Tuesday, November 04, 2008

Post Pub, Post Porter

I went to the pub, I game back, then I read some drivel by Henry Porter. It made me angry...

Following Gordon Brown's admission that the government could not guarantee the security of personal data, David Davis concluded on Comment is Free this week that far from protecting us from identity theft 'the grandiose projects of the British state may prove to be its greatest facilitator."

This is right, and Davis's message should be understood by far more MPs than is currently the case. He is one of the few in Parliament who has grasped the nature of the threat and the speed at which it approaches us.

Yet it is not just security breaches and lapses that we have to worry about. The government is clearly committed to a course of selling our personal data to cover its costs and in some cases, like the ID card's National Identity Register, a big commercial operation is envisaged.

So, David Davis "concluded" this did he, how exactly? Did he take us through each example of vunerable data, explain what data was exposed and the potential for abuse of that data. Does he have an understanding of what systems and checks the data could be used to bypass and what techniques might be used? Unlike Messers Porter and Davis I have spent the last 8 years working in IT, dealing with consumer data on a pretty regular basis and I would quite confidently say that the sentence "the grandiose projects of the British state may prove to be its greatest facilitator" is pure unadulterated bull drawn up by someone with no understanding of the actual issues involved.

The model for this activity is seen at the DVLA, which sells details of vehicles and drivers for a fee of between £2.50 and £5. For £3,000 a "reputable user" – in other words, a supermarket or security firm - can buy a link to the DVLA database although they still pay the same fee for driver's details on top of that.

Although the DVLA insists that it is not a making a profit on the 1.64 million sales per annum, which is hard to believe, the fact remains that a government agency is selling information about us to third parties who may have rather doubtful motives – like the Parking Eye company which sent an £80 penalty notice to a driver who broke her late night journey on the M6 to take a nap in her car at Lymm services rather than continue and fall asleep at the wheel.

Some people might suggest that people who operate car parks or have areas of land that be subject to illegal parking by motorists might actually have a need for this data, so that they can get in touch with illegally parked motorists. Like most systems, potential for abuse exists, but the flipside of the coin is the idea that people can park where they like and the drivers have absolute right to anonymity. This is just the usual Porter trick of pointing to a single instance of abuse for a generally sensible law.

But is not just the DVLA. In the summer the police admitted that samples from the national DNA database had been used for unspecified research. How much money changed hands, and what was the purpose of the research, are not known but this is the clearest indication that once the state acquires information – and here we are talking about the biological essence of thousands of people – it comes to think of it as its own, to do with it what it likes.

Another bit of bull, does Henry know if there is actually any danger from this, does he know anything of what can be gleaned from this DNA data. Does he know if the data was anonymous or not? It could be a dangerous story, but that depends on a number of factors.

The vast databases that are being hastily built before the public realises what it is losing represent an enormous commercial prize. The only people who will not benefit from the sale of our information are us, even though we will be supplying it – often under duress – to the government. We'll be soon be in the ridiculous position of giving up every important piece of information about ourselves, together with the right of access to that information, while commercial enterprise will purchase access for their own gain. It is a stark reminder how rapidly the relationship between state and individual has changed in the last decade.

Who owns our personal information, what use they make of it, and what access the public should be allowed to its own data – to correct and formally withdraw it from the database - are issues which are hardly ever discussed by Davis's colleagues, who unthinkingly go along with the idea that possession is ninth-tenths of the law.

Last time I checked, these databases were being very slowly and carefully assembled, the National Identity Register has taken a long time (first consultation was in 2002) and a lot of studies and no one has been issued with a single card yet. One example he cites is absolutely harmless, the other he just hints at vague possibilities of abuse with little concrete proof of anything.

But there is another route, which starts with each one of us declaring that our personal information is precisely that. It belongs to us and we should have control over it, wherever possible. What we need, but hear little suggestion of in Parliament, is a privacy law that entrenches these rights in the environment of a new Bill of Rights. For if there is one clear message to absorb about current situation in which the state plunders what it likes from our personal lives it is that the section that guarantees privacy in the Human Rights Act is a complete joke, and has in fact been the context in which this gross attack on all our privacy has taken place.

What a wonderful idea, let's give it a try...

To anyone who knows my name and address, I demand you forget it this instant, IT'S MY PERSONAL DATA!

If you know my birthday, forget it IT'S MINE AND MINE ALONE!

As a final little twist, when I copied the original article at the bottom were the words "Your IP will be logged":)

No comments: