• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency


Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance


Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records


Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation


Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Privacy

More RIPA Revelations

Posted on by Dan Nesbitt Posted in GCHQ, Online privacy, Privacy, RIPA, Surveillance | Leave a comment

Image3Yet more evidence has come to light to show that the Regulation of Investigatory Powers Act 2000 (RIPA) is woefully out of date.

It has been revealed that GCHQ, has the ability to request large amounts of un-analysed communications from foreign intelligence agencies without first obtaining a warrant. The documents, obtained in the course of a case brought before the Investigatory Powers Tribunal (IPT), show that the use of a warrant was not necessary if it is “not technically feasible” for GCHQ to obtain one.

This is not the first revelation from the case, which was brought by a number of groups including Liberty and Privacy International. In June this year it was revealed that messages sent via platforms such as Facebook and Twitter are classed as “external communications” even if they have been sent between UK citizens. This means that there is no need to apply for a warrant before collecting the information.

As it stands the legislation being used to authorize surveillance was passed before the advent of social media, which revolutionized the way in which we communicate. When MPs were debating this bill they could not have been expected to anticipate the dramatic change in how we would communicate with each other after the launch of Facebook (2004) and Twitter (2006). As a result RIPA has not kept pace with technology and is now open to worrying interpretations.

Read more

Another Day another Data Breach

Posted on by Dan Nesbitt Posted in Data Protection, Databases, Medical Records, NHS, Privacy | 1 Comment

3797160719_337b4742e7_bIn what is becoming an ever more regular occurrence for the NHS, it has been reported that the East Midlands Ambulance Service has lost a disk containing the notes of 42,000 patients’ who had been treated by paramedics in the last few months.

This incident once again underlines the dangers of organisations holding increasing amounts of personal information about individuals both electronically or in paper format. It seems obvious that the greater the amount of information that is held in one place, the more likely it is to go missing, either by accident or as the result of a deliberate breach. Indeed, just last week Kent Social Care Professionals unintentionally sent out an email containing the names, addresses and phone numbers of 120 elderly and vulnerable individuals to nearly 200 people.

Accidental leaks such as this make the need for proper data protection training amongst staff painfully apparent. If an organisation knows that it is going to hold large amounts of personal information, about staff or customers, it should ensure that its employees know their responsibilities under the Data Protection Act 1998 (DPA). Of course this cannot help to stop those who wish to purposely breach data protection law. This can only be achieved by improving the sanctions that are available to punish those who seek to misuse personal information.

Read more

Another Group backs the end of the Edited Register

Posted on by Dan Nesbitt Posted in Councils, Data Protection, Databases, Marketing, Privacy | 3 Comments

mail_splashThe Edited Electoral Register (EER) has come under fire in the past few weeks, with a series of reports indicating that the Register is proving to be more trouble than it is worth.  To add fuel to the fire,  the Local Government Association (LGA) has called for the sale of the EER to be stopped and the register itself to be scrapped.

Councillor Peter Fleming, Chair of the LGA’s Improvement Board  has hit the nail on the head with what is wrong with the EER, arguing that  councils resent having to pass “the electoral roll onto direct marketing companies”, continuing that “it demeans our democracy for the voters’ details to be sold off to help direct marketing companies make money.”

Indeed, one of the main problems with the EER is that it is of benefit to no one but the very marketing companies that purchase the data. In fact it is especially troublesome for residents who find themselves being deluged with junk mail due to their councils being forced to sell it on.

Read more

Patients still in the dark about medical data uses

Posted on by Big Brother Watch Posted in Medical Records, NHS, Privacy | 2 Comments

dna-3Today’s publication of  the Health and Social Care Information Centre’s (HSCIC) register of data releases is striking for what it does not include. It is only the tip of the iceberg.

Minister Dr Dan Poulter told Parliament on 25 March that records of the data released by HSCIC would be made public and would cover “all the data releases” made. He said: “Following concerns expressed by the Health Select Committee in its meeting of February 25, Sir Nick Partridge, a newly-appointed Non-Executive Director on the HSCIC Board, has agreed to conduct an audit of all the data releases made by the predecessor organisation, the NHS Information Centre, and report on this to the HSCIC Board by the end of April. Furthermore, a report detailing all data released by the HSCIC from April 2013, (including the legal basis under which data was released and the purpose to which the data are being put), will be published by HSCIC on April 2. This report will be updated quarterly.”

This does not appear to be the case. HSCIC have either deliberately sought to limit the scale of the disclosure by concentrating on one data set – Hospital Episode Statistics – or they have such a poor grasp on what information has been released that they do not want to admit their ignorance. Either way, it is not a full publication and HSCIC must immediately explain why. Read more

Is BT handing over data on Brits in bulk?

Posted on by Big Brother Watch Posted in CCDP, Civil Liberties, Communications Data Bill, GCHQ, Home, Mobile Phones, Privacy, Surveillance, United States | 8 Comments

phone_exchangeLast year, the Guardian published an order under Section 215 of the PATRIOT Act made to Verizon, which made clear that the NSA was collecting details of phone calls made by American citizens not on a targeted basis, but in bulk.

We have a simple question – is the same happening here?

Appearing before the Home Affairs Select Committee on Tuesday, our Director raised this issue and revealed that BT had refused to deny that it hands over data in bulk:

“Late last night I received a letter from British Telecom refusing to deny that they are handing over information in bulk on thousands or millions of British citizens and that mirrors a refusal to deny the same situation in a parliamentary answer received by Mr Davis.”

“My concerns is that there is the activity going on under the Telecommunications Act that is unsupervised and that is why BT cannot publicly refuse that they are handing over information in bulk.”

Read more

When patient privacy and google collide

Posted on by Big Brother Watch Posted in Google, Information Commissioner, Privacy | 6 Comments

Clearly when data is held by a third party, a dna-3different set of risks exist – from concerns about foreign Government access to the use of the data by the third party for other purposes. Patients appreciate their information will be held by the NHS but do they think it will end up on a server in California run by companies who base their business model on knowing more about people? That is perhaps what is most troubling about the revelation that PA Consulting uploaded the entire NHS England hospital patient database was uploaded it to Google.

The point was highlighted by Sarah Wollaston MP, a member of the Health Select Committee, who tweeted: “So HES [hospital episode statistics] data uploaded to ‘google’s immense army of servers’, who consented to that?”

Read more

The new NHS database : safe or not?

Posted on by Big Brother Watch Posted in Information Commissioner, Medical Records, NHS, Privacy | 3 Comments

dna-2We have warned for many months that the new NHS database is deeply flawed. Not only does it centralise data into what cyber-security experts call a ‘honeypot’ it also puts at risk patient privacy, both from abuse and also later re-identification.

We’ve highlighted how patients still don’t know what is going on, and remain convinced that a national leaflet drop is simply inadequate to ensure people know about a fundamental change to how their medical records are used.

However, it seems the NHS is equally confused about the risks. Compare and contrast:

February 2, 2013: Tim Kelsey, national director for patients and information at the NHS Commissioning Board, said that data sharing was vital for improving the NHS: “This does not put patient confidentiality at any risk. Data quality in the NHS needs to improve: it is no longer acceptable that at a given moment no one can be sure exactly how many patients are currently receiving chemotherapy, for example.”

And today: Mark Davies, the centre’s public assurance director, told the Guardian there was a “small risk” certain patients could be “re-identified” because insurers, pharmaceutical groups and other health sector companies had their own medical data that could be matched against the “pseudonymised” records. “You may be able to identify people if you had a lot of data. It depends on how people will use the data once they have it. But I think it is a small, theoretical risk,” he said.

So is there risk or not?

If you would like to opt-out, you can use the form here. Let us know if you have any problems or feedback from your GP.

Police database abused by officers

Posted on by Emma Carr Posted in Data Protection, Information Commissioner, Police, Privacy | 8 Comments

keyboardWe are barely into 2014, yet we are faced with yet another serious data protection breach concerning a public sector computer. On this occasion, a police officer has been charged with stealing thousands of accident victims’ details from her police force’s computer and selling them to law firms

This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur.

A court has heard that Sugra Hanif accessed Thames Valley Police’s command and control computer to note down the personal details of members of the public involved in road traffic accidents, including the unique reference number each incident was given.

Read more

More than One million pupils fingerprinted at school

Posted on by Big Brother Watch Posted in Biometrics, Privacy, Protection of Freedoms Bill, Research and reports | 40 Comments

7075085533_f656a28082_oAs the new school term gets underway, now is the time for parents to check if their children are among the hundreds of thousands of pupils who are using biometric technology.

Today we have published our latest report looking at the use of biometric technology in secondary schools and academies which, based on data from the 2012-13 academic year, makes clear that fingerprints were taken from more than one million pupils.

You can read the report here.

 

Our research, gathered from Freedom of Information Requests to more than 3,000 schools, shows that at the start of the academic year 2012-13:

  • An estimated 40% of schools in England are using biometric technology
  • An estimated 31% of schools did not consult parents before enrolling children into a biometric system prior to the Protection of Freedoms Act 2012 becoming law

Read more

A (brief) recent history of security and the free press

Posted on by Big Brother Watch Posted in CCDP, Civil Liberties, Communications Data Bill, Databases, Freedom of Expression, Internet freedom, Mastering the Internet, Online privacy, PRISM, Privacy, Surveillance, Terrorism Legislation, United States | 2 Comments

Statesman

Today, the editor of the Guardian gives evidence to the Home Affairs select committee, as part of the committee’s work on counter terrorism.

Perhaps that might give the committee to question why Parliament learned of much of GCHQ’s activity from the newspaper, rather than from Ministers. Indeed, it seems on current evidence that will remain the case – as the Lords found on the 20th November, when they were told they could not even be informed which law authorised Project Tempora.

Lord Richard: My Lords, of course the Minister cannot go into details on these very sensitive matters. We all accept that. However, for the life of me, I do not see why she cannot answer a straightforward Question about which Minister authorised the project and why the existence of the project was not disclosed to the Joint Committee on the Draft Communications Data Bill. These are not sensitive issues. They are pure matters of fact, surely capable of being answered.

Baroness Warsi: It is interesting that the noble Lord interprets it in that way but I think he would also accept that it would be inappropriate for me to comment on intelligence matters, which includes any comments on the project.

We have been repeatedly assured that it would be unacceptable for a central database of communications to be built – both by those in Government and those seeking to be.

Read more

1 2 3 4 5 6 7 8 9 10 ... 34 35   Next »