Citizens must realise value of private data

Technological function creep has created a surveillance society in the UK, according to a panel of experts at a Computing roundtable discussion last week.

The news is increasingly dominated by IT-related privacy concerns. In the last week alone, the government has been pressured to scrap a planned children’s database after a consultants report said the database could never be totally secure.

And senior members of the Association of Chief Police Officers (Acpo) have been calling for an extension of the DNA database in the wake of the conviction of murderers Steve Wright and Mark Dixie thanks to successful biometric cross-matching.

The public should be extremely wary, said assistant information commissioner Jonathan Bamford at last week’s event.

“There are more privacy-friendly ways of using DNA technology to catch criminals that will preserve the rights of innocent citizens,” he said.

But while police and the government want more details of people’s lives to improve the efficiency of their services, citizens need to be made aware of the dangers involved in giving their data away.

Part of the problem is enabling a cultural shift to help people realise the value of their information, said Bamford.

“Government legislation requires companies to keep information for longer than they would do for business purposes,” he said.

“The key is educating people about the fact that any information they hand over can be accessed by the police without their knowledge.”

At the moment it is difficult for the public to know who can get to state-held information, and why.

The House of Commons Home Affairs Committee heard last week that a number of EU institutions will have access to the national identity register at the heart of the government’s proposed £2bn identity card scheme. And citizens will only know which agencies have accessed their records if they request the information for themselves.

One way of addressing such issues is greater investment in privacy-enhancing technologies.

Possibilities include the use of software to allow individuals to withhold their complete identity from those operating electronic systems or providing services through them. Details would only be revealed when absolutely necessary and on the specific authorisation of the individual.

But it is not just a question of giving citizens more control over their information.
Another crucial issue, ­recently highlighted by HM Revenue and Customs’ (HMRC’s) loss of CDs containing 25 million citizen records,­ is to allow as few agencies as possible to obtain held data.

It is a question of control, said Jerry Fishenden, national technology officer at Microsoft.

“It is important not to give lots of organisations free access to a database,” he said.

“They do not need to be given access to more information than they actually require.

“And in a lot of cases they only want to confirm a certain piece of information, such as a person’s age,” he said.

One advantage of the HMRC fiasco has been the increasingly high profile of data protection issues in the media. There have been a spate of breach stories since then, including problems at the Driver and Vehicle Licensing Agency, the Crown Prosecution Service and the Ministry of Defence.

But such attention needs to be turned into genuine progress in the privacy debate, said Simon Davies, director of pressure group Privacy International.

“The government is making all the right noises, but this needs to translate into real action,” he said.

Increasing the power of the Information Commissioner’s Office to impose criminal sanctions and conduct spot checks will help, but the office itself needs a tougher attitude, according to Davies.

“The information commissioner has been too polite with the government to date. I want to see him have a more feral attitude towards protecting privacy,” he said.