something
bad happens and there is a crime scene, we will match it."
There is also a logic, I would argue, to our position, which is
to say, have a smaller more ring-fenced DNA database of people
who have been convicted of a particular threshold level of crime.
What there is not a logic to, in our view, is the current situation
where anyone who has been arrested for an offence can have their
DNA taken and even if they are let go, as in my shop-lifting example,
the police apologise, say, "We have got the wrong woman",
never charged, let alone convicted, my DNA can be kept forever.
Q304 Margaret Moran: I was not actually
asking for a treatise on DNA, I was asking for the evidence-base?
Ms Chakrabarti: That is the evidence;
that is the law.
Q305 Margaret Moran: Various comments
do not constitute a research evidence base either to the initial
point I made or to the second of those points. Have you got something
substantial other than people's comments?
Ms Chakrabarti: Well, the legal
position is clear and not in contention as to what the basis for
taking and keeping people's DNA is at the moment. That is a statement
of the law.
Q306 Margaret Moran: I was referring
to your assertion about a universal
Ms Chakrabarti: If the Prime Minister
says he thinks it would be a good idea, I think that is a pretty
good suggestion of intention, and, as I have said, it is a logical
position, I just do not think it is proportionate.
Q307 Margaret Moran: Mr Russell,
earlier you made reference to the Serious Crime Bill. The reason
I have been out of the room is because I am sitting on the Serious
Crime Bill. You referred effectively to function creep, to what
is now known in technical circles as the possibility of phishing,
data-mining, data-sharing. What evidence have you got for that
function creep and are you aware of what the Minister said at
the second reading on the Serious Crime Bill in relation to that
in answer to the specific question that I raised?
Mr Russell: The specific point
about function creep and where my concern about the function creep
comes from is the fact that in the bill there is a very clear
provision which says that the Home Secretary, Secretary of State,
may by order increase the functions for which data-mining may
be undertaken. So, that is how function creep most often happens:
if you have got a power to do something with personal information
and then, by regulation, the reasons for which you can process
that information can be extended. That is where the concern about
function creep comes from. There is a clear power in the bill.
I cannot remember the clause reference, but there is one there
which says that the purposes can be extended. So that is the function
Q308 Margaret Moran: That contradicts
what the Minister said at the second reading, that the Audit Commission
will not be able to use the powers to predict who might commit
fraud in the future, in other words phishing, and it is right
and proper that we put safeguards in place to prevent data-mining
Mr Russell: Can I come back on
that point? That is absolutely right. We pushed in the House of
Lords for an amendment to the bill which would prevent data-mining
to be used to profile people's future behaviour. The Government
agreed with us that that was a concern in the current legislation
and, therefore, agreed in the House of Lords to put an amendment
in to stop profiling of individual suspects in terms of their
future behaviour, and we are delighted they have put that in.
That is slightly different to the question of function creep,
because the question of function creep is about what purpose is
this data-mining going to be used for, and I would be very surprised
if the Minister had said that there was no risk of function creep
in relation to this aspect of the Serious Crime Bill, because
the provision is there.
Dr Pounder: Just a comment on
the Serious Crime Bill. The Audit Commission can do data-matching
in relation to serious crime, not so serious crime and debt collection.
In relation to debt recovery, one wonders whether the Serious
Crime Bill is the correct vehicle for this. There is a real problem
in over-indebtedness in the UK. Whether or not that should be
treated by separate legislation is another thing, but if you look
at Schedule Seven, you will see that debt recovery is part of
the Audit Commission's remit in the Serious Crime Bill.
Dr Metcalfe: Can I make an additional
point about function creep. Before I was at JUSTICE I was a lawyer
in the immigration and judicial review section of the Treasury
Solicitors Department and I was responsible for helping to arrange
advice in relation to the Asylum Registration Card or ARC, so
that was an identity card system which involved fingerprinting
of asylum seekers. I am not saying anything that is not in the
public domain at this point. The original purpose of the Asylum
Registration Card was to reduce fraud in relation to asylum seekers,
but it is very easy to see, just as a practical measure, how the
information stored for one purpose can be used in relation to
others. If you had that information stored in relation to asylum
seekers and you are a law enforcement agency, why would you not
want to check information to see whether any of the people that
you now have on your database match unsolved crimes? Why would
you not want to see if any of those people are also involved in
relation to mainstream benefit fraud, if in some way they have
managed to fraudulently obtain documents in relation to mainstream
benefits? Why would you not, if you were a medical researcher,
want to cross-reference the biometric information that you might
have on that database in relation to preventing genetic diseases?
You do not have to be a conspiracy theorist to see how function
creep happens. It happens perfectly naturally, in that people
see information which is useful and then seek to gain it; and
no-one can deny that these databases are useful; the point that
we are trying to make in this situation is that what people do
not see when they see the utility of information is the danger
and risks. I thought the evidence this morning from the people
involved in medical research was extremely interesting. Yes, it
is true that in the old days you could go into a doctor's surgery
and get a patient's medical records off the doctor's desk, but,
generally speaking, that would mean going down to a quiet street
in Basingstoke, finding the doctor's surgery and going in there.
Now, anyone with a computer can access that information. Just
to give you some idea of the extent to which
Q309 Chairman: Just a minute. It
is not actually true, is it, that anyone with a computer can access
the NHS database? If you want to let that lie as your evidence
that anyone with a computer can access the NHS database, I think
you need to justify it.
Dr Metcalfe: Obviously, I am generalising
to a degree. The computer has to be networked and also has to
be able to access the NHS network.
Q310 Chairman: That is quite a big
difference, is it not, between "anyone with a computer"?
Dr Metcalfe: We are currently
extraditing a man to the United States because he was able from
the United Kingdom to hack into the United States Department of
Defence database. Do we really suppose. I do not think
literally everyone with a computer can access that information,
but I mean anyone who skilled enough with networks, and there
are a large number of people like that nowadays out there. If
someone in the United Kingdom can access what is arguably the
most secure defence network in the United States from here in
the United Kingdom, I do not think we can afford to be blasé
about the possibility that someone, say, in China could at one
point hack into our NHS database.
Q311 Chairman: Nonetheless, you take
our point about being a little bit more accurate.
Ms Chakrabarti: He qualified it.
Q312 Margaret Moran: The suggestion
you are making there is that these other uses should not be occurring.
What would you advocate to prevent phishing? Are there limitations
that could be placed on the use of this data that would give sufficient
assurance, in your view, to the general public or to yourselves
rather, because maybe the general public have a different idea?
Dr Metcalfe: I think really it
has to be taken on a case by case basis, because obviously not
all databases are equal and different databases work in different
ways. One major source of concern, for example, is the recent
European Framework Directive, which allows law enforcement agencies
from across the European Union to access information held in UK
law enforcement databases, which means that information could
potentially be passed from police criminal records to a law enforcement
agency in Lithuania. One major concern there is what assurance
do we have that the end user in Lithuania will not misuse that
data, because they are not subject to the same data protection
standards as we are here in the United Kingdom? I think that is
a very good illustration of a potential gap. We need to make sure
that every end user, every person who has access to official government
data is bound by the same standards. So, that is one global point
I would make, particularly in relation to data-sharing across
the European Union. In relation to the specific
Q313 Margaret Moran: I want to be
clear. You are saying there should not be sharing of data across
Europe or beyond until all of those protocols are in place. I
think the parents of young Maddie might have a different view
Dr Metcalfe: Certainly, I would
hope so, but I would also like to think that they do not want
her personal data being shared willy-nilly with people in another
European Union country without sufficient data protection standards.
Think of the potential risks, for example, if you allowed access
to our children's database to be given to any accession country,
and think of the potential risk to children that might arise from
that situation, because we are not asking the same standards of
an accession country that we do of our own public officials in
Q314 Gwyn Prosser: You have all argued
in your various ways that the current legislation does not provide
comprehensive data protection, that it is out of date, out of
step and fails to keep pace with technological changes. I wonder
if I can ask you briefly each to describe revision or improvement
in the legislation which would correct that error and how can
we ensure that such provision does not get outpaced by the rapid
improvement in technology?
Dr Pounder: I think the starting
position I have is that there needs to be a counterbalance to
the data surveillance and the data-sharing that occurs. I think
there are three elements to this counterbalance. One is parliamentary,
the second is regulatory and the third is the individual. Starting
from the individual basis, I think the time has come to look at
a right to information privacy. The Culture and Media Committee
toyed with this idea and recommended that Parliament should grab
this particular nettle. My own view is that it can be done via
the Data Protection Act, a right to information privacy, and the
advantage of that is that it would not disturb the relationships
with the press, it would avoid that problem. In relation to parliamentary,
what I would like to see is the ability to have a feedback loop
into Parliament that could possibly result in, say, for example,
a show-stopper in respect of, shall we say, some sort of surveillance
activity potential. I will try and explain what I mean. At the
moment the Home Secretary and many secretaries of state are responsible
for setting the procedures that safeguard as well as the responsibilities
for interference, and I would like to see Parliament being more
on the ability of being able to, shall we say, have some safeguards.
For example, the Home Secretary could produce a Code of Practice
in relation to X and, say, for example, he could approach the
Information Commissioner with a view to what the Commissioner's
views are. Instead of the Code of Practice being, say, for example,
laid before Parliament, it could be approved by Parliament. So,
if the Information Commissioner, for example, had problems with
the Code of Practice, he could bring those problems to Parliament
and Parliament could set social policy as to where the balance
lay. I also think that the regulator, the Data Protection Commissioner,
should have the ability to check regulations passed by this House
(and as you know in the identity card legislation there are some
wide-ranging powers), shall we say, for example, to go straight
to the court and say, "I think these regulations are awful",
and have somebody who can actually challenge the lawfulness of
the regulations that are placed in human rights terms. I also
think Parliament needs more information about what government
intends. The bulk of the appendix in my evidence relates to how
I thought that Parliament was not informed as to the true intent
of the identity card, and I hope that in the new arrangements,
with respect to Gordon Brown's possibilities, that Parliament
will be able to get the information it seeks to make informed
decisions. In relation to the regulator, the final thing I would
say is that. Sorry not the regulator. A general matter
is that there has to be absolute transparency in relation to data-sharing
or any surveillance, what is going on, and that absolute transparency
has to be backed up by the fact that people can do something with
the information. It is pointless telling you, "Oh, there
is a camera here", blah, blah, blah. Once you have been given
this information, you can do something, and that is one reason
why I think a right to information privacy is inevitable. At least
the individual who is subject to the surveillance can do something
with the information that he gets.
Q315 Gwyn Prosser: Dr Metcalfe, would
you concur with that?
Dr Metcalfe: I would concur with
that. It is very difficult for me to add anything further. Perhaps
one point I should just identify, if we are going to identify
wish-lists. We would argue that there needs to be prior judicial
authorisation of any interception of private communications under
Part I of the Regulation of Investigatory Powers Act. Currently
you can intercept, a law enforcement agency can intercept email,
it can intercept telephone calls, it can intercept letters and
text messages simply by going to the Home Secretary and asking
for a warrant. I am not saying that the Home Secretary grants
them willy-nilly, but in every other common law country you find
that the prior authorisations are made by independent judicial
authority. That does not happen in this country and it should.
Q316 Gwyn Prosser: Ms Chakrabarti
or Mr Russell?
Mr Russell: Again, we agree with
the comments that have been made, and I will not repeat them.
There are another couple of points that we would make. We need
to look at the Data Protection Act with specific reference to
CCTV, because a large number of CCTV cameras are not regulated
by the Data Protection Act at all, and we think that there should
be very sensible, legally binding guidance or regulations on the
question of whether people have to be informed about where a CCTV
camera is, who operates the CCTV camera or what training they
need and the appropriateness of the placing of cameras. So, we
think CCTV should be looked at. The DNA database: we think there
should be a presumption in favour of the removal of DNA from somebody
who is not charged or convicted, a rebuttable presumption, but
in some cases it may be necessary. I am thinking of something
like Ian Huntley. It may be necessary to keep somebody's DNA even
if they are not convicted, you know, if there are repeat allegations,
but generally we think there should be a presumption for removal.
Q317 Chairman: Thank you. Could I
just press the Parliamentary scrutiny point a bit. Dr Pounder,
to some extent your evidence is slightly embarrassing for this
Committee in the sense that it suggests the Home Office were able
to put one over on us and on Parliament. We very clearly said
there should not be a Citizens Information Project. You may have
been given the impression there would not be one and you track
how officialdom kept the Citizens Information Project going for
months, if not years, and it then re-emerges as the core of the
National Identity Register. Given that experience where, certainly
when we were discussing the Identity Cards Bill, none of us knew
that the officials were carrying on with this secret project,
how can Parliament actually do the scrutiny role you want us to
Dr Pounder: You invited me to
say that that is why I recommended that this Committee should
recommend removing section 1(4)(e) of the ID Card Act.
Q318 Chairman: Remind us, for any
who may be watching on the Internet link, which section that was.
Dr Pounder: It is to do with the
ability to share information, using the identity card database
for a general public administration purpose. The other thing I
would say is that this public administration purpose is subject
to the review, it is called the Crosby Review, which is supposed
to announce soon. I have given my evidence to the Crosby Reviewers
with the hope, I have said to them, that if they are going to
progress their ideas in identity management, it has to be through
primary legislation and not through section 1(4)(e) of the Identity
Q319 Chairman: Thank you. Ms Chakrabarti.
Ms Chakrabarti: I would agree
with that. There are more general points about doing more in primary
legislation. They do not just apply to privacy protection but
to Parliament privacy scrutiny more generally and less by way
of regulations after the event.