You are here: Parliament home page > Parliamentary business > Publications and Records > Committee Publications > All Select Committee Publications > Lords Select Committees > Constitution > Constitution
Surveillance: Citizens and the State - Constitution Committee Contents

Examination of Witnesses (Questions 420-439)

Professor Angela Sasse, Professor Martyn Thomas and Dr Ian Forbes

27 FEBRUARY 2008

  Q420  Lord Norton of Louth: How does one safeguard against that? I remember discussions we had on things like making the electoral register available for commercial purposes. Are there safeguards just generally on the transfer of data in that form? Are they adequate?

  Professor Thomas: Given a particular requirement, you can usually build a safeguard that is adequate for the purpose, so it will not be a one-size-fits-all.

  Q421  Lord Rowlands: May I return very briefly to the earlier evidence when I referred to the police evidence given to us. I now have the text in front of me. It was in answer to question 147 and it was Deputy Chief Constable Gerrard who said "We were required through Her Majesty's Inspector of Constabulary ... to justify the expenditure around DNA ... we are required to record the amount of crimes that are detected, both primary detection and secondary detection, offences taken into consideration, that come from both fingerprint and DNA". He contrasted the fact that there was an evaluation process with DNA but there was not one with CCTV but they could do it. There is a cultural perspective and we have received evidence. Do you think this is either marginal or what?

  Professor Sasse: What that does is compare the expense on DNA and fingerprinting and how it is being used for convictions and that comparison makes the DNA database look quite good.

  Q422  Lord Rowlands: It is not a bad basis for evaluations, if it is helping to detect crimes.

  Professor Thomas: It is an uncontrolled experiment. It does not tell you what would have happened were the resources, for example, spent on more policemen.

  Q423  Lord Rowlands: There is an evaluation of some kind taking place on DNA. Can I refer to your evidence where you say "All surveillance changes the balance of power between the watcher and the watched, so the increasing collection and sharing of data by public-sector agencies self-evidently has constitutional implications"? As a Constitution Committee we are particularly interested in that. What specifically are these implications and how can we address the constitutional implications?

  Professor Sasse: To me a key one is the relationship between Government and the citizen, which is changing because the presumed-innocent-unless-proven-guilty stance that we have is being eroded in favour of going, if you are familiar with that movie, towards what we call the department of pre-crime, that information is justified, that information is collected and used quite extensively because it could be used to prevent crime. This went all the way to Tony Blair who, towards the end of his period, was proposing that you could assess the risk of a foetus in the womb turning into a criminal by profiling the family and background. I just find that incredibly shocking because, if you look at this as a social scientist, if you fall into certain profiles or certain groups, the suspicion is cast on you. It makes it all that bit harder for you, if you are being marked out like that, to turn out against the circumstances and turn good and this kind of profiling and aspersion erodes the normal relationship. Effectively the Government say to citizens that they are not trusting them, they are going to collect any information on them that they can and are going to hold onto it. To quote some policemen friends of mine, they will always say "What shall we collect? How long shall we keep it?" and they would say "Everything and keep it forever because you never know when it might come in handy". Whilst I can understand them making that argument, it completely erodes the basis of trust between the citizen and the state. People who are not trusted tend to react against; the people who are not trusted behave worse than people who are trusted.

  Q424  Lord Rowlands: What sort of constitutional safeguards should we be building in? We are now discussing constitutional implications, so can you give us any thoughts about what constitutional safeguards we should be building into the system?

  Professor Thomas: It seems to me fundamental to democracy that, firstly, everybody starts equal and, secondly, that the citizens can hold their Government to account because it is after all their Government. It is not that we are the Government's citizens: it is that the citizens come first and the Government is elected by those citizens. The more information that is held and processed in a way that is mysterious to the citizen, the harder it is to hold the Government to account for its actions. So it seems to me that transparency and reciprocity in visibility of what is going on become absolutely fundamental to democracy.

  Q425  Lord Peston: I do not know whether legally everybody has to have a name. I think everybody has to have their birth registered but could a parent say their child is not going to be given a name as far as you know? The reason I ask the question is that I have never understood, other than it would take 100 years, what the difference is between a person's name and their DNA, because both simply say this is who I am. I agree we might object to the DNA database because it would take 100 years from birth today right through plus the costs; there are arguments. In so far as I understand it, DNA is the equivalent of who I am, namely my name.

  Professor Thomas: It tells much more about you. It says who your parents are, for example.

  Q426  Lord Peston: It does on the birth certificate also.

  Professor Thomas: The birth certificate says who it was alleged your parents were.

  Q427  Lord Peston: Is it not helpful in a democracy to be able to identify every person? I was shocked by your piece of evidence a little while ago that the police, not even the police attending the scene of a crime, have to submit their DNA. Is that right? I find that staggering, I am with you on that, but I still do not see the argument why one would not record everybody's DNA at birth.

  Professor Sasse: As Martyn says, your DNA gives away a lot about you and it means then, if, for instance, you carry a certain genetic defect, you are immediately screened out and treated differently.

  Q428  Lord Peston: That is the use point, which is your other argument. I am simply asking what the argument is other than cost or we cannot wait 100 years?

  Professor Thomas: So long as it is universal there is actually no argument because, after all, your DNA is not private. If I take your cup away when we leave this meeting, I have got your DNA.

  Q429  Lord Peston: That is why I was so shocked by what you were saying about the police.

  Professor Thomas: But if I did collect your DNA and process it and analyse it and start looking at your familial relationships, you would have every right to feel under some kind of threat and a bit affronted.

  Lord Peston: I am not the sort of person who feels threatened but others might do.

  Q430  Lord Rowlands: May I get back to the point about the specific constitutional safeguard that we might be looking at? Are there any constitutional safeguards in any states outside ours which would be a good example to follow?

  Dr Forbes: I am not aware of any.

  Professor Sasse: It might be worth looking at the German model.

  Q431  Lord Morris of Aberavon: May I ask you about the RAE report on dilemmas as regards technology? The burden of the report seems to me that the law has not kept up or, if it has not, the alternative that it should keep up with the development of technology, that the law on privacy should be clarified. What exactly do you mean by that? Does it mean amendments to the law or more powers to the Commissioner?

  Dr Forbes: Certainly the Commissioner should have more powers. It means new legal arrangements, new legal provisions arising out of these changes. There is a discussion about the person and the DNA. The whole issue of identity and digital identity takes us into a grey area where it is not specified very clearly in the law where the rights begin and end, particularly between the citizen and the state because there is a lot more collection of data which allows the identification of an individual. Previously that has not been the case and you have not been able to work backwards very easily to a private individual but the increasing amount of data that is collected makes that more possible and it is a software operation, so it is a technological operation. There are cases for the law stepping in and making clear where the boundaries, at the moment, need to be set and what the consequences of stepping over those boundaries are. There has been quite a lot of change in our understanding of territoriality, in terms of our legal sovereignty, because of the internet. There is the whole issue of child abuse and storage on what used to be regarded as sacrosanct and personal items like computers and which now can be subject to legal process in the home. That is the kind of change. Because the technology has come into the home in a particular way, so the law has had to come into the home in a particular way. Those are the sorts of examples I would be thinking about. How long will it be legal for somebody to send me Spam? Nobody wants it, I cannot stop it, I cannot find out who is responsible and these are the areas where the law needs to be stepping forward.

  Q432  Viscount Bledisloe: You are suggesting that there are differences of views about what counts as reasonable protection of privacy. May I give one example from your own papers? The Academy of Engineering say in their report that the retention and sharing of data about individual's health is essential and that that must be done, whereas the Computing Research Committee says that there is certain data which people legitimately need to keep private, for example HIV status, mental illness and traumas such as rape. I suspect that on reflection everyone would agree with the second view and that the engineers have rather overstated their position. First of all, do you agree about that? Secondly, how does one deal with it? Do you have certain categories of medical information, such as those specified, which are not to be shared unless I consent and otherwise, on top of that, a general right for me to say I do not want this, that or the other or maybe any of my medical history passed around?

  Dr Forbes: There is no conflict here. If any individual gives information to a health professional and they store it and they record it, there is no problem in terms of privacy of that being shared with the next relevant health professional, like when the doctor changes, leaves the practice, you are still there, you want that record still there and you want that given to the new doctor. Even without my consent I want the relevant medical information used where it might need to be used, if I am unconscious or something.

  Q433  Viscount Bledisloe: Suppose I think I may have HIV and I deliberately go to a doctor who is not my normal GP because I do not want to tell my normal GP what I have been up to. Surely I will not want that passed back to my doctor without my consent.

  Dr Forbes: It seems odd, because if you have got HIV, that is information that the medical services personnel does have to have in order to treat you effectively; that is the contract. They have to know who you are, what your situation is, before they can be expected to give you any medical treatment.

  Q434  Viscount Bledisloe: I may prefer to be wrongly treated rather than have this information disclosed.

  Professor Thomas: Yes. I was involved in writing both these statements which you say are conflicting. The Royal Academy's point was that population-wide data is extremely valuable to the country, but that it ought to be anonymised, that the individual ought to have control over the link between their private data and their identity, particularly for the most sensitive personal data and what is sensitive will differ very much depending on the individual. If, for example, the summary care record is made available on the internet so that people can check their own health records and that summary care record contains prescription data, which is what is currently intended as I understand it, then that will put at risk, for example, a Muslim young woman who is taking contraceptives without the knowledge of her family and who can be placed in front of a computer in the security of her own home and forced to log in and reveal that medical data. So you get risks that differ by individual or type of individual and it is essential to set things up so that the defaults are safe right across the population and that people then have the right to open up the freedom of access. To set up a set of systems that put a sub-category of the citizenship at potentially serious physical risk seems to me to be unacceptable.

  Q435  Viscount Bledisloe: I have no problem with the theory that the world should be entitled to know how many HIV people there are in this country, how many people there are taking the pill, but surely I must have the right to prevent even my own doctor knowing that, if I do not want him to.

  Professor Thomas: I would agree with that.

  Dr Forbes: Nobody would know whether he did or did not.

  Q436  Lord Morris of Aberavon: We have gone through dozens of different scenarios. Should they not be looked at and have to be looked at case by case? The law after all is only a mechanism to put into effect ideas and who should reach a judgment on each of these cases as to what is proper and proportionate and appropriate?

  Dr Forbes: There is definitely a case for "horses for courses" because without a doubt there are different things which require different arrangements. It is also true, all the studies show, that there are certain specific problems with the security of data, that we need to have a higher standard of design and a higher standard of practice across the board and then, in those individual cases, you very specifically design something that is going to serve your purposes.

  Professor Thomas: The Health and Safety at Work Act has a blanket requirement that risks to safety of citizens should be reduced as low as reasonably practicable. That phrase "reasonably practicable" was defined in the Appeal Court very specifically to mean that the cost of reducing the risk further would be grossly disproportionate to the benefit that would come from doing that. I can, if you want it, provide you with a reference to that judgement, but it is on the HSE website as well. It seems to me it would be ideal to have exactly the same form of words in law when it comes to protecting privacy, that the risks of breach of confidentiality should be reduced as low as reasonably practicable.

  Q437  Lord Peston: I was very intrigued by the RAE's recommendation about organisations needing to authenticate individuals' entitlements. You say that they should use the minimum information necessary rather than requiring people to identify themselves, whereas I would have logically argued that requiring people to identify themselves is the minimum information necessary. Is the minimum information the fact that we have all got a national insurance number? Would that be what you had in mind? What is the minimum?

  Professor Thomas: No.

  Dr Forbes: Just take the example that Martyn used earlier. To use the Underground I could buy an Oyster card. You do not need to know who I am to go through that. I can be authenticated by using the Oyster card; I have permission to go through. There are lots of cases where all you need to know is that I do actually have permission, that there is some arrangement that has been made that gives access to this person with this bit of information that can be transmitted and recognised. Most of the time, it seems to me, I am asked not for a simple piece of data which gives me access but I am asked for my postcode. Suddenly they know who I am, where I live and they do not need to know that and lots of times I do not want them to know that because I suspect that I am getting junk mail because of some of these questions being asked. Even though you look very carefully to see how to stop that happening, still lots get through. I use different forms of my name so I know that junk mail that comes through is connected to that illegitimate use of my data. If I were just authenticated, they would not know who I was; they would not be taking my data and using it for their purposes. There are lots and lots of cases where that is all you need to be authenticated. If, for example, you are buying something over the internet, who knows who is at the keyboard? They do not authenticate the person.

  Q438  Lord Peston: I have misunderstood your evidence. I thought you were talking about things like "I am a single mother entitled to child benefit" or "I am disabled and I am entitled to these benefits".

  Dr Forbes: Absolutely; yes.

  Q439  Lord Peston: But one of the disgraceful things is that if I am disabled, the form I have to fill out requires the brain of an Einstein, let alone get the benefit. Certainly I have tried filling out such forms for other people, but I thought that was what you were talking about.

  Dr Forbes: No, it is about over gathering data.

 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index
© Parliamentary copyright 2009