Take for example the latest Home Office leak on Wikileaks which is a copy the NDA that the Home Office required those software businesses tendering for the National Identity Scheme gig had to sign. It has two clauses of interest that raise questions, for me at least, about enforceability. The first is in section 3.2 which states,
"[The company mus] consult with the Authority as to possible steps to avoid or limit disclosure and take those steps where they would not result in significant adverse consequences to the Authority"In this case the "Authority" is the Home Secretary, and in effect the company is being asked to avoid disclosure of information, discuss with the Home Secretary how to do it, and do it essentially to avoid the Home Secretary embarrassment, or negative consequence.
Now, I can think of a number of circumstances where such a clause is perfectly benign and, to be honest, quite sensible. The disclosure of source code for instance would not be a good thing for a system like the NIS. Whether one agrees with the system in principle or not, once it is up and running and being developed you want to protect it.
However, disclosure of problems with the system, budget, feasibility, and for that matter security concerns, given the nature of the NIS, are also a matter of public interest, and would, at least I think they are, be covered by such public interest considerations.
In addition, NIS development is very likely to use some sort of sample data set and it is possible that those data will have real information in them. In that case the DPA may come into play, in which case the company is being asked to find way to avoid or limit its obligation under such legislation. However, the more worrying issues is with Section 5 of the NDA.
This section confers on the Home Secretary the right, at his or her "sole discretion" to enter private and domestic property and seize any property which it consider pertains to the NIS project without any warrant or judicial oversight. The clause appears to not just cover the company itself but anyone or works for the company or any subcontractors.
This means, in effect, that a worker supplied with a laptop form the company and authorised to take the laptop home could, in effect, see Home Office officials enter their domestic property without a warrant. Can such an NDA legally override the requirements and protection of the law in these circumstances?
Does not the individual have to also agree to the NDA at the very minimum, and even if they did can one sign away their legal protection over the entry and seizure of property from domestic dwellings? This is a serious question. Is the law the sovereign over our rights or can we actually sign away our rights in a private contract with our employers? More so, can an employer sign away the legal rights of its employees without consulting them or asking them to sign the NDA as well?
Hat Tip: Whipped Senseless