The phone lines have been buzzing at ORG headquarters this morning, as the national media have finally wised up to the Government’s plans to compel ISPs to disconnect customers who routinely break their terms of service by sharing copyrighted content online. The Times frontpage kicked it all off, having seen leaked copies of next week’s expected DCMS green paper The World’s Creative Hub, which contained details of proposed legislation.

“Users suspected of wrongly downloading films or music will receive a warning e-mail for the first offence, a suspension for the second infringement and the termination of their internet contract if caught a third time, under the most likely option to emerge from discussions about the new law.

“Broadband companies who fail to enforce the ‘three-strikes’ regime would be prosecuted and suspected customers’ details could be made available to the courts. The Government has yet to decide if information on offenders should be shared between ISPs.”

The proposals are both disproportionate and doomed to failure. In most families, an internet connection is shared by the entire household - so if Dad gets the connection cut off for sharing movies online, suddenly Mum can’t run her business from home, and the kids can’t get access to the Web to do their homework. The Times estimates that there are 6 million people in the UK who share files illegally on the web. Any serious move towards disconnecting offenders is likely to play havoc with the Government’s ambition to foster an e-enabled society.

What’s more, as soon as law enforcers start snooping for IP addresses to pass on to ISPs for disconnection, hardcore filesharers will simply start using encryption to obfuscate their identities. Then they’ll develop software that makes it easy for non-technical people to do the same. And then industry will be back to square one.

Industry appears to be ignoring this reality, and talks instead of legislation sending out “a strong message” that filesharing is wrong. But driving illicit filesharers further underground isn’t going to earn artists a penny, and will further irritate their fans. Wouldn’t it be better if instead of spending time sending out strong messages, industry started investing in new revenue streams which compensate artists fairly and respond to consumer demand for music “on tap”?

ORG has made two press appearances so far this week. Yesterday, Suw Charman combined her two loves - the Welsh language and protecting your bits - by speaking to BBC Wales about the civil liberties implications of the proposed Welsh smartcard scheme. We’re really proud of Suw for breaking the language barrier to question the benefits of the proposed scheme, all in perfect Welsh. Unfortunately, we’re unable to link to the TV footage of Suw, but here are two follow-on articles for BBC News Online, one in Welsh and the other in English.

Meanwhile, I appeared on BBC Radio 4’s You and Yours programme today to contribute to a discussion about how consumer demand for new ways of distributing content online can lead (slowly) to changes in intellectual property and licensing practices. The debate was sparked by a new “online PVR” service, TVcatchup.com, which launched at the end of last year. You can listen to the debate for the next seven days, on the BBC’s own catchup service.

The Open Rights Group regularly spends time talking to the media and connecting them with experts or giving them an alternate point of view on current issues. We maintain a complete list (thanks, Glyn!) of all ORG press coverage on the wiki.

What… you didn’t know? Today is Data Protectection Day, an initiative of the Council of Europe, designed to be:

“an occasion for European citizens to become more aware of personal data protection and of what their rights and responsibilities are in that regard.”

But, in this regard, UK citizens have been rather spoiled of late. And last weekend was no exception: The Daily Telegraph revealed that HMRC had advised certian high profile celebrities, MPs and royals to refrain from using its online tax return system amid concerns that their confidential details would be put at risk, and a Financial Times editorial called for the government to rethink its wrong-headed ID card scheme because of the opportunity for abuse of personal details on an undreamed of scale. If their newspapers are anything to go by, then, it looks like the British people have never been more aware of their data protection rights.

But are your elected representatives aware of your concerns about data protection? You might consider using today to make sure. If you haven’t already, write to them and let them know your thoughts on the Government’s privacy timebomb.

Action on Rights for Children (ARCH) have today released a series of videos outlining the dangers posed to children by the Government’s plans to roll-out ever larger databases which track their development and contact with social services. The two systems in the ACRH spotlight are ContactPoint, a directory of all children which tracks them from birth and provides a list of the agencies with which they have come into contact, and the Common Assessment Framework (eCAF), an in-depth, personal assessment tool for cross-agency information-sharing on children not seen to be progressing well enough towards the government’s “five outcomes”.

The videos are short, snappy, and well worth watching. Here are some choice quotes from the experts interviewed:

“This whole information sharing, ‘Every Child Matters” agenda has been sold as a response to the death of Victoria Climbie. In fact that isn’t true. This agenda was under discussion years before… It was initially envisaged as part of the e-Government agenda. The agenda to create a central spine… through which all services would be provided. And early on children were identified as a useful area to start.”

Terri Dowty, Director, ARCH

“The methodology that has evolved in Whitehall… is towards building large centralised databases that allow greater… control of the activities of public sector workers out in the field. And I’m afraid that this has become a programme that has acquired its own momentum and has been driven as an e-Government thing, rather than as a social work thing. And that’s wrong. If you want decent systems, they’ve got to be driven by the people who are actually going to use them.”

Professor Ross Anderson

“The government’s talking about over 300,000 people having authorised access. Inevitably, some of those people will be open to taking bribes to provide information from the database to people who shouldn’t have access.”

Dr Ian Brown

“The ‘Every Child Matters’ agenda is an agenda of criminalising children, rather than protecting them. If you’re going to view children as potentially being a problem to society then it’s very difficult to view those same children as possible victims of child abuse.”

Dr Elizabeth Davies

“Too often, government responds to various legitimate fears about child protection and terrorism with the idea that what we need are ever larger databases [but] of you’re looking for a needle in a haystack, why build an ever bigger haystack?”

Shami Chakrabati, Director, Liberty

Watch the videos here:

• Episode 1
• Episode 2
• Episode 3

Check out ORG’s campaign resources on Children’s digital rights on the ORGwiki.

The House of Commons Justice Committee has today released a report into the protection of public data. The report is a good summary of the state of play and, in particular, of developments since the Chancellor announced to Parliament in November last year that HMRC had lost confidential records affecting 25 million UK citizens.

The report recommends a data breach notification law, criminal penalties for data controllers who are responsible for reckless or repeated security breaches and greater powers and resources for the Information Commissioner’s Office. Currently, the Information Commissioner receives roughly £10 million each year to conduct all of his data protection activities.

These recommendations echo those made by the House of Lords Science and Technology Committee in August 2007, recommendations that the Government rejected almost entirely. Perhaps the public outcry following the HMRC data security breach will help Government think again.

Today’s report is explicit about the real risks associated with big databases containing personal data that are open to large numbers of licensed users, and mentions the children’s database ContactPoint, as well as the planned National Identity Register. It also notes further risks associated with obligations to share data with EU member states:

“If data held by the Government is available for inspection outside the jurisdiction, then the importance of restricting the amount of data held, as well as proper policing of who had access to it, takes on even greater importance.”

On Monday next week Kieron Poynter of PricewaterhouseCoopers will publish his report into the failures that led to HM Revenue and Customs (HMRC) losing 25 million confidential records about UK citizens claiming child benefit. The HMRC fiasco, and privacy debacles before and since, demonstrate a public sector culture of complete disregard for the privacy and security of individuals in the UK.

There will be a Ministerial statement about the Poynter Review in the House of Commons on Monday afternoon. If you haven’t already, please write to your MP today and ask her or him to put your concerns to policy-makers during this session. This culture of disregard for personal privacy combined with the Government’s continued belief in the aggregation and sharing of vast amounts of personal data across agencies is a privacy timebomb.

If you’re unsure how to write an effective missive to your MP, then read the ORG wiki’s handy guide. What follow are some key points and requests to put to your MP for you to choose from - click on the links for further ideas and resources.

• How does Government propose to tackle what is clearly a culture of disregard for citizens’ personal and confidential data?
• Why does Government persist in telling the “fairytale of biometrics”
• Shouldn’t Government be ashamed that it has consistently brushed aside the advice of computer security experts?

You could also ask your MP to sign the Early Day Motion proposed by Annette Brooke MP which calls upon the Government to reconsider its decision to proceed with the children’s database ContactPoint.

A culture of disregard

Discgate was not an isolated incident. Seven months before the DVDs went missing, HMRC had already established a practice of recording sensitive data onto DVDs, secured only with a password and dispatched via internal mail. Emails sent back and forth about this debacle, the largest ever data breach to hit the UK, cite cost as the reason given for not filtering personal details out of the data. But how much is your privacy worth to you?

This is not just about the HMRC. The ORG wiki’s log of UK privacy debacles has been struggling to keep up with the public sector bodies who have been queuing up to admit data breaches since the HMRC announcement. The HMRC data breach may be the biggest but it was not the first and it will not be the last.

If you’re MP is wondering why a junior employee was able to download the information to CDs in the first place, then they’re in good company:

“I would question whether anybody should be allowed to download an entire database of this scale without going through the most rigorous pre-authorisation checks.”

“It was a really shocking example of loss of security.”

Information Commissioner Richard Thomas

“How you can have a system which allows you to copy a whole database onto a disk is of concern,”

“Clearly there are issues about when the data was accessed and by whom. They should have had access controls and authorisation levels to make it physically impossible to burn a disc off the database without the say-so of the chairman of HMRC. Why isn’t the technology there to do that? It isn’t rocket science.”

Assistant Information Commissioner Jonathan Bamford

The Information Commissioner described the HMRC breach as “the worst the ICO has encountered” and said it called into question the security of the entire system of data sharing in government. He called for a review of the national identity register, a call which echoes a marked shift in public opinion on ID cards, and a recommendation for more debate about ID cards from thinktank Demos, who concluded a year-long study of data-sharing last week. The Government’s data minister, Michael Wills MP, has said that plans for the national ID register need looking at again. Ask that your MP pressures the government to re-examine the flawed National Identity Register.

On 27 November, children’s Minister Kevin Brennan announced an independent assessment of the security procedures surrounding ContactPoint, to be conducted by Deloitte. An Early Day Motion asking Government to go further, and consider recommendations to scrap the idea, is currently collecting signatures: please encourage your MP to sign.

The fairytale of biometrics

For people in technology, one of the most worrying developments since this crisis has been ministers’ using it as an excuse to push for solutions based around biometrics, solutions that would actually increase the privacy risks we are exposed to. Six leading academics (including two Open Rights Group Advisory Council members) recently wrote to the Parliamentary Joint Committee on Human Rights to express their dismay at how biometrics are seen as a magic fix for improving security:

“These assertions are based on a fairy-tale view of the capabilities of the technology and in addition, only deal with one aspect of the problems that this type of data breach causes. … Furthermore, biometric checks at the time of usage do not of themselves make any difference whatsoever to the possibility of the type of disaster that has just occurred at HMRC. This type of data leakage, which occurs regularly across Government, will continue to occur until there is a radical change in the culture both of system designer and system users. The safety, security and privacy of personal data has to become the primary requirement in the design, implementation, operation and auditing of systems of this kind.”

Professor Ross Anderson, Security Engineering, University of Cambridge
Dr Richard Clayton, University of Cambridge Computer Laboratory
Dr Ian Brown, Oxford Internet Institute, University of Oxford
Dr Brian Gladman, Ministry of Defence and NATO (retired)
Professor Angela Sasse, Department of Computer Science, University College London
Professor Martyn Thomas, CBE FREng, Software Engineering, University of Oxford

These technologies are unproven and will not be ready for commercial deployment for another 15 years. Ask your MP to encourage the Government to listen to the facts on biometrics.

Brushing aside expert advice

Unfortunately, the skills and knowledge necessary for successfully procuring, managing and securing computer systems are not commonly possessed by Government Ministers or senior managers in the civil service. This might not be such a problem, were the Government to listen to the advice that has been readily offered by expert groups during the quest towards Transformational Government, and their warnings about giving thousands of people access to large, centralised databases. But then, why should it, when apparently it doesn’t even listen to warnings from its own internal auditors?

“Again and again and again these warnings have been made in different contexts by expert groups and the Government has not been interested.”

Professor Ross Anderson

We are living in an age where systems dealing with our identity must be designed from the bottom up not to leak information in spite of being breached. Perhaps I should say, “redesigned from the bottom up”, because today’s systems rarely meet the bar. … There is no need to store all of society’s dynamite in one place, and no need to run the risk of the collosal explosion that an error in procedure might produce.

Britain’s HMRC Identity Chernobyl - Kim Cameron (Microsoft’s Chief Architect of Identity)

Ask your MP to encourage the Government to heed the warnings of these and other experts.

Together, we can stop the Government’s privacy timebomb. If you haven’t got time to write to your MP today, please write on the weekend. The more missives MPs receive on Monday morning, the more they will recognise the public mood on this issue, and the more likely they will be to raise their objections in Parliament on Monday afternoon.

Professor Ross Anderson, UK computer security expert and Chair of the Foundation for Information Policy Research, appeared on Newsnight last night, to discuss the HMRC data loss fiasco. He labelled the fiasco “an accident waiting to happen”, and calmly, methodically, indicted the Government for brushing aside the advice of security experts who have been warning them against the centralised, top-down approach they have been taking to electronic government.

I hope Professor Anderson will not object to my transcribing his words in full, and linking to the reports he mentioned and the government responses that have brushed aside expert concerns.

“But if we return to the matter in hand, I’m afraid that there is a policy issue here not an operational issue because the government has repeatedly, over the last few years brushed aside one lot of advice after another about the growing problems of privacy and safety with aggregating more and more data.

We wrote a report for the Information Commissioner in November last year pointing out that the proposed children’s databases were both unsafe and illegal. That was brushed aside.

Lord Broers’ House of Lords Science and Technology Committee reported earlier this year saying that the government needed to get its act together on personal internet security. A large part of that was Treasury responsibility, better regulation of online banking. That was brushed aside.

The Health Committee reported in September saying that people needed a right to opt out of the large central databases of personal medical information that the NHS is collecting. That was brushed aside.

Again and again and again these warnings have been made in different contexts by expert groups and the Government has not been interested.”

This morning, the news media are reporting a startling recommendation by one of the UK’s most senior judges: that the Police National DNA Database (NDNAD) should cover every citizen in the UK, and every person who visits the UK. You can listen to Lord Justice Sedley talking with the Information Commissioner on the BBC’s Today programme here.

Bioinformation can reveal extremely private information about an individual’s family relationships and physical health. As we wrote in our submission to the Nuffield Council of Bioethics consultation on the forensic use of bioinformation, the Open Rights Group opposes the DNA sampling of the entire population, and can see no circumstances under which it should be considered.

However, Lord Justice Sedley’s recommendation does highlight the urgent need to address the regulations governing the NDNAD. Currently, DNA records of innocent people, including thousands of children, are kept indefinitely. There is no clear process for getting your DNA records off the database once you have given them to police, even if you only did so as a witness to a crime. Ethnic minorities and young males are disproportionately represented on the database, which is already the largest of its kind in the world. Lord Justice Sedley is right to call the current state of the NDNAD “indefensible”.

If you want to find out more about the NDNAD, visit Genewatch UK’s excellent information and action page, which has lots of suggestions about how to get your voice heard on this issue, as well as information about how to get your records off the database.

Yesterday, Home Office minister Jacqui Smith announced that she had signed a certificate to exempt Transport for London and the Metropolitan Police from certain provisions of the Data Protection Act. The move will facilitate the transfer of bulk data from the TfL’s congestion charging cameras, which the Met will be permitted to use when investigating threats to national security. The data - collected using automatic numberplate recognition (ANPR) cameras which encircle the capital - can reveal the movements of all motor vehicles in and out of the city centre.

Oversight of the new arrangement comes in the form of an annual report to the Information Commissioner’s Office. But until the ICO are given sufficient clout to effectively enforce the current Data Protection regime, should we really be convinced that this represents enough of a check on new data sharing powers?

Today, news sources are reporting that leaked Home Office documents reveal plans to extend these powers “for all crime-fighting purposes”. According to this report from the Guardian, the DTI had expressed reservations over such a move, since it is likely that associated privacy concerns would slow down proposed road-pricing schemes that have already attracted public pushback. Earlier this year, a petition against road-pricing attracted 1.7 million signatures. In his response, the then Prime Minister Tony Blair assured petitioners that “any technology used would have to give definite guarantees about privacy being protected - as it should be.”

Spyblog has a thorough analysis of the legality or otherwise of function creep in ANPR systems, drawing on the Annual Report of the Chief Surveillance Commissioner (pdf), which, coincidentally, went online yesterday. For more information on ANPR technology, and Association of Chief Police Officer’s proposals to “deny criminals the roads”, see ORG’s wiki resources page. And don’t forget that if you’re concerned about the effective scrutiny of our data protection laws, you can help contribute to the ORG response to an ICO consultation on Data Protection Strategy.

The Royal Academy of Engineering has just released a report entitled Dilemmas of Privacy and Surveillance Challenges of Technological Change. The report focuses on areas where the developments in IT have had a particularly significant impact on personal privacy. It gives examples of some of the harm that can be done by exposing people to these risks, for example while talking about RFID chips in British passports:

With sensitive personal details readable over a distance, it could even become possible, with appropriate antennas and amplification, to construct a bomb that would only detonate in the presence of a particular nationality or even a particular individual.

The report also covers proposed government databases holding sensitive personal information. It urges the government to prepare for failures in these systems.

There are a number of incidents in which a government or series of governments have suffered loss of trust due to poor role performance, or perceived poor performance. Crucially to the interests of this report, a number of these relate to the introduction of new technologies. For example, the implementation of a new computer system in the Child Support Agency (CSA) was considered a disaster, with many vulnerable people failing to receive child support payments due to its inadequate functioning. The failures associated with the CSA have been brought up in criticisms of plans for the NHS project ‘Connecting for Health’ which involves bringing modern computing systems to the NHS. They have also been raised in connection with the ID cards scheme and the associated National Identity Register (NIR).

Both past problems and recent difficulties mean that government is vulnerable when it comes to trust in their ability to implement a large IT project, or any other complex business change project. Of course, government is not alone in experiencing difficulties in implementing complex projects with a large IT component, but it is particularly vulnerable since its projects use public money and involve critical services such as the NHS.

The Academy calls for the government to take action to prepare for such failures, making full use of engineering expertise in managing the risks posed by surveillance and data management technologies. It also calls for stricter guidelines for companies who hold personal data, requiring companies to store data securely, to notify customers if their data are lost or stolen, and to tell them what the data are being used for. It recommends that engineering solutions should be devised which protect the privacy and security of data.