Surveillance: Citizens and the State - Constitution Committee Contents


Memorandum by Liberty

ABOUT LIBERTY

  Liberty (The National Council for Civil Liberties) is one of the UK's leading civil liberties and human rights organisations. Liberty works to promote human rights and protect civil liberties through a combination of test case litigation, lobbying, campaigning and research.

LIBERTY POLICY

  Liberty provides policy responses to Government consultations on all issues which have implications for human rights and civil liberties. We also submit evidence to Select Committees, Inquiries and other policy fora, and undertake independent, funded research.

  Liberty's policy papers are available at:

    http://www.liberty-human-rights.org.uk/publications/1-policy-papers/index.shtml

INTRODUCTION

  1.  Liberty is delighted that the House of Lords Constitution Committee is undertaking an inquiry into the impact of surveillance and data collection upon the privacy of citizens and their relationship with the state. Surveillance and data collection raise profound ethical and constitutional issues and Government schemes like the DNA Database and ID Cards have the potential to change the nature of the relationship between state and citizen. Parliament is particularly well-placed to assess the wider societal impact of measures which interfere with personal privacy. While the courts, for example, often focus on individual cases, Parliament is better able to look at the broader picture. This is particularly important in this context. Policies like the permanent retention of DNA on the DNA Database involve less tangible human rights infringements than measures which, for example, deny people a fair trial. It is only when one aggregates the impact of such measures across the millions of people they affect that one can see the real extent of their effect on privacy and their significant constitutional implications.

A HUMAN RIGHTS APPROACH TO PRIVACY

  2.  Liberty starts from the position that privacy matters. If in any doubt about this you need only ask whether you would be happy to have a CCTV camera in your living room, whether you draw the curtains before you change for bed or whether you would be upset to discover that the police have been listening in to your telephone calls. It is not only those that have something to hide that have something to fear, something to protect. The post-War human rights framework recognizes the importance of personal privacy to human dignity and to peoples' ability to live their own lives and develop their own personalities and relationships. The concern of modern human rights instruments with privacy is also closely connected to the world's experience of abusive, totalitarian regimes. A near-complete denial of private life was a clear result of fascism and shown to be a great human cost. Complete disrespect for private life was also vital to the maintenance of power by dictatorial regimes, a chillingly effective tool of oppression. It was not only that the work of secret police deterred opposition, though certainly it did. Undermining personal privacy also undermined personal resistance, the ability of many people to maintain a concept of themselves as individuals, divisible and perhaps opposed to the regime:

    "No, retiring into private life was not an option, However far one retreated, everywhere one was confronted with the very thing one had been fleeing from. I discovered that the Nazi revolution had abolished the old distinction between politics and private life, and that it was quite impossible to treat it merely as a `political event'. It took place not only in the sphere of politics, but also in each individual private life; it seeped through the walls like poison gas."[1]

  3.  This is not, however, to say that all Governments that infringe personal privacy are dictatorial or fascistic. Liberty neither likens Tony Blair to Hitler and Stalin nor the British police to the Stasi. We do, however, believe that the lessons the world learnt about the importance of privacy during the 20th Century remain vital tools today for understanding and scrutinising Government proposals and for protecting personal privacy against unjustified or arbitrary interferences. Like most rights in the post-War human rights framework, the right to personal privacy is not absolute. It recognizes that surveillance is sometimes justified and that it is sometimes necessary for the state to take, share and use personal information. A human rights approach to personal privacy does, however, require a few basic questions to be asked before the latest policy, technology or investigative technique is given the go ahead: (1) Is there legal authority for the privacy infringement in question?; (2) Is there a legitimate reason for the intrusion of privacy?; and (3) Could that legitimate aim be achieved in a way which does not intrude into a person's privacy or could do so less? It also reminds us to be diligent about measures which have an arbitrary or discriminatory impact on certain social groups. These basic, common sense questions are, we believe, integral to good policy-making, Government accountability, an engaged citizenship and a healthy democracy.

A SURVEILLANCE STATE—OVERVIEW

  4.  In November 2006 the Information Commissioner Richard Thomas said "Two years ago I warned that we were in danger of sleepwalking into a surveillance society. Today I fear that we are in fact waking up to a surveillance society that is already all around us." His words came at the time "A Report on the Surveillance Society"[2] was published. Liberty agrees with the assessment made by the Information Commissioner. Like him we also accept that surveillance is an unavoidable and often justified aspect of life in the early 21st century. However, the extent to which every person in the UK is subjected to surveillance has increased disproportionately to any justifying social need or benefit.

  5.  "Surveillance" can usefully be sub-divided into different types:

    —  "Mass informational surveillance" relates to the retention and dissemination of database information. This would cover databases such as the National Identity Register (NIR), created by the Identity Card Act 2006 (IDCA) and the Children's Index set up by the Children Act 2004.

    —  "Mass Visual Surveillance" relates to the use of CCTV cameras.

    —  "Targeted Surveillance" refers to the use of intrusive powers such as communication interception by means of the framework created under the Regulation of Investigatory Powers Act 2000 (RIPA).

    —  Finally, the retention of DNA retained on the National DNA Database (NDNAD) is arguably surveillance.[3]

  The central distinction between these types of surveillance is that targeted surveillance is commonly used as part of an intelligence-led investigation into illegal or unlawful activity. Mass visual and informational surveillance does not take place in anticipation of a specific investigation into impropriety but will often be claimed to have some crime detection or (in the case of CCTV) crime prevention purpose. Information is retained and disseminated in anticipation of being of use for investigation. Mass informational surveillance will also take place for purposes unrelated to investigation such as assisting access to public services.

  6.  Mass and targeted surveillance techniques have usually been distinct. However, in the last few years this distinction has been blurred by increasing use of "data matching" and "data mining" processes. These techniques are based on the use of automated processes which analyse or match seemingly innocuous data in order to throw up anomalies or inconsistencies. When used in relation to information about people this is more commonly known as "profiling". The blurring of distinction arises from the fact that there is no human or intelligence led initiation of suspicion. Human investigation will follow after initial matching or mining.

  7.  In this short response we will make brief observations on all these forms of surveillance along with appropriate conclusions and recommendations. Liberty will be publishing a substantive work on surveillance and privacy over the summer which will cover in far greater detail some of the issues touched on here.

MASS INFORMATIONAL SURVEILLANCE

  8.  Proliferation of CCTV might attract more observation and comment but the increase in informational database use has arguably been the more profound societal shift in the last decade. Access to and use of mass informational databases is part and parcel of everyday life, whether it is almost instant information provision via an internet search engine or identifying a postal address by way of a postcode and house number. Mass informational database use is increasingly being used as a tool of government though programmes such as the compulsory NIR or the Children's Index.[4]

  9.  Liberty's views on the undesirability and likely ineffectiveness of the NIR are well documented and we do not intend to repeat these here. There are, however, several points that can be made about the IDCA that are relevant to consideration of the surveillance society. The reserved powers scattered throughout the Act allow scope for the range of uses and purposes of the NIR, and those who can have access to it, to be increased. If the NIR comes into existence then it is likely to make logistical, financial and political sense to increase the purposes it serves. If, for example, the NIR had been in operation at the time of Ian Huntley's conviction for the Soham murders, the mood of public outrage was such that there would have been political pressure to place details of convictions or "soft" non-conviction police intelligence onto NIR entries[5]. The experience of the previous World War II identity cards suggests that extra purposes would be found as that scheme saw an increase in uses from three to 39 in 11 years. A further point worth making is that as the identity cards scheme is rolled out, the NIR will also allow a detailed audit trail of individual activities to be drawn on each entry by virtue of the entries permitted by paragraph 9 of Schedule 1 IDCA. If private sector agencies such as banks gain access to NIR as a means of verifying identification, the detail on this audit trial will increase.

  10.  Liberty does not believe that there is any justification for the NIR but does not take this position in relation to others mass informational databases. For example, we accept that the Children's Index was created to protect children—clearly a legitimate purpose. We did, however, take issue with the Bill when it was passing though Parliament. The policy driver for information sharing powers was the tragic death of Victoria Climbié. The implication was that social workers in her case were somehow prevented from sharing information. In reality information sharing powers were available. Victoria's death was more a result of a catalogue of mistakes and the fact that those responsible for her care lacked training, resources and guidance. Liberty also felt that the proposals were so broad and poorly framed as to raise significant concerns over the privacy of children and families. We believed the Index might in practice undermine child protection. So much information would be gathered that children genuinely at risk might be overlooked as a consequence of "not seeing the woods for the trees". However, we do believe that the Children's Index, if limited in scope and effectively regulated, could prove to have genuine child protection benefits. The application of Human Rights principles of necessity, proportionality and legitimate purpose could ensure that only appropriate information is entered into the Index and only those who have proper justification would have access. Effective oversight of the ICO would also be essential for proper operation. As previously stated, there is not the space to provide more detail in this document.

  11.  Liberty's forthcoming work on privacy gives more detail on this subject. However, the example of the Children's Index encapsulates Liberty's approach to mass informational surveillance. Used effectively, it can be of public benefit. Used excessively, it infringes privacy and can be counterproductive. Human rights principles and effective regulation can provide a framework for striking a balance. Unfortunately, comments made by the Prime Minister earlier this year indicate that the prevailing attitude in government is that mass public sector information sharing is, by its nature, desirable.

MASS VISUAL SURVEILLANCE

  12.  The proliferation of CCTV in the UK is well documented. Hardly a week passes without new newspaper reports of advances in CCTV technology. Most recently headlines have focused on talking CCTV: "Big Brother is Shouting at You" (Daily Mail, 16 September 2006), "Oi! Talking CCTV cameras will shame offenders" (Daily Telegraph, 6 April 2007), "Talking CCTV gives Big Brother a voice" (Daily Telegraph, 5 April 2007), "Oy! Big Brother is talking to you" (Sunday Times, 4 March 2007). Liberty believes that CCTV has some limited crime detection use but negligible crime prevention use. At most, it can play a part in a holistic approach to combating crime. Whether new generation systems will prove to be of greater use in combating crime than their predecessors remains unproven. Many improvements seem little more than gimmicks.

  13.  Liberty has two principal areas of concern over the use of CCTV. First, it remains effectively unregulated. The legislation that can, but often does not, apply to CCTV is the Data Protection Act 1998 (DPA). However the DPA is not intended to provide a comprehensive framework for CCTV regulation. The data protection principles in the DPA cater for the processing, retention and dissemination of data. They do not provide any detail on, for example, the need to justify the location of cameras, notification of location, good practice on handling footage and so on. Good guidance does exist for the use of both private and public sector systems but these are effectively voluntary and unenforceable.[6]

  14.  Our second principal concern is that even the limited applicability of the DPA only relates to a small number of CCTV cameras. The case of Durant in 2004 resulted in many systems not being subject to the DPA at all.[7] The basic position is that CCTV is only covered by the DPA if it can be shown that a system is targeted on an identifiable subject. Clearly many systems, especially those set up by public authorities, do not target individuals and would not be governed by the DPA. As a consequence, CCTV in the UK remains largely unregulated.

  15.  In March 2007 the Council of Europe Venice Commission published an opinion on video surveillance in public places and the protection of Human Rights[8]. It laid out the Venice Commission's views on the data protection and human rights requirements of legislation and good practice governing the use of CCTV. Its conclusions serve as a useful reminder of the societal impact of CCTV upon a country where it has become ubiquitous:

    "Video surveillance of public areas by public authorities or law enforcement agencies can constitute an undeniable threat to fundamental rights such as the right to privacy | and his/her right to benefit from specific protection regarding personal data collected by such surveillance | it is recommended that specific regulations should be enacted at both international and national level in order to cover the specific issue of video surveillance by public authorities of public areas as a limitation of the right to privacy."[9]

INTRUSIVE SURVEILLANCE

  16.  The use of intrusive surveillance is governed by the Regulation of Investigatory Powers Act 2000 (RIPA). The call for evidence does not mention RIPA. However, given that the most invasive surveillance uses RIPA powers, we will make a few observations. There can be no argument against the proportionate use of surveillance powers by the state particularly when involving investigations into serious crime and threats to national security.

  17.  The use of RIPA has increased considerably since it was passed. To an extent, this might be justified by increased concerns over national security. However the sheer scale of RIPA use is staggering. In February 2007 the Interception of Communication Commissioner, Sir Swinton Thomas, reported that over 439,000 requests for communications traffic data were made in the period 1 January 2005 to 31 March 2006[10]. A total of 2,243 intercept warrants were issued in the same 15 month period[11].

  18.  The scale of surveillance can be attributed to several factors. The scope of those able to use RIPA powers is wide with a huge range of public bodies having access to them. RIPA orders published as secondary legislation set out those bodies with access to RIPA powers. However, they receive scant Parliamentary time and are, in any event, unamendable. RIPA powers are often self-authorising with lower level communications data powers being authorised internally and even the highest level interception powers only requiring the authority of a government minister. This can be contrasted with the USA where, historically, there has always been independent judicial authorisation at the heart of the US surveillance process. Any surveillance warrant against a US citizen needs to be granted by a court. Meanwhile, interceptions of Communications to the US originating from overseas need authorisation from a special Foreign Intelligence Surveillance Court. After the September 11th bombings, attempts by President Bush to introduce a limited scheme of executive authorisation of warrants (ie similar to the UK's) were deemed unconstitutional by the US Federal Court.[12]

THE NATIONAL DNA DATABASE (NDNAD)

  19.  The UK retains five times as many of its population on the NDNAD as any other country. In recent years the grounds for taking and permanently retaining DNA has expanded from those who are convicted of offences, to the current position of retention on arrest for any recordable offence. There is discretion for the police to remove a sample but this seems only to be exercised in exceptional circumstances. There are indications that the grounds for retention may soon be increased again to cover arrest for non-recordable offences[13].

  20. Liberty believes that the continued rolling out of the database will eventually result in a "tipping point", whereby a large enough proportion of the population are on the register to justify the case for compulsory entry for all on the NDNAD. We believe that if this is the intention then the case for compulsory retention should be made now. Liberty accepts that there is a need for a limited database of those convicted of certain offences (generally involving violence or sexual assault). However DNA is irrelevant in most criminal cases and the vast majority of entries on the register will be of no use in solving crimes.

  21.  It is very difficult to have a debate on the NDNAD as discussion usually takes place following the DNA assisted conviction of a person for a gruesome historical crime. It is difficult to weigh the "light effect, wide impact"[14] effect of DNA retention on the population as a whole in the context of this type of case. Again there is not space here to discuss these issues in detail but it is worth noting that the impact of roll out has had a hugely disproportionate impact upon certain demographics, particularly Afro Caribbean males. It has also resulted in the permanent retention of thousands of young people under 16 with no criminal conviction or caution. Balanced against this is an admission from the Government that there is no evidence that taking the DNA from those who have not been convicted has helped crime detection.[15] Furthermore, although there has been a massive extension of the NDNAD over the last three to four years, the rate of crime detection using the Database has stayed at about 0.35% of all recorded crime. If extending the size of the NDNAD had been successful one would expect this proportion to have increased.

DATA MATCHING, DATA MINING AND PROFILING

  22.  As mentioned in the introduction, data mining and data matching techniques are increasingly being used for crime detention. A recent Home Office White Paper gave details of plans to increase the use of data mining techniques.[16] The Serious Crime Bill before Parliament formalises data matching practices in relation to fraud. These practices are a consequence of increased technological sophistication coupled with vast quantities of data held on mass informational databases, making traditional human led intelligence policing more difficult.

  23.  As well as raising significant issues of proportionality and legitimate purpose, there are several specific points that the Committee might consider. Of particular significance and central to Liberty's analysis of the surveillance society is that data matching and data mining practices have outstripped data protection legislation. The DPA is nearly 10 years old. The European directive, upon which the DPA is based, dates from 1995.[17] The regime created by the Act and its accompanying principles might have provided an adequate framework at a time when "processing" more usually involved the processing of small amounts of data. However, the DPA is not equipped to cope with mass data processing exercises. For example, the second data protection directive permits data processing only for one or more specified purposes. However, all that is required is for these purposes to be notified to the Information Commissioners Office (ICO). This would allow mass processing for multiple purposes provided that the ICO is notified. Notification is essentially an administrative matter. The ICO has no ability to refuse notification and what limited enforcement powers exist, can apply only once processing has already taken place.

  24.  As mentioned earlier, data matching and mining processes applied to people can be called profiling. Following the terrorist bombings in July 2005 and the alleged aeroplane hijackings in August 2006, there were calls from a variety of sources to adopt profiling on public transport and for flight passengers. So far, we are pleased to see that there have been no moves in this direction. However, we are concerned that the growth of mass informational databases might make moves towards profiling difficult to resist. The National Identity Register is a good example of how this might occur. After the July 2005 attacks, the former Home Secretary, Charles Clarke, publicly accepted that ID cards and the NIR would not have prevented the attacks. This makes sense as it is safe to assume that British intelligence and policing agencies have gathered information on anyone that they believe could constitute a risk to national security. The reality is that anyone who does give reason for concern would become subject to a level of targeted surveillance that would collate information going way beyond what would be contained on the NIR. It is not feasible that the NIR entry would add to that possessed by the Security Services. This leads to a worrying possibility: in order to be of any use whatsoever in combating terrorism, the NIR must contain more information. This would need to be of a type that would separate those who present no, or minimal, risk to national security from those who might pose a serious risk. In other words, to be of any use in combating terrorism, data contained on the NIR must be increased in order to allow some degree of profiling and categorisation.

CONCLUSION

  25.  Space considerations preclude anything other than a brief summary of the steps Liberty believes are appropriate to protect privacy against unwarranted surveillance. If the Committee is taking oral evidence we would welcome the opportunity to discuss our observations and conclusions in greater detail. Liberty believes that the legislative and regulatory framework has failed to keep place with surveillance. As explained above, the DPA is out of date. New data protection legislation is needed to reflect changes in data processing techniques and to properly regulate CCTV. The ICO needs better resources and more proactive powers to properly police surveillance. The ICO should also be heavily involved in the drawing up of guidance and good practice in information access and dissemination.

  26.  The role of Parliament also needs to be enhanced by ensuring individual Commissioner's report to Parliament rather than to ministers.[18] As details of information access and sharing are typically reserved for secondary legislation, Parliament should be more readily given the power to amend regulations.[19] Privacy impact statements should be introduced to accompany Bills. More independent judicial authorisation of interception powers under RIPA are necessary, as is greater oversight and control of communications data access. There should be no further roll out of DNA retention powers and a presumption in favour of sample destruction should be introduced for those not charged or convicted. These measures will re-introduce proportionality and accountability to surveillance. They require political will but would help counter growing public unease about the extent of the surveillance society.

June 2007









http://www.ipt-uk.com/docs/HC315.pdf











1   Sebastian Haffner, Defying Hitler: a memoir, (London, 2003), p.180 Back

2   http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/surveillance_society_full_report_2006.pdf Back

3   It is, however, distinct from mass informational surveillance in that it is "data" that (at present) serves a specific single purpose which cannot be applied elsewhere. Back

4   The Children's Index is intended to assist child protection by allowing different services the ability to enter and access details of children onto the index, including anything that might constitute a "cause for concern" (discussed below). Back

5   As it was the Bichard Inquiry into the killings made the commendable suggestion that a positive vetting process be introduced. Back

6   See for example the guidance issued by the Information Commissioners Office in 2000 for operators of CCTV systems http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/cctv_code_of_practice.pdf and "A Watching Brief-A Code of Practice for CCTV" aimed at public sector users of systems published by the Local Government Information Unit in 1996 Back

7   Durant v Financial Services Authority [2004] F.S.R 28, CA Back

8   http://www.venice.coe.int/docs/2007/CDL-AD(2007)014-e.asp Back

9   Ibid paragraphs 79-81 Back

10   "Communications data" are records (but not the contents) of communication traffic such as mobile phone calls and email records. According to the report for 2005-06 there were 439,054 requests Back

11   "Intercept warrants" allow interception of communications so that the contents of communications can be recorded Back

12   American Civil Liberties Union et al., v. National Security Agency / Central et al., United States District Court for the Eastern District of Michigan, 17 August 2006 Back

13   See the recent Home Office consultation "Modernising Police Powers: Review of the police and Criminal Evidence Act" (PACE) 1984 at paragraph 3.33 "The absence of the ability to take fingerprints etc in relation to all offences may be considered to undermine the value and purpose of having the ability to confirm or disprove identification and, importantly, to make checks on a searchable database aimed at detecting existing and future offending and protecting the public. There have been notable successes particularly through the use of the DNA database in bringing offenders to justice". http://www.homeoffice.gov.uk/documents/cons-2007-pace-review?view=Binary Back

14   "Light impact, wide effect" measures are ones which have a relatively small impact upon an individual but which have a considerable cumulative effect upon society. Back

15   Home Office Minister Joan Ryan 9 October 2006 "As far as we are aware, there is no definitive data available on whether persons arrested but not proceeded against are more likely to offend than the population at large." HC Deb, Col 491W Back

16   New Powers Against Organised and Financial Crime Back

17   Directive 95/46/EC Back

18   The Interception of Communication Commissioner, The Surveillance Commissioner and the National Identity Scheme Commissioner Back

19   As has happened in the ID card act in relation to information that can be recorded in the NIR Back


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009