Surveillance: Citizens and the State - Constitution Committee Contents


Examination of Witnesses (Questions 74-79)

Professor Graham Greenleaf

28 NOVEMBER 2007

  Q74  Chairman: Professor Greenleaf, good morning and thank you very much indeed for being with us.

  Professor Greenleaf: Thank you very much for the invitation to appear before the Committee.

  Q75  Lord Morris of Aberavon: I would like some comparison of surveillance in different countries. You have experience in your native Australia and other countries as well. How does the degree and nature of surveillance in our country compare with that of other countries? Are we much more restrictive than others or does it vary?

  Professor Greenleaf: It varies. I cannot purport to be an expert on the details of surveillance in this country; I have picked up what information I can for comparative purposes and I will try to make some comments in comparison with, say, Australia and with Hong Kong which are perhaps the two places with which I am most familiar. In relation to Australia, I have, with the assistance of my colleagues, anticipating that the Committee would like some information about this, prepared some background information about the nitty-gritty of surveillance practices in Australia. I would like to hand that to the Committee. I would like to comment in summary. Australia and the UK could both be put at the more advanced end on the spectrum of surveillance orientated societies, but there are a number of differences between the two and overall I would say that the United Kingdom is probably further down the track of more intensive surveillance than Australia or at least going in that direction. I would like to pick up a couple of different indicia. There seems to be much more CCTV surveillance in the UK than in Australia. Whether the estimates of 4.2 million cameras are correct or just in the right ball park I do not know, but the Australian figures in the documents I have suggest numbers more in the tens of thousands for the largest capital cities. So, at most, you are going to be looking at only a fraction of the UK numbers and they are mainly, from my knowledge, orientated to transport systems and large crowd locations with some private sector use in large supermarkets and the like. In relation to the ID card system that has been proposed or is in the process of being implemented in the UK, from what I know of it, this vast aggregation of data with very wide and uncertain purposes in both the public sector and the private sector goes far beyond any other systems with which I am familiar and seems to almost constitute the surveillance society in itself. You may be aware that the Australian Government were proposing to introduce what they call an access card for health and welfare benefits of which I have been a critic for some time. That is now not going to happen due to the change of Government in Australia in November 2007. So, on these particular indicia, Australia is going to be in the future a far less intensive surveillance society than the UK. Other factors such as the children's database, the NHS patient database with its very wide accesses and the DNA database, from what I know of them, the cumulative effect of these is far, far greater in the UK than the equivalents that do exist to some extent in Australia. If I may turn to the private sector, I think the big difference is that there are very few barriers in the UK to data sharing between different sub-sectors of the private sector, say between the credit industry, the insurance industry and the direct marketing industry. In Australia, because of legislation introduced in the early 1990s, information in the credit reporting sector is in effect siloed off from the rest of the private sector and that has made an enormous difference to developments in Australia compared, say, to the UK or the USA. So, quite a different picture. On the other hand, there may at the present perhaps be less government data matching at the moment in the UK than in Australia but, from what I have seen of recent announcements and committees looking at this, it seems as though the UK is catching up fast. One of the areas where there is very intensive surveillance in Australia is anti-money laundering where vast amounts of data are being sucked in by our money laundering agency from all sorts of cash dealers and any organisations involved in finance in the private sector. I suspect that there is more of that in Australia than there is here. May I mention something about Hong Kong by way of comparison as well?

  Q76  Chairman: Yes.

  Professor Greenleaf: I was a Distinguished Visiting Professor at the University of Hong Kong for a couple of years and that is why I have some knowledge about Hong Kong. I think that it is an interesting comparison, it having been a UK colony only a decade ago and now part of the People's Republic of China. Although Hong Kong was one of the first countries to introduce a multi-functional chip based Smart ID card, in fact its non-immigration uses are at present quite minor. The main criticisms that I and others have levelled at it is the potential for function creep in the future that has been built in. However, at present, it is not anything remotely like the UK system that is being developed. Data matching is quite limited in Hong Kong and must be approved by the Privacy Commissioner. I think that there is relatively little CCTV surveillance except in a few select areas of downtown entertainment areas of Hong Kong island, and not a whole lot more other than that. Transport surveillance is quite limited compared to what is being used. The Oyster Card here I gather is quite extensively used for police surveillance now. The Octopus Card is an anonymous smart card in Hong Kong and has very limited possible uses for surveillance. Telecommunication surveillance is also relatively limited. They have a new Interception Commissioner but the numbers involved are not very large. You can do things like get anonymous SIM cards for mobile phones by cash payments. Anonymous mobile phones is quite surprising in a jurisdiction which is part of the People's Republic of China.

  Q77  Lord Woolf: You have already covered some of the matters that I was going to ask you about particularly because you have made a comparison between this country and Australia and then Hong Kong and of course a comparison between Australia and Hong Kong very briefly in what you have said. Having done so, do you think that part of the problem here is that our regulation at the present time is very piecemeal?

  Professor Greenleaf: Yes, I do think that is part of the problem and this is not a problem that is limited to the UK by any means. Over the last 30 years, we have had the development at an international level of information privacy principles but there has been very little systematic development in the rest of the package, if we can call it that, of privacy principles, plus principles governing surveillance as such. These would make distinctions between overt surveillance and covert surveillance and what are the rules for each and whether there are different rules for workplace surveillance compared to open places and the like. Also, there are really no systematic sets of rules for intrusions of various types. I think that that leads to a lack of real rules in those latter areas which contributes to the proliferation of things like CCTV. It also means that neither Information Commissioners nor the general public nor the Parliament are able to get an overall grasp of what is the overall surveillance picture in our society and how these things are knitting together. We talk about the boiling frog but we do not really have much idea at what temperature from one year to the next the frog has reached. Yes, there is piecemeal regulation.

  Q78  Lord Woolf: What is the answer to that? What is the solution you would like to see? Is that in turn piecemeal or is it one overriding form of protection?

  Professor Greenleaf: I do not know that there is necessarily one answer to that. I think that you could have a general piece of privacy legislation which contains sets of principles for these various areas and maybe you could have one commissioner administering that but, in this country, I understand that you have commissioners for surveillance and commissioners for telecommunications interception as well as the Information Privacy Commissioner, as I will call him. That may still be a sensible model but it would be good if they were all working to one principle based set of privacy principles, even though they may administer parts of them differently. Picking up on the Information Commissioner's evidence last week, one thing that he did not say was that it would be good to have an annual "state of surveillance" report, that simply set out the facts on an annual basis of where each different type of surveillance had reached over the last 12 months and how they were now interconnected. That would enable Parliament, Government and everyone else to reach better policy decisions.

  Q79  Lord Woolf: I think that there is the problem that can arise from what we have connected. We have had a very recent example of the problems of Revenue and Customs, one might almost say fiasco, with regard to the loss of information. Do you think that there are any lessons to be learned from that?

  Professor Greenleaf: Yes, I think that there are a number of very serious lessons, particularly because that is what the future is going to comprise, in my view, if things are not changed. This is not going to be a one-off event. Some of the lessons that need to be learned are first that I think there has to be a serious acceptance of only collecting personal data where it really is necessary for organisations to collect it and not collecting it on some rainy day principle that it might come in handy some time in the future. I think that taking minimum necessary collection seriously has to be the starting point. In Australia, one additional principle that we have that is not found in the Directive or elsewhere is called the anonymity principle which says that organisations must provide services to individuals on an anonymous basis where it is feasible and lawful to do so. Our Law Reform Commission is currently proposing that that be extended to include pseudonimity as well so as to provide an additional level of protection against unwarranted disclosure of information. One other essential starting point for this is to get the acceptance of privacy as a value correctly included in our privacy laws. For me, what this means is essentially that the onus of justification of intrusion in any way into a person's privacy has to be on those who are proposing to do it, whether it be government, private sector or whatever. Basically, I think that is what is at the bottom of the German Constitutional Court's "informational self-determination" decision. They were not making privacy any sort of absolute right but they were making it very clear in the German context that every intrusion into privacy had to be justified up front in terms of alternative social benefits. Once you get that sort of starting point, I think that you can be on the right track and I think that that is a constitutional principle and a good reason for this Committee to be looking at this issue. That really goes to the relationship between the individual and the state.


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009