Yesterday’s Sunday Times carried an alarming story on its front page about the mobile phone data of 27 million EE customers being sold to IpsosMori, and in turn onto third parties including the Met Police.
The paper would clearly have not published without a sufficiently high standard of evidence and the Met police’s reaction – to suddenly announce it was abandoning the plans, despite high-level meetings in recent weeks – suggests a nerve has been touched.
The paper’s evidence is clearly damming. “Documents to promote the data reveal that it includes “gender, age, postcode, websites visited, time of day text is sent [and] location of customer when call is made”. They state that people’s mobile phone use and location can be tracked in real time with records of movements, calls and texts also available for the previous six months.”
We have already made Freedom of Information Act requests for these documents, and urge IpsosMori to publish them urgently to allay public concerns.
Everything Everywhere needs to come clean on what data it is releasing, and why it is storing this data where there is no business purpose.
More than a year ago, we learned that the Home Office was resurrecting it’s plan to monitor every British citizens’ internet use.
Big Brother Watch led the charge against these plans, giving evidence to Parliament, urging our supporters to write to their MPs and being the central force in the media campaign against the so called Snoopers Charter. We highlighted how the Home Office had misrepresented the work of the Child Exploitation and Online Protection Centre to support the bill, demonstrated alternatives were available – and that was before the technology companies tore into the proposals.
When the Joint Committee on the Draft Communications Data Bill published our report, we hosted a press conference that included David Davis MP, Jimmy Wales, Sir Chris Fox and Lord MacDonald.
Last week, we published 15 reasons why the Bill was the wrong approach.
The Deputy Prime Minister, Nick Clegg, has just announced that the Communications Data Bill is dead. He said on LBC : “What people dub the snoopers’ charter, that’s not going to happen – certainly with Lib Dems in government.”
(Governments by convention never comment directly on the content of the Queen’s speech so it is impossible for it to be explicitly ruled out, however “not going to happen” is a fairly clear signal.)
Nick Clegg has made the right decision for our economy, for internet security and for our freedom.
The Home Office still appears to be pressing ahead with it’s plans to monitor the internet and many of our supporters have asked for an update of what is happening. Simply, we do not know. The process remains as it began – closed, without public consultation and driven by desire to implement the same pre-determined solution we have seen for nearly a decade. So, as we are unable to say what is happening, we can summarise the wide range of arguments – many of which were not considered by the Joint Committee on the draft Bill – why the Bill is the wrong approach at the wrong time.
- The policy is based on the argument that less data is available now. This is plainly untrue. Far, far more data is available now, however it is unclear if the police are able to make best use of this new data.
- It tries to force the internet into the framework of landline telephones.
- The cost of the plan – £2bn – will be taken from front line policing budgets to pay for another massive Whitehall IT project, instead of funding more specialist officers and better training.
- It has been formulated without public consultation, while one company – Detica – is apparently both providing advice on what is feasible, while also selling the consultancy and hardware required to implement the law.
- Encrypted communications will not be captured, at a time when businesses are moving to more encryption. The policy risks driving the uptake of secure communications, reducing even further the amount of data available.
- The policy involves paying private companies to create and store data about how their customers use the internet, when they have no reason to do so other than the state demanding it.
- It also allows for service providers to be ordered by the Government to collect data about third party services, including foreign companies.
- Less democratic regimes will be at liberty to monitor the emails and internet use of every citizen under the guise of ‘we are doing what Britain is doing’. This destroys decades of foreign policy work on maintaining a free and open internet.
- It puts Britain at a major competitive disadvantage internationally – small companies will not want to start here in fear of growing large and being slapped with an Order from the Home Office, while those served will be hamstrung by the technical specifications imposed on them by Whitehall and the need to divert resources to comply with the requirements
- It will do nothing to improve the ability of law enforcement agencies to access data held by foreign companies, who co-operate voluntarily.
- Equally, it does nothing to speed up the legal process for international requests for data
- It retains a model of the police self-authorising access to data, without independent or judicial oversight
- As soon as the data is collected, the list of people with access will grow. From the Health and Safety Executive to divorce lawyer, as with every previous law of this type the number of people who have access will only grow.
- It risks introducing security vulnerabilities into communications networks that form a core part of our critical national infrastructure.
- There is a risk of legislating too soon to fix a perceived problem that turns out to be the wrong approach, without considering a wider range of approaches. (Remember how the Digital Economy Act turned out?) The Home Office decided on this approach a decade ago and have barely revised their approach since the 2009 consultation that ruled out a central database.
In summary, this is an out-dated, poorly formulated policy and risks doing more harm than good. No wonder then that the Home Office don’t seem keen to talk about it or undertake any kind of public consultation.
New research published today by Big Brother Watch/ComRes finds that the majority of the British public are concerned about their online privacy (68%) with nearly a quarter (22%) saying that they are very concerned.
People are more likely to say that consumers are being harmed by big companies gathering large amounts of their personal data for internal use (46%) than they are to say that this enhances consumer experiences (18%).
A clear majority (66%) of the British public say that national regulators should be doing more to force Google to comply with existing European Directives on privacy and the protection of personal data
Southampton Council’s attempt to justify it’s policy of requiring taxis to record audio and video of every journey took another blow yesterday when the ‘First Tier Tribunal’ ruled against it.
The case stems from a complaint made by Big Brother Watch and others to the ICO, and led to Oxford council abandoning it’s policy and Southampton being given an ‘enforcement notice’ – essentially a prosecution for breaching the Data Protection Act.
As reported by the barrister’s chambers 11KBW, who acted for the Information Commissioner’s Office in the case, “what the Council disputed was (1) the conclusion that the policy involved the processing of “sensitive personal data” as well as personal data; and (2) the ICO’s finding that the recording and retention of audio data was a disproportionate interference with passengers’ privacy rights under Article 8 of the European Convention.”
On both points, the tribunal ruled against the council, saying the policy was disproportionate and accepting the risk of “function creep”.
With lawyers highlighting that this case sets an important precedent for surveillance and data protection law, we hope that in future councils will not be so quick to implement policies that so blatantly trample on the privacy of people without any kind of justification.
The only decision Southampton Council can now make is to abandon this ludicrous policy and we will be writing to them to demand they do so immediately.
Today’s Daily Mail reports on the latest NHS database plan, which will see information held in GP’s surgeries being extracted and transferred to a new central system.
The agenda in the NHS to share data is far more than just monitoring how heath services are used. We may be witnessing the beginning of the end for patient privacy in the NHS.
Ross Anderson, professor of security engineering at Cambridge University, told the paper: ‘Under these proposals, medical confidentiality is, in effect, dead and there is currently nobody standing in the way.’
Today’s announcement from the Health Secretary that all patient medical records will be held in electronic form by 2018 has grabbed some headlines, but the underlying privacy risks seem to have been given short shrift.
Paperless records is a nice soundbite but the change creates significant privacy risks. The Department of Health needs to be absolutely clear who will hold our medical records, who can access them and reassure patients that their privacy will not be destroyed in another NHS IT blunder.
Detail on how patients will give their consent, who will have access and what rights patients will have after sharing is sparse. As we have previously highlighted, barely any NHS systems have the ability to give patients the option of seeing who has looked at their medical records. Without this audit trail, abuse is often very difficult to spot.