If the UK is serious about conducting a proper debate on mass data collection and surveillance transparency, they would do well to take note of the issues raised in Foreign Intelligence Surveillance Court (FISC) documents recently released by the US. In a redacted, 117-page document [PDF], FISC Judge John Bates heavily criticised the NSA’s repeated ‘overcollection’ of data, stating that:
“The government has said nothing about how the systematic overcollection was permitted to continue, [redacted]. On the record before the court, the most charitable interpretation possible is that the same factors identified by the government [redacted] remained unabated and in full effect.”
Alarmingly, not only was too much data collected but, as Judge Bates also highlights, it “included some data that had not been authorized for collection.” The document shows that the agency struggled to collect metadata – the who, when and where – without also collecting information such as the content. (For more information about metadata you can read our briefing here)
Finally clarifying what was already widely accepted, a publication by the Information Commissioner’s Office (ICO) has confirmed that surveillance legislation is “complex”. “Surveillance Road Map” (PDF) seeks to set out the responsibilities of each body tasked with overseeing the laws that govern surveillance as well as highlighting some of their overlapping functions.
One of the aims of the guidance is to show members of the public “the avenues available to challenge or complain about any alleged breach of surveillance legislation”. Whilst this is a laudable aim it misses the real problem: that in too many cases roles are unnecessarily duplicated.
One prime example is of the Surveillance Camera Commissioner (SCC) and the ICO. The guidance states that the two bodies’ CCTV Codes of Practice “dovetail”; in fact they repeat each other. There is no reason for both bodies to be responsible for CCTV oversight. As the document points out the SCC has no “complaints handling or enforcement function”. Action should be taken to rectify this, as a result the SCC could be made responsible for a single, enforceable Code of Practice and the ICO would be able to focus more attention on its other functions.
The patient-doctor relationship is the bedrock of the NHS, where patient confidentiality and trust in that system must be constantly maintained. Failure to maintain this trust could have devastating consequences for both individual patients and the NHS as a whole, which is why we are concerned that Greater Manchester Police has said that it wants direct and regular access to medical records.
In an interview with The Guardian, Sir Peter Fahy, the Chief Constable of Greater Manchester Police, has said that “we could do a better job if we have greater access to information, which it is currently hard for us to get.”
Public bodies do not have a great track record on data protection and as sharing private information around more public bodies only increases, so does the risk that it will be leaked, lost or otherwise revealed. Big Brother Watch has previously drawn attention to the scale of data breaches in reports such as Local Authority Data Loss and NHS Breaches of Data Protection Law. Specifically on the subject of medical records we have given evidence to the Health Select Committee (pdf) on the flaws in the proposed care.data scheme.
In a victory for transparency, the Government has announced that from today members of the public and journalists will be able to film and report on all public meetings held by local councils in England.
The Openness of Local Government Regulations 2014, signed into law by the Communities and Local Government (DCLG) Secretary Eric Pickles, will allow citizens to use 21st Century techniques such as tweeting and blogging to report on council meetings. It will also allow them to view material relating to some decisions made elsewhere by officers acting under a “general or specific delegated power”.
The move to update the law follows attempts by DCLG to use non-legislative methods, including the publication of guidance which explicitly confirmed that members of the public could overtly film council meetings. Sadly some councils chose to ignore this step.
You may remember the now infamous “ring of steel” system of ANPR cameras that was placed around Royston, which was ruled to be unlawful by the Information Commissioner’s Office (ICO). A year on from that ruling, figures have been published which show that since Hertfordshire Police was forced to dismantle the system there hasn’t been a sudden and uncontrollable outbreak of lawlessness and crime.
Crime statistics, recently released by Hertfordshire Police, show that between April and June 2013, when the ANPR system was still in place,172 crimes were committed. When comparing this to the same period in 2014 it turns out that 171 crimes were recorded, a drop of 1.
The scheme originally involved the position of ANPR cameras in such a way that it was impossible for motorists to drive in or out of the town without being filmed. In July 2013, the ICO ruled that the Police had failed to carry out “any effective impact assessments” whilst commenting that “it is difficult to see why a small rural town … requires cameras monitoring all traffic in and out of the town, 24 hours a day”.
With Police forces around the UK conducting trial schemes and roll outs of body worn cameras (BWCs), we have created a briefing on the use of the technology which can be viewed here (pdf).
The largest trial has taken place within the Metropolitan Police Service, beginning on 8 May 2014 and seeing the distribution of 500 BWCs to officers in 10 London boroughs in an aim to repeat the success of a similar scheme in Rialto, Los Angeles. The £815,000 trial scheme will see the distribution of BWCs to police officers in Barnet, Bexley, Bromley, Brent, Camden, Croydon, Ealing, Havering, Hillingdon and Lewisham. The MPS and Ministers believe that the pilot will show whether or not BWCs will boost accountability, improve the accuracy of evidence and speed up convictions.
Following York Council’s announcement that the city is to become the first in the UK with city-wide free Wifi, the Council has found itself in hot water for failing to properly inform users about the fact mobile users could find personal information, including their precise location, exposed.
It has been reported that when mobile users sign up for the free WiFi service they are inadvertently handing over vast amounts of personal information. The technology picks up signals from your mobile and links them with your social media profile on your smartphone – storing information such as your age, gender, interests, friends and your location. A BBC report shows exactly how the information is used and analysed.
Whilst we have become accustomed to accessing internet services for free in the expectation that our data will be used for marketing or advertising purposes (there is no such thing as a free lunch after all), we continue to call for internet users to be provided more transparent information about what happens to their data when they sign up for a service.
Journalists and publishers are at risk of being branded as terrorists, warns a report into the UK’s terrorism legislation.
The report entitled The Terrorism Acts in 2013 was authored by Professor David Anderson QC, the Independent Reviewer of Terrorism Legislation. It covered topics such as the use of stop and search powers by the police as well as how often Section 7 of the Terrorism Act 2000 was used to question and/or detain travelers.
Perhaps the most interesting (and worrying) section considered the definition of terrorism and under what circumstances terrorism legislation could be applied. Looking at the judgement in the case of David Miranda Professor Anderson highlighted the fact that “the publication (or threatened publication) of words may equally constitute terrorist action”.
As Professor Anderson explained the ruling raises the possibility that the author of a book, newspaper article or blog could be treated in the same way as a person who carries out more recognisable forms of terrorism, such as “shootings” or “hostage takings”.
All that is needed for this to happen is for the published material to be judged to be for the “purpose of advancing a political, religious, racial or ideological cause, designed to influence the government and liable to endanger life, or create a serious risk to health or safety.”
Even plans made with the best of intentions can go awry. In a speech made last week, Mark Hoban, a former Minister of State for Work and Pensions, floated the idea of combining previously separate personal financial information into a single database.
Mr Hoban argued that “It would be great if we could use the Retirement Saver Service to store data on their savings, pensions – state and private – and housing”. The idea is that it would give individuals a clearer idea of their current savings situation as well as helping to signpost any necessary action they would need to take in the future.
At the moment the regulatory framework simply isn’t good enough to ensure that another new database would be secure. The sanctions that are available for punishing those who misuse personal information and break the Data Protection Act 1998 are almost non-existent. At present the most any breach will receive is a fine, there is no option for a court to hand down a custodial sentence. When compared to the financial gains that can be made through selling the information on, a, usually small, fine cannot be considered to be an effective deterrent.