January 2005 Archives

Below is our reply to the request for clarification about our Freeom of Information Act request for the official meeting diaries, agendas of meetings, travel and entertainment expenses of the senior members of the Home Office's Identity Cards Programme Team.

"Please state over what time period you are seeking this information"

September 11th 2001 onwards should suffice.

Home Secretary David Blunkett started mentioning ID Cards on September 14th 2001, in response to the September 11th attacks in the USA. He announced an "Entitlement Card" consultation in February 2002, which was published in July 2002. Presumably this was all handled by the Identity Cards Policy Unit headed by Stephen Harrison

The Identity Cards Programme, headed by Katherine Courtney does not seem to have come together until about June 2003, although it is "very much integrated" with the Policy Unit.

It is unclear from the letter of reply if the new position of "Head of Marketing" for ID Cards advertised in October 2004 has yet been filled.

Our reply:

A good question, but at least this implies a willingness to provide some or all of the information requested, rather than a blanket refusal.

Would it be reasonable to ask for the "official meeting diaries, agendas of meetings, travel and entertainment expenses" from the "Entitlement Card consultation" phase back in 2002 ? The Freedom of Information Act 2000 does allow for past records to be published as well as current ones.

So far as we can remember, Stephen Harrison was involved back in 2002, but Katherine Courtney was not appointed until 2003 and the post of Head of Marketing was not advertised until October 2004, so perhaps this functionary has not yet taken up his or her post yet.

Any suggestions from those of you who are interested or have knowledge of the occurance of meetings which could illuminate the debate on the Government's controversial plans for ID Card and compulsory centralised biometric population register schemes, would be welcome.

The Home Office was one of the two Whitehall Departments which did not or could not, give out figures on how many FOIA requests they have received, out of the 900 requests in the first week reported in the Financial Times. Although this request was not sent in during the first week of January, we will indulge in our usual Home Office kremlinology, to speculate as to whether or not the reference number of this correspondence gives any clues as to how many FOIA requests the Home Office might be getting.

"Reference: 050126IDCFOI/MI/001/5"

There is the reference to "IDC" (ID Cards ?) and "FOI" (presumably Freedom of Information ?). Does "001/5" mean January 2005 or the first such request in the year 2005 or something else ?

The letter from the Home Office, is dated 26th January, postmarked 27th January, and was received on the 29th January 2005 i.e. after only 2 working days, plus postal mail delays - the quickest response to one of our FOIA requasts so far:

Mark Oaten, the Liberal Democrat Home Affairs spokesman has received a Written Parliamentary Answer from Des Browne, the Minister for Citizenship and Immigration regarding the recent meetings held by the Identity Cards Programme with the private sector in the last 6 months.

They seem to have attended about 20 conferences and seminars, and had meetings with at least 60 companies.

You may well wonder what meetings, if any, there have been with people or groups who are worried about the privacy and security of the proposed scheme, or who are opposed in principle to some or all aspects of it.

Perhaps our FOIA request for meeting diaries, minutes, agenda etc. will make things clearer.

We have had a request for clarification about our FOIA request to the Department for Work and Pensions, regarding the DWP-IR Longitudinal Study Ethics Committee.

This seems to be a very promising response to our request, after only 13 working days

Our inline reply to the request for clarification.:

We have an email acknowledgement (semi- automated ? ) from the Department for Education and Skills, with a year/number type reference code, for the second of our FOIA Requests, regarding the OECD PISA study.

Interestingly "the departmental standard for correspondence received is that responses should be sent within 15 working days", so, in theory, the 20 days FOIA statutory response period should present them with no difficulty.

We have had an email reply from the Home Office, after 16 working days, for our FOIA request regarding the Identity Card OGC Gateway Reviews. This is essentially similar to the reply we had from the Office of Government Commerce, saying that they cannot fulfill this by the requested date i.e. last Friday 21st January, but leaving open the chance that they might succeed in replying within the statutory 20 working days.

The email reply from the Home Office:

Now for a Freedom of Information Act request of a type which is very common in say the USA. This one asks for the offical meeting diaries and agendas of meetings, travel and entertainment expenses of some of the Civil Servants in charge of the Identity Cards and National Identity Register scheme in the Home Office.

The impression they give is that they seem to be very willing to meet with private industry representatives and lobbyists, but not with any civil liberties and privacy campaigners. Perhaps this will be a chance for them to set the record straight.

Given the scale of the project disaster that we fear, it behooves Civil Servants to keep records and minutes of all of their meetings with their political bosses and with industry lobbyists and representaives, for when they face questioning before the inevitable Public inquiry or a Parliamentary Select Committee.

Since billions of pounds of taxpayers money and the privacy and security of all the general public for the rest of the 21st century is involved, it will not be acceptable for another outbreak of collective amnesia and lost or forgotten correspondence to occur in the Home Office, as it did apparently during the investigations which lead to the resignations of Minister for Citizenship and Immigration Beverely Hughes and Home Secretary David Blunkett.

Our second FOIA request to the Home Office:

We have sent in a Freedom of Information Act request to the Office for National Statistics regarding the Citizen Information Project

There is allegedly meant to be some sort of report about this massive database system and how it does or does not interact with or duplicate some or all of the National Identity Register

We have been told through confidential channels that there might be some very worried people in the ONS, who fear that the Citizen Information Project, especially if it is linked to the National Identity Register will either pollute statistical validity of Census based data. There are already parts of our cities where the Census data is simply not statistically valid, due to the fears of people about the the Poll Tax / Community Charge. how much worse will this get with the National identity Register and theID card scheme ?

The National Statistician and Registrar General for England and Wales, Len Cook is going back to New Zealand when his contract expires this year, could the Citizen Information Project have contributed to this decision ?

Our first FOIA request to the Office for National Statistics:

Our second FOIA request to the Department for Education and Skills requests more information on the OECD Programme for International Student Assessment, which seems to be conducted in many countries at the same time and compares the educational standards of 15 year olds.

According to a suggestion on this website, it appears that the UK or at least England may have pulled out of this study. Certainly getting information about the UK involvement with PISA cannot be done at present from what is published on the DfES website.

The DfES instructions for sending in requests say that they should be marked in bold thus:

PUBLICATIONS SCHEME REQUEST

Our second request to the Department for Education and Skills:

Our first request to the Department for Education and Skills. Confidential sources suggest that the DfES may have tried to grab data on all children in the UK and possibly all their parents and guardians from the Department for Work and Pensions, who, it would seem "did the right thing" and refused.

DfES has been granted massive powers und the Primary Legislation of the Children Act 2004 section 12 and 29, thereby being able to sidestep both the Data Protection Act and the Human Rights Act and specifically to force the breach of Common Law duty of Confidentiality for professional medical, educational, social worker etc. advisors with their clients.

"11) Regulations under subsection (5) may also provide that anything which may be done under regulations under subsection (6)(c) to (e) or (9) may be done notwithstanding any rule of common law which prohibits or restricts the disclosure of information."

Given that the relatively small scale Reducing Youth Offending Generic Solution (RYOGENS) project is seen to be a model for such national databases, we have also probed to see if similar requests for data on "all children" have been sent to the Police, the Probation Service or the National Health Service.

This is also an experiment to see if several similar requests can be bundled up as one, or if they need to be sent in individually.

Our first request to the Department for Education and Skills:

Hooray we have our first sucesseful Freedom of Information Act Request ! Well, almost.

We requested a copy of a Mobile Phone Industry Code of Practice regarding Location Based Services, especially those aimed at Children and Vulnerable Adults, from Ofcom, the Industry Regulator.

We have got a reply ref: FOI Case 2360053 (does that mean the 53rd FOIA request this year ?) after only 8 working days.

The email reply is attached below, and includes:

"I have spoken to colleagues in the sections of Ofcom likely to have knowledge of this and we do not believe that Ofcom has been involved with work to produce such a code. As such, and following a search of our paper and electronic records, we do not hold the information you requested."

Fair enough. However this does raise the question of exactly why was Ofcom, the Mobile Phone Industry regulator not involved in even any discussions about a Mobile Phone Industry Code of Practice covering such a sensitive and controversial issues like the privacy and safety of children.

"However, an internet search has found [URL ] which appears to be the Code you are seeking and you may wish to contact the Mobile Broadband Group, whose details are given, if you require further information."

Yes indeed, the URL that they have pointed us to does seem to be the right sort of document entitled:

"Industry Code of Practice

For the use of mobile phone technology to provide passive
location services in the UK

24 September 2004"

However, the URL quoted does not belong to any of the Mobile Phone Network companies, or the Location Based Service providers, or the Children's Charities which were involved in drawing up this Code of Practice.

An email from the Office of Government Commerce:

Subject: Freedom of Information Act request ref 92247
Date: Tue, 18 Jan 2005 16:20:25 -0000
From: "yyy" yyy @ ogc.gsi.gov.uk
To: xxx @ xxx

Dear Mr xxx,

Thank you for your request for information dated 1 January 2005, received by OGC on 4 January 2005.

You asked for the information requested to be supplied by 21st January.

This is to let you know that we will be unable to meet your deadline.

We will contact you if we are unable to respond within the 20 working days set out in the Freedom of Information Act.

With regards

yyy
Head of Information Management

Office of Government Commerce
Rosebery Court
St Andrews Business Park
Norwich NR7 0HS, UK

Tel: +44 (0) 1603 nnnnnn
Fax: +44 (0) 1603 nnnnnn

http://www.ogc.gov.uk

"yyy" has the same name as can be found in the Microsoft Word properties of the onsite documents describing the OGS's Publication Scheme.

The 21st January deadline was so that the information could be public before the House of Commons Committee stage is completed on Thursday 27th January 2005.

This FOIA request is for specific reports, which can probably be found within a few seconds by the OGC staff on their intranet or the Governmnet's own Knowledge Network.

Has the Office of Government Commerce really had over 90,000 FOIA requests, or is the reference number 92247 some sort of subtle code ?

Does the wording of the reply imply that they will likely manage to comply within 20 working days i.e. by Tuesday 2nd of February ?

The Office of Government Commerce must get some kudos for

a) having an autoresponder on their email system,

b) for having replied with a personalised reply by email after only 11 working days

It is now about halfway through the statutory response period of 20 working days for the first of our Freedom of Information Act requests.

Thanks to links from Need To Know, Cryptome and The Register, various search engines and blog aggregators etc., we have had tens of thousands of web visits to this blog, and hundreds from *.gsi.gov.uk UK Government Secure Intranet gateways, Central Government Departments, Quasi Autonomous Non Govermental Organisations (QUANGOs) and Non-Departmental Public Bodies (NDPBs) and also from Local Government domains.

However, as suspected, we have had, as yet, no contact or acknowledgement from any of the public bodies we have submitted Freedom of Information Act requests to, apart from a couple of immediate automatic autoresponder/out of office replies from a couple of the email addresses we sent copies of our requests to.

Why doesn't the Department for Constitutional Affairs run a public website front end to a centralised FOIA request tracking system (we cannot possibly cope with even listing the over 100,000 public bodies apparently covered by the legislation) ? This would help them monitor the effectiveness of their FOIA strategy, and would cut down duplicate requests for the same exempted information over and over again e.g. the legal advice for the war in Iraq etc.

As we suggested earlier Ofcom are a quango with statutory powers to regulate several industries and are supposedly independent of Central Government. Therefore some of the exemptions to the FOIA do not apply.

If Ofcom deny all knowledge of the "Location Based Services Code of Practice", which at least one of their employees did over the phone in September, then there are serious questions to be asked about how seriously Ofcom is actually taking its duty to protect the public, especially in this case, children and vulnerable adults, from predators who could abuse the mobile phone network and commercial third party location based services.

A refinement on our previous requests was to remember to ask for corresepondence as well as emails etc.

Read the FOIA request sent to Ofcom:

In contrast to the DWP, finding the contact address for the Inland Revenue was much more staightforward.

An FOIA request is being sent to them, because, after all, they are supplying half of the sensitive personal data including names and addresses and financial records going back over the last 24 years.

One would hope that the Inland Revenue have some interest in what use is being made of this data, and are represented on the mythical Ethics Committee.

As with the DWP request, there is also a question about whether or not this sensitive data has been put at risk by the acknowledged internal IT security failures (sevral hundred incidents a year).

Read the FOIA request sent to the Inland Revenue:

Finding the appropriate address to send an FOIA request in the vast Department for Work and pensions, government within a government is not straightforward. They presume that people will contact their local DWP offices for information in the first place, which is not approrpriate for this particular FOIA request.

A good point is that they have now instituted a Secure Sockets Layer web email contact form, but with a fair amount of hunting around their Publication Scheme pages the IAD Information Centre postal address was found, and the Public Enquiry Office email address were found. The wpls@dwp.gsi.gov.uk email address allegedly for enquiries about the Longitudinal Study is the one which has managed to ignore our emails over the last year asking when the website would be updated with the information which they promised to publish

"Quarterly publication of the uses
To ensure that DWP are accountable to the public for all work on the data, an internet and paper-based list of uses (existing and new) will be published every 3 months. "

Similarly the details about the Ethics Committee which does not seem to have been set up, for a year now, hence our request.

The update of the Longitudinal Study list of uses web page this week, poses a few more questions, i.e. what is all this "REMOVED" stuff about ?

Read a copy of what was sent as a FOIA request:

Welcome to all the visitors to this blog website coming via the links posted by Cryptome and Need To Know.

"The shadowy figures behind SPY.ORG.UK (of which we cannot speak, but who have haunted NTK since issue 1) have started a blog to gather and their track Freedom of Information requests, so you can have a nice RSS feed of wriggling civil servant replies. And, just to make life even more snugly private, you can anonymously provide your own requests, which they will forward as a sort of human anonymising proxy."

We would feel honoured if people chose to trust us to act as such a Trusted Third Party to act as a "human anonymising proxy" intermediary for Freedom of Information Act requests.

For the vast majority of people who make a Freedom of Information Act request, there should be no problems, and no need to get someone else to submit their request.

Howver, given the attitude of some public authorities, some of who are raising the dubious spectre of "mosaic attacks" through multiple FOIA requests, some people may wish to make suggestions via this blog.

If you are feeling paranoid, feel free to use anonymous remailers and/or our public PGP encryption keys for blog@spy.org.uk - more likely to be used by our Cryptome visitors than the NTK ones, we suspect.

We are hoping that by publishing the details of the FOIA requests which our limited resources allow us to make, sympathetic people "in the know" will guide our requests towards specific documents which they are aware of, hidden through the obscurity of the what passes for public sector document management and filing systems.

Bear in mind the large list of exemptions to the FOIA and the discussions about government resources versus the public's right to be informed.

Perhaps this long overdue update was actually prompted by the visitors that this blog had from the UK Parliament and the central Government Secure Intranet yesterday.

Interestingly, the updated table of approved project uses for the controversial combined Social Security and Inland Revenue datasets, now includes varuous "REMOVED" entries.

Does this mean that even this summary of Business Cases has been redacted or censored from publication on the public world wide web ? e.g.

N.B. for Business Case 38, there is still an entry of "3" in the column for the "No of users given access"

Can we believe statements like:

"These have been and will be updated in the list below and posted on this page every three months."

which are demonstrably untrue - the old data from January last year was what was available to the public until at least Wednesday 5th January 2005 (we have saved copies)

There is still no information about the composition of the Ethics Committee, if it exists, or of any method to contact the committee, independent of the DWP bureaucracy.

FOIA requests to Central Government Departments are all very well and good, but there are thousands of Public Bodies which fall under the Freedom of Information Act 2000. Many of the list of exemptions do not apply to them.

In this category come Quasi Autonomous Non Govermental Organisations (QUANGOs) or Non-Departmental Public Bodies (NDPBs) through which various governments have tried to weasel out of having to take the political blame when things go wrong, by claiming not to have day to day control, but which they attempt to micromanage centrally , especially in terms of budgets and statistical targets.

One such seems to be the extraordinary mishmash which now constitutes the Office of Communications, Ofcom

Department for Work and Pension - Inland Revenue Longitudinal Study

We are still concerned that after an inital flurry of "open government" last year, the controversial linking of social security benefits, pensions and tax data, without any individual informed consent i.e. sidestepping the Data Protection Act because of Primary Legislation, has lapsed into secrecy and obscurity
c.f.

Where is the DWP-IR Longitudinal Study Ethics Committee ?

DWP-IR Longitudinal Study racial profiling

The very first use to which this combined data has been put is to create an electronic map of racial, ethnic and religous minorities, for compliance with the Race Relations Act. However, this is also an ideal tool for any future extremist government
to produce, at the touch of a button a list of addresses and a map of locations, to harass. arrest, deport or even kill such minorities.

So where are the safeguards and oversight of such a powerful system ?

Work and Pensions Longitudinal Study - Safeguards:

"Ethics Committee
An ethics committee will be established to consider proposals which have a significant ethical dimension. The Head of Data Services in DWP will be responsible for day-to-day decision-making on access to the data. The Ethics Committee will monitor the decisions and will advise on those decisions which the Head of Data Services has referred to the Committee. The Committee will consider expert legal advice and will be made up of statistical and research experts as well as representatives of employers and individuals."

A year after this web page went online, and there is still no mention of who exactly is serving on this Ethics Committee, or any information about its reports or any contact details or any mechnaism for members of the public to complain.

Quarterly publication of the uses

To ensure that DWP are accountable to the public for all work on the data, an internet and paper-based list of uses (existing and new) will be published every 3 months."

There has been no update of this alleged "quarterly update" after the first quarter of 2004 - where are the missing three quarterly updates ? Even if no new uses for these controversial combined Social Security and Inland Revenue datasets have been sanctioned since April 2004, then that should be made public.

Proposed Freedom of Information Act Request for information on:

All emails, minutes of meetings and reports pertaining to the Longitudinal Study Ethics Committee.

The missing three quarterly publications of permitted uses of the Longitudinal Study Datasets.

Given the number of admitted breaches of computer security by staff at the Inland Revenue and the Department for Work and Pensions (hundreds of cases a year dealt with through internal discplinary action, rather than the virtually useless Computer Misuse Act or the Data Protection Act), how many of these incidents involved people or systems with direct or indirect access to the Longitudinal Study datsets, both at the DWP, and at the IR ?

Have the combined Longitudinal Study datasets been made available in whole or in part, in batch processing mode, or in realtime, to any other UK Government Departments or Agencies, or to any Commercial Companies, or to any Foreign Governments ? If so, under whose authority, to whom, when, why ? etc.

How many complaints have there been from members of the public regarding the Longitudinal Study ?

How many members of the public have been supplied with copies of their own Longitudinal Study data ?

Are FOIA requestors going to be treated by the Police as if they were part of an organised "mosaic attack" intelligence gathering operation conducted by criminals or terrorists ? c.f. this Spy Blog article:

"FOIA requestors to be treated as suspects by the Police ?

"Is Spy.org.uk wrong to solicit suggestions for FoIA requests?"

Thanks for the interesting blog article James ! It really never occurred to us that anybody would object to our small experiment in exercising our newly granted legal rights under the Freedom of Information Act 2000!

The first Freedom of Information Act requests have now been sent to:

OGC Service Desk
Office of Government Commerce
Rosebery Court
St Andrew's Business Park
Norwich
NR7 0HS

Copy sent by email to: ServiceDesk@ogc.gsi.gov.uk

and

Direct Communications Unit,
7th Floor Open Plan Suite
The Home Office
50 Queen Anne's Gate
London,
SW1H 9AT

Copy sent by email to: public.enquiries@homeoffice.gsi.gov.uk

The text of the request to both of these Departments is the same, and it will be interesting to see how each one is handled: