Monday, August 27, 2007

Government to breach its own data protection laws?

What is it with this Government and its desire to share information with every silly sod going? At a time when identity theft is already rife, and the Government claims it wishes to tackle it, why is it that it plays so loose and fast with our own information.

As the report in this morning's Times points out, access to the so-called "Information Share Index" which contains data on children and families is to be "extended beyond social workers, doctors and teachers to include a wide range of civil servants and children’s services" and will also include voluntary groups.

The database includes name, address, school, GP details, and other medical, educational or children’s services in contact with a child, along with parent details. Very useful information indeed if you wanted to be that person. And we're not talking about some pathetic attempt to pretend to be that person online here, we're talking about information that could be used for full scale fraud.

It seems to me that the Government has never heard of the principle of least privilege. When it comes to information security you don't widen access to information. The Government has said that access rights will be tightly controlled and you'll have to get an access code off the local authority and justify your requirements.

Simple question, who controls access to the access code once a third party organisation has been given it? What's more, under the Data Protection Act my data, and that of my family, is my data. It cannot just be shared with a third party without my consent. And just add to the madness, apparently some children will have their details concealed, especially if they have "celebrity status" according to Lord Adonis.

SO basically, we have a database that access to is being widened to include organisation that appear to have no control on who access the system once the organisation has been given access. There will be no consent sought it seems when the Government breaches its own data protection laws; and if you're 'lucky'* enough to be one Jade Goody's kids then your details won't be shared.

Now, just to address the obvious Labour arguments in favour of this. The first one will, I imagine, be along the lines of this being required to protect and/or help children. Therefore anyone that does not support it wishes to put children at risk and/or doesn't want to help them. In other words they're evil.

This argument is of course a red herring. The information being shared is information that can be given by a parent to any organisation it has contact with within the first five minutes of meeting them. Crucially in that case the autonomy of the information is respected, as the parent and child are the owners and ultimate arbiters of their information. They choose to give it out, they do not have chosen for them.

Another argument will no doubt be talk of "safeguards". This is a favourite words of almost any Government when it comes to them building databases. "The system will have safeguards" they say. What that means in this case is that a human being writes a letter to another human beings making an argument for access and a subjective decision is made on the basis of the request by a human being.

Human beings are not safeguards, and nor are processes under which they work. Human beings, when it comes to information security, are the weak point in an otherwise more secure chain. Once access is granted to organisation X, who controls and monitors the staff churn through that organisation and the control of access details?

It doesn't mater if the system has the most hardcore 20 character passwords generated by massive entropy engines, once the password is given out it becomes exposed to unknown security risk in third parties. That's not a safeguard at all, it's a bit like leaving a window open and hanging a piece of your jewelery out of it.

The next argument I would have thought would be a utilitarian one. That sharing this information will somehow speed up work. It won't though because every time a given organisation comes into contact with a new person/child they're going to ask for confirmation of their details- which is just like asking for them without knowing them first.

Finally, the argument of paranoia will probably be rolled out. Anyone who questions the need for an interlinked, shared database of this information is merely a tin-foil hatted loon. Now, it may in fact be true that some critics are conspiratorial nut jobs that make wild leaps of logic between unconnected points, but that doesn't make the criticism wrong.

What's important to point out here is this is not about saying you think Gordon Brown and the Labour Government are secretly trying to enslave us all in an Orwellian nightmare with the ultimate aim of destroying democracy. No, this is about asking whether the proposal passes the Stalin Test. Would someone like Stalin have found a system like this useful?

Just because today's politicians are not, or at least appear not to be, maniacal megalomaniacs, it does not mean that there won't be one in the future, and frankly it is naive to think that it can't happen. This means we should be exceptionally careful when we build the infrastructure of state that could so be easily used for purposes of political oppression.

The proposal is not only one that increases most of the nation's exposure to identity crime, but it is also one which a future tyrant would be most pleased to use to his or her advantage.
* 'lucky' is being used here in the loosest possible sense.


Johnny Norfolk said...

Ah but this is a Labour government. They do not expect to abide by laws that are made for us. They are the elite and they do no expect to carry out laws that are for us.

Anonymous said...

Government ministers would claim celebrity exemption as, presumably, would most MPs; who's going to rock the boat?

Anonymous said...

Many good points Dizzy. Couldn't agree more.

Christ we need to get these chumps out.

Anonymous said...

Many thanks, Dizzy. When I read the piece in the Times I got very cross myself.
Everything you say is true except I would go further. I have always believed in the cock-up rather than the conspiracy, but why give them the chance? I do not want the government to have information about me and mine. I have nothing to hide, but I value my privacy, my independence, and my individualism.

Anonymous said...

Surely Cameron needs to concentrate on the authoritarian tendancies of New New Labour and give us a libertarian choice at the next election... IMO If he did this Cyclops wouldn't stand a chance. ID cards vs a couple of dozen new hospitals? or ID cards vs a cut in Browns stealth taxes?