Spy Blog - SpyBlog.org.uk

Prof. Ross Anderson (Cambridge University) and Peter Singleton (UCL and Judge Business School) discussed the various medical databases being set up under the Connecting for Health programme. Nobody was satsified with the massively expensive centralised medical records project, the National Programme for IT (NPfIT), the "NHS Data Spine", which is currently burning billions of pounds of our money in the National Health Service, and which presents so many potential privacy and security threats.

Dr. Eileen Munroe (LSE Reader in Social Policy), Terri Dowty (Action on Rights for Children) and Prof. Douwe Korff (London Metropolitan University) spoke on the children's databases being set up by central and local UK government

More of the complexity of the numerous existing and future national databases on children are explained on the ARCH database masterclass blog

We have previously wondered how a national database on 12 million children can possibly be set up for only £224 million, with a running cost of £41 million a year, by the Department for Education and Science, when the Home Office's national database on 60 million people i.e. 5 times as many, will cost over £500 million a year to run. Either the DfES figures are completely wrong, or the Home Office's are (never mind the much more realistic London School of Economics estimates which are much higher), or the DfES is skimping on Privacy and Security measures.

Douwe Korff explained that UK Government tends to try to override the Principles of Data Protection, and the Common Law duty of Confidentiality, to enfoece data sharing, such as for the Childrens Index databases, by means of Statutes and Regulations. He contends that this will, sooner or later, bring them into conflict with the European Court of Human Rights in Strasbourg, which demnds, quite rightly, that any infringements on privacy are laid down in clear, narrowly defined laws, applied proportionately. He criticised the Uk Government, and even the UK Information Commissioner, for accepting the obverbroad catch all excuse of "for the prevention or detection of crime", as being legally sufficient to allow infringements of personal privacy.

Some of the foreign Privacy Commissioners expressed dismay at the extent of these intrusive national databases currently being inflicted on us.

All participants acknowledged that some data sharing of medical and social care records was likley to be beneficial, but many also pointed out the dangers of using the technology simply as a tick box check list, and as a buck passing mechanism, which is no proper substitute for people making face to face contact to solve medical or social problems.

Some of the Canadian participants such as Stephanie Perrin, who works for the Office of the Privacy Commissioner of Canada, (and who used to be the Chief Privacy Officer of the now defunct Zero Knowledge systems) advised that perhaps the UK should adopt more of the North American concept of appointing Chief Privacy Officers and requiring Privacy Impact Assessments. Although these are not perfect tthey would probably be an improvement on the lack of any people taking individual resposibility for safeguarding privacy rights, in so many Governemnt and private sector schemes and projects.

There was some discussion about the roles of Chief Privacy Officers and Chief Information Officers.

It was pointed out that the dual role of the Information Commisisoner in UK could be seen as a conflict of interest.

The Privacy International and Electronic Privacy Information Center Privacy and Human Rights report. and its
Ratings Table of EU and Leading Surveillance Societies (.pdf), was a topic of discussion - Canada and Germany are the "best" countries, in the world, , according to a dozen or so criteria.

To our shame, the United Kingdom is now ranked as the "worst" in the European Union, and has now joined Russia as a society where surveillance is "endemic".

Ian Bourne, from the United Kingdom Information Commissioner's Office made a remark which sparked off a little bit of controversy. He put forward his own view, and that of the Information Commisisoner about "balance", and said that personal information collection and sharing is neither good nor bad.

In response to this comment, Prof. Douwe Korff made the point that, personal information collection is not neutral, it is, by definition automatically a privacy intrusion. It may be a justifiable intrusion, but it has to be explicitly justified by those who seek to collect and share or sell it.

Caspar Bowden (Privacy Officer at Microsoft UK), initiated a discusssion about Utilitarianism versus Privacy, which as Ian Brown reminded us, was appropriate, since the mumified body of utilitarian Jeremy Bentham the philosphe and who forsaw some of today's surveillance society in his Panopticon, can be viewed not far from the workshop venue at UCL.

Prof. Ross Anderson made a powerful rebuttal of the "if you have nothing to hide, you have nothing to fear, it's all for your own good" utilitarianist arguments, by reminding us of the concept of Taboo i.e. there are some things which are so absolutely fundamental, that ethey can even override the claims that something might potentially save a life..

Graham Sutton, a former senior Whitehall policy advisor, who helped to frame the UK's Data Protection laws was asked if the Government considers Privacy issues when formulating new policies. His answer was quite revealing, in that he did not recall being lobbied by Privacy Internatuional or any other privacy advocates, during the formulation of these laws.

This was hopefully noted by Phil Booth from the NO2ID Campaign and other privacy campaigners present.
We also met up with some of these distinguished people, and some from Privacy International and others at a pub afterwards.

It was also good to meet several regular readers of SpyBlog face to face - please feel free to comment, anonymously if you wish.

We took advantage of the presence of several legal experts with experience of Freedom Of Information Act requests, to advise us on whether or not we should be "joined to the appeal", regarding the Information Tribunal hearing of the Office for Government Commerce appeal against the Decision Notice by the Information Commisisoner, in our favour, requesting full publication of some early Gateway Reviews of the Home Office's National Identity Register / Identity Cards scheme. It will be over 2 years and 3 moyhs since our FOIA request for these documents, by the time this Information Tribunal appeal is heard.

The Office for Government Commerce's excuses and grounds for appeal seemed to be of interest to a senior member of the UK IT technical press.

Some of the other discussions included:

• How feasible it might be to serve the Home Secretary John Reid with an Anti-Social Behavior Order

• The National DNA Database, the number of innocent people's data which is retained indefinately, familial DNA searching, and the devlopments in racial profiling, the Human Tissue Act exemptions etc.
  
  
• How difficult, bordering on impossible it appears to opt out of NHS Medical Records data sharing.

• A soon to be launched Social Networking website, which, unlike any of its rivals, intends to allow users to scramble their personal data profiles, at the click of a button, so that they are only intelligible to authorised friends. We await the launch with interest, but we did wonder why this data was not scrambled by default.
  

All, in all, it was an interesting afternoon and evening, and we look forward to the flurry of media headlines about Privacy as a result of the Information Commissoners' conference.

Hopefully there can be more such workshops in the future - thanks to Ian Brown for organising this one.