Sunday, December 07, 2008

The Home Secretary's "sole discretion" to enter your property without a warrant?

Non-Disclosure Agreements have always fascinated me because I've often wondered how legally enforceable they can be if they have clauses which seemingly circumvent the legal protection that due process provides for individuals in a given state. More so, when an NDA has been signed by a company, I have often wondered how the legal position of that NDA applies to individuals working for that company in terms of whether they need to have signed and agreed to the NDA also.

Take for example the latest Home Office leak on Wikileaks which is a copy the NDA that the Home Office required those software businesses tendering for the National Identity Scheme gig had to sign. It has two clauses of interest that raise questions, for me at least, about enforceability. The first is in section 3.2 which states,
"[The company mus] consult with the Authority as to possible steps to avoid or limit disclosure and take those steps where they would not result in significant adverse consequences to the Authority"
In this case the "Authority" is the Home Secretary, and in effect the company is being asked to avoid disclosure of information, discuss with the Home Secretary how to do it, and do it essentially to avoid the Home Secretary embarrassment, or negative consequence.

Now, I can think of a number of circumstances where such a clause is perfectly benign and, to be honest, quite sensible. The disclosure of source code for instance would not be a good thing for a system like the NIS. Whether one agrees with the system in principle or not, once it is up and running and being developed you want to protect it.

However, disclosure of problems with the system, budget, feasibility, and for that matter security concerns, given the nature of the NIS, are also a matter of public interest, and would, at least I think they are, be covered by such public interest considerations.

In addition, NIS development is very likely to use some sort of sample data set and it is possible that those data will have real information in them. In that case the DPA may come into play, in which case the company is being asked to find way to avoid or limit its obligation under such legislation. However, the more worrying issues is with Section 5 of the NDA.

This section confers on the Home Secretary the right, at his or her "sole discretion" to enter private and domestic property and seize any property which it consider pertains to the NIS project without any warrant or judicial oversight. The clause appears to not just cover the company itself but anyone or works for the company or any subcontractors.

This means, in effect, that a worker supplied with a laptop form the company and authorised to take the laptop home could, in effect, see Home Office officials enter their domestic property without a warrant. Can such an NDA legally override the requirements and protection of the law in these circumstances?

Does not the individual have to also agree to the NDA at the very minimum, and even if they did can one sign away their legal protection over the entry and seizure of property from domestic dwellings? This is a serious question. Is the law the sovereign over our rights or can we actually sign away our rights in a private contract with our employers? More so, can an employer sign away the legal rights of its employees without consulting them or asking them to sign the NDA as well?
Hat Tip: Whipped Senseless

13 comments:

Sandy Jamieson said...

It would also be interesting to explore the powers of the Home Secretary in Scotland on this. It is my understanding the Scottish Government is opposed to ID Cards and would the Scottish Justice Secretary be "the Authority" in Scotland or would it be Jacqui Klebb or her successor.

Colin said...

You're quite right. Your employer cannot sign away your legal rights, only you can therefore the clause would be prima facie ineffective. However, it wouldn't surprise me if a little clause was slipped into some obscure bill expressly authorising such a position.

Such a provision would create public, political and judicial outrage & would be ripe for lopping as it would be undermining the principle in Entick v Carrington let alone issues of Human Rights law today.

2345 said...

Complex legislation is designed by those with no respect for Law.

John Pickworth said...

Such a clause might allow the Home Secretary to feel she/he has the power to enter people's homes but I'm certain a Court will have a very different opinion.

All NDA's essentially set out a list of can and can't do's but to enforce them you still need to resort to the existing laws of the land... you cannot simply inject your own versions of them into what is basically a private understanding between parties.

Morus said...

All I can imagine is that Employees rolling-on to this could be asked to sign project-specific NDAs with the same clause.

God knows I wouldn't, but then I wouldnt work on this scheme, and I hope my company wouldn't have been stupid enough to bid for it.

An NDA simply isn't the correct place for this - the NDA should cover voluntary desemination, but malicious desemination should be dealt with by crinimal law - and I would argue that between the DPA and OSA (does this count as National Security) the criminal intent is covered. Why the need to avoid warrants?

Nick said...


Now, I can think of a number of circumstances where such a clause is perfectly benign and, to be honest, quite sensible. The disclosure of source code for instance would not be a good thing for a system like the NIS. Whether one agrees with the system in principle or not, once it is up and running and being developed you want to protect it.


And the best way to protect the system is to open up the code for scrutity by all so that the holes are removed before it goes live.

Nick

Nick said...


Now, I can think of a number of circumstances where such a clause is perfectly benign and, to be honest, quite sensible. The disclosure of source code for instance would not be a good thing for a system like the NIS. Whether one agrees with the system in principle or not, once it is up and running and being developed you want to protect it.


And the best way to protect the system is to open up the code for scrutity by all so that the holes are removed before it goes live.

Nick

Anonymous said...

Frankly, if the cunts are sufficiently venal to tender for the damned system they deserve everything they get!

Shaun said...

What if, like me, you're a freelance developer and your take a job from a guy who's also got other freelancers on NIS-related projects? Am I, or my 'employer' bound or merely the freelancer? And if so, how when you consider how the contractual chain works and who gets to speak to who in the mercenary freelance world?

Also, legalistically, how's this going to be inforced? Normally its after-the-fact by the courts before which the Police have obviously raided your home. But remember: nothing to hide, nothing to fear, eh?

Anonymous said...

She will probably try to enforce this by instructing the contractors/cosultants to ask their staff to sign a project specific confidentiality agreement - effectively back-to-backing the corporate NDAs. However the Home Office behaviour raises two very important questions:
(a) why should NIS data be accessible outside of secure government offices or downloaded off the GIS (the government's secure network) - in either case this leads to n inceased risk of data loss (e.g. HMRC's loss of the child benefit CDs)?
(b) why does the Government need additional protection, all contractors working on Government IT contracts are or should be asked to sign the Official Secrets Act - so why does the Home Office need some separate 'protection'?

Comrade said...

The country awaits the call to march on Parliament with pitch forks to oust these odious Labour scum who oppress us, just say when.

BrianSJ said...

It is very hard to see what the Official Secrets Act and the Data Protection Act would not have covered unless this is for companies based or working overseas, in which case an NDA of this kind would still be pretty unenforceable.
What do you expect from dinnerladies at the home office?

Anonymous said...

It is shockingly badly drafted in general, and clause 5 is unenforceable as it stands as against "Individual Recipients".

Presumably Thales et als' corporate counsel said as much when they were negotiating this. If not, I call negligence.