UK's plans for child databases
OUT-LAW Radio, 30/11/2006
We find about about how the Government plans to track children,
possibly illegally, and talk to one of email's pioneers.
A text transcription follows.
This transcript is for anyone with a hearing impairment or who
for any other reason cannot listen to the MP3 audio file.
The following is the text spoken by OUT-LAW journalist Matthew
Magee.
Hello and welcome to OUT-LAW Radio, the weekly podcast that
keeps you up to date on all the twists and turns in the world of
technology law.
Every week we bring you the latest news and in depth features
that help you to make sense of the ever-changing laws that govern
technology today.
My name is Matthew Magee, and coming up on this week's show we
talk to the man who says that the Government is illegally gathering
information about children even before proposed additions to its
databases are put into action, and we hear to one of the men who
made email possible.
But first, the news.
- Number plate cameras could be illegal; and
- Mobile devices could let police check nation's
fingerprints
The Home Office is reviewing the legal status of automatic
number plate surveillance cameras after the Chief Surveillance
Commissioner advised that they could be operating unlawfully.
OUT-LAW has also discovered that the Association of Chief Police
Officers (ACPO) advises forces that warnings about the use of the
cameras can be placed further down a road than the cameras
themselves and still comply with legislation. This could breach the
'fair processing' principle of the Data Protection Act which
requires visible warnings about cameras.
In his annual report, Chief Surveillance Commissioner Sir Andrew
Leggatt has warned that automatic number plate recognition (ANPR)
cameras could qualify as covert surveillance, and be illegal. "The
unanimous view of the Commissioners is that the existing
legislation is not apt to deal with the fundamental problems to
which the deployment of ANPR cameras gives rise," he wrote in his
report to the Prime Minister and to Scottish Ministers.
The Home Office has confirmed to OUT-LAW that it is
investigating the situation.
The Police's new mobile fingerprint scanners will be allowed to
check people's identities against the UK's entire population
database when it comes into being, OUT-LAW has learned. It will
give Police the ability to check instantly the identity of any UK
citizen.
The Home Office has confirmed to OUT-LAW that the ID Card Act
and the Serious and Organised Crime Act contain provisions for the
mobile devices to access the entire population database, which will
eventually carry fingerprint information for the whole
population.
"They could check a fingerprint scan against the ID card
register, but they have to have checked the Police fingerprint
database first," said a Home Office spokesman.
Ten Police forces in England and Wales are trialling the mobile
fingerprint machines. In the pilot the machines can only be used
with the permission of the person involved, but should the scheme
be activated nationwide the Serious and Organised Crime Act would
give officers the same rights outside Police stations as inside
them.
That was this week's OUT-LAW News.
In the next couple of weeks the Government will end consultation
on yet another huge database to join the Home Office's Identity
Register and the NHS's new Health Records System. This time it is
children who will be put on a database. Already, children at risk
of serious harm are on child protection databases, but the
Government has proposed extending this to all of the country's 11
million children, possibly recording behaviour, dietary habits,
medical and educational records in a system accessible to around
400,000 civil servants.
The Information Commissioner has just released a report he
commissioned into the proposed databases and it makes alarming
reading. That report was produced by the Foundation for Information
Policy Research. Its chairman, Ross Anderson, says that the whole
basis of the database extension is itself flawed.
"There are many concerns, but our two principal concerns are
this: firstly, that by asking social workers to look into the
affairs of almost 100 times as many children, most of whom don't
require any particular special support at all, you are going to
take attention away from the child protection cases with the result
that some children will come to harm. And secondly, the
approaches that are justified in child protection, simply aren't
justified in legal terms, human rights law, privacy law, data
protection law when dealing with child welfare cases. In a
child protection case, it is perfectly ok to over-ride privacy and
to over-ride the wishes of parents, right because the parents are
suspected of being serious criminals, but that is not the case in
child welfare."
Data protection laws are framed to make sure information is
gathered with the permission of the person involved and used only
for specific purposes. Anderson worries that where children are
concerned the laws will be flouted.
"In the case of those database uses which relate to youth
justice, there may be some attempt to get consent but if consent is
refused, they will use the data anyway. Because in the UK, the Home
Office considers that it is more or less immune from data
protection law. The UK Government takes the view that if it is
using any data for police purposes, then it can do what it likes
with it regardless of people's consent."
In fact, Anderson says the Government already breaks data
protection law when it gathers information from children without
parental consent, as it does for the Education Department's
connections card, which connects children to advice and educational
support.
"In the case where you are asking children for consent for the
perhaps quite widespread use for their personal information the
nature thing is to involve the parents, because the parents will
strengthen the child's hand if the child actually wants to say no
but is frightened of upsetting the teacher. So in these
circumstances saying that it is ok just to ask the kids is wrong in
law and we believe it is oppressive and unjust.
MM: And that is what they intend to do?
RA: That is what they do at the moment. They actually do this
for example things like the connections card. The Government is not
obeying the law of the land when it comes to getting consent for
data sharing from children and their families."
The Department of Education and Skills told OUT-LAW that it had
serious reservations about the report's objectivity and evidence
base.
Its statement said
"The Department takes its responsibilities around data
protection very seriously. The support, protection and safeguarding
of children is our top priority but in fulfilling it we are
conscious of the need to respect personal privacy. We have
consulted the Information Commissioner throughout the development
of our policies and specific databases and we continue to value
this important relationship.”
Anderson believes that identifying children by their past
behaviour as likely future troublemakers can become a
self-fulfilling prophecy as authorities lower their expectations of
certain children.
He doesn't believe, though, that the Government has sinister
motives, just that the databases are a result of a policy drive
that prioritises digitisation of citizen records ahead of all other
concerns.
"I think they just blundered into it because of the e-Government
agenda because of Tony Blair's statement that all Government
services should be delivered electronically by 2008 and so in
Whitehall your status appears to be determined by my database is
bigger that your database game."
He also says that the fact that 400,000 civil servants can
access the details is bound to result in a breach of security
sooner or later
"It is a fundamental principle in security that you can have
scale, you can have functionality, you can have security, you can
have maybe two of these but you can't have all three in the same
system. If you are going to have a system that contains personal
information on individuals, it is highly functional that that is
used to search on all sorts of parameters, then you better keep
that system local because if you make it available to 400,000
people as is proposed it is going to be abused for sure."
It is almost impossible these days to remember a life without
email, the technology that has utterly changed the way we talk to
each other. Email had a long development through the 1960s, '70s
and early '80s, as element after element was developed and refined.
One piece of the puzzle that was the last to fall into place was a
system for routing mail around the internet, a problem that was
solved by Eric Allman with Sendmail. I talked to Allman about the
genesis of his invention.
It all started in the dorm rooms of prestigious Berkely College
in California, where tech students wanted to use the Arpanet email
system. Allman managed to connect Arpanet to the college's own
network in a fore-runner of his world famous invention.
"I tried to create a technology solution to a political problem
and I said what they really want is not access to the Arpanet, most
of what they want is email and so I can connect the Arpanet to the
network that we already had at Berkely called Berknet, and forward
email around. It was a very very simple program and you know it
worked sort of, it didn't work well but it worked well enough to
solve my problem."
Allman was not paid for his work, he was a database student, and
says even now that if he had had any idea what he was taking on he
would have baulked at the challenege.
"Berkely was supposed to build the internet platform for
research and one of the things they needed was an internet mailer,
an SMTP mailer, and so I let myself get talked into writing that
piece of code although to be honest if I had known how much work it
was going to be I probably would never have agreed to do it. It was
harder to write than I expected. Most people who have worked on
this sort of thing, say the same thing. It looks deceptively easy
until you actually get in to try and do it."
This was the early 1980s. It was the golden era of
technology innovation. At Berkely, at other Californian
Universities and at military labs like ARPA and corporate ones like
Hewlett Packard's PARC, many of the technologies we take for
granted today were invented by many of the industry's biggest
names.
"There were a lot of people are Berkely at that time that were
just incredibly scarily bright and creative people, many of whom
who have gone on and well known in the industry today so Eric
Schmidt the CEO of Google was at Berkely at the same time I was and
Bill Joy who was one of the founders of Sun Microsystems was there
and one person said you know Bill had more idea in one afternoon
than he would have in a month. People would follow Bill around just
hoping to get an idea that they could turn into a PhD thesis and
although a lot of Bill's ideas were pretty crazy ideas you
know I think something I learned then is that some really truly
creative people have really bad ideas but they also have a lot of
good ideas."
Unusually amongst his peers Allman did not immediately turn his
invention into a company and did not become a 1980s computing
billionaire. He founded a company around Sendmail in 1998, and is
now its scientific officer. Allman says that he had to wait that
long since any earlier company could not have survived.
"Email wasn't the phenomenon then that it is now. Email was
something that the geeks wanted but the commercial people didn't. I
could have started earlier but I probably would have gone out of
business because there wouldn't have been many people willing to
buy it."
That's all we have time for this week, thanks for listening.
Why not get in touch with OUT-LAW Radio? Do you have a legal
problem you would like us to discuss on air? Do you know of a
technology law story? We'd love to hear from you on radio@out-law.com.
Make sure you tune in next week; for now, goodbye.
OUT-LAW Radio was produced and presented by Matthew
Magee for international law firm Pinsent Masons.
