Transport Secretary Ruth Kelly has had to announce another massive data loss by the UK government: personal details of three million driving test applicants have gone missing.
Kelly has noted that no bank details were in the missing data. That's not the point. This was confidential information and the government had a duty of care to protect it.
Kelly has noted that compared to the amount of data the government handle the scale of this loss is small. That's not the point. To an individual whose privacy has been breached such statistics are irrelevant.
Kelly has noted improved procedures for the future. That's not the point. Even with the best procedures, accidents will happen.
The real point of this latest revelation is that no government, no matter how well meaning, can be trusted to protect individual privacy. We should be tightening rules on internal government data sharing rather than relaxing them. The government should be collecting less data on us, not more.
And, of course, the government must permanently abandon all plans for compulsory national identity cards and a huge, intrusive National Identity Register.
When the government first proposed compulsory Identity Cards they claimed 80% public support. This support has fallen away as people have learned more about the huge, intrusive National Identity Register (NIR) behind the scheme.
Reports say that a contractor working for the Department of Work and Pensions had personal data on thousands of benefits claimants stored on computer discs. That was completely legitimate, she needed them for her job. But when she stopped working for the DWP she forgot to give the - unencrypted - discs back. And nobody at the DWP seems to have realised she still had them. Nobody ever asked her to return this sensitive personal information - and that was over a year ago.
Some people will attempt to downplay this incident on the grounds that the compromised information didn't contain bank details. That's not the point. This was personal information and the DWP had a duty to protect it. Their failure in that duty shows that this government cannot be trusted to safeguard our private data.
It is the nature of all governments to try and protect their own privacy whilst invading that of the people. This doesn't have to be sinister, it can be due to incompetence, neglect or in the name of improving efficiency.
The Brown government is under massive pressure over a party funding scandal. The man at the centre of the row, David Abrahams, has explained that his actions were intended to protect his privacy.
What planet is he living on?
Worrying about privacy whilst supporting Labour is like worrying about the environment whilst dumping chemical waste into a river.
The Labour party is one of the biggest threats to personal privacy that we've seen for generations. Over the last ten years we've seen massive expansion of the national DNA database, a snoopers' charter for civil servants and even fingerprinting of kids at school. This government also wants to impose compulsory National Identity Cards and a huge, intrusive National Identity register.
The government doesn't even properly protect the information it collects: HMRC lost discs containing the personal information on almost every family in Britain. The discs still haven't been found and the information is still out there. Somewhere.
David Blunkett has written a letter to The Times in which he tries again to defend the unpopular ID Card scheme. His letter suggests that he has still not understood the concerns of objectors like myself.
Blunkett contends that ID Cards will make us safer because even if personal data is lost (as it will be - accidents happen) then we will be safer because biometrics will protect us against identity theft. That shows a touching faith in technology, an apparent assumption that biometrics will never fail or be cracked. They will be, it's only a matter of time. Blunkett also fails to address how biometrics will be of any use when talking to a call centre outsourced to India.
Blunkett also repeats his claim that "The database is simply about identity". Nonsense. The database will contain dozens of pieces of personal information together with an audit trail that will amount to a complete record of our lives. As such it represents a massive invasion of privacy. It is completely unacceptable for any government to demand that much information on the people it is supposed to serve.
All this comes before even considering the governments desire to encourage greater data sharing. Data sharing that will be facilitated by everyone having a unique National Identity Register Number to potentially act as a common key.
The threat comes not from ID Cards but from the National Identity Register (NIR) and the threat this poses to individual privacy and hence freedom. Whatever Blunkett's initial ideas, the database as now planned is about much, much more than identity.
"This will be the final blow for the ambitions of the government for the national ID cards scheme — they simply cannot be trusted with people's personal details"
I never expected to agree so strongly with a Tory front bencher.
In the case of this debacle, there is no suggestion of conspiracy or ill intent. It appears to just have been a case of human error. These things happen.
That's the point: these things happen.
If they happen with the benefits records of 25 million people (7.25 million families), how much more often will they happen with the detailed records of all 60 million adults in the UK?
The proposed ID Card scheme will be backed by a vast, intrusive National Identity Register (NIR) that will dwarf the benefits system. The NIR will hold dozens of pieces of personal information on every adult, including an audit trail that amounts to a record of that person's life. Although the NIR won't directly contain bank details, it will contain more than enough information to enable Identity Theft.
No government can be trusted with that much information.
The NIR will be a target for terrorists and organised crime. The government assures us that it will be protected by law, regulation and security. However yesterday's announcement shows that none of this can be enough. Sooner or later accidents will happen.
The only way to prevent NIR data getting into the wrong hands is to prevent the NIR ever being built. The government must now face reality and repeal the Identity Cards Act 2006.
The US government appears to be taking a leaf out of Tony Blair's book: if something gets in your way, redefine it out of existence. In this case the target is privacy.
In the US - unlike the UK - most people still understand the importance of privacy. They object to being watched, tracked and listened to. Privacy is also (arguably) protected by the constitution.
So Donald Kerr, Principal Deputy Director of National Intelligence, suggests Americans should redefine privacy. According to AP Kerr says that "Privacy can no longer mean anonymity".
Clever. That sounds like a trivial technicality. In reality, anonymity is at the heart of privacy. Privacy protects knowledge of who does what. Both pillars are important.
Almost everything we do - from buying a book to making a phone call to running a bath - leaves some trace, the "what". If this is connected with the "who" then privacy vanishes.
Yes, I know that these activities aren't truly anonymous now. Someone usually has a record. However at least there is an assumption that these different records won't be accessible to and collated by government. There is an assumption of anonymity except where there is a specific "need to know". Kerr's redefinition would remove that assumption and, by extension, our privacy.
Most worryingly, Kerr goes onto say that privacy should be redefined to mean that "government and businesses properly safeguards people's private communications and financial information."
In other words: "Trust us, we're the government".
Privacy from government is the most important privacy of all. It's essential for a free society.
Changing the language to get rid of awkward words is a technique used in George Orwell's 1984. The Big Brother government introduces Newspeak, where the language has been altered to make dissent impossible.
You can bet that Newspeak has no word for privacy.
If you live in the UK then you've just lost another significant chunk of your privacy.
The Mail reports that as of tomorrow your phone records can be accessed - without your knowledge or consent - by a host of organisations including the tax office, the Food Standards Agency, the Department of Health, the Immigration Service, the Gaming Board and the Charity Commission. And, of course, the local council.
That's a lot of people who can now legally snoop on your records. They won't be able to listen in to your calls but they will be able to find out when and where you last called an ex-partner, a confidential support service or a premium rate kinky chat line.
When campaigning against ID Cards and the National Identity Register (NIR) I've frequently used the following as a hypothetical example: Most child abuse happens at home, so why not put CCTV cameras in every home to protect kids? After all, if you've nothing to hide you've nothing to fear.
That was intended as an extreme, ridiculous example to counteract the naive "nothing to hide..." brigade. I never, ever expected it to become real. Seems like I was the one being naive.
The Herald reports on a proposal to install CCTV cameras in the homes of drug addicts - all, of course, for the sake of the children.
It needs to be stressed that this is just the idea of one academic - Professor Neil McKeganey of the centre for Drug Misuse Research at Glasgow University - but the fact that it's even being discussed is worrying. I'm sure McKeganey has the best of motives, but his idea is dangerous. As is his argument:
"What price should we put on our privacy? The question is whether we are prepared to say the principle of the privacy of family life is more important than that of child protection. If we accept that privacy is the most important principle then there will be many more tragic cases."
Now I know what some people are thinking: these are addicts, they're dangerous to the kids, it won't affect me. That's always the way it starts: target the nasty "them", the decent "us" have nothing to fear.
Drug addicts first, who next? People diagnosed as suffering from depression or borderline personality disorders? Anyone who was themself abused as a child? People who smoke? Or who eat too much and might over-feed their kids?
First they came for the junkies...
Remember, most child abuse happens in the home. So once a sufficient critical mass of people have CCTV installed it will be a "natural" next step to put them in every home. All, of course, for the sake of the children.
Could it ever happen? I'd like to think not, but give Britain's surveillance state mentality I can't rule it out.
I remember when mass DNA testing began - it was only for those in the vicinity of particularly nasty and hard to solve murders. The concept expanded until today we are looking at a de facto national DNA database.
CCTV cameras in the streets were initially introduced in areas where there was a history of trouble. Today they're everywhere, even quiet villages.
That's the way it goes with freedom: give an inch and they take it all. To protect our own liberties we must protect those of everyone - including junkies. No private home should ever have state CCTV installed.
If the SNP want to prove that they really are better than Labour, the Scottish Executive should publicly condemn and reject McKeganey's proposal.
Since the government first suggested compulsory ID Cards and the National Identity Register (NIR) some of us have been complaining about "function creep". Civil liberty campaigners and privacy advocates have argued that the use of ID Cards would seep into every facet of our lives.
Such worries have normally been dismissed as paranoid fears, with the government claiming that using ID Cards would in some way be "voluntary". Yet now we have official government recognition that our worries were and are justified.
Liam Byrne MP, the Minister of State for Immigration, Citizenship & Nationality, has made a speech entitled Securing Our Identity: A 21st Century Public Good. Before tackling the details of the speech, let's look at the key message. Byrne maintains he can already see how: "secure identity will suffuse working life, private life and our use of public services". In other words, the NIR will become the all-pervasive surveillence system many of us have been warning about.
According to Byrne:
"Like the railways in the 19th century and the national grid in the 20th century, I think there are strong arguments for thinking of the National Identity System as a modern day public good - that very quickly becomes part and parcel of everyday life in Britain."
How does he reach this bizarre conclusion? By some very dodgy arguments.
Most puzzling is that he seems to think the ID Card will somehow help prevent online credit card fraud - he sprinkles his speech with words like "internet", "online" and "e-commerce". Yet the government's proposed plan would do nothing to prevent online credit card fraud - or any other form of "customer not present" fraud.
He claims that some 282,000 people in the UK have been victims of ID fraud during the last six years - again failing to specify how many of those were victims of old-fashioned credit card fraud that would not have been prevented by ID Cards.
He states that "In the US there are already 120,000 customers registered to pay at checkouts using biometric technology". In a country of over 300 million people that number is insignificant. The UK government wants to fingerprint 100% of the British population - with or without consent.
Byrne's main argument for the National Identity Scheme appears to be that at the moment we have a number of incompatible schemes springing up for specific purposes - instead he believes we should have one vast central system. I doubt that many security experts would agree that setting up such a "honey pot" is a good idea. He complains about "Systems with different technologies and languages that don't talk to each other" - which from a security perspective is a good thing. Making it difficult to link up information from different systems is the best way to protect that information. Identity theft becomes much easier when every system is keyed on the same unique, lifelong personal ID number.
Byrne goes on to list three attributes that he says any ID system must have: it must be useful, accessible and accountable. The government's plan would certainly be accessible, but useful? Only to solve problems that the government is creating. As to accountable, the level of oversight proposed for the scheme is minimal.
A highly desirable attribute Byrne fails to include is a way of ensuring the individual remains in control of their own information. There's also no mention of personal privacy. The word "privacy" doesn't appear once in the speech.
Byrne concludes with this frightening prediction:
"In 20 years time, I suspect that the National Identity Scheme will be just a normal part of British life – another great British institution without which modern life, whatever it looks like in 2020, would be quite unthinkable"
That's not a Britain I want to see. Which is why I'm a member of NO2ID.
I have a lot of respect for Simon Davies of Privacy International (PI). So when PI issues research giving Google a "hostile to privacy" rating I take notice.
I have a lot of respect for Matt Cutts of Google. So when he argues that Google takes privacy seriously I take notice.
How to resolve these two positons?
I think the key is in Matt Cutts's counter-argument. He is essentially defending Google by comparing it with common practice on the net. He argues - accurately - that compared with many companies (including your ISP) Google is relatively benign.
PI on the other hand is looking at the absolute picture. The fact that Google is better than industry standard practice doesn't count for much when industry standard practice is so bad.
I take Matt and co at their word when they say they care about privacy. Unfortunately they do so in a world where privacy standards are already very poor. For Google to say "We could be worse" really isn't good enough.
For example Google takes pride in anonymizing user data after 18 months. 18 months?!? 18 days would be more reasonable. No, on second thoughts let's make that 18 minutes.
It says a lot about the appalling state of net privacy that Google take it as read that they can record user searches and associate them via IP address and/or a persistent cookie without the need for user opt-in. Opt in, not out, and not making such an opt-in a prerequisite for using services. If I want the extra facilities Google claims to give me by knowing my search history then I can choose to exchange my privacy for these.
And what about gmail? Ads in gmail are based on an analysis of the content of the email. I know, I know: any email provider, web based or otherwise, has access to the content of your email anyway. That's not the point. The point is that Gmail is giving acceptability to the concept of your personal email being contextually analysed. That sort of thing undermines the larger scale fight for personal privacy to be respected.
Why is there no big "expunge my personal data" button at the top of the Google home page? Trivial to implement.
Of course most other search engines and other sites fail to provide such a button. There's a question as to whether Google should be held to a higher standard than their competitors. Yes, they should. The reason is that they are bigger, they have more personal user data, they matter. Anything Google does - for better or worse - has a bigger impact than anything most of the rest of the industry does. The same goes for Microsoft.
And it staggers belief that any company claiming to be privacy conscious could roll out Street View.
So I respect those in Google who are fighting the corner for privacy as far as they can. Unfortunately they are in the position of being a well-meaning minority in an industry of sinners. Sinning a little less doesn't make Google a saint.
Britain, 2008. You're out on the street doing nothing wrong. Maybe you're looking in a few shop windows. Maybe you're waiting to meet someone. Maybe you're just strolling along. For no apparent reason the police stop you and demand to know who you are, where you're going, who you're planning to meet. If you refuse to answer their questions you could end up with a criminal record.
That's apparently a scenario the government wants to see in the UK. The BBC reports that the Home Office is considering giving police in mainland Britain an unlimited "stop and question" power. Anyone refusing to "co-operate" could be charged with obstructing the police and fined £5,000.
Of course the police can already stop and question people today. The difference is that today they need reasonable suspicion that you're up to no good. That's a subtle yet important restriction on their power. Officers know that they might have to justify their actions in a court of law. Under the new proposals police could stop and interrogate anyone, anywhere at any time - with or without a reasonable cause.
This proposal would be another nail in the coffin of the presumption of innocence in the UK. It would remove what little privacy we have left. It would shatter any remaining illusion that this is a free country where we can walk the streets without interference from the state.
If this goes ahead then the police will be able to stop and interrogate you without having to justify their actions - but you'd better be able to justify yours.
Update 28/5/2007: The BBC report has been updated and now says "Police are still likely to need a 'reasonable suspicion' a crime may be committed." It seems that the Home Office is back-pedalling following the massive condemnation of this proposal. That's welcome, however the fact that they even considered introducing this remains scary. And "likely to" isn't good enough.
I remember a police officer once saying to me: "The last thing the police want is a police state". Whilst it's sometimes hard to believe, in general I think he's right. Sure, there are a few power-hungry individuals, especially at the top. But generally the constant calls from the police for more powers is simply a result of their perspective: they have a job to do and want to make it as easy for themselves as possible. That's understandable and a good reason why the police shouldn't automatically be given every power they ask for.
It's unfortunate that this perspective makes it very difficult for the police to argue in favour of the very civil liberties they should be protecting. Pragmatism usually gets in the way. So it's a pleasant surprise when a senior officer goes on record against the surveillance society.
Ian Readhead, the Deputy Chief Constable of Hampshire, has raised fears about the pernicious spread of CCTV, especially in small villages with low crime rates. The example he used was the village of Stockbridge in Hampshire which is on his beat.
Readhead told the BBC:
"I'm really concerned about what happens to the product of these cameras, and what comes next? "If it's in our villages, are we really moving towards an Orwellian situation where cameras are at every street corner? "And I really don't think that's the kind of country that I want to live in."
Readhead also went on to criticise other aspects of the surveillance state such as the indefinite retention of DNA taken from people who have never been charged with a crime.
When a senior police officer publicly uses words like "Orwellian" then we really do have something to worry about.
As Readhead asks: "Just how powerful do you want your police to be?"
One of the reasons I like the BBC is that I don't always agree with it. I reckon that a truly unbiased news organisation will upset all shades of opinion from time to time. But the recent two part documentary "CCTV: You Are Being Watched" was so one-sided that it could have been scripted by the CCTV makers.
What we saw was a two hour advert for the surveillance state. Despite the occasional throw-away line about Big Brother the privacy issues were simply brushed aside. The two programmes were simply filled with examples of the wonders of CCTV and how they had solved crimes and saved life. A brief comment from Shami Chakrabarti was all but drowned out in the sea of talking heads from the police and the CCTV industry.
Most worrying of all was the way the programme practically salivated at the idea of future developments in "smart cameras". This could mean CCTV would be able to predict we were about to commit a crime before we did so.
Department of PreCrime?
Now, I don't disapprove of CCTV completely. It certainly helps in solving crime and has some limited use as a deterrent (although even with one camera per 14 people the UK still has plenty of crime). My problem arises when CCTV is all-pervasive, surreptitious and lacking proper controls. Three attributes of the sort of surveillance this programme was advocating.
If we are to use CCTV in public places (eg streets) and private places open to the public (eg shops) then I think the following are essential:
The cameras must be overt rather than hidden
There must be legally binding rules on what can be done with the recorded footage, eg it must be a criminal offence for it to leave the place it was recorded unless requested by the police.
There must be a legal limit on how long the footage can be kept. Perhaps 90 days unless the police have requested it in regard to an open investigation
Of course nowadays it's about more than simple video footage. With the increase in technology such as face recogniton and Automatic Number Plate Recognition (APNR) such regulations must apply not just to the raw footage but to the data extracted from such footage that records our whereabouts. And these regulations must be legally enforceable, not just a fluffy "code of conduct".
If we must be monitored then that monitoring must be controlled to protect our privacy. The legal assumption should be that information gained through CCTV must not be kept, exchanged or used unless there is an overwhelming justification for doing so.