The report entitled Enemies of the Internet is released to coincide with World Day Against Cyber-Censorship and comes on the same day that Sir Tim Berners-Lee has called for a Digital Bill of Rights to safeguard an “open, neutral” internet. It identifies specific government agencies such as GCHQ that have used the pretext of national security to move beyond their core duties and into the strategy of mass online surveillance that is prevalent today.
The independent inquiry by Mark Ellison QC, which was established to review the Stephen Lawrence murder investigation, has revealed “wrong-headed and inappropriate” use of undercover policing. The conclusions of the review make it very clear that there was an “extraordinary level of secrecy” at play.
The Home Secretary, who has described the findings of the review as “deeply troubling”, has been a leading force behind the review into the case of Stephen Lawrence and is to be applauded for her efforts. She has now announced that a judge-led inquiry will take place into undercover policing, as she fears that the abuse of powers in this case is not an isolated incident. The Home Office is also currently holding a public consultation into the use of covert surveillance powers.
The revelations about the potential for there to have been unfairness in some of the Metropolitan Police’s (MPS) proceedings, alongside efforts to discredit the family of Steven Lawrence, quite rightly brought cross-party condemnation. Taken alongside revelations about the scale of internet surveillance, the wider questions about the oversight of our law enforcement and intelligence agencies are too important to ignore.
Clearly when data is held by a third party, a different set of risks exist – from concerns about foreign Government access to the use of the data by the third party for other purposes. Patients appreciate their information will be held by the NHS but do they think it will end up on a server in California run by companies who base their business model on knowing more about people? That is perhaps what is most troubling about the revelation that PA Consulting uploaded the entire NHS England hospital patient database was uploaded it to Google.
The point was highlighted by Sarah Wollaston MP, a member of the Health Select Committee, who tweeted: “So HES [hospital episode statistics] data uploaded to ‘google’s immense army of servers’, who consented to that?”
Big Brother Watch has issued a briefing note on the Consumer Rights Bill, with specific emphasis on a proposed amendment which will ensure consumers will be able to access data quickly, easily, and in a usable, digital format.
It is hoped that the Consumer Rights Bill will ensure that more emphasis is placed on the importance of transparency and data security. It is right that individuals should have more power to question organisations and be provided with information that is actually in a usable format.
It is remarkable that despite being in a digital age, if consumers want to request information from a utilities company, you are still required to send a £10 cheque in the post with the response then being provided in a paper format. Labour’s amendment will modernise the way organisations communicate with their customers, enhancing both transparency and consumer rights.
Today’s remarkable revelation that GCHQ has been capturing images (a “surprising” number of which were of people who may not have been fully clothed)
As the Guardian reports:
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Secretly intercepting and taking photographs from millions of people’s webcam chats is as creepy as it gets. We have CCTV on our streets and now we have GCHQ in our homes.
It is right that the security services can target people and tap their communications but they should not be doing it to millions of people. This is an indiscriminate and intimate intrusion on people’s privacy.
It is becoming increasingly obvious how badly the law has failed to keep pace with technology and how urgently we need a comprehensive review of surveillance law and oversight structures. As more people buy technology with built-in cameras, from Xbox Kinect to laptops and smart TVs, we need to be sure that the law does not allow for them to be routinely accessed when there is no suspicion of any wrongdoing.
Orwell’s 1984 was supposed to be a warning, not an instruction manual.
Despite opposition from the public, church leaders, legal experts, MSPs and civil liberties groups, the Children and Young People Act was passed in Scotland. This new piece of legislation now means from birth until the age of 18, every child in Scotland will have a specific state-appointed ‘guardian’ to safeguard their interests and oversee their safety. Initially, this person is likely to be a health visitor or midwife, with the role latterly being taken over by a school teacher who will have a “duty” and responsibility to act as the child’s guardian. Not only that, but to allow these ‘guardians’ will have legal authority to access information from the police, council, NHS, amongst others.
Resources should be focused on those families in genuine need and on those children in real danger. As soon as you create an army of guardians they are going to have to justify their positions and that will mean more paperwork, more intrusion and more families being treated as suspects when they have done nothing wrong.
In a campaign victory for Big Brother Watch, medconfidential and others, the care.data scheme has been delayed for six months.
This is not the end of the issue. We have significant ongoing concerns regarding the care.data scheme, both in terms of how patients have been told about what is happening and the long term privacy implications of creating a new database and releasing data that could be used to re-identify patients.
We welcome the fact that NHS England has recognised its efforts to communicate the scheme have been inadequate, something we have repeatedly warned about, not least the use of a junk mail leaflet to households that did not mention any of the risks involved.
Simply, however, NHS England had one job – to ensure patients and GPs were properly aware of the scheme and could make an informed choice about participation. Despite more than a year to achieve this, they have totally failed to do so. NHS England has serious questions to ask about its strategy that has tried to railroad through a significant change in how our medical records are used.
Today two articles have appeared on care.data, with are worthy of a few comments.
Firstly, George Freeman MP writes in the Telegraph:
“We must do everything to ensure a robust regime that will protect data from hacking and from any potential misuse. But at the same time, we must not block life-saving advances.”
As we have repeatedly pointed out, the Data Protection Regime is woefully inadequate and those who committ a criminal offence under Section 55 of the DPA cannot be sent to prison, merely fined. Mr Freeman does not suggest this should change, as we have repeatedly called for.
Equally, Mr Freeman writes: “we need to move health from being something done to you by government to something citizens take responsibility for themselves”
Interestingly, Mr Freeman also has his own legislation on this topic – the Patient Data Bill. The first two principles the bill states are:
(2) The Ownership Principle is that patients own their medical data.
(3) The Control Principle is that patients have the right to access their medical data and to control its use (including the right to share it for research or other purposes).
Yet care.data does neither of those things – quite the opposite. If you believe in people controlling their records, pulling them into a central database purely on the back of a junk mailing is hardly making patient ownership and control a reality.
From passing on incorrect information to snooping on friends, a number of shocking data protection breaches in police forces have been uncovered. With hundreds of incidents every year it is time to start asking whether it is too easy for police databases to be abused to snoop on innocent people.
Big Brother Watch has long been concerned about the number of data breaches occurring within police forces. In 2011, we published the report ‘Police Databases: How More Than 900 Staff Abused Their Access’. The report highlighted a shocking number of data protection breaches and the subsequent limited number of punishments that were handed out. We also commented on the recent case of a police officer being charged with stealing thousands of accident victims’ details from her police force’s computer to sell to law firms.
Big Brother Watch was invited to submit a paper to the Intelligence and Security Committee of Parliament, relating to it’s inquiry into the balance between security and privacy.
You can now read our submission below.
In a Democratic society, some secrecy is tolerated, as are some intrusions upon liberty and privacy, provided the legal framework is transparency, the oversight mechanisms robust and the overall sacrifices of liberty made with an appropriate level of understanding.
Recent revelations have made clear the scale of intrusion on our privacy in the name of security, enabled by an explosion in digital communications and the computing resources available to the state.
Ministers have assured the public no central database of internet communications would be created. We now know it existed already. Parliament and the public were not informed by Ministers, the Intelligence and Security Committee or the Commissioners.