The Privacy, Identity & Consent Blog

So, last week we had the latest in a long line of data loss incidents: a member of Atos Origin's staff left user and password data for the Government Gateway in a pub car park. I look forward to hearing confirmation that both the individual concerned and the individual responsible for management of the project have both been asked to revise their career aspirations. But this was in the same week that the Minister responsible - Work and Pensions Secretary James Purnell MP - had to apologise for leaving confidential documents on a train. Are the two cases really so different, and can future incidents be avoided using the same controls?

Continue reading "I blame the old men" »

The credit crunch is beginning to bite hard - so much so that we're finally starting to refer to it as the recession that it really is. At a time when data loss incidents are still high on the media agenda, is the recession going to have a negative impact on privacy?

Continue reading "Crunch time for privacy?" »

Newsbiscuit is reporting that a book containing the names and telephone numbers of hundreds of thousands of people has been discovered on a doorstep.

[Another classic from Newsbiscuit, which is well worth keeping an eye on!]

The Home Secretary, Jacqui Smith, is currently hosting a press conference to launch the National Identity Scheme Delivery Plan 2008: Response to Consultation.

Continue reading "Home Secretary Launches ID Cards Response to Consultation" »

Tomorrow morning the Home Secretary will publish the government's response to the National Identity Scheme Delivery Plan 2008. The document, which is expected to outline the issues raised by consultees, and to address those issues where appropriate, should make for interesting reading. I'll be there and will live blog it if space and 3G signals allow...

The Home Office has floated the idea of forcing anyone who wishes to purchase a mobile phone to provide a passport or equivalent before they can do so, and these details will be logged on a database for the purposes of tracking terrorists and organised criminals.

I suspect that it's not beyond the capabilities of the average criminal mastermind to obtain false papers, or easier still to pay someone else to buy the phone for them. It will certainly make a change from kids asking adults to buy them booze, I now expect to see besuited mafia types lurking outside Phones4U saying "oi mister, get us a Nokia N95 will ya". Furthermore, if the purpose really is national security, then surely Sir James Crosby's recommendations would suggest that the government should want to make it easy to buy phones so that their location and traffic can be monitored (the Communications Data Bill should assist with that one).

Anyway, there are a couple of good business opportunities here. Firstly, to open an import business that sells overseas SIMs into the UK by mail order. Secondly, if the Home Office really means 'phones' and not 'SIMs' then I'm going to start hoarding handsets because prices of second-hand units will skyrocket as people either refuse to identify themselves for a new one, choose not to identify themselves because of nefarious intent, or (much more importantly) cannot identify themselves because of a lack of suitably robust credentials (socially marginalised groups).

It certainly seems inevitable that if this proposal goes through then it will only be a short period before ID Cards are accepted in place of passports, and the next logical step will be ID Cards being the only valid way to obtain a phone. Welcome to the panopticon...

The BBC is reporting that the Data Protection Act has prevented researchers from finding out how many forces veterans have served time in civilian prisons.

Clearly this is a very legitimate and socially important piece of research, since too little is done for veterans in this country. But blaming the DPA? I'm having some difficulty with that as an excuse. There are numerous mechanisms available for working with sensitive statistical data. For example, the Office of National Statistics - a public authority that pretty much invented the concept of Data Protection in the UK, and which doesn't generally worry about DPA because its own privacy standards exceed the Act's requirements by such a huge margin - processes sensitive data in 'safe havens' within its own offices (generally standalone PCs which are wiped once each analysis project is complete).

Furthermore, surely the researchers could request consistent indices for the various data sets so that they can match and track the individuals concerned without risk of a privacy breach?

This seems like a cop-out, yet another chance to blame the DPA for failings elsewhere. I'd like to see a statement from the Information Commissioner to set the record straight.

Transport Secretary Geoff Hoon has defended plans for the Government's proposed Communications Data Bill - by saying that by not monitoring this traffic, it would be "giving a licence to terrorists to kill people". Whilst I appreciate he might not have been briefed to speak on this, it's quite possibly the most trite and facile justification for a panopticon that has ever been put forward; not even worthy of the arguments used to justify the ID Cards Act when that polemic was in full swing 3 years ago.

He didn't stop there: "If they are going to use the internet to communicate with each other and we don't have the power to deal with that, then you are giving a licence to terrorists to kill people." Yes, and by allowing people to drive cars, we are giving them a license to drive to their local terrorist cell get-together. By allowing them to buy pens and paper, we are giving them the ability to write down their plans.

This has to stop. It's daft, its's disproportionate, it's unjust. But we need a campaign and we need a name to rally round (NO2CommsDataBill doesn't really trip off the tongue). Any suggestions?

Lord Carlisle, the government's reviewer of anti-terror legislation, has expressed his concerns about the proposed interception of data plans in the Communications Data Bill, which is set to go before Parliament in the next session. He's not minced his words: "As a raw idea it is awful".

This may be understating the facts - at a time when the UK has taken on £11,000 of debt per family to bail out the banks, the last thing we need is to blow up to £15bn on a system that will intercept the telephone and email communications of absolutely everyone. This approach is simply disproportionate and unnecessary, and effectively criminalises the entire population in a quest to find the few who may be engaged in terrorist activities.

Not so many years ago, we were accustomed to things going bang on a regular basis, particularly in London. The loss of life was utterly tragic, and the cost to the economy substantial, but this sort of idea was not discussed then (although to be fair, the technology didn't exist to do it at that time). The idea of tapping all communications as a matter of routine in the face of the modern threat is simply not proportionate. Just because we can intercept private communications, it doesn't mean we should.

Benjamin Franklin understood this all too well. In 1775, he wrote "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." If this part of the Bill goes through, then we will certainly have relinquished both to any future government that chooses to use such a scheme for anything other than anti-terror controls. Look at the Regulation of Investigatory Powers Act - it was intended to allow the monitoring of terrorists, but is now routinely used to check on dog fouling, school catchment areas and fly tipping. Can we really be so sure the same won't happen with this panopticon of a system?

Update: The National Research Council in Canada has concluded that such data mining initiative are of very limited use in anti-terror controls.

Clearly 100,000 is the data loss number of the day - first EDS admits to losing details of 100,000 MoD personnel, then Deloitte confesses to losing a laptop containing details of its pension scheme members.

As Evan Davis said on this morning's Today programme - "I've lost track of how many of these incidents we've reported recently". People ask me why I oppose Data Breach Notification - well, there's your answer...