The Privacy, Identity & Consent Blog

The Computer Weekly blog awards are now accepting voting. There are some great blogs in there, but I'd like to suggest you take a look at a few of my favourites:

- Dave Birch (Consult Hyperion, Digital Identity Forum) - IT Security category

- Jerry Fishenden (NTO, Microsoft UK) - IT Law and Governance category

- Tom Ilube (Garlik CEO) - IT Lifestyle category

- Guy Bunker (Symantec) - IT Security category

- Robin Wilton (Sun Microsystems) - IT Law and Governance category

This is your chance to recognise some of the great thinking and writing that's going on at there - get voting!

A US Court has ordered YouTube to hand over logs of the viewing habits of every user who has ever watched any video using the service. By favouring copyright over privacy, it has dealt a blow both to YouTube and the broader freedom of Internet usage.

Online auction house eBay's reputation-driven trust scheme is a much-admired and much-emulated model. Or at least, it was until recently when eBay made a significant change to its operation.

Apologies to all for the lack of posting recently, it's been silly season in preparation for the summer - but finally that's here! Today I depart for a 350-mile cycle ride to London and then on to Paris, in aid of Action Medical Research and Riding for the Disabled. The team has raised well over £30,000 so far, so please sponsor us here - and you can follow our progress here.

Normal service will be resumed next week!

The Register is reporting that the UK Borders Agency is showing a renewed interest in fingerprinting passengers at ports and airports. The intention is apparently to introduce biometric checks in those areas where domestic and international passengers can mix - such as London Heathrow's Terminal 5 - and then roll it out to some ports and the Channel Tunnel.

Earlier this year BAA suspended fingerprinting at Terminal 5 just before the opening. That system was reasonably privacy-friendly, but the new approach would appear to be destined for links into the various e-Borders watchlists, and that will certainly enrage privacy advocates. It also seems virtually impossible to enforce without a complete redesign of existing ferry port facilities - it would be even more chaotic otherwise.

This is another example of a system that may be justifiable for its purpose, but should not be built until we've resolved the legal issues around ownership of personal data. The Information Commissioner is reviewing the EU Data Protection Directive, and we should also have a complete reworking of the principles of data ownership so that as and when the scope of these biometric checks inevitably creeps, we have clearly defined legal boundaries to control what happens to it. In the meantime, we just have to press on with fingers crossed for a decent outcome.

The Foreign Office has reported the theft of 3,000 blank passports from a van that was taking them from the printing works in Manchester. The documents were blank and had not had any data imprinted on the embedded RFID chips, so the Identity and Passport Service is quoted as saying that this makes them useless to fraudsters.

Not so. All it does is make them very difficult to use at a UK port. British passports are traditionally very well respected (even if we were one of the last developed nations to introduce them for our citizens), and are very attractive indeed for fraudsters - particularly since they can use them to cross borders where the local infrastructure doesn't support RFID readers. After all, any fool can laminate details onto a blank document - that's not difficult to do - so it would seem inevitable that these documents will have been taken overseas. But so long as the problem doesn't come here, and only erodes trust in UK passports overseas, that's OK, isn't it?

The Human Genetics Commission has published a report that calls for radical changes to the national DNA database (NDNAD), including the transfer of control away from the government, and the erasure of records relating to individuals who have not been convicted of any crime. The basic findings are unsurprising, and include:

• provision of more public information about NDNAD;

• the need for independent and transparent oversight (a 'DNA Commissioner');

• a review of the arguments for the retention of DNA samples;

• a review of the collection and retention of volunteer samples;

• consideration of the justification for retaining samples for long periods;

• the risk of ethnic discrimination arising from use of the system.

These are highly valid points, and the report recognises that NDNAD has the potential to solve serious crimes, but I was disappointed that the discussion didn't move on to scrutiny and validity of forensic processes around the gathering and use of DNA evidence. The existence of a DNA record or a derived profile would worry me, but not so much as failings in the processes used to gather that data or present it in a court of law. Since DNA evidence is treated as the 'gold standard' in forensics, we need to maintain absolute integrity in its usage - otherwise we risk an environment where we receive regular knocks on the door from police investigating crimes committed by distant relatives, but DNA evidence is inadmissible in court.