Following on from our attempts to get some information from the Government regarding the conversion of the controversial London Congestion Charge Automatic Number Plate Recognition enforcement scheme into an even more controversial Mass Surveillance tool, without any public debate:
We originally wrote to the Home Secretary on 24th July 2007, and were totally ignored, despite email and postal reminders, The Home Office have eventually disclosed only today i.e. on the 4th October 2007, that they have already published the Ministerial Certificate signed by Jacqui Smith see
Provisions of the DPA for real -time access to cameras - released on 17th August, published on the Home Office website on the 21st August 2007
There are two documents:
- Documents setting the reasons for granting certificate under section 28 of Data Protection Act (706Kb .pdf). This is referenced as DPA/s.28/MPS/2008/CC2 in the actual Ministerial Certificate signed by the Home Secretary Rt. Hon. Jacqui Smith MP
- Copy of the certificate signed by the Home Secretary, under the Data Protection Act 1998 (.pdf 260 Kb )
Shame on all you privacy and security experts and on the mainstream media out there for not noticing this back in August !
Incredibly for the 21st Century, these web documents are Adobe .pdf images of photocopies of printed documents presumably originally produced on a word processor.
We have therefore re-typed the Ministerial Certificate below for the benefit of web search search engines and for fellow victims and students of the Labour government's Surveillance Police State.
As Douglas Adams wrote in The Hitch-Hiker's Guide to the Galaxy (1978 / 1979):
'But Mr. Dent, the plans have been available in the local
planning office for the last nine months'
'Oh yes, well as soon as I heard I went straight round to see them, yesterday afternoon. You hadn't exactly gone out of your way to call attention to them had you? I mean like actually telling anyone or anything.'
'But the plans were on display...'
'On display? I eventually had to go to the cellar to find them.'That's the display department.'
'With a torch.'
'Ah, well the lights had probably gone.'
'So had the stairs.'
'But look, you found the notice didn't you?'
'Yes,' said Arthur, 'yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying Beware of the Leopard.'
Neither have we had any information back yet from the Home Secretary about our other Questions regarding
- The obvious lack of proportionality and therefore lack of legality under the Regulation of Investigatory Powers Act 2000, which also must apply to this Mass Surveillance scheme,
- Who exactly is paying for the extra wear and tear and maintenance of the equipment and for staff overtime costs and the more than doubling of electricity costs, which are implied in the move from Congestion Charge enforcement during the applicable hours i.e not at night, not at weekends and not on public holidays, which the move to, presumably, 24 / 7 operation must entail. Is it the Home Office or the taxpayers of London ?
.
- The Data Retention / Destruction policy, if any, for innocent people's personal data and vehicle movements. How long is this data to be kept for ?
Non-reply from the Chief Surveillance Commissioner
We also wrote to the Chief Surveillance Commissioner Rt.Hon Sir Christopher Rose, since both he and his predecessor mentioned in their last two Annual Reports that in their view, as retired High Court Judges, new legislation was required for Automatic Number Plate Recognition to be used legally for Mass Surveillance, rather than as now, used proportionately for targeted criminal or intelligence investigations.
However the short reply we got by post today on the 4th October 2007 is very depressing:
"The Chief Surveillance Commissioner has seen your letter and has asked me to reply on his behalf. He notes your interest in these matters but does not think it appropriate to answer your questions"
How is that supposed to represent "independent oversight" of these massively intrusive state surveillance powers and technologies, on behalf of the public ?
Here is the Ministerial Certificate:
DPA/s.28/MPS/2007/CC1CERTIFICATE OF THE SECRETARY OF STATE
======================
Background
Section 28 of the Data Protection Act 1998 ("the 1998 Act") provides for exemptions from the 1998 Act as set out below for the purpose of safeguarding national security:
See the text of the Section 28 of the Data Protection Act 1998
1.1.1 By subsection 28(1) of the 1998 Act it is provided that personal data are exempt from any of the provisions of:1.1.1.1 the data protection principles as set out in Schedule 1 to the 1998 Act;
1.1.1.2 Parts II, III and V of the 1998 Act; and
1.1.1.3 section 55 of the 1998 Act;
if the exemption from the provisions is required for the purpose of safeguarding nationals security.
1.1.2 By subsection 28(2) of the 1998 Act it is provided that a certificate signed by a Minister of the Crown certifying the exemption from all or any of the provisions mentioned in subsection 28(1) is or at any time was required for the purpose there mentioned in respect of any personal data shall be conclusive evidence of that fact;
1.1.3 by subsection 28(3)it is provided that a certificate under subsection 28(2) of the 1998 Act may identify the personal data to which it applies by means of a general description and may be expressed to have prospective effect.
"may be expressed to have prospective effect." - we think that this means: " from when the Certificate has been signed, going forwards in time", rather than applying retroactively to the past.
There are potentially serious adverse repercussions for the national security of the United Kingdom if the exemptions in this Certificate were not available.
Transport for London ("TfL") maintains a system of congestion charging cameras and traffic management cameras ("the Cameras") in relation to the Congestion Charging Zone ("the Zone") and traffic management in the Greater London Area ("the Area"):
1.3.1 on the approaches to the Zone;
1.3.2 on the boundaries of the Zone;
1.3.3 with the Zone; and
1.3.4 within the Area.
The Cameras collect data on vehicles approaching, passing by, entering and located within the Zone and vehicles entering into or located within the Area. TfL processes such data for the purposes of administering the charging scheme within the Zone and th management of traffic within the Area.
Does this mean that all TfL traffic cameras within the Greater London Area are included in this Mass Surveillance scheme, not just the fixed and mobile Central Zone and Westward Expansion Zone Congestion Charge Enforcement cameras ?
What about the new London Low Emission Zone camera network being installed now, which is also run by TfL ?
TfL provide specific information to the Metropolitan Police and other Police forces on a case-by-case application under section 29 of the 1998 Act.The data collected by the Cameras are linked to other data held on the statutory registers and non-statutory files by the Metropolitan Police and other police forces.
In what way is this case-by-case, targeted surveillance deficient or even inefficient ? What is the overwhelming justification for Mass Surveillance of everyone ?
Reason for this CertificateThe reasons for the granting of this Certificate are set out in the document referenced DPA/S.28/MPS/2008/CC2
In summary the national security reasons for granting this certificate set our in the document referenced DPA/S.28/MPS/2008/CC2 are:
2.2.1 The work of the police officers and support staff assigned by the Commissioner of Police of the Metropolis to the special operational units of the Metropolitan Police dealing with national security including, but not limited to, Counter Terrorism Command and any other police officer or individual assigned by his Chief Officer of Police (including the Chief Constable of the British transport Police Force) to Special branch or any unit of or special operations unit dealing with national security in any other police force in the United Kingdom (all such units hereinafter referred to as "National Security Units") requires secrecy.
OK, but this secrecy is already being applied to "normal" DPA Section 29 requests for specific data targeted at particular suspects under investigation.This is does not justify disproportionate Mass Surveillance of millions of innocent citizens.
2.2.2 The general principle of neither confirming nor denying whether National Security Units process data about an individual, or whether others are processing personal data for, or on behalf of with a view to assist or in relation to the functions of National Security Units, is an essential part of that secrecy.
2.2.3 In dealing with subject access requests under section 7 of the 1998 Act, the relevant police forces shall examine each individual request to determine:
2.2.3.1 whether adherence to that general principle is required for the purposes of safeguarding national security; and
2.2.3.2 in the event that such adherence is not required, whether and to what extent the non-communication of any data or any description of data is required for the purpose of safeguarding national security.
2.2.4 The very nature of the work of National Security Units requires exemption on national security grounds from those parts of the 1998 Act that would:
2.2.4.1 prevent them passing data outside the European Economic Area;and
That may be true for some data regarding terrorists, but it is totally unacceptable for them to pass the personal details or vehicle movement details of millions of innocent travelers and commuters picked up on the Congestion Charge Cameras or the Traffic Cameras within the Greater London Area to any foreign Government or Agency outside of the European Economic Area, i.e. to countries which do not have European style Data Protection laws specifically the USA or the Russian Federation etc. or to India, where TfL's Congestion Charge contractor Capita plc, has outsourced most of the database software development work to. Such insecure data transfers could put British citizens at risk of harm.
This is not a valid justification for this Mass Surveillance scheme.
2.2..4.2 allow access by third parties to the the premises assigned to the police officers and support staff, including consultants, of National Security Units.
2.3 This certificate relates to the processing of the:
- images taken by the Cameras ("the Images"); and
- personal data derived from the Images, including vehicle registration mark, date, time, place and camera location;
There are two sets of London Congestion Charge cameras at each checkpoint location - one set is aimed at the Vehicle Number Plate (black and white in the original Central Zone) and the other (colour) captures the "street scene" context.
Most of the new Western Expansion Zone cameras face forwards, and so may capture images of the driver and front seat passengers as well.
("the Camera Data"). In summary, the reasons relating to the processing of the Camera Data, for granting the certificate set out in the document referenced DPA/s.28/MPS/2007/CC2 are that the Camera Data will allow National Security Units to safeguard national security by:2.3.1 providing information on the movements in London of those groups and/individuals breaching, suspected of breaching or planning to breach national security
2.3.2 allowing the investigation of occurrences designed to breach, damage, or having the effect of breaching or damaging national security; and
2.3.3 providing information which will allow the anticipation of movements in London, of those groups and/or individuals breaching, suspected of breaching or planning to breach national security
So in what way is a case by case, Section 29 request inadequate for these purposes ? There is no conceivable way that the Congestion Charge Cameras or Traffic Cameras can magically detect terrorist reconnaissance or actual attacks, without prior knowledge e.g. the make or registration of a suspect vehicle.
If there are suspect vehicles, then narrowly targeted Section 29 requests are adequate - there is no need for the Mass Surveillance of innocent individuals.
If the terrorists are "off the radar", then the Congestion Charge Cameras etc. are of no use whatsoever, exactly as was the case with the botched incendiary vehicle attacks in the Haymarket and Cockspur Street in June 2007 , which seem to have been used as the excuse for this Mass Surveillance scheme.
Certification3.1 For the reasons identified in Section 2, I the Right Honourable Jacqueline Smith, being a Minister of the Crown, who is a member of Her Majesty's Cabinet, in exercise of the powers conferred by the said section 28(2) of the 1998 Act do issue this Certificate and certify as follows:
3.3.1 that any Camera Data that are processed by police officers and support staff assigned to National Security Units as described in Column 1 of Part A of the Schedule are and shall continue to be required to be exempt from those provisions of the 1998 Act that are set out in Column 2 of Part A of the Schedule;
3.1.2 that any Camera Data that are processed by TfL (in circumstances where that data processing comprises or includes the retention or disclosure of data by TfL for or to police officers assigned to National Security Units) in the course of data processing operations carried out for, on behalf of, or at the request of or with a view to assisting police officers assigned to National Security Units as described in Column 1 of Part B of the Schedule, and
3.1.3 any Camera Data processed by any other person or body (other than a Government Department, agency or non-departmental public body) in the course of data processing operations as a consequence of the disclosure of any Camera Data by police officers assigned to National Security Units in accordance with their statutory and common law legal powers as described in Column 1 of Part C in the Schedule are and shall continue to be exempt from those provisions of the 1998 Act which are set out om Column 2 of Part C of the Schedule;
all for the purpose of safeguarding national security, provided that:
3.2 no Camera Data shall be exempt from the provisions of section 7(1)(a) of the Act if the relevant police force, after considering any request by a data subject for access to relevant Camera Data, determines that adherence to the principle of neither confirming nor denying whether National Security Units hold Camera Data about an individual is not required for the purpose of safeguarding national security.
3.3 no Camera Data shall be exempt from the provisions of section 7(1)(b), or (c) or (d) of the Act if the relevant police force, after considering any request by a data subject for access to relevant Camera Data, determines that adherence to the principle of neither confirming nor denying whether National Security Units hold Camera Data about an individual is not required for the purpose of safeguarding national security;
3.5 no Camera Data shall be exempt from the provisions of section 7(1)(a) of the 1998 Act if TfL, after considering any request by a data subject for access to relevant Camera Data, determines that adherence to the principle of neither confirming nor denying whether TfL, hold Camera Data about an individual is not required for the purposes of safeguarding national security.
Notice
4.1 I give notice that it is a condition of this Certificate that I require:
4.1.1 the Commissioner of the Police of the Metropolis and any Chief Officer of Police of any police force with responsibility for the operation of the police officers and support staff comprising National Security Units in the United Kingdom to report to me on the operation of this Certificate; and
4.1.2 the Commissioner of Police of the Metropolis to provide a report to the Information Commissioner on the general operation of this Certificate.
The wording of this Certificate implies just the one report to the Home Secretary and another one to the Information Commissioner at some unspecified date in the future, but the Certificate is for an unlimited period into the future, without any expiry date, with no promise that these reports will ever be published, even in a censored form.
That is not acceptable as an independent oversight mechanism.
SCHEDULEPart A
Column 1 Column 2 The processing of Camera Data by police officers and support staff assigned to National Security Units in connection with the performance of the statutory and common law functions of police officers assigned to National Security Units insofar as they relate to the safeguarding of national security.
- Sections (7(1), 7(8), 10 and 12 of Part II;
- Part V which includes Schedule 9;
- the following principles of dat protection from Schedule 1:
- the first principle in so far as it relates to fair processing;
- the second principle;
- the sixth principle to the extent necessary to be consistent with the exemptions contained in this Certificate; and
- the eighth principle which includes Schedule 4.
Part B
Column 1 Column 2 The processing of Camera Data by TfL for, on behalf of, at the request of or with a view to assisting the police officers assigned to National Security Units to carry out their statutory and common law functions insofar as the functions relate to the safeguarding of national security.
- Sections (7(1), 7(8) of Part II;
- Part V which includes Schedule 9;
- the following principles of data protection from Schedule 1:
- the first principle in so far as it relates to fair processing
- the second principle;
- the third principle; and
- the sixth principle to the extent necessary to be consistent with the exemptions contained in this Certificate.
Part C
Column 1 Column 2 The processing of Camera Data by a third party for, on behalf of, at the request of or with a view to assisting the police officers assigned to National Security Units to carry out their statutory and common law functions insofar as the functions relate to the safeguarding of national security.
- Sections (7(1), 7(8) 10 and 12 of Part II;
- Part V which includes Schedule 9;
- the following principles of data protection from Schedule 1:
- the first principle in so far as it relates to fair processing;
- the second principle; and
- the sixth principle to the extent necessary to be consistent with the exemptions contained in this Certificate.
Section 7 Right of access to personal data
Section 10 Right to prevent processing likely to cause damage or distress.
Section 12 Rights in relation to automated decision-taking - presumably they plan to use some inexact and false positive error prone automatic suspicious behaviour scoring system, which must inevitably waste resources in flagging up many innocent people, and put their lives at risk, especially at times of high alert and panic, just like with the Stockwell Tube station shooting of the innocent Jean Charles de Menezes by the police in July 2005. Disapplying this Section12 would keep details of such dubious practices secret.
Disapplying Part V Enforcement and Schedule 9 Powers of entry and inspection cripples the Information Commissioner's legal powers of enforcement - this also cuts off any appeals to the Information Tribunal or the High Court, because to go down that legal route you need to have the Information Commissioner issue a Decision or Enforcement Notice, which he cannot do if these Part V and Schedule 9 powers have been crippled.
What is the justification for crippling the Information Commissioner's enforcement powers ? Do they no longer trust him to correctly apply the National Security exemptions himself, as he always has done in the past ?
The Principles which this Certificate circumvents regarding the London Congestion Charge ANPR real time bulk transfer mass surveillance scheme.:
1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless--(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
[...]
6 Personal data shall be processed in accordance with the rights of data subjects under this Act.
[...]8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
This Certificate does not exempt these Data Protection Principles:
4 Personal data shall be accurate and, where necessary, kept up to date.5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
However, since the Information Commissioner's enforcement powers are crippled (remember that only the Information Commissioner can bring a case to court under the Data Protection Act) , there is no penalty for the National Security Units if they deliberately or negligently abuse the other Data Protection Principles as well e.g. by losing a laptop computer stuffed full of sensitive personal data, or if a corrupt member of a National Security Unit sells the data to their contacts at a private investigation firm, that firm and their customers cannot be prosecuted under the Data Protection Act either.
How does this increase our "national security" ?
Jacqui Smith
The Right Honorable Jacqueline SmithDated: 4th July 2007
I confirm that the Secretary of State for the Home Department approved this Certificate and it was signed with her personal stampSigned: P.Wylie
Name: PAUL WYLIE
Dated: 4th July' 07
The background justification document
There is also a 16 page background document, seemingly prepared by Bircham Dyson Bell LLP, who seem to be "Solicitors and Parliamentary Agents" of 50 Broadway, London SW1H 0BL, (conveniently within line of sight of the Metropolitan Police HQ at New Scotland Yard, also in Broadway).They claim to be "progressive" on their website. Does "progressive " imply some sort of New Labour patronage or financial links ?
See Documents setting the reasons for granting certificate under section 28 of Data Protection Act (706Kb .pdf).
It contains lots of irrelevant generalities about why National Security Units sometimes require Secrecy, but , so far as the specific justification for this particular scheme, it concentrates only on the Data Protection Act, and only mentions the Regulation of Investigatory Powers Act 2000 in passing.
Why was this background document prepared by external solicitors ? Does the Home Office no longer employ any in-house lawyers of the required calibre ? Perhaps the Home Office civil servants still retain too much sense of honour and fair play to sully themselves with such a Mass Surveillance project.
13.4 The bulk transfer of the Camera Data is proportionate in all of the circumstances,as without all of the Camera Data it is not possible to:13.4.1 track patterns and eliminate those patterns that are not a threat to national security, or
13.4.2 identify those individuals or groups targeting London using the road network that could pose a threat to national security.
13.5 If only a small proportion of the Camera Data could be held by MPS, or only vehicles that had been identified by other intelligence means could be targeted, it would not allow the detailed level of analysis required and a threat may not be identified.
These alleged "reasons" provide no justification whatsoever for real time data transfers
We must be stupid, because we cannot see how this scheme is going to be able to pick up any genuine "patterns" whatsoever, any better than random selections, from the Congestion Charge ANPR data.
Previous IRA and INLA vehicle bomb attacks on London have involved vehicles which were fitted out with their explosive payloads in dedicated, purchased vehicles, which were not used for reconnaissance or as general transport by the plotters.
The July 2005 bombers and attempted bombers would not have been detected by this scheme had it been in operation then.
If, as is claimed, the June 2006 failed incendiary vehicle attacks in the Haymarket and Cockspur Street were a surprise to the authorities, then these vehicle movements would not have generated any pattern on the night of the attack, or before.
Instead of fake vehicle number plates being a very rare phenomenon, used only by bank robbers etc., the London Congestion Charge has resulted in thousands of vehicles with false or modified plates, with innocent vehicles of the same model and colour having their number plates "cloned" by fraudsters. Is the remote likelihood of a £1000 fine really going to deter a terrorist from using such a well established countermeasure ?
This lack of any technical or business case or any evidence that this mass surveillance approach can work at all, let alone be cost effective, is exactly what we also expect to see trotted out to support the function creep for "national security" grounds with other "database state" large scale database projects e.g. the proposed National Road Pricing scheme or the National Identity Register.
Will nobody stop these Labour government control freaks from abusing the freedoms and liberties of the vast majority of innocent people, for no measurable results against terrorists ?
There is no excuse for secrecy about the Data Retention policies for when innocent people's data will be expunged from the system, if ever. Publishing and enforcing such a policy would not endanger "national security", and it might go some way to defusing the fear turning to hatred, which these bureaucratic "big brother" surveillance schemes engender in the minds of the innocent public. Surely the the police and intelligence agencies and the politicians should be trying to win the active support of the general public and especially of minorities who are already unfairly targeted for Terrorism Act 2000 section 44 stop and searches.
We fear that other CCTV / ANPR schemes will also be sucked into this "national security" data trawling black hole e.g. the London Low Emission Zone cameras, the other TfL traffic cameras within "the Area" of Greater London and the future National Road Pricing scheme over which the Labour Government ignored and insulted the 1.8 million people who signed the online petition on the Prime Minister's website.
This London Congestion Charge ANPR Mass Surveillance scheme, and several other recent ones, stir up a grudging resentful attitude of hopeless acceptance at best, and actual hatred for the Government and authorities at worst, when inflicted on the public in such a furtive manner.
The Police state is well on its way. Do not vote for them.
> Shame on all you privacy and security experts and on the mainstream media out there for not noticing this back in August!
Statewatch did notice it. From Statewatch News Online, 29 August 2007 (19/07):
==
17. UK: On 4 July 2007 Home Secretary signed a Certificate exempting the use of data collected for the London Congestion Zone and London transport systems through CCTV, audio and any other surveillance device from the provisions of the Data Protection Act when accessed and processed by the Special Branch, MI5 and other security agencies:
Certificate: http://www.statewatch.org/news/2007/aug/uk-london-tfl-exemption-certificate.pdf
The case of the certificate: http://www.statewatch.org/news/2007/aug/uk-london-tfl-exemption-case.pdf
==
Well worth subscribing to their newsletter for those with an interest in what's going on at the European level.
br -d
Thank you for such an excellent exegisis - regret that a feeling of "hopeless acceptance " is inevitable as the elected representatives sit mute and accepting.
Just as it is easy to obtain details illegally from bent coppers of registered owners of vehicles ... it will only be a matter of time before aggrieved spouses can track their partners transgressions. Probably the most cost effective use of the system as any terrorist will use the bus / walk.
Curious how the loaded limos of death (whose Reg Nos were never publicised, nor the "crystal clear" picture of the hastily departing driver)have dropped out of the news.
Presumably if their curious "terrist" mission triggered DPA/s.28/MPS/2007/CC1 they have done their job.
You guys have so many surveillance cameras, it's exactly like George Orwell's 1984. I realize the IRA was the reason for it, though now it is over, the cameras should come down, though they want to put up more. Maybe everyone should wear those fake eyeglasses that have the nose and the moustache, that way, they won't know who to go after... Link to that blog post below...
Christopher Winkler
http://www.eyespypro.com/blog/?p=4