Tony Collins's IT Projects Blog

Lives may be at risk because of data leaks, the Information Commissioner Richard Thomas is expected to say in a speech today.

Data loss or abuse of information has led to addresses of service personnel, police and prison officers and battered women being exposed. "Sometimes lives may be at risk," says Thomas in an advance copy of his speech.

Thomas also warns about the increased risks of data loss as information is centralised.

Ian Pearson, a former BT "futurologist" and a chartered fellow of the British Computer Society, has warned that a popular backlash against the government's preoccupation with surveillance technologies could lead to demonstrations and even attacks on computer centres.

Pearson's warning came in a keynote talk - " a trip to the future" - to hundreds of delegates at the City IT and The IT Security Forum on board the Aurora cruise ship recently.

He advised delegates from IT suppliers that they could become a target for the population's anger if they known to provide surveillance technologies to the government.  These were some of the points in his talk:

- A public backlash against surveillance technologies could happen within five years

- The surveillance state - what Pearson called the "Stepford Society" - could become an electoral issue, with the Party which credibly promises a reduction winning a general election.

- Law-abiding people are being "put in a digital prison by overt surveillance by the government" while criminals remain free.

The new Information Commissioner is likely to be Christopher Graham, now Director General of the Advertising Standards Authority. The Secretary of State for the Ministry of Justice Jack Straw is inviting the House of Commons' Justice Select Committee to hold a pre-appointment hearing and to report on Graham's suitability for the post. This is in line with proposals announced last year to increase democratic scrutiny of important public appointments.

Richard Thomas, the current Information Commissioner, retires on 30 June.  Graham is a non-executive lay representative on the Bar Standards Board which regulates barristers.

My colleague Philip Virgo who blogs for Computer Weekly and is Secretary-General of the Parliamentary and IT industry body Eurim, sent me a comment earlier this month which raises important matters. 

He pointed out that NHS consultants may have to keep track of dozens of passwords which change regularly - and those who may be able to help with lost passwords tend to keep office hours only.

Virgo says:

"Little black books and post-it notes are the only option if you are not to resort to the ultimate sin of shared pass-words - when your professional indemnity insurance (and thus your future employability let alone your reputation) depends on what is done in your name."

This raises an interesting question which has never been satisfactorily answered: How can the need for health information to remain confidential be reconciled with big NPfIT databases of medical records and the password-sharing, post-it-note culture of the NHS?

When they were planning for ID Cards, executives at the Identity and Passport Service thought it a good idea to use the DWP's Oracle-based Customer Information System to store the biometrics part of the National Identity Register.

It avoided the costs, complexities, and risks of failure which would have cast a shadow over building a large database built from scratch.

The problem now is that, through practice rather than any specific plan, the DWP's CIS is becoming the government's main citizen database.

This means that thousands of council staff and other public and civil servants are being given access to it.

And some council staff have already been using the CIS to check the data it holds on their friends and relatives.

Officials at the Identity and Passport Service point out that although the National Identity Register is being built on the DWP's CIS, ID card biometrics will be held separately on the CIS database.

An important report was published on 23 March 2009 which included a list and summary of Britain's biggest public sector databases. The report has some mistakes but they're distractions rather than a reason to denigrate all it says, as NHS Connecting for Health is trying to do.  

The national databases being built under the NHS's National Programme for IT [NPfIT] are among those which receive green, amber or red lights in the report according to privacy concerns about them. The Secondary Uses Services gets a red light, as does the NHS Detailed Care Record. Choose and Book and E-prescriptions get amber lights.

The report was commissioned by the Joseph Rowntree Reform Trust  from the Foundation of Information Policy Research [FIPR].  

In their briefings to broadcast journalists on the FIPR report, government spokespeople are trying to denigrate it by implying that its authors are politically biased.

But that's how governments usually respond when faced with criticism they find difficult to parry credibly . Ministers even attacked the politically-neutral Information Technologists' Company, among other organisations, when they were trying to shoot the messengers of bad news over the NHS's NPfIT.

The Government's preoccupation with surveillance of the people means that terrorists, drug dealers and investigative journalists have something in common. Charles Arthur in The Guardian points out that they will, as a rule, avoid using electronic media when communicating with their contacts.

Which means that the Government is amassing personal informaiton on various databases, and setting up numerous surveillance systems, to watch the citizens who are largely law abiding.

On BBC R4's Today programme on Monday I spoke of how IT suppliers successfully lobby for new work, with the result that ministers and their advisers are kept busy with proposals for new surveillance schemes such as the one to monitor all emails, phone calls, and use of social networks including twitter and facebook.

Elizabeth Dove (not her real name) contacted me when she found to her dismay that medical information she had given to her GP in confidence had ended up with council workers.

Now Jane Webb has emailed with a similar problem which seems to have no solution.

At a breakfast with business leaders last week Jacqui Smith gave a presentation on ID Cards and sounded, well, humble. 

She confirmed her confidence in ID Cards technology: a roll-out of the scheme will begin in Manchester later this year. At times her voice croaked. 

She has had the arrogance that nearly always seems to go with ministership knocked out of her by the media coverage of her second-home claim and her husband's decision to put the cost of the two adult movies on her parliamentary expenses.

In her speech she didn't have the "we-can-do-what-we-like" haughtiness which characterizes some secretaries of state.