Wednesday 31 March 2010

Safe in their hands!


The personal details of 9,000 school pupils have been stolen from the home of a Barnet Council worker, see here.

Twenty unauthorised and unencrypted CDs and memory sticks were stolen. Information included: pupil's names, gender, date of birth, addresses, phone numbers, unique identification number, free school meals eligibility, in-care indicator, language, gifted and talented indicator, mode of travel to school, entry date to school, special educational needs, school, attainment data for English, maths and science at end of Year 9 and attendance rate.

Chief Executive Nick Walkley made the gnomic statement:
"This should not be a case for concern relating to safeguarding."

The data was evidently part of a student survey for the government to compare educational development within broad groups. Were the parents consulted? I doubt it. Parents were not consulted about ContactPoint and its related databases, which contain even more sensitive data. One hopes there was no data sharing.

Schools are routinely taking children's fingerprints without permission from their parents, see here.

As many as 3,500 schools take biometric data from pupils to speed up basic administration such as buying canteen lunches or borrowing library books. Dr Emmeline Taylor, who conducted a study on surveillance of pupils funded by Salford University, has revealed that 3,500 schools in the UK - one in seven - are estimated to be using fingerprint technology.

A 2007 survey by the Liberal Democrats found that out of 285 schools using fingerprint scanners, only 48 had first sought parental consent.

Children are subjected to CCTV in their schools, many have to give their thumbprint to obtain a meal or borrow a book, their personal data is collected in vast swathes and lost .... and we are expected to believe that this is for the safety of our children.

Cartoon - on the occasion of the 20th Birthday of Privacy International.

Tuesday 30 March 2010

Compulsory is the new voluntary


Now we all knew that the government's aim was for ID cards to become compulsory by stealth and here is Alan Johnson announcing this fact clearly, see here.

"The provisions of the Identity Cards Act 2006 will be amended by further primary legislation, so that everyone aged 16 and over who applies for a British passport will have the choice of being issued with an identity card or a passport (or both documents) and for their identity details, including facial image and fingerprint biometrics, to be recorded on the same National Identity Register."

Last year Kable research found that scrapping identity cards and fingerprinting for passports would save £3.08bn over a decade, whereas scrapping the cards but retaining fingerprinting would reduce the saving to £2.2bn. The government plans to require all 10 fingerprints for passport and ID applications, although only two will be held on the document's chip.

Ask any Lib-Dem or Conservative canvassers what they intend to do about fingerprints in passports. (They both claim they intend to scrap the NIR and ID cards.)

Monday 29 March 2010

Careless disclosure costs reputations.



From August members of the public will be able to make applications for disclosure from police records about anybody who is in contact with children. It is claimed that the Home Secretary’s decision was justified by Home Office research - this relating to a tiny pilot study.

Hawktalk reveals the fundamental flaws in this egregious scheme.

The procedure involves four steps:
(1) Any person can make a request for information about a "subject"-
(2) Police then do a trawl of PNC, sex offender and local criminal intelligence data
(3) A preliminary risk assessment is made -
(4) Enquiries which do not meet the selection criteria are rejected – others move to the "application" for disclosure procedure,
(a valid enquiry had to pass two thresholds: (1) the subject has unsupervised access to children and (2) the subject lived in the force area.)

Hawtalk makes several important points and it is well worth reading the whole article.

Table 7 of the research report indicates that over half of applications did not have unsupervised contact with children. Hence step(4) of the police procedure should have been step(2); the research made no comment on this anomaly.

The Home Office Research Department has to be made independent of the Home Office.

Should personal data be retained on criminal intelligence systems if the subject has no criminal record and was not previously known to the police?

Such information might then be passed to employers to assess. Now ask a simple question: if you were an employer with a short list of two job-applicants – one of which has this kind of query against his or her name and the other hasn’t - which one do you employ?

Wednesday 24 March 2010

More ID card creep.


A very unpleasant little amendment to the Licensing Act (2003) is in front of Ministers for approval as a Statutory Instrument (SI). It is very rare for a SI to be amended or changed - so, unless it is rejected when presented to Parliament, it will pass on the 6th of April. See here.

The SI in question is there to address binge drinking by restricting licensees' abilities to offer discounted booze and encourage heavy drinking. Part 4 (2) of this particular SI refers to a licensee's policy, and reads as follows:

The policy must require individuals who appear to the responsible person to be under 18 years of age (or such older age as may be specified in the policy) to produce on request, before being served alcohol, identification bearing their photograph, date of birth and a holographic mark .

This effectively forces pub landlords to demand passport, ID card or driving licence as proof of age and will probably cause a boom in fake ID card sales and theft/loss of identity documents. Naturally the young will be told how more convenient it would be to get a national ID card.

This is another back-door attempt to undermine civil liberties and bolster the National ID Service. Why not write to your MP to make them aware of what's hidden in the small print, and demand that the SI is redrafted before it's accepted.

There are contactless proof of age card systems such as Touch2ID that simply contain a biometric hash of the bearer's fingerprint and which cannot be used for identity fraud. However, one might ask why there is such mania for proof of age? It certainly hasn't prevented a rise in alcohol consumption amongst the young; it is simply yet another attempt to counter the side effects of the total liberalisation of alcohol sale and consumption.

Monday 22 March 2010

Birmingham to get ID as well as data sharing.


Civil servants are still busily at work spending our money and planning for the years ahead, seemingly oblivious to the upcoming general election. The two main opposition parties and, as far as I can tell, all the minor parties, are opposed to ID cards. Yet we are still spending £230,000 a day on developing this scheme as well as the £1.3 million already having been spent on marketing and advertising. We are now told that Birmingham residents are to be targeted, see here.

The spin is that ID cards can be used instead of a passport for travel in the EU, the reality is that you need a passport as well. The spin is that young people can use it as a proof of age card the reality is that these only cost £10 whereas ID costs £30 accompanied by a lifetime of fees, data-sharing and penalties.

Make sure you ask any political campaigner about ID cards and the database state and ask precisely what they intend to do. Remember, Birmingham is a Lib-Dem/Conservative coalition yet we are all to be given a single customer record and have our data shared, see here. Our EU passports are to eventually contain fingerprints – so if Labour loses the election the fight is still on.

Saturday 20 March 2010

Opting out is easy.


The Summary Care Records (SCR) database - which is central to the government's plans to create health records for 50 million people - contains inaccuracies and omissions that make it difficult for doctors to trust it as a single source of truth, according to a confidential draft report. Researchers at University College, London, found examples where the Summary Care Records central database failed to indicate a patient's allergies or adverse reactions to drugs, and listed "current" medication that the patient wasn't taking. The database also indicated allergies or adverse reactions to drugs the patient did not have.

The researchers found no evidence that incomplete or inaccurate data on the SCR database had led to patients coming to harm - because doctors did not trust the new system as a single source of truth, and took extra time to double-check details of medications and allergies. See here.

The research was commissioned by NHS Connecting for Health which has continued the scheme without waiting for the reports to be completed. So you have paid an extra three quarters of a million pounds in addition to the £12.7bn cost of the National Programme for IT [NPfIT]. About 1.2 million summary care records have already been created and only a tiny proportion of patients have opted out.

So make sure you opt out..

Wednesday 17 March 2010

The lucky poor. Free ID cards!


The British public bails out the banks and it is then suggested that they could the be used to help curtail our civil liberties.

Kitty Donaldson writes in US magazine Business Week:

The Labour government may ask U.K. banks and supermarkets to subsidize its national identity-card program, paying for documents for poorer customers to attract business.

Home Office minister Meg Hillier said companies might offer to buy the £30 pound cards for people who wouldn’t pay for them otherwise. She named Royal Bank of Scotland and Lloyds Banking Group, both part state-owned, as candidates.

"I am keen to hear from business, banks do give incentives to people to open bank accounts. If they are doing that for some clients, would they think of doing that for other groups? Over a lifetime they do make money out of people."

The government’s £4.6 billion programme may see fingerprint readers installed in banks, post offices, courts and schools as a means of checking people are who they say they are. Hillier also said the government has heard suggestions from local authorities that ID cards could replace passes providing free local bus travel for the over-60s!

What a come down for the previous rationale for ID cards as a method for combating terrorism and organised crime.

Monday 15 March 2010

Secure information hub?


Birmingham City Council (BCC) tells residents that it is improving its customer service. It says it is changing the way it uses your personal information to improve services to you as a customer. The hub will contain a single customer record about you - your name, address, date of birth, gender, together with unspecified information which can be used to confirm your identity. The single customer record will act as an index to other customer information about you. Your data will be perfectly safe - all in one place. This is, presumably, transformational government. You haven't been asked whether you want this and opting out (as far as this is possible) means you have to read page 13 of magazine that has been delivered, have an e-mail and understand what you are opting out of!

You have the right to request that BCC stops using your information in relation to any council service, including the single customer record.

Contact - DP.Contacts@birmingham.gov.uk

Saturday 13 March 2010

What is the definition of optional?


A report from the US internet security company Cryptohippie puts the UK at number six in the list of the world's most repressive regimes in terms of the electronic surveillance of its citizens, see here. The following are two further examples of how the authorities are keeping an eye on us all.

Firstly, Birmingham Airport has introduced new face recognition gates (optional for the time being) which can be used by adults with a biometric passport from the UK or EU. To enter the gate the passenger places their passport on a reader which reads the passport data and checks them against national and international watch lists, the passenger's face is then matched against the digital image stored on the passport. This will feed into the eBorders and ‘Advanced Passenger Information’ (API) systems that already spread tens of millions of travellers’ personal details around the world.

Secondly we have Clubscan, an ID card scanning system produced by IDScan Biometrics Limited. It takes scanned images of clubbers' ID documents and stores their personal details, for the purpose of age verification, identifying barred members and identifying individuals to the authorities in the case of criminal incidents.

UK licensing authorities are increasingly requiring nightclubs to scan and retain clubbers' ID details.

The aptly named Soviet Union bar in Consett, County Durham is proposing such a No ID No Entry scheme, see here. This is the bright idea of a local police inspector.

He says: "Consett is not particularly rough, but this is all about creating a safer environment for people who want to go out on the town." Naturally the local population haven't been consulted.

The manufacturer claims that "Clubscan is voluntary: You are not obliged to permit a venue to scan your identification through clubscan. Though it is unclear how this might interact with a club's right to refuse entry.

Thursday 11 March 2010

London - NO2ID day of action. Can you help?


We're having a London day of action this Saturday, the 13th March, in response to the roll out of ID cards to young Londoners aged 16-24. NO2ID groups will be coming from all over the country to help out, so it should be a really good day.

We'll be leafleting/collecting signatures at tube stations, dropping leaflets at Halls of Residence and also doing a run of 'alternative' shops, which are likely to have a lot of customers in the relevant age range. Afterwards obviously, curry! Please bring a travelcard/Oyster Card if you have one.

We'll be meeting at 11.30 at the Ossulston Street Tenants and Residents Hall, entrance on Ossulston Street opposite Brill Place. The postcode is NW1 1EU but please be aware that Google Maps pins the Hall slightly wrongly, look for the entrance on Ossulston Street where there will be copious NO2ID signage. The Hall is equidistant between Kings Cross and Euston Stations.

Phil Booth, our National Coordinator will give a talk on the most recent updates to the Identity scheme before we send people out and about to leaflet/collect signatures.
Please come and join us, no experience is necessary, we'll have jobs for people at every level. If you have a NO2ID T-shirt, please bring it along. If you don't and would like one please let me know and I'll bring one along in your size, we charge £5 per shirt to active people, (which is cost price).

My telephone number is 07500 836 461, please bring it with you on the day and feel free to call if you need to clarify anything.

At the end of the day we'll all go for a Curry on Drumond Street.

Look forward to seeing you there.

Matty Mitford NO2ID Local Groups Coordinator

e-mail - local.groups@no2id.net

Wednesday 10 March 2010

Facebook site - Opt Out Now.


A facebook page has been set up called- Protect Your Medical Confidentiality. This relates to 'Summary Care Records' at present being uploaded with great rapidity - to the distress of many health professionals.

The aim is to alert people to the consequences of a letter coming through doors across parts of England, and to clarify the choices you can make.

The Department of Health is currently sending mailshots to people living in some areas, informing them of 'changes to your health records'. These changes are presented as necessary and inevitable but they are not. They shift control of health information from medical professionals to the state and will result in YOUR private details being uploaded onto a centralised system accessible to hundreds of thousands of people - not just doctors.

Link and more information here. Why not send the link to your friends and relatives?

Tuesday 9 March 2010

ID cards - not many interested.


There would appear to be little interest in ID cards in the Northwest of England. Since January there have been a mere 14 applications per day, see here. Perhaps the fact that the Tories and Lib-Dems claim they will scrap ID cards and the Don't be a Guinea Pig campaign by NO2ID in the Northwest has successfully educated people as to what having an ID card really entails.

Sunday 7 March 2010

Legal niceties?


Databases are growing like Topsy. Here is yet another. BAE systems has been awarded a €2.3 million contract to develop a Strategic crime and immigration information management system (SCIIMS) for the European Union.

The use of controversial information technologies such as data mining, profiling and predictive modelling are explicitly mandated by the EU contract, in spite of widespread concerns about their legality and effectiveness.

SCIIMS will mine large data sets. This could include EU databases such as the EUROPOL and Schengen Information Systems, as well as national police and immigration databases in the member states. Unless these practices are regulated by national or international law, they will almost certainly be unlawful. Yet there is no mention whatsoever of data protection within the EU-BAE contract.

Saturday 6 March 2010

Well done Germany.


After an outcry and more than 35,000 complaints, see here, Germany's High Court has told police and secret services that they must stop storing email and telephone data and delete information already collected. The court said that data was not properly protected and that authorities were not sufficiently clear as to why they needed it. Germany will continue to comply with the EU's Data Retention Directive and keep records for six months BUT will not open data packets to record who Karl contacted on Facebook, for example, without gaining legal permission.

Here in the UK we've only heard of the STASI and only joke, so far, about our police state. YET you are paying over £2 billion for the Intercept Modernisation Programme (IMP), which plans that communications providers will maintain giant databases of everything YOU do online. They want providers to process the mass of data to link it to individuals, to make it easier for our authorities to access, without asking for a warrant. This will be general oversight and 'phishing' of your personal communications. This will be the equivalent of opening your letters.

Write to your MP and say that the terrorists have won if we are subjected to such Stasi-like surveillance.

Friday 5 March 2010

Not so elementary?


All 43 police forces in England and Wales are to start using mobile fingerprint scanners enabling officers to cross-reference prints with national records, namely the National Fingerprint Database (IDENT1.) Up to 3,000 devices, will be in use by this summer,see here.

The National Policing Improvement Agency (NPIA) quango has signed a three-year contract worth £9m with a US firm Cogent Systems. This sounds a lot but the salaries alone of the NPIA cost £100 million a year as you can see from this link.

The technique of forensic fingerprint analysis used to be regarded as a perfect system of identification. This is no longer true. Formerly there was always a 16-point method of comparing prints. However, police chiefs have decided the current 16-point match standard is unnecessarily tough and results in guilty people going free. The use of experts was considered more reliable but four fingerprint experts were suspended in Scotland after Detective Constable Shirley McKie was wrongly accused of being at the scene of a murder in 1997. Also, tests have shown that forensic fingerprint experts may come to different conclusions when presented with the same sets of prints. Nonetheless the popular view is that the system is foolproof.

The larger the database, the greater the possibility of two fingers having roughly similar sets of coordinates and our police have a database of over 8 million sets of fingerprints already.

Fingerprint scanners will be very convenient for the police, as a check will take just two minutes and we are told that fingerprints will not be added to a database. Nonetheless, will this just be used for suspects who would otherwise have had to be taken to the police station? Or could there be some mission creep? Would it not be so easy just to check a few random, suspicious types; perhaps a watercolourist painting a factory? It's happened before, see here.

If you get one of those leaflets asking you to voice tell your prospective candidate what most concerns you, tell them that you want your civil liberties back. (You don't necessarily even have to state your address.)

Tuesday 2 March 2010

Surveillance spin.


Our Prime Minister gave a speech yesterday where he told us that crime was down substantially and that all we have to fear is fear of crime itself. He said that the DNA database and CCTV cameras have played a great part in this decline but failed to back this up with any figures; instead he told us about an emotive crime that had been solved because an unconvicted man's DNA was on the database. On the other hand, Mr Cameron failed even to mention the database state in his conference speech.

So, make sure you mention ID cards and the database state if you ever get someone canvassing for support at your door.