June 13, 2016 | Slavka Bielikova

Investigatory Powers Bill Report stage and Third Reading

MPs discussed and voted on the Investigatory Powers Bill last week in the report stage of the Bill's progression through Parliament. This was MPs' third vote before the Bill was sent to the House of Lords. The Bill was passed by a vote of 444 to 69. Here's an overview of the points that were raised for discussion – many of which will be debated again by the Lords.

Privacy Clause

There have been repeated calls for an overarching privacy clause to be added to the Bill. The Home Office attempted to address this previously by inserting the word 'privacy' into a heading within the Bill, which was greatly derided. This time the Government proposed a new Privacy Clause 5; Labour also proposed their own privacy clause, Clause 21. It has been pointed out that the two clauses are very similar. Keir Starmer MP argued that Labour's clause tightened up references to human rights and public law. However, after discussion, he backed down in favour of the clause proposed by the government.

This clause only pays lip service to privacy and does little to restrain the powers in the bill.

Bulk Powers and warrants

Bulk powers were discussed extensively over the two days' debate. The Government has agreed to an independent review of bulk powers that opposition parties had asked for. This review will be carried out by David Anderson QC.

Conservative party defended bulk powers with many MPs using 'nothing to hide, nothing to fear' arguments.

Suella Fernandes MP (Conservative) even went as far as to justify the necessity of bulk powers by claiming we are in a war (in this particular case against Daesh). John Hayes followed her statements by saying it is not important whether the powers are necessary. What matters are safeguards that come with the powers.

Dominic Grieve (Conservative) emphasised that the Information and Security Committee recommended to remove bulk equipment interference warrants from the Bill. Grieve also explained that he finds bulk powers necessary; targeted interception (suggested instead of bulk collection), according to him, is not always effective if it is not clear what the intelligence are looking for.

Labour were broadly supportive of the Government. Keir Starmer (Labour) made references to the necessity of bulk powers for intelligence agencies several times in his speeches. He explained he understood their importance to tackle threats since he served as the Director of Public Prosecutions and worked closely with the agencies.

He was interrupted by David Winnick (Labour) who clearly stated that he doesn't accept the principle of bulk powers. Starmer responded with the reasoning that these powers are in use already and as such should be put in law so they could be regulated.

Starmer further expressed his appreciation to the Home Secretary for setting up the independent review of bulk powers to be conducted by David Anderson. MPs requested that Keir Starmer and John Hayes publish their letters on the terms of reference for the review they exchanged prior to the debate.

The SNP opposed the call for necessity of bulk powers in the Bill. Joanna Cherry MP (SNP) also welcomed the review of bulk powers; however she was more concerned with the consequences of the findings of the review. She stressed that the review needs to consider whether these powers are necessary at all. Cherry maintained the position that bulk powers go too far in a democratic country and should be removed from the Bill until the review establishes their necessity.


The Chair of the Intelligence and Security Committee (ISC) Dominic Grieve MP brought up issues of penalties several times from various angles. His first point of concern was about lack of penalties for abuse of power in the Bill. Minister Hayes assured him that these will be in place. Grieve requested that the Minister writes to him explaining what penalties will be incorporated in the Bill. He also pointed out that the penalties remain scattered throughout the whole Bill and would need a better structure.

Hacking warrants

Stephen McPartland MP (Conservative) raised an issue businesses might face when they would need to comply with a hacking warrant. As laid out in codes of practice, communications service providers would be subjected to a technical capability notice, meaning they would need to notify the government of new products and services in advance of their launch. Essentially, UK-based companies will have to ask the government for permission to put their product on the market. This requirement will make it more difficult to innovate and could have harmful effect on the UK economy.

Parliamentary privilege

New amendments discussed included extra protections for MPs against interception of their communications. According to the amendments, the Prime Minister will be responsible for approving hacking of MPs. Harriet Harman disagreed with this provision on the grounds of the PM potentially using this power for spying on the opposition and ministers.

Journalistic protections

New amendments were brought in to introduce minor changes to protect journalistic sources. However the MPs still debated who qualifies as a journalist. Andy Burnham voiced his opinion that voluntary bloggers shouldn't have the same protections as journalists.

Request Filter

Stephen McPartland (Conservative) brought up the issue of the request filter through probing amendments with an intention to obtain more information from the Minister. The biggest concern he voiced was regarding too many agencies having access to the request filter and Internet Connection Records. He also questioned who will be in charge of building the filter. McPartland pointed out that government has a notoriously bad record of building large IT projects and the filter might not even become a reality.

The Solicitor General responded that the request filter is there to limit what different agencies access. The Government has attempted to frame the request filter as something that restricts access to data but in reality it would create a vast population-wide database that could be analysed without a warrant.

Independent review of bulk powers

This topic has come up several times despite it being discussed at length the previous day. The main point of the discussion was the question coming from the SNP bench whether the Minister (John Hayes) will consider removing the bulk powers provisions from the Bill if David Anderson's review will show they are not necessary. John Hayes avoided answering the question.

The Bill will be introduced to the House of Lords on 27 June 2016.

[Read more] (1 comments)

June 10, 2016 | Javier Ruiz

What the Commons changed in the #IPBill

The short answer is: not a lot, and nowhere near enough. As Andy Burnham and the Labour opposition has claimed they have made progress with the Investigatory Powers Bill, here is the low down of what really happened.

andy_burnham-cc-by-nc-thebma.jpgThe vast majority of amendments presented by opposition parties were rejected with little discussion. Many were withdrawn as they were designed as probing amendments, aiming to force the government to explain itself and tease out justifications for policies. In practice sometimes it can be better to withdraw an amendment than push through a vote, as this allows for the option to re-introduce the proposal at a later stage when it may have better chances.

The government also proposed various amendments that were approved. This included some new clauses and smaller changes. The clause numbers below refer to the latest version of the bill as presented to the House of Lords, and may change when it becomes act.

General duties in relation to privacy (Cl 2)

The government and the Labour front bench have been patting each other's backs over this new clause, but we do not believe it will have a major impact. The clause asks to check “whether what is sought to be achieved by the warrant, authorisation or notice could reasonably be achieved by other less intrusive means”. It also mentions considerations for the integrity and security of systems and privacy in general.

This sounds good, but it is what those responsible for surveillance are supposed to have been doing all along. For example, internal MI5 documents produced in court show that these questions have been part of the requests for bulk datasets. It is unclear how this is ever challenged.

Modifications to interception and equipment interference warrants (Cl 32, 33, 34, 35, 111, 112, 114, 115, 172...)

There are quite a few new clauses on modifications to warrants, with restrictions to the changes that can be made. E.g. warrants for a single person, organisation or premises cannot be changed. The main substantial changes are a new requirement to notify a Judicial Commissioner of major modifications to interception or hacking warrants; and the need for a Commissioner’s approval in cases involving MPs or lawyers.

Tightening of modifications was one of the demands from Labour, while we have seen some concessions here, we do not think that notifications are enough.

Health records (Cl 187)

Another demand from Labour that has seen some concessions from government is restricting access to health records. The new clause requires an intelligence service to take special steps when making an application for a specific BPD warrant relating to health records, which are only to be kept and examined under “exceptional and compelling circumstances”. Unfortunately, exceptionalism has become the norm in the world of security, so this may provide little practical protections.

The clause also has some potential loopholes in that it only applies to specific warrants, and possibly not to class warrants, and then only to health records obtained from health professionals or health service bodies. It is possible that health records obtained from insurers or researchers are not covered by these safeguards.

Approval of national security and technical capability notices by Judicial Commissioners notices by Judicial Commissioners (Cl 227)

This new clause makes is arguably the biggest improvement so far in practical terms. Bringing Judicial Commissioners into the technical aspects of surveillance meaningfully will require some serious technical capacity in their teams. Unfortunately, as in the rest of the bill, the Judicial Commissioner must apply the same principles as would be applied by a court on an application for judicial review.

Extra safeguards for MPs (Cl 26, 105)

Lawful interception or hacking of MPs' communications will require the Prime Minister to approve the warrant. MPs may still be included in bulk data collection but not in a targeted manner.

The Human Rights Committee and many MPs wanted the Speaker of the House to be notified to ensure surveillance could not be used for partisan purposes. After all the PM could be as tempted to spy on the opposition as his ministers. Unfortunately this provision was not agreed.

Trade unionists (Cl 20.6)

This has been claimed as a major achievement by Labour. The clause says that trade unionists cannot be targeted just because of this factor. Given the history of trade union attacks by the security services, sadly it is good to have it in the bill; but in practice it is likely that an investigation on trade unions would be justified under other rationale. The clause also leaves out other legitimate forms of association, social and environmental campaigning. As unions increasingly engage in “community organising” outside the workplace, they may see fewer benefits form this clause.

Journalists (Cl 73)

There are some small changes to ensure there is a public interest case in identifying or confirming sources of journalistic information. The NUJ does not believe these go far enough and recommended other ammendments that were not passed.

Civil liability for certain unlawful interceptions (Cl 8)

A minor but important change. Somehow, the draft bill forgot to incorporate the provisions in section 1(3) of the Regulation of Investigatory Powers Act 2000, which provide for civil liability in certain cases of unlawful interception in a private telecommunication systems. The clause simply closes that loophole, and shows what a rushed job this whole bill is.

[Read more]

June 07, 2016 | Jim Killock

It’s not over. We keep fighting.

We’d like to thank you for all the work you’ve done so far to challenge the IPBill. MPs voted in favour of the Investigatory Powers Bill by 444 to 69. This was disappointing but expected - we know how hard the Government is trying to push this Bill through.

GCHQBut thanks to your campaigning, some MPs - particularly Joanna Cherry, David Davis, Alistair Carmichael and Stephen McPartland - did a great job in putting the Government under pressure. SNP, Lib Dem and Green MPs voted against. Many other MPs know that this matters to you, through your emails and tweets to MPs. And our campaign video, which many of you fund raised for, brought the bill to the attention of over 2 million social network users.

The fight isn’t over. First, the Bill will now be debated in the House of Lords where they’ll be putting the bill under more scrutiny. We have more chance of getting the amendments we’ve been fighting for in the Lords and we’ll be making them aware of the Bill’s flaws. The Lords have a recent track record of pushing back on bad legislation.

There are also important court cases coming up that we have intervened in. In particular, data retention and use of the police search engine called the “Filter” in the #IPBill could still be wounded by the Davis and Watson case. In this case, the High Court ruled that parts of the Data Retention and Investigatory Powers Act (DRIPA) were unlawful. 

It is ORG’s arguments on EU law and the applicability of the Digital Rights Ireland judgment that are making the running.

When Government appealed, the case was referred to the Court of Justice of the European Union. We made the argument that blanket data retention could not be necessary and proportionate. The court will clarify how EU law applies to UK data retention, which will be crucial. We will hear back from the court this summer, before the bill finishes in the Lords.

Whatever the government do, we will challenge mass surveillance in the courts. It is not acceptable to blur the line between legitimate, targeted surveillance of criminals, and the bulk analysis of whole population data.

Please help us to keep on fighting. Join us so we can continue to stand up to mass surveillance, first in the Lords, then in the courts.

[Read more] (3 comments)

June 03, 2016 | Jim Killock

Understanding and reviewing the bulk powers in the IP Bill

Parliament wants an independent review of the bulk powers contained in the #IPBill. This is a difficult task and there are significant requirements that need to be met if we are to value the results.

This post represents the opinions of Privacy International and the Open Rights Group. Other organisations are welcome to add their names as being in agreement.

files cc-by-nc plashingvole flickrThe public operational case for bulk powers and review

The majority of the powers in the Investigatory Powers Bill are new to Parliament. While much of the capability is already in use by the security and intelligence agencies, they have been deployed under secret interpretations of statutes, which Parliament has not consented to. The primary reason they were not able to consent to them is because the fact of the bulk powers were not avowed until very recently, and indeed, some are still not avowed.

As this is the first time that Parliament has considered the powers, it is right that the Government make full, detailed, operational cases from first principles for every such new power, and that case is scrutinised.  As of yet, the Government’s attempts at providing an operational case have been insufficient.  There is much work to be done to give Parliament and the public a full picture of scope and utility of the bulk powers.

An Independent Review

An independent assessment should be made of the operational case for each bulk power by a security-cleared panel who will have additional fact-finding powers, allowing them to scrutinse material that for national security reasons can't be made public. To this end, the launch of a review panel is a welcome one.

The review is a step forward in ensuring democractic accountability for the actions of our security and intelligence agencies. But to be credible, the review must:

1 Establish public terms of reference.

No terms of reference have yet been set. It is essential that terms of reference is agreed and made public immediately.

2 Take the time that is needed.

The panel cannot undertake a full review of the bulk powers contained in the Investigatory Powers Bill in the time frame provided. To to so, an assessessment of the three security and intelligence agencies investigative capabilities would be required which will be impossible with the resource currently available to the panel. Should the panel expand the scope of their review or feel they are unable to complete the review with the level of rigour required in the time available, a time extension must be permitted, with the bulk powers split from the IPBill until the review can report back to their satisfaction.

3 Be produced by a balanced panel.

Perspectives from outside the intelligence community are needed to ensure independence inclduing civil libertities and human rights expertise. We recommend in particular the inclusion of a technical expert from outside the intelligence community, as well as the ability for the panel to request technical assistance from agencies in the form of seconding a technical staffer of the panels choosing to work for the scrutiny panel. Recent panel reviews of bulk powers in the US should be consulted to ensure lessons are learned. 

4 Examine the capabailities and their use, rather than the legal powers.

It would be unsatisfactory to review the high-level case for bulk powers without analysing how they have, and continue to be used in fact. The production of a new public operational case is only the beginning of that exercise. The bulk powers are drafted in such a way that there is considerable variety of technical capabilities that could be deployed under each of the bulk powers. The review must analyse the case for the capabilities, rather than just the power. 

Capabilities the panel should consider include those that have had least scurinty such as Bulk Communications Data Acquisition, Bulk Equipment Interference due to their late avowal, or in the case of Bulk Equipment Interferance continued disavowal. Longstanding concerns about Bulk Interception of secondary data will also need detailed scrutiny.

5 Test the necessity of the bulk powers, not merely their usefulness.

Such capabilities need to be assessed, not as to whether they are merely helpful, faster or offer some form of value, but that given the likely widespread intrusion bulk powers result in, that they are strictly necessary to prevent attacks in the UK. An essential aspect of this requires analysing case studies provided by agencies to determine whether more targeted measures could achieve the same or a similar goal. 

6 Report publicly.

Unlike previously sensitive reviews, such as Nigel Sheinwald's review of the UK-US data sharing which remains classified, the review's report must be a public document.

The Government’s Current Operational Case

The existing 47 page "operational case for bulk powers" which was published alongside the introduction of the Bill is inadequate.  More than half of the document is introductory in nature, covering topics such as how the internet works, leaving an average of 5 pages devoted to each capability, with most of that material being already public, in other explanatory documents. Despite the opportunity to provide concrete, solid examples of how bulk powers bring unique value, most of the material even within each section is kept at a high level. By way of example, the first three pages of the four page Bulk Interception case, covers (i) introduction to the power, (ii) current legal position, and (iii) new safeguards in the IPBill. The fourth and final page provides three one-paragraph case studies.

A new public operational case needs to be made. This operational case must go further than setting out individual, unsupported case studies. Sufficient material should be made public to permit detailed analysis, and stand the scrutiny of parliamentarians, civil society, academia and any other body.

[Read more] (1 comments)

June 03, 2016 | Javier Ruiz

The Request Filter will turn your personal records into a police database

Next week MPs will be discussing amendments to the #IPBIll. We must ensure they understand what the Request Filter really is—a federated database, or Google search for citizen-suspects.

database cc-by-eirik-stavelin-flickrThe Investigatory Powers BIll (IPB) is reaching a critical junction. Next week, the House of Commons will be discussing the bill at the Report Stage, which is the last chance for MPs to propose or support amendments before the bill is passed to the Lords.

The bill is very long and complex, and hundreds of amendments have been proposed. However, the “Request Filter” in particular is receiving far too little attention. With a huge range of issues to deal with, the Request Filter has been absent from the discussions from the front benches, despite being the one of two completely new developments in the Bill. As the IPB enters report stage we need to ensure that the Filter gets the attention it deserves from MPs.

The Request Filter is described by the Home Office as a safeguard designed to reduce the collateral intrusion produced in searching for small, specific information in a large dataset. In reality, the Request Filter would allow automated complex searches across the retained data from all telecommunications operators.

This has the potential for population profiling, composite fishing trips and the unaccountable generation of new insights. It is bulk data surveillance without the bulk label, and without any judicial authorisation at all. The Food Standards Agency will be able to self-authorise itself to cross reference your internet history with your mobile phone location and landline phone calls—and search and compare millions of other people’s records too.

Queries can be made across datasets. Location data - which pub you were in - can be compared with who you phoned, or which websites you visit. All with great convenience, through automated search. The searches will be increasingly focused on events, such as a website visited, or place people have gathered, rather than the suspects. This is the reverse of the position today, which requires the police to focus on suspects, and work outwards.  In the future, with the Filter, any query can examine the data of thousands of innocent persons - to “check” that they don’t fit the police’s search criteria.

The idea of “passive” retained records, that lie unexamined until someone comes to the attention of the authorities, will lie dead. The data becomes an actively checked resource, allowing everyone’s potential guilt to be assessed as needed.

The Filter creates convenience for law enforcement queries, and pushes practice towards the use of intrusive capabilities. It lowers the practical level on which they are employed. Techniques that today would be used only in the most serious crimes, because they require thought and care, tomorrow may be employed in run of the mill criminal activity, public order, or even food standards, as the bill stands.

The Filter was at the centre of debates when the original Snooper’s Charter was first introduced in 2012. Parliament described the Request Filter at the time as “essentially a federated database of all UK citizens’ communications data”.

This dystopian surveillance tool should be stopped, and next week MPs will have the chance to do it. There are several amendments presented by the Lib-Dem MP Alistair Carmichael that aim to remove the filter.

Another MP, the Conservative Stephen McPartland, who was part of the Science and Technology Committee and understands the implications of the Filter, has tabled a series of amendments with measures designed to constrain the power. These include restricting the Filter to exceptional circumstances, putting it under the control of the Judicial Commissioner as other bulk powers, and bringing it into the statute book as formal Regulations - so it is subjected to the normal transparency and processes of judicial review.

It is important that all those amendments get debated. We want the complete removal of the filter. McPartland’s amendments describe the minimum requirements even a proponent should be seeking, but more importantly give MPs an opportunity to be told what the filter is, what it is capable of, and why the government plans so little oversight for it.

The nature of the Filter must be discussed to expose the Orwellian doublespeak characterisation by the Home Office of this surveillance tools as a “safeguard” to improve privacy. This will only happen if MPs’ can have enough time to discuss the BIll, and their constituents - i.e. you - remind them that this is important.

[Read more]

May 26, 2016 | Jim Killock

Andy Burnham’s demands—can they be met?

Andy Burnham has asked for further changes to the Investigatory Powers Bill. Parliamentarians are right to have concerns about the Bill. Some of what Burnham is asking for is very important, and he has won a very important concession in getting a review of bulk surveillance powers.

Andy Burnham, cc-by-nc TheBMA // FlickrStrong opposition is vital to ensure surveillance is conducted lawfully and proportionally. It is essential that this pressure continues from Labour to secure further concessions and ensure those it has already won are fully realised. Burnham has to be careful not be handed superficial changes by the Home Office, who are used to fobbing off politicians, including their own ministers. Let’s look at some of the problems he faces, to secure concessions he has set out in his letter:

(1) Review of bulk powers

Burnham has done well to secure a review of bulk powers by David Anderson. However, this late in the day, it will only look at a fraction of GCHQ’s billion-pound operation. Furthermore, it needs to look at the programmes themselves, to assess whether they work and provide value for money against the intrusion they cause. By assessing the programmes, a more sensible answer about the powers can be given, such as how to restrain and review capabilities. The review also needs to propose how to carry out ongoing review, as it will barely get started in three months. ORG has given them a slight head start in summarising the Snowden evidence relating to the UK in our report.

It is a shame that the review will inevitably report after the Commons has finished scrutinising the bill, but blame for that must go to the Government.

(2) Protections for Trades Unionists

This is all about processes, rather than simple statements at the top of the Bill. It shares the same problems as other carve outs for particular professions – essentially, GCHQ mass surveillance (“bulk datasets”) can’t tell the difference between people, and the police decide when they think they need to consult a magistrate prior to a data request to a telephone company. We discuss this more fully below.

(3) Over-arching Privacy clause

Any meaningful clause needs to set specific restraints that apply across the board, for instance by requiring that any intrusive act must be subject to an independent system of authorisation. This could serve to limit legal workarounds that tend to prove popular with agencies once they find them. On the other hand, statements of principle reminding us that surveillance must be ‘necessary and proportionate’ will sound great but won’t offer anything genuinely new or protective.

(4) Internet Connection Records

It is useful to suggest that ICRs – information about your web browsing history – should only be used for the most serious of crimes. This reminds us that ICRs are very intrusive. However, we still have no real idea why they are needed or even how to properly define them. It is highly likely that collection of ICRs will be open to legal challenge as a measure that fails to target actual suspects, but instead intrudes on everyone’s privacy.

The issue of the query engine – the “filter” is yet to be properly assessed by Parliament. It seems to provide very dramatic powers of searching and profiling, which mean everyone’s data being trawled through to produce results. It would be good to see Labour ask more questions about this.

(5) Judicial authorisation of warrants

The most serious kinds of warrants, for wire taps and bulk data gathering, are signed by ministers, or in the future, to be examined by Judicial Commissioners. Mr Burnham is on the right lines by insisting that this process can be guaranteed to allow judges to make a full assessment, rather than just marking the ministers’ homework.

Labour should also remember that the 4-500,000 data requests made by police annually are still not subject to an external process. Oversight Commissioners instead check off a portion to see if they are being assessed correctly. This is how journalists have continued to find themselves subject to police investigation, despite requirements for the police to approach the courts where they are involved.

(6) Protection for sensitive professions

It is correct to ask for this, but there are two massive holes. Firstly, all the bulk programmes suck up all the data they can find. GCHQ programmes assess the data, and finally data is presented to operatives. It is only at this final step that any hope can be given of protecting MPs, trades unionists, journalists, doctors or lawyers communicating with their sources or clients. By which time, GCHQ might well be in a much better place to assess that some risk may exist – because their surveillance apparatus will have automatically decided which person has made travel routes, phone calls or website visits that make them look suspicious. This does not feel like a meaningful protection: only by returning to a system based on prior suspicision leading to targeted surveillance can we hope to protect professional privilege.

The second massive hole is that the police make their own requests for data from ISPs and telephone companies. This places the judgement about who is a journalist or professional in their hands. There will be a lot of grey in this for the police to ignore. Who, after all, is a journalists in the age of blogging and self-publishing? Who is a trades unionist—would this just apply to people acting in an official capacity, or the millions of members (unlikely)?


It is very clear that the Bill is still a long way from being acceptable. Andy Burnham has highlighted some key issues. He needs to be very careful about the responses he receives.

[Read more]

May 26, 2016 | Jim Killock

How we make sure the bulk powers review is meaningful

Andy Burnham has written to Theresa May to ask for further changes to the Investigatory Powers Bill, and to open negotiations on an independent review of ‘bulk powers’.

As he mentions in his letter review of bulk powers is particularly important, if it is done correctly. Any review has to frame its work correctly, however. There are four key issues:

(1) The review cannot possibly assess the efficacy of all of the bulk programmes in three months.

They should therefore narrow their focus to one or two specific programmes or datasets, to understand the full picture in relation to these examples. This should allow the review panelists to get sufficient depth and information to properly understand and question what is taking place.

(2) It must be clear that they are assessing the programmes rather than the powers.

It is much easier to justify a power on the basis that it may be needed sometime, or it has been useful once. If one example of the use of the power appears to have been essential, then the panel may feel compelled to say that the power is needed.

A specific programme however can only be justified in its own terms, i.e. does it work, is it worth the cost, and could alternative methods have led investigators the same conclusions.

By understanding which programmes are manifestly excessive, Parliamentarians, authorisation and oversight bodies and the review can all start to understand how to restrain GCHQ’s activities.

(3) The panel must have the expertise to conduct their investigations

A team of three won’t have everything they need. They therefore need to be able to bring in help, or appoint more people.

(4) The group should be able to recommend a future processes to assess bulk programmes in the future

The panel will not complete the work needed. They need to be clear about what is needed to continue to assess these programmes for efficacy and proportionality during the lifetime of any future Act of Parliament.



[Read more]

May 18, 2016 | Javier Ruiz

Government announces new data sharing legislation in Queen's Speech

The government has just announced new data sharing legislation in the Queen’s Speech.

This is not a surprise, as the Cabinet Office has been preparing for over two years, with extensive discussions across government and with civil society groups under the Open Policy Making programme. The process culminated in a public consultation last month. We responded with quite a few critical comments, and over 160 ORG supporters wrote to the Cabinet Office to ask them to put privacy at the centre of any new measures.

As we have said before in this blog, ORG’s principles are that data sharing agreements should not lead to a widespread intrusion on people’s privacy; should be proportionate, limited in scope and enshrine fundamental rights; and carry strong safeguards against wilful abuse and unintended consequences.

However, some proposals we are expecting simply need to be withdrawn, particularly the bulk sharing of civil registration data across government. We are mainly concerned about births and marriages data. Notifications of deaths have lower privacy implications, but nevertheless should be handled sensitively. 

Electronic access to individual certificates can be positive, avoiding the need for paper copies, but this is very different from bulk sharing. Spreading civil registration data across government will lead to common identifiers and data centralisation. The government is keen to stress that they do not wish to create a new “citizen database”, but this is not the point. The same level of intrusion can be generated by widespread data matching with a form of “ID card lite”. The core principle of ID is not the card itself but the uniqueness of the number or key and the centralisation aspects.

It is very likely that these proposals will be rejected by public opinion, as previous attempts have been in the past. The Conservative Party in opposition was against ID cards and the database state, and would need to explain in Parliament why they have reversed their position in Government. These proposals are not explicitly mentioned in the data sharing notes accompanying the Queen's Speech, as are several other initiatives under discussion, so it is possible the government has seen some sense and withdrawn them. More clarity would be welcome.

The wider proposals have been severely criticised by UK tech heavyweights such as Jerry Fishenden, who argues that the proposals are not well defined - lacking “detail about basic, fundamental areas (such as security, privacy, accountability)” - and remind him of previous initiatives such as the “Transformational Government (2005), the Identity Card Act (2006), and the Coroners and Justice Bill (2008)”. Even more worryingly for government, he thinks that the proposals may not deliver their stated benefits. The proposals to increasing data sharing on fraud could be “more likely to increase fraud rather than help mitigate it”.

The policy making process around these proposals started on a very positive note, with government bringing civil society in very early to discuss our concerns. The dialogue has continued to the last minute, but we are disappointed that the master lines appear to have been set in advance at the political level, with ministers believing that data sharing is the solution and must be increased. Only room for minor changes remains in our discussions with well meaning civil servants.

We foresee some trouble for the new proposals if they end up becoming yet another attempt to increase the volume of personal data flowing across government, with legal and social constraints being seen as something to be “managed” instead of positive features. The Cabinet Office should instead be looking at smarter uses of personal data that are doubly innovative in being both efficient and citizen friendly.

The Cabinet Office is also embarked in a parallel process to create an Ethical Framework for the use of Data Science in government, which will cover issues of privacy, data sharing, and algorithmic decision-making. This framework is guided by principles such as data minimisation and the need to build robust models and take public perceptions into account.

We will wait for the government to respond to the consultation before we fully set our views. In our submission we argued that key safeguards needed to be in the face of the bill, not in codes of practice of unclear enforceability. Those powers that are being piloted, such as fraud, need sunset clauses and parliamentary discussion, not revisions by the same ministers involved.

The half baked powers on data sharing to tackle debt need to be reconsidered as part of a proper national strategy on debt management involving relevant civil society groups and debt charities. There are dangers of stigmatisation as well as intrusion into privacy.

Overall, these proposals may contain elements that are acceptable, but the newer, less considered ideas simply need to go.


[Read more] (1 comments)