Surveillance State Kerplunk

The Conservatives have unveiled their plans for reversing the rise of the surveillance state. Seeking to pull the surveillance infrastructure out of government, their views are commendable, but it will be difficult to pick out the undesirable straws from the necessary ones – in the manner of Kerplunk – without bringing the infrastructure down around us. What are they calling for, and what are the consequences?

The state of the database state

The document describes a stark reality: that New Labour ignored the warnings of the Information Commissioner and the Director of Public Prosecutions, and rubbished the findings of Privacy International and the Joseph Rowntree Reform Trust (JRRT), to push ahead with a new relationship paradigm between citizens and the State – one in which central and local authorities command and control individual’s lives.The Conservatives recognise that this approach ignores technology developments, failing to incorporate federation mechanisms and proper security controls in system designs. That last point is vividly demonstrated by quoting the Prime Minister’s response to public sector data losses in 2008:

“We can’t promise that every single item of information will always be safe.”

From a security perspective, that is of course true, but it should not become a design aspiration in a new system, as appears to be the case with a long list of system failures and data losses listed in the Conservative report. The Conservatives pay particular attention to the National Identity Service, quoting Microsoft’s former National Technology Officer Jerry Fishenden when he said that the National Identity Register will create

“a ‘honey pot effect’ for hackers, fraudsters and terrorists…” [leading to] massive identity fraud on a scale beyond anything we have seen before”.

They also point out the failure of the plans for the Communication Data Bill (although that particular policy item is still very much alive on the government’s agenda), attempts to undermine data sharing controls in the Coroners & Justice Bill, the rollout of ContactPoint, and the JRRT’s conclusion that a quarter of public-sector databases are almost certainly illegal. Ironically, one of their best quotes comes from former Home Secretary David Blunkett, the original champion of big databases:

“If we tolerate the intolerable, the intolerable gradually becomes the norm.”

Rolling back the Labour years

The Conservatives define eleven policies to extract the State from its current position, underpinned by five guiding principles, which are worth quoting in full:

  • We want to see fewer – not more – giant centralised databases, amassing personal information on the citizen.
  • Government should be guided by the principle of proportionality, which means that fewer personal details are accurately recorded and held by specific authorities on a need-to-know basis only, and for limited periods of time justified on the basis of operational necessity.
  • Wherever possible, personal data will be controlled by individual citizens, who have the power to decide which agencies can access or modify this information.
  • We need greater checks on data-sharing between government departments, quangos and local councils.
  • We need stronger duties and sanctions on government, to ensure that the private information it gathers is held securely and that government databases are properly managed.

These are powerful principles, which represent a reversal of much of current government policy. The stated policies are as follow:

  1. Scrap the National Identity Register and ContactPoint databases, flawed systems that will create greater – not less – public exposure to risk.
  2. End the permanent retention of innocent people’s DNA on the National Police DNA database.
  3. Restrict and restrain council access to personal communications data.
  4. Reviewing protection of personal privacy from the surveillance state as part of a British Bill of Rights.
  5. Strengthen the audit powers and independence of the Information Commissioner.
  6. Require Privacy Impact Assessments of any proposals for new legislation or other measures that involve data collection or sharing at the earliest opportunity. Require government to consult the Information Commissioner on the PIA and publish his findings.
  7. Immediately submitting the Home Office’s plans for the retention of – and access to – communications data to the Information Commissioner for pre-legislative scrutiny.
  8. Require any new powers of data-sharing to be introduced into law by primary legislation, not by order, so that they are properly debated and scrutinised in Parliament.
  9. Appoint a Minister and senior civil servant (at Director General level) with responsibility for operational data security.
  10. Task the Information Commissioner to publish guidelines on best practice in data security in the public sector.
  11. Task the Information Commissioner to carry out a consultation with the private sector, with a view to establishing guidance on data security, including examining the viability of introducing an industry-wide kite mark system of best practice.

It’s reassuring to see that the Conservatives haven’t fallen for the spin that the UK has obligations under EU law to build the NIR for passport purposes (it hasn’t), or that it would be more expensive to scrap the NIR than to build it (it wouldn’t). An Information Commissioner who reports to Parliament rather than the Ministry of Justice, and will be given the task of auditing government departments and other public bodies, should finally be in a position to take affirmative action when it’s needed, in much the same way as we see in the likes of Germany or Canada.

The Conservatives are extending the requirements of the government’s own Data Handling Review to ensure that not only are new systems subject to a PIA, but also new legislation: there is little point in conducting a PIA on a fundamentally unjust system when it has been mandated in law and there’s no scope to change the deliverables (for example, the Information Commissioner publicly dismissed the idea of PIAs on some or all of the National Identity Service). This is definitely a welcome move.

Setting party politics aside, the Conservatives should find sympathetic ears north of the border, where the Scottish government has long been ahead of the rest of the UK in its understanding of the challenges and consequences of surveillance technologies, and is currently consulting on a set of detailed principles to control government use of personal information.

Consequences of Conservative policy – what does all this mean?

Oliver Letwin’s team is developing Tory policy for their (anticipated) first 100 days in power, and that plan will have to deal with both the stated policies and some of the anomalies that may arise from them. I broadly agree with the document, and certainly welcome it as an alternative to current government policies, but there are some loopholes and areas that will need particular attention. A few of these include:

  • At the broadest level, the Conservatives wish to scrap the National Identity Register. Whilst I would endorse that policy, we must not abandon the provision of population-scale authentication services, which is duty of government and an essential service for the UK if we are to compete in the online economy. We can’t just have ‘no ID at all’ – there are plenty of examples of proportionate, population-scale authentication schemes out there, and we should consider how a citizen-centric scheme, built primarily to service individuals and industry, rather than the needs of the State, could promote economic growth and protect against fraud. The government’s own advisor, Sir James Crosby, made this point in his report to the then-Chancellor, Gordon Brown. We shouldn’t ditch the idea of strong authentication, just the current fundamentally flawed plans.
  • If the NIR goes, then decisions will have to be made about whether to also disband the Identity & Passport Service, and how to unwind the current supplier agreements and procurement contracts. We will also need to decide the fate of biometric visa documents issued by UK Borders, which have been pitched as ‘ID Cards’ to the public, since keeping them in that form would risk the creation of a two-tier identification society, where immigrants are discriminated against using these cards.
  • If we scrap the NIR and ContactPoint, then government will require clear guidance on what should be used as the ‘trusted index’ for delivering transformational objectives, or even whether those objectives are still desired. If we are to drop the National Insurance number as a pan-government identifier (which I hope we will) then there has to be a strategy to facilitate accurate and privacy-friendly data sharing where it is necessary and reasonable. Without such guidance, departments will invent a host of fresh ID schemes.
  • We have many other ID schemes being developed by different departments, local authorities and healthcare providers. If we are to save money, then these should be condensed into the minimum number – ideally just one. Some of that money saved will be needed to help fund the Information Commissioner’s new audit team that is called for elsewhere in the document.
  • From a security and liberty perspective, ContactPoint is indefensible, but we need to create a framework for the discussion of child protection issues without putting children at risk or resorting to the current draconian measures again.
  • The government just this week announced the appointment of Sir Joseph Pilling as the Identity Commissioner. Do the Conservatives plan to scrap that role?
  • The Conservative policy document refers to ‘ad hoc powers of inspection and financial penalties for the deliberate, reckless of grossly negligent management of data.’ I can’t really see the point of such punishments within the public sector, since the citizen loses once when their data is misused, and again when the department is fined and left with less money to fulfil its duties. The public sector needs to face up to the current reality of commercial practices – such an offence would be considered a gross breach of contract of employment, and result in dismissal for the responsible individuals.

These are just a few of the points that spring to mind, and if the Conservative policies are to come to fruition, then they need to be resolved before next May. Much of the policy document has been drawn up in partnership with pressure groups and selected experts, and the right move now would be to open it up to public consultation.

If we’re serious about handing the balance of power back from the State to the individual, then it’s time for individuals and companies to define what – if anything – they want from identity technologies; what a proper and proportionate role for government would be; and how we play Surveillance State ‘Kerplunk’ without bringing the whole information infrastructure crashing down around it.