The Government misses the point on Poynter
RELEASE: 17 December 2007
The Foundation for Information Policy Research (FIPR) believes that
the Government's response to the interim Poynter report shows that
they just don't understand what has gone wrong. Their refusal to
abandon the headlong rush towards Transformational Government -- the
enormous centralised databases being built to regulate every walk of
life -- is not just pig-headed but profoundly mistaken.
Both Alasdair Darling, commenting on the HMRC fiasco, and Ruth Kelly,
telling the House about the loss of 3 million people's personal
information, told us that once 'lessons have been learned' and
'procedures tightened' the march to ever-larger database systems will
Before Transformational Government came along, only small amounts of
data were lost -- but as the new databases cover the whole population,
everyone's affected now, not just a few unlucky people.
Transformational Government means putting all of the eggs into one
basket and it is creating:
- The multi-billion pound identity card scheme, to hold data on the
- The National Health spine, which will make everyone's health records
available for browsing by a million NHS workers
- ContactPoint which will record details on every child in England,
with details of their parents, carers and indicators of whether they
have any contact with social services. Three hundred thousand people
can look that information up.
- A universal pensioner's bus pass scheme which will hold the data on
17 million people, and in principle will let any bus driver learn
your age and address -- when all that it should record is an
entitlement to free travel.
Ross Anderson, Chair of FIPR and Professor of Security Engineering at
the University of Cambridge said, "the Government believes that you
can build secure databases and let hundreds of thousands of people
access them. This is nonsense -- we just don't know how to build such
systems and perhaps we never will. The correct way to design such
systems is to localise the data, in a school, in your local GP
practice. That way when there is a compromise because of a technical
failure or a dishonest user then the damage is limited.
"You can have security, or functionality, or scale -- you can even
have any two of these. But you can't have all three, and the
Government will eventually be forced to admit this. In the meantime,
billions of pounds are being wasted on gigantic systems projects that
usually don't work, and that place citizens' privacy and safety at
risk when they do."
Richard Clayton, FIPR Treasurer said, "Personal data ought to be
handled as if it were little pellets of plutonium -- kept in secure
containers, handled as seldom as possible, and escorted whenever it
has to travel. Should it get out into the environment it will be a
danger for years to come. Putting it into one huge pile is really
asking for trouble. The Government needs to completely rethink its
approach and abandon its Transformational Government disaster."
Chair of FIPR and Professor of Security Engineering, Cambridge University
0791 905 8248
chair AT fipr.org
Notes to Editors:
- The Foundation for Information Policy Research (http://www.fipr.org)
is an independent body that studies the interaction between
information technology and society. Its goal is to identify
technical developments with significant social impact, commission
and undertaken research into public policy alternatives, and promote
public understanding and dialogue between technologists and policy-
makers in the UK and Europe.
- Two further issues emerged during the question-and-answer sessions
following the ministerial statements.
First, Ruth Kelly revealed that the Information Commissioner thought
it unnecessary to notify the individual victims of identity theft in
the DVLA case as he did not think there was a 'substantial risk to a
serious number of people'. This appears to be an entirely new
innovation in data protection law, and raises many questions:
- Did the ICO believe that the HMRC data loss did indeed pose a 'substantial risk to a serious number of people'?
- Is the ICO's reported judgment correct, both as a matter of law
and as a matter of practice? Personal details currently have
a higher black market value than simple credit card numbers, and
various Honourable Members pointed out the possibility of scams
in which callers pretend to be from DVLA, for example, and say
'the payment for your driving test didn't go through'
- How does this square with the US experience that all victims
of personal data loss should be notified; with the
recommendation by the Lords Science and Technology Committee that
the UK should also have a comprehensive breach-notification law;
with the European plan to introduce a breach-notification
directive; and with the recent statement by Peter Hustinx, the
EU data protection tsar, that breach notification should be as
comprehensive as possible?
FIPR believes that their Lordships got it right and that Britain
needs a comprehensive data-breach notification law - and the sooner
the better. FIPR also calls on the Information Commissioner to
clarify his position.
Second, the Chancellor replied to a question by Iain Duncan-Smith
about whether the Government or the banks would take liability for
identity theft. The Chancellor claimed that there was no linkage.
This is untrue. Over the past ten years, the banks have progressively
shifted liability for disputed transactions to customers, culimating
in the Payment Services Directive which the Treasury (under Gordon
Brown) got Europe to adopt. This allows banks to set their own
dispute resolution procedures in their terms and conditions. How is
Mr Brown, now he's Prime Minister, to make good on his promise that
no-one will lose money as a result of identity theft?
- In March 2007, the Cabinet Office consulted on its e-Government
Framework for Information Assurance. FIPR pointed out that the
framework was defective in many respects. It was withdrawn and
replaced with an anodyne document that avoids the hard technical
issues. See http://www.fipr.org/ for the documents.