Embargo 00.02am 29 October 2008

Reacting to Information Commissioner Richard Thomas’s remarks in a speech today[1], NO2ID[2] suggested the ideas of Data Protection are no
longer adequate. Mr Thomas called for CEOs to take responsibility for preventing data-losses, but the campaign group claims this is beside the
point in the face of the determined drive by government agencies to sweep away privacy.[3]

Phil Booth, NO2ID National Coordinator said:

The ICO says the buck for data breaches should stop with CEOs. So is Gordon Brown listening? The privacy crisis is the creation of this government and he should be held responsible.

The snooping-obsessed government is losing more personal information than ever, because it has seized more than ever. You can’t trust a stalker state.

Guy Herbert, General Secretary of NO2ID said:

Massive loss and misuse of personal information is just a side effect. The real danger to privacy is the drive for ever more legal collection
and sharing without a choice. Data protection is now hollow. It always was back to front. You should control what is done with your information, not the government and not a regulator.

-ENDS-

Notes for editors:

1) ‘Privacy watchdog calls on CEOs to take responsibility for data protection safeguards’ 29 October 2008

2) NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. See http://www.no2id.net/dbstate.php for a list of
‘database state’ initiatives that NO2ID is actively opposing.

3) The Ministry of Justice has been charged with removing the legal protections against data-sharing where they are inconvenient to
government agencies. See ‘Information sharing vision statement’ 13 September 2006

http://www.justice.gov.uk/publications/informationsharingvision.htm

There are numerous examples of exceptions to normal expectations of privacy and confidentiality created in recent legislation.

27 Octorber 2008

NO2ID [1] this morning calls for plans to allow the police to fingerprint people on the street using mobile scanners [2] to be put on hold until vital
legal protections are put in place.

The plans would set a significant and potentially very dangerous trap for the public. Police currently have the power to demand fingerprints from someone only after arresting them. Fingerprinting at police stations is done under carefully controlled conditions.

If scanners are in use, the police will in practice be checking fingerprints using technology that is known to give false results a significant amount of
the time [3], and members of the public may find themselves under pressure to give prints “voluntarily” when it is not legally required to identify
them. Given the government’s appalling record on abuse and mishandling of personal data and its “fairy-tale thinking” about biometric technology [4],
NO2ID makes four demands:

1) That failure rates as well as the success rates are regularly reported to Parliament from the very outset, beginning with full disclosure (no claims
of “commercial confidentiality”) on Project Midas and previous trials. Government has a habit of only reporting the ‘good news’ about biometrics.

2) That the scanners be limited by law to checking only against criminal fingerprint databases. Any checks against the proposed National Identity
Register, for example, would be a fishing expedition [5] effectively turning the entire population into suspects.

3) That it be declared illegal for fingerprints gathered in this way – or any data obtained, such as the name of the person involved – from being stored permanently [6] except in connection with an actual prosecution. Otherwise there is nothing to stop this, over time, resulting in the creeping fingerprinting the general population, starting with the young and members of ethnic minorities.

4) That arresting someone for refusal or failure to provide fingerprints when there is not otherwise a problem identifying them or when no offence
has been committed, be clearly banned and made a disciplinary offence for police officers [7].

Phil Booth, NO2ID’s national coordinator said:

This implies a completely new power for police to fingerprint you in the street, using an iffy technology. If refusing to cooperate can get you arrested, then you would have not just fingerprints but DNA on a criminal database for the rest of your life. That means the state can pick on anyone at any time.

-ENDS-

Notes for editors:

1) NO2ID is the independent, non-partisan, cross-party campaign against the National Identity Scheme and the database state. See
http://www.no2id.net/dbstate.php for a list of ‘database state’ initiatives that NO2ID is actively opposing.

2) See, e.g. ‘Police will use new device to take fingerprints in street’, Guardian, 27/10/08:

http://www.guardian.co.uk/politics/2008/oct/27/project-midas-fingerprint-scanner-liberty

3) The only medium-scale test of biometrics on the general population to date was done by the UK Passport Service in 2004. It showed failure rates as
high as 1 in 5 for fingerprints:

http://dematerialisedid.com/PDFs/UKPSBiometrics_Enrolment_Trial_Report.pdf

301 page report, interestingly no longer available on the Home Office website, which showed that 19-20% of people could not be matched to fingerprints enrolled only a few minutes earlier, and that up to 4% of people could not be enrolled at all.

All biometric systems have to be ‘tuned’ to balance false positives (making incorrect matches with prints already held) against false negatives (failing to match against stored prints). It is literally impossible to design a large-scale system that will correctly and uniquely match every person checked 100% of the time.

4) See security experts’ letter to the Joint Committee on Human Rights, 26/11/07:

http://blogs.spectrum.ieee.org/riskfactor/2007/11/uk_id_card_fairy_land.html

- although related to the National Identity Scheme in this instance, experts condemn ministers’ “fairy-tale view of the capabilities of [biometric] technology” across mass populations.

5) During the Committee stage of the Identity Cards Bill, Home Office minister Tony McNulty stated: “There are safeguards not only against state
agencies, for want of a better phrase, going fishing in the database but against misbehaviour and abuse of the database by those who manage the
system.” See Hansard:

http://www.publications.parliament.uk/pa/cm200506/cmstand/d/st050706/am/50706s07.htm

There are clearly NO such safeguards as Tony Blair, in a Downing Street briefing in November 2006, claimed that police WOULD go on ‘fishing expeditions’ in the biometrics held in the National Identity Register (NIR), the database at the heart of the ID card system:

http://www.dailymail.co.uk/news/article-414942/Blair-says-ID-cards-used-fight-crime.html

It has also in past weeks emerged that that the Home Office will be testing NIR systems with a fingerprint data type designed for criminal records, but
which is incompatible with its own design:

http://www.theinquirer.net/gb/inquirer/news/2008/10/17/uk-tests-identity-scheme

6) The experience of the National DNA Database has shown that the government will simply pass laws to make it legal to retain even highly
sensitive personal data for life, once this is happening (illegally) in practice.

7) People should have a right to biometric privacy and if the police have no other reason to suspect someone of a crime, they should not be allowed to
invade this with a process that is technologically dodgy at best and guaranteed to lead to false suspicion or worse in at least a percentage of
cases.

2 October 2008

The concerns of privacy campaign NO2ID [1] are vindicated by the statement of the outgoing head of the Crown Prosecution Service, who has slammed the paranoia and fear driving the government’s attempts to create a database-powered surveillance state. NO2ID welcomes and supports his remarks as just the latest warning from a high profile figure repudiating the government’s totalitarian approach [2].

The Director of Public Prosecutions, Sir Ken Macdonald, attacked the “paraphernalia of paranoia” of an increasingly security-obsessed government that seeks to claim greater and greater powers of surveillance. His implied targets included the National Identity Scheme, the proposed telecommunications database in the Communications Data Bill, 48 days detention and other planks of government policy [3].

Politicians, he warned, should “take very great care to imagine the world we are creating before we build it. We might end up living with something we can’t bear.”

After Sir Ken’s appearance on Channel 4 News (Monday, 20/10/08) Guy Herbert, NO2ID General Secretary, agreed with his sentiments but said:

Sir Ken is too generous by half. His calls for balance, vigilance and debate are mistaken in the face of a government that looks for any possible opportunity to collect information on the citizen, then suggests anyone who disgrees is somehow an accessory to terrorism, or paranoid.
Privacy campaigners advocate a trusting society where there are fair and controlled investigative powers. We are the ones asking for evidence and rationality. It is the stalker state – driven to try and watch everyone, everywhere, all the time – that appeals to fear and paranoia.

-ENDS-

Notes for editors:

1) NO2ID is the independent, non-partisan, cross-party campaign against the National Identity Scheme and the database state.
See http://www.no2id.net/dbstate.php for a list of ‘database state’ initiatives that NO2ID is actively opposing.

2) See also, for example the remarks of Dame Stella Rimmington,
“Response to 9-11 was huge over-reaction’ Guardian interview, 18 October 2008

http://www.guardian.co.uk/politics/2008/oct/18/stella-rimington-9-11-mi5

3) CPS Lecture – “Coming out of the Shadows” 20 Oct 2008

http://www.cps.gov.uk/news/nationalnews/coming_out_of_the_shadows.html

See also, “Centuries of British freedoms being ‘broken’ by security state, says Sir Ken Macdonald” – Telegraph, 20/10/08. Also Channel 4
News, same date.

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3230452/Centuries-of-British-freedoms-being-broken-by-security-state-says-Sir-Ken-Macdonald.html