RegulationSecuritySurveillance-ITWorkspace

How The Government Is Lying About Fighting The Database State

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Exclusive: The Tories said they would end the database state, but ministers like Jeremy Hunt are doing the opposite

“I believe there is something out there watching over us. Unfortunately, it’s the government.” That epigram, supposedly uttered once upon a time by Woody Allen, caught the attention of your reporter in a men’s lavatory in the East End of London this bank holiday weekend.

Not because it’s one of Allen’s most astute aphorisms, but because of a comment from a UK government official last week, during a Westminster eForum debate. In response to a suggestion that the government had gone back on promises to scale back storage of citizens’ personal data, justice minister Lord McNally told TechWeekEurope: “I don’t think you can accuse the government of a broad retreat from its principle.”

But TechWeek has data and proof points that show the government certainly can be accused of backtracking on its pledges surrounding privacy.

Shutterstock - © Petar Paunchev - surveillanceLet’s look at what that “principle” is (or was). In September 2009, in the run-up to the election that would see the Conservative Party brought to power alongside their Liberal Democrat Coalition partners, the Tories said they would fight to end the surveillance state and cut the number of central databases. They warned of the “potential risks and liabilities involved in large government-run database projects”. “The trade-off between personal privacy and security has proved a mirage,” they said.

On the day the Conservatives laid down their grand plans, the then shadow justice secretary, Dominic Grieve, said: “As we have seen time and time again, over-reliance on the database state is a poor substitute for the human judgment and care essential to the delivery of frontline public services. Labour’s surveillance state has exposed the public to greater – not less – risk.”

It turned out to be largely empty rhetoric. And it had all started out so well with the demise of the ID card scheme and the ContactPoint database of UK children that had sent so many privacy advocates on the warpath. Yet now the Conservative party’s plans for the database state look disturbingly similar to those of the Labour government it so vehemently lambasted.

The database state and abuse of…

That same trip to the urinal brought to mind a number of Freedom of Information requests made by TechWeekEurope last year, the results of which are finally being published here. They go some way to showing how Lord McNally and the government are misleading taxpayers when they say they are dismantling the database state.

In their responses, not a single government department could say they had reduced the number of databases containing personally identifiable information, including names, addresses and contact details. Those that could offer hard information in response all reported either a rise in the number of databases with such data on, or they had remained the same, since June 2010, just after the Coalition was formed.

Most departments said they could not provide the information due to the time constraints of tracking where all databases were and what kinds of data were on them. In other words, their systems have become so complex and distributed, doing a simple count of how many personal data troves they run would take a Sisyphean effort. A problem in itself.

Some did offer solid responses. Ofgem, for instance, saw its number of databases with personal data on rise from 8 in 2010 to 11 in 2012. That took the estimated number of citizens with information sitting on Ofgem servers up from 53,000 to 335,000.

The Office of Fair Trading, meanwhile, has had the same seven databases since 2010, holding information relating to at least three million people. It could only get this data from four of its databases, as the other three were hosted off-site and supported by a third-party company. Another sign of infrastructural complexity.

But a rise in databases doesn’t necessarily translate into heightened privacy infringements. It is what happens to the data inside that counts. Further FOI requests from TechWeek have shown the level of data abuse across central government departments, which made for more worrying reading than the initial batch of FOIs.

Over the past two years, plenty of government officials have been disciplined for improper use of department data. In HMRC there were 144 members of staff who were punished for inappropriate use of information since 2011. At the UK Border Agency and Border Force, there were 52, the Department for Transport five and two at the Welsh Government. Given the FOI responses were received in early 2013, it’s likely those figures will now be higher.

The Department for Work and Pensions has been a particularly bad offender. From 1 January 2011 to 31 October 2012, 2,519 employees were disciplined for improper or inappropriate use of the Internet or of department data.

Sound familiar?

With database abuse rampant in certain departments, it will be difficult for citizens to trust the government to protect their privacy, or have faith in the government’s database plans. But many will argue ramping up of databases is necessary, especially if we are to have a modern administration running the nation.

The ‘digital by default’ strategy being pushed by Francis Maude and his Government Digital Service will understandably create more databases with more personally identifiable information. That will make for more easily-accessible online public services and hopefully plenty of government savings to help cut the nation’s debt and deficit problems. They estimate between £1.7 billion and £1.8 billion will be saved if all transactional services offered by central government are moved online.

But a number of planned databases are simply not necessary, according to disgruntled onlookers, especially ones currently in the works. Critics cite a host of examples where the Coalition is repeating the same mistakes of the Labour regime that preceded it.

A multi-billion pound project announced by health secretary Jeremy Hunt earlier this year will give everyone an electronic health record by 2018 and appears to be based on many of the same ideas as the disastrous National Programme for IT, which sought to establish a nationwide patient database but came to very little, wasting billions in taxpayers’ money.jeremy hunt bell 2

The aim is to ensure doctors have access to all relevant patient data, so if there is an emergency they will be able to offer better, quicker treatment. The doctors that TechWeek has spoken to are unsurprisingly in favour of the initiative. It will help them do their job better (if it works).

Privacy advocates, however, are upset about the lack of choice for patients and the fact that storing all this information in a centralised way, in potentially insecure cloud servers no less, could lead to disastrous security breaches. This should be an opt-in decision, where data will not be sent across NHS bodies without prior permission, they argue. And, given the NHS has a woeful history of keeping data secure, such a database has to have extremely tough safeguards, they say. Even then people’s information will most likely be illegally accessed.

“The Prime Minister’s assurances about patients being in control of their medical records now appears to have been kneecapped by Whitehall and the best patients can hope for is a chance to opt-out of changes,” says Emma Carr, deputy director of Big Brother Watch.

“Even then the opt-outs are being heavily limited and the changes to how medical records are used being implemented without any information whatsoever being given to the public.”

Meanwhile, an £8.6 million project to set up a database to record information on children’s visits to hospital has understandably caused people to worry the Conservatives are setting up another ContactPoint. The Tories have promised it won’t contain as detailed data, but it is, nevertheless, a database full of children’s personal information.

There was something of a furore in February over the Everyone Counts project, which will require GPs to upload patient information, including  drinking habits, NHS numbers, illnesses and treatment details. The motive, to hand researchers information to work on new treatments, is admirable, but again there is little in the way of citizen choice. And the government’s idea of anonymisation here has been justly ridiculed – whilst no names are attached to files, dates of birth and postcodes are.

Another worry around medical data emerged last month, when it was claimed Jeremy Hunt refused to allow access to a database on the results of heart surgery on children. If these databases aren’t being used to save people’s lives, what is their purpose?

All of this hasty manoeuvring from the NHS, led by Tim Kelsey, national director for patients and information, has led to claims that we are in the final days of medical privacy. In a short matter of time, there will be none, so the argument goes.

Another massively controversial plan, outlined in the Communications Data Bill, otherwise known as ‘Snooper’s Charter’, is to create a filter, or a search engine, to help police access comms information. That includes data such as who is contacting who, from where and at what time over a particular service, like Skype or Facebook. At the backend, of course, would be a range of databases. This amounts to an example of the database state and the surveillance state combined.

Again, the Communications Data Bill looks rather familiar. That’s because it’s almost the same proposal put forward under former home secretary Jacqui Smith, as part of the Interception Modernisation Programme. Those plans were eventually spiked, even after Smith retreated on the idea of a centralised database. But Theresa May appears determined to push through her measures, with what amounts to a centralised database accessed via the filter.

Plus ça change, plus c’est la même chose…

Julian HuppertIt all points to a situation where little has changed. And MPs are fretting about how the Tories are pushing for an expansion of the database state, rather than slimming it down. “It is clear that Conservative ministers have in many cases not learnt from the Labour errors, and, egged on by the Labour party, are pushing for some illiberal policies,” Julian Huppert, MP for Cambridge, tells TechWeek.

“There is still far more for liberals and Liberal Democrats to be vigilant over. There is no doubt our task would be easier if more MPs were more digitally literate.”

As indicated by Nick Clegg’s outrage over the Communications Data Bill last year, the Tories moves to expand the state’s control over people’s information is causing another rift between the two parties of the Coalition.

Whether citizens are content to let the database state grow inexorably, or are irate about their information being lumped online without being asked, it’s clear the government is lying. And at a time when trust in politicians is appallingly low in Britain.

Equally concerning is that the Coalition has rehashed many of Labour’s much-derided schemes of the 2000s, perpetuating the database state set up by its political adversary. Or as French novelist Karr would have had it, “the more things change, the more they stay the same.”

Are you a pedant on privacy? Try our quiz!