Government legalises excessive processing of personal data (again) and risks more ID theft

The Government has decided to mandate the processing of excessive personal data and expose more young adults to ID theft. How? Just read on.

Just imagine you run a night-club that requires a licence to sell alcohol. A new law, enacted using Ministerial powers (thus ensuring limited Parliamentary scrutiny) requires you to have an “age verification policy” that “applies to the premises in relation to the sale or supply of alcohol”. In addition, that “policy must require individuals who appear ... to be under 18 years of age (or such older age as may be specified in the policy) to produce on request, before being served alcohol, identification bearing their photograph, date of birth and a holographic mark”.

As most identity cards used by staff at work do not show date of birth, what official identification document would satisfy you in this regard? I think there are three main contenders: passport, driving licence or ID Card. Remember, if things go wrong, you will need to prove that you have performed a “proof-of-age” check; so the chances are you will scan in identification documents present to you and keep them for a while. In this way, you are definitely a data controller subject to the Data Protection Act.

In fact, you might keep these details on a database, so that regular customers can register beforehand and quickly pass through your security on their next visit. The advantage of this approach is that once registered, customers do not need to bring their ID documents. Of course, if you decide on the Government’s ID Card, you should be able to check with the Identity and Passport Service national database to make sure the ID Card is valid. In this way, the database’s audit trail will keep a record of where the card holder goes clubbing (which can be disclosed to the authorities, whenever appropriate).

Note that there are any number of biometrics you could use to make sure that registered customers are who they say they are on the next visit. One could use a signature, or two fingerprints, or facial feature (e.g. scar on left cheek), location of mole or whatever is combination is convenient to you and your customers. However, the law now mandates “photograph” in every case. It is the Henry Ford approach to ID management: any biometric so long as it is the photograph.

Why this prescription? Well that is why we have Parliamentary scrutiny – when it occurs – to ask such questions! One suspects, however, that Government has rushed through secondary legislation because of the political imperative to show action against “binge drinking”; this has taken precedence over careful consideration of the law’s practical consequences. There are even those who suspect that this law is deliberately framed to promote the uptake of that increasingly unpopular ID Card.

Now we come to the crunch. The purpose of the law is to stop under-age drinking. To do that, all you need is a document that authenticates that the person is aged over 18 and verifies the card-holder as that person. You do not need to identify the individual, or mandate a photograph, or date of birth, or holograph or anything else: all you need is a verification and authentification process specifically designed for a particular narrow task in hand. What is more, there are companies that have these kinds of privacy enhancing technologies and products already on the shelf.

In other words, the Government’s law mandates excessive processing of personal data: the collection and retention of dates of birth when not needed, the unnecessary use of its official ID documents and the collection a particular biometric (the photograph). In addition, there are security concerns: by insisting on its own ID documents, the Government are ensuring that more passports, driving licences and ID Cards will be lost by young adults when they are “the worse for wear”.

I therefore recommend to Mossad (or anybody else) wanting to perform another bout of ID theft using stolen documents that they infiltrate night clubs as I am confident there will be lots of official ID documents to choose from.

These problems are self-evident to anyone who performs the most cursory of Privacy Impact Assessments (which hasn’t been done of course – see the official 37 page “impact assessment”). So to end by misquoting Laurel and Hardy: “Well, that's another fine mess in the making”.

Reference: The Licensing Act 2003 (Mandatory Licensing Conditions) Order 2010; http://www.opsi.gov.uk/si/si2010/draft/ukdsi_9780111491553_en_1. The 37 page Impact Assessment (which does not consider privacy concerns) can be found at: http://www.opsi.gov.uk/si/si2010/draft/em/ukdsiem_9780111491553_en.pdf

Labour positions itself on DNA retention and more CCTV

Whilst reading excerpts of Hansard to children at bed-time (it works a treat – they soon become bored and drop off to sleep), I became aware of an element of Labour’s strategy for the forthcoming General Election. In essence, it is: “Labour fights crime with more CCTV and an extensive DNA database”. No doubt, when senior police officers are interviewed on the telly about these subjects, they will sagely nod their heads and say something like: “Yes please. We really love this stuff”.

Labour's political strategy is being run in Parliament at the moment. For example, the Parliamentary Under-Secretary of State for Justice (Claire Ward) told the Conservative front bench: “the Conservatives would do better, given that they want to tie the hands of the police and crime enforcement officers in relation to many of the measures that we are using effectively, such as those involving DNA and CCTV”.  At a recent Prime Minister’s Questions Gordon Brown said: “If he would support us on CCTV and DNA, we might be more able to catch criminals at the right time and in the right place”.

Quite clearly a counter argument on the lines: “Most CCTV doesn’t do the job effectively” or “six year retention of DNA personal data on the innocent is a step too far” (see previous blogs) is going to need an explanation which is likely to be far too nuanced for tabloid headlines in the run up to an Election.

Consider the DNA database proposals which the Conservatives oppose in a limited way (six years retention of DNA of the innocent). When an Election is called, the Opposition Whips will sit together in a huddled room with senior Party MPs to decide what legislation gets through Parliament in its dying days. Their eyes will be focused on the forthcoming Election which is now a close run thing.

The closer it is, the more I think that the Conservative Whips might decide to defuse this element of Labour’s strategy by agreeing the DNA proposals subject to some additional “protection”. Also with respect to CCTV, I suspect that the Party will recognise that CCTV is popular with the public, and insist that there needs to be "stronger supervision" before a new scheme is implemented.

In other words, I am half expecting to hear the sound of political gears going into reverse and emollient words from Conservative spokespersons that they have gained  “firmer reporting to Parliament” or “spot inspections from the Information Commissioner” etc etc. Such talk should be recognised for what it is: a fig-leaf to cover a retreat.

The result could be that the Government’s proposals on DNA and CCTV will come into being without too much questioning on the detail. Yet, getting to the correct privacy balance needs analysis of such detail.

References: Hansard, 23 Mar 2010,  Column 114 and 10 Mar 2010, Column 293. Note: we have changed the search engine of the blog to one which we think works. If you have any comments, let us know.

Cartoon - on the occasion of the 20th Birthday of Privacy International

©Chris Slane

 

Reference: http://www.privacyinternational.org

 

Business should give Government ideas about how to use ID cards, says Minister

Evidence that the Government’s flagship ID Card programme is looking for a rationale for its own existence was given by Meg Hillier, Home Office Minister in charge of the increasingly costly development. Speaking to journalists and industry representatives in Westminster this week, Hillier said that the private sector "needs to take on a roll of provisioning a broader variety of services" based on the use of the ID Card and associated database.

Our Meg compared ID cards to the Apple iPhone. "The iPhone is just the infrastructure, it's the apps that make it interesting", she is reported to have said. While government is "best placed" to develop that infrastructure, it's up to the public and private sector to come up with good ways to use the cards and supporting database”.

Hillier, for example, suggested banks will see a use for the ID cards, as checking identity to set up an account costs them as much as £85 for the most difficult cases, such as the fifth of people in the UK without a valid passport - which includes young people, the elderly, and the poor.

Now that really is a new idea – the distribution of ID Cards to the needy! Perhaps the Queen could hand them out on Maundy Thursday? However, the message is clear. The ID Card is not primarily for terrorism, policing, immigration etc etc  – it is also for any good idea the private sector can think of!

While the system is currently in card form, Hillier noted: "In the future, it's the chip that's the important bit." She suggested chips could be integrated into mobile phones, get Chip and PIN for security, and also be used to prove identity online. She added: "There's lots of potential, but we don't have all the answers". Did Meg tell eager journalists about how the audit trail associated with the database would track all these developments?  Of course not.

I think I will end by modifying Meg's quote. "The ID Card is just the infrastructure, it's the apps that make it wholly frightening".

Reference: http://www.itpro.co.uk/621481/government-wants-business-ideas-for-id-cards

Sex offender disclosure procedure ignores data protection risk assessment

Ten days ago, the Home Secretary announced that members of the public can make applications for disclosure from police records about anybody who is in contact with children.  The Home Secretary’s decision was justified by Home Office research (and not made in order to catch a headline before the General Election campaign). The scheme is going nationwide starting in August.

However, after looking at the research report (see reference below), I believe that no data protection analysis or privacy impact assessment was made during the pilot with respect to disclosure. I believe the research does not provide a reliable basis for extending the scheme nationwide and that the disclosure procedures adopted by the police in relation to disclosure are flawed. Instead of a national roll-out (which risks being disastrous if it drives sex offenders underground), a more in-depth pilot is needed; one which includes some very important data protection considerations.

The procedure adopted by the police in relation to the pilot disclosures, as described in the research report, involves four steps: (1) any person can make a request (e.g. an "enquiry" by email) for information about a “subject”; (2) police then do a trawl of PNC, sex offender and local criminal intelligence data re the subject; (3) a preliminary risk assessment is made (4) enquiries which do not meet the selection criteria are rejected – others move to the “application” for disclosure procedure. A valid enquiry had to pass two thresholds: (1) the subject has unsupervised access to children and (2) the subject lived in the force area (see Table 1 footnote).

However, Table 7 of the research report indicates that “over half (i.e. 54% of applications) did not have unsupervised contact with children”. In other words, it appears that most “applications” for disclosure did not meet the stated criteria for an “application”  (i.e. the need for unsupervised access). This suggests that if the preliminary risk assessment proved remotely positive then the nature of any access to children (if any) was irrelevant.

By contrast, if the main criterion for disclosure were to be “unsupervised access to children”, then one would conclude that there would be no need to perform any preliminary check against PNC and criminal intelligence, if the subject did not have unsupervised access. In other words, step(4) of the police procedure should have been step(2); the research made no comment on this anomaly.

The importance of this becomes clear in the following scenario. Suppose an individual does not have any unsupervised access to children and is subject to an enquiry or application. There are likely to be audit trails in criminal intelligence that the subject was checked in connection with an inquiry under the “risk to children” disclosure procedure. Suppose further that individual then applies to work in an area that has access to children and a school (or the Independent Safeguarding Authority) obtains criminal intelligence that “an application” was considered.

The assumption, I think the school (or ISA) could easily make is that there was no smoke without fire. Because someone reported “something” and because the enquiry warranted consideration of “an application”, there might be “an issue” in relation to unsupervised access to children. Such information might then be passed to employers to assess. Now ask a simple question: if you were an employer with a short list of two job-applicants – one of which has this kind of query against his or her name and the other hasn’t - which one do you employ?

The report fails to mention (or appreciate) a number of areas where data protection requirements clearly apply. For example, it agonises over the fact that “some applicants struggled with not being able to pass on information (about the subject) to other people”. The report does not mention the obvious point that if the applicants were to disclose personal data to others, the risk of committing a S.55 offence would be very great. The threat facing applicants is not an actionable breach of confidence by the subject if they were to further disclose details about the subject, the appropriate sanction would be prosecution by the police force that provided the personal data.

In addition, the research ignores a central fairness question. Suppose you were checked by the police and no disclosure to the applicant occurred, should you be informed of the fact that there had been a check. I think the fairness provisions in the Act could require it in many circumstances, although I am the first to admit that this is a very difficult issue. However, one expects research to explore such difficult issues; its omission suggests that this rather basic data protection requirement was not even considered.

Also not considered is the role of criminal intelligence. If an enquiry is made in relation to an individual, one would expect a record of the enquiry would reside in the police’s criminal intelligence systems. Indeed the report notes that the police “value the gathering of additional intelligence”, especially in relation to individuals who are of no risk to children but who are known to the police.

This “additional intelligence” functionality is also a consequence of Step 4 being before Step 2 (see above), and one wonders whether it is appropriate. For example, should personal data be retained on criminal intelligence systems if the subject has no criminal record and was not previously known to the police?  If so, for how long? How is it judged that these personal data are relevant or even accurate? Is the recording procedure fair to data subjects? Important questions – all missing – and I suspect considered unimportant.

The small numbers involved in the research is a worry. The pilot areas are not large, and I estimate that a national scheme would scale the pilot disclosure scheme by at least two orders of magnitude. So, should a responsible Government rely on justifying implementing a national scheme based on the research that analysed 159 applications for disclosure, made 43 interviews with applicants, and where there were only 21 disclosures made to members of the public? There are thousands of individuals on the sex offenders register; the pilot interviewed about 8 of them – so are the views of this small group representative. Is there a risk that sex-offenders may go underground if the disclosure scheme goes nationwide?

I also wonder whether the reported “success” of the scheme might be the result of a self-fulfilling prophecy. The report notes that the scheme was not “marketed” particularly well. This could mean that only those with genuine concerns took the trouble to explore “what to do about them” and heard of the pilot disclosure scheme in their area. If this is the case, the applicant would have genuine worries or suspicions prior to contact with the police, so the fact that these suspicions are confirmed should not surprise. More marketing would mean more speculative enquiries from members of the public.

That is why the authors themselves say “these samples represent a small proportion of the overall populations and may not be representative...” and “the findings ...should, therefore, be treated with a degree of caution”. By contrast, the Home Secretary has thrown caution to the wind.

My own view is that the disclosure procedures as described in the report do not provide adequate safeguards for those who get inadvertently get entangled by them; if data protection safeguards are not inserted the disclosure procedures described in the report could easily damage that which they seek to protect.

Finally, I have to mention the fact that this is the second piece of Home Office research that has been interpreted by Government in a cavalier way. The Select Committee’s (see previous blog) stated that the DNA research that justified the six year retention period was distinctly dodgy; now this research is assumed to provide a sound basis for the national roll out.

I have therefore concluded that the Home Office Research Department has to be made independent of the Home Office. You can’t have a research department researching the policies of its own department and then trying to make a claim of impartiality for its research (or in this case, the Department making claims that its own research does not support). 

Reference: “Child Sex Offender Review (CSOR) Public Disclosure Pilots: a process evaluation”: http://www.homeoffice.gov.uk/rds/pdfs10/horr32c.pdf. The disclosure scheme was piloted in Cambridgeshire (Peterborough and surrounding villages); Cleveland (Stockton District); Hampshire (Southampton); and Warwickshire (force-wide).

Parliament wants the evidence that justifies the retention of DNA personal data

Just imagine. You get caught up in the general fracas as millions queue to watch Barnsley play football at the weekend. You are arrested and a DNA sample is taken which is then matched against DNA found at other crime scenes. No match is found and the police take no further action after your arrest.

The Government say that these DNA personal data should be retained for six years; two Parliamentary Committees have just said that there is no evidence for this proposal.

Previously, Home Office Ministers regularly trotted out a number of examples where DNA retention had provided the evidence for a successful conviction for murder or rape. However, the vast majority of these examples related to crimes which were solved following an arrest on an unrelated matter, where the DNA sample taken on arrest had been matched to the DNA found at the scene of the unsolved crime.

However these examples do not cover the Government’s proposals under dispute - where following an arrest, the individual concerned is not prosecuted AND there isn’t any match to any other crime scene.

Gordon Brown in last week’s speech appeared to provide an example. He said “In May 1991, a woman confined to a wheelchair was attacked and raped by a man who tricked his way into her home. A DNA sample was recovered, but no suspect was found. In June 2007, South Yorkshire Police’s ‘cold case team’ reinvestigated the case and the DNA sample was re-analysed using new techniques. A match was made with a profile from a man named Jeremiah Sheridan who had been arrested in 2005 in Cambridgeshire for a public order offence, but not convicted”.

He added “The next time you hear somebody question the value of retaining DNA profiles from those who have been arrested but not convicted, remember Jeremiah Sheridan. And most of all remember the innocent woman he attacked”.

Unfortunately, this example is invalid as can be seen by asking two simple questions:

Q1: Why did it take the police 16 years to reload the sample for an offence committed in 1991? If the DNA sample had been loaded before 2005, then Jeremiah Sheridan would have been caught when he was arrested on the unconnected matter. In other words, this is not a case of someone getting away with a serious crime because the DNA personal data were not retained; it is a consequence of not loading the DNA personal data for over a decade.

Q2: Was the case re-opened because of a spanking new DNA technique becoming available? I think the evidence points to “no” because most of the press commentary (including details made public by the Forensic Science Service – see references) do not mention the primacy of any new DNA technique.

In fact, the general lack of evidence for the Government’s proposals for retention of DNA personal data has irked the Joint Committee of Human Rights. In its Report published yesterday (see references), the Committee noted:

 “When asked for further information on statistics relating to individual cases, the Government has been unable to provide it. For example, we asked the Government for more information about the ACPO research which it states illustrates that 36 rape, murder or manslaughter cases during 2008-09 involved matches to innocent persons’ DNA retained on the NDNAD which were of “direct and specific” value to the investigation. Unfortunately, the Government was unable to conduct this analysis within the time that we asked for a response”.

The Committee thus concluded that it was time to put-up or shut-up: “We recommend that the Government publish the details of these cases, if necessary in a suitably redacted format, or it should stop referring to them as support for its proposals”, it reported.

The JCHR also report “that there was a significant number of legitimate concerns about the quality and substance of the research produced by the Government to support its proposals”. This point is reflected in the Home Affairs Committee Report into the DNA database (also published yesterday) which merely states that “It is not known how many crimes are solved with the help of the stored personal profiles of those not previously convicted of a crime” and that this “underlines the need for the Home Office to undertake research specifically on this issue”.

So in conclusion, there is no evidence in favour of the Government proposals for DNA retention of those who are innocent; a conclusion that is valid even for the single case proffered to the public by the Prime Minister.

References: commentary of the Forensic Science Services:  http://www.thestar.co.uk/news/Forensic-expert-warns-criminals-.5510282.jp  which also refers to the Jeremiah Sheridan case being re-opened in 2006 and not 2007, as reported by Mr Brown. The JCHR report on DNA relates to the Crime and Security Bill: http://www.publications.parliament.uk/pa/jt200910/jtselect/jtrights/67/67.pdf;  Home Affairs report on the National DNA database: http://www.publications.parliament.uk/pa/cm200910/cmselect/cmhaff/222/22202.htm  

Do local authorities spend nearly half a billion pounds on ineffective CCTV?

Earlier this week, Gordon Brown positioned Labour’s stance on “Law and Order” in order to label those who are more reflective as being “soft” on the issue. One of his arguments related to CCTV and I have to admit, in this regard, I am a “card carrying softie”.

The Prime Minister told the BBC that “There are of course some who think CCTV is ‘excessive.’ but they probably don’t have to walk home or take the night bus on their own at the end of a night out. For the rest of us, for ordinary hard working, decent people, the evidence is clear: CCTV reduces the fear of crime and anti-social behaviour”.

He continued “That is why this government has funded CCTV in nearly 700 town centre schemes over the last decade - and why in the coming months we are bringing in a new power for people to petition their local authority for more CCTV, with the authority having a duty to respond”.

So did Mr Brown refer to a report into the effectiveness of CCTV in Scotland published last December? It discovered (as has many other previously ignored reports on CCTV – see references below) that with respect to the 2,200 public space CCTV cameras in Scotland (the majority of which are controlled by local authorities) that.

• “There are no consistently applied information sharing protocols governing the access or type of data made available”.

• “There are no Scottish national guidelines governing the recording of incident management information captured on CCTV systems”.

• “There are over 350 people employed to manage and operate public space CCTV systems in Scotland. Most receive no formal training” (my comment : a possible breach of the Seventh Principle – surely?)

• “Very few authorities undertake comprehensive evaluations of the effectiveness of public space CCTV systems” (my comment: so how do you know the processing of CCTV personal data is not excessive?).

• “Over the period 2008 to 2010, the total cost of operating public space CCTV systems in Scotland can be expected to exceed £40 million”.

These figures explain why I am “soft” on CCTV. If we assume that CCTV surveillance in the UK is the same as in Scotland (and scale the Scottish survey results in proportion to the whole UK population using the approximately 12:1 ratio of populations - we are in effect assuming  there is an average "CCTV surveillance per unit of population"), then we can gain an estimate of the public space spending on CCTV and the number of public space cameras run by local authorities.

Multiplying by twelve, we find that, in total, there is an estimated £480 million spent by mainly local authorities (every three years), employing 4,200 largely untrained staff who monitor 26,400 CCTV cameras that are not assessed for effectiveness and where any data sharing is haphazard at best.

Brilliant isn't it. I would have thought, in a recession, any politician who purports to manage public services in any efficient way would assess the effectiveness of the current spend on CCTV before committing to anything else.  In addition, increasing detailed CCTV surveillance of the population in order to reduce the “fear of crime” (and deliver nothing else) is “pandering to paranoia” in my books.

Spoken like a “real softie”, I hasten to add.

References: “Public Space CCTV in Scotland: (December 2009): http://www.sccjr.ac.uk/documents/CCTVtog.pdf. Also see my analysis “CCTV and data protection – 2007” which focuses on ACPO’s CCTV strategy and OIC Code of Practice (downloadable from http://www.amberhawk.com/policydoc.asp). 

Marketing message: Amberhawk and PinsentMasons are pleased to announce the next set of DATA PROTECTION UPDATE sessions on 12 April (London), 26 April (Manchester) and 10 May (Edinburgh) at PinsentMasons offices. The cost is a recession-busting £95+VAT per place. The focus is on the relationship between data protection and the Article 8 "privacy" right. Details from www.amberhawk.com