No need to fear a database society?

Peter Bradwell of Demos raises some interesting points in his summary of their new report on people’s attitudes to state databases in the UK, but he also sets up a straw man, and as I am one of the people implicated, I object to this. He argues that there are many positive sides to databases (of course!) and contrasts this with the former Information Commissioner’s statement on ‘sleepwalking into a surveillance society’ as ‘fear-based’. However, the reaction of the ICO was to commission a report in 2006, which I coordinated, to examine the concept of the ‘surveillance society’. This was pretty balanced and stressed the positive aspects of surveillance as much as the negative, indeed it did exactly the kind of assessment that Demos claims it’s doing here. So it’s rather ironic that the author is trying to stop people being afraid of the word ‘database’ yet still promoting the idea that ‘surveillance’ is automatically a bad thing to be feared! However, I would urge rather less optimism. We’re currently writing an update to our 2006 report and it’s pretty clear that in most areas, the UK has gone further, faster, than even we anticipated.

The basic argument of Demos appears to be that if all of this was under some kind of accountable control, then perhaps one might have grounds for optimism. But that’s true of just about almost anything and it’s a rather big ‘if’. What are the developments in the direction of accountability that they have seen which give rise for optimism? There are none in the piece, and the report itself is about what people think about state databases. That is very interesting from a political point of view, but unfortunately doesn’t tell us much about what is actually happening or likely to happen, only what people believe about it. Of actual examples of increasing accountability recently, I can only think of the state’s retreat on RIPA, but that wasn’t particularly profound, and the only other serious changes have come when the British government’s hand has been forced by European Court decisions (on the National DNA Database, for example)… can Demos help me out here with more than just the fact that people don’t think it’s that bad? I will have to read the full report and get back to you…

UK Parliamentary Committee rejects Government DNA proposals

The House of Commons Home Affairs Select Committee has rejected a key part of the UK government’s new plans for the┬áNational DNA Database (NDNAD). The plans came in response to the ruling by the European Court that the NDNAD was being operated contrary to human rights law by keeping the profiles of innocent people indefinitely. The database has been filled largely through the provisions of a very vague and wide-ranging provision that allowed the police to take DNA from anyone arrested for an indictable offence, and to keep it even if they were never even charged (let alone charged and not convicted). The result had been that long-standing prejudices within the police had meant a bias in the databases against young black men, and a rapidly expanding set of profiles of children and the entirely innocent.The NDNAD had also been attacked by the HUman Genetics Commission (the government’s own watchdog) which recommended multiple reforms.

One of the main parts of the government’s response to the European Court ruling was that DNA should be retained for 6 years – the committee has recommended that this be halved to 3 years (we are still talking about the DNA of innocent people here…), and that there should be some proper national system for deciding who gets deleted entirely (at the moment it is at the discretion of Chief Constables of local police forces!). Of course all of these leaves the wider question of fairness and rights undebated. There are only two properly just ways to run a database of this sort. One would be to include only the DNA of those convicted of a crime or suspected in an ongoing investigation. The other would be to include everyone (as the UAE has decided to do). At the moment, the NDNAD is, like most things in Britain, an unaccountable mess of law, customary practice and happenstance that pleases no-one and is also remarkably ineffective for the money and effort put into it. This will only improve slightly even if the select committee’s recommendations are accepted.

We are all libertarians now?

A rather telling little piece on The Guardian‘s ‘Comment is Free’ site today by UK Labour MP, Diane Abbot. First she takes a cheap shot at the Conservative shadow-cabinet minister, Damien Green, for having been successful in getting his details removed from the UK police National DNA Database (NDNAD). She then says that, well, she is doing much more to help by holding clinics for her young, black, constituents to help them with their complaints against the NDNAD. This is excellent, of course.

However two things spring to mind immediately. Firstly, is this Diane Abbot the same New Labour loyalist who voted in favour of the original bill to set up the NDNAD and made no attempt to amend it to prevent the kind of racially-biased abuses of which she is no complaining? I think it is. And now, why is she not also condemning the former Home Secretary, Jacqui Smith’s rather pathetic and weaselly response the judgement of the European Court that condemned the NDNAD, which was essentially to try to avoid doing anything fundamental at all?

This is not an issue on which anyone in New Labour can really make any political capital unless they take a rather stronger moral stance. Basically, and in addition to the stance that there should be no state retention of DNA data at all, there are only two ‘fair’ ways to maintain a police DNA database, and those are to keep the DNA of the guilty, or to keep the DNA of everyone. Which you prefer depends largely on your attitude to surveillance and your trust in the accountability of the state, but politicians like Abbot are hedging and avoiding making any serious attempt to put pressure on their own government to reform the law we have.

A quarter of UK databases break privacy laws

This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal…

A new report for the Joseph Rowntree Reform Trust by a very credible largely Foundation for Information Policy Research (FIPR) team that combines engineers, lawyers, software developers, and political scientists, has concluded that a quarter of the UK public-sector databases are illegal under human rights or data protection law. It also looks at UK involvement in some European database projects and finds all of them questionable too.

The report rates the 46 databases on a traffic light system – green, amber, red – and argues that those rated ‘red’, in particular the National Identity Register and the Communications Database, and are simply unreformable and should be scrapped. This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal, and not just massively expensive, morally questionable or politically undesirable. In fact, a quarter of all the databases were found to contravene the law and more than half were ‘problematic’ (i.e. open to challenge in court) . All of those rated ‘amber’ (29 databases) the authors argue, should be subject to independent review.

There are a number of other major recommendations, including the reassertion of the necessity and proportionality tests contained in DP law, citizens should anonymous rights to access data, more open procurement of systems, and better training processes for civil servants. The most important and radical measures proposed, and entirely correctly in my view, are those concerning the location of data and the whole nature of UK IT development. For the former, the report recommends that the default location for sensitive personal data should be local, with national systems kept to a minimum – this appears to be rather like the ‘information clearing house’ system as opposed to central databases, that we proposed in our Report on the Surveillance Society, but better worded and justified! In the latter case, the authors simply note that fewer than 30% of government IT projects succeed at a cost of 16Bn GBP per annum and that there should never be a general and aimless government IT program, rather there should only ever be specific projects for clearly defined and justified (proportional and necessary) aims.

It is an excellent report and probably unanswerable in its logic. Tellingly, The Guardian report contains no response from any government minister…