Thursday, November 30, 2006

Blogroll cognitive dissonance

Hilarious to read the pro-e-voting rants of Daniel Gray, and to see that at the same time his "infosec" links consist solely of Bruce Schneier. Schneier is one of the most respected computer security experts on the planet, and a very strong sceptic on electronic voting.

Still, judging by Gray's ill-informed and ad hominem attacks on Jason Kitcat (a UK e-voting expert), perhaps that isn't too surprising.

Surveillance chief says number plate cameras could be illegal

Sir Andrew Leggatt"It is arguable that even if the presence of an Automated Number Plate Recognition camera is apparent, surveillance nevertheless remains covert if occupants of vehicles are unaware that the camera may make and record identifiable images of them. It is not possible to lay down rules as to what will amount to adequate notice of the presence of the camera and of its function." —Chief Surveillance Commissioner Sir Andrew Leggatt (Thanks, Dave!)

Italy rejects e-voting

Giuliano Amato"Let's stick to voting and counting physically because less easy to falsify". —Italian Interior Minister Giuliano Amato (via Open Rights Group)

Bugging case leads to calls for tougher privacy laws

Clive Goodman
The News of the World's royal editor has admitted at the Old Bailey that he illegally intercepted the voice mails of Princes Charles and William and a string of other celebrities. In response the Information Commissioner's Office said:

"Information obtained improperly, very often by means of deception, can cause significant harm and distress to individuals. The information commissioner has called for prison sentences of up to two years for people who take part in this illegal trade in personal information."

Wednesday, November 29, 2006

MEPs condemn Britain's role in 'torture flights'

Stop torture flights!The European Parliament's human rights committee has released a damning report on EU complicity with US torture flights. They singled out the UK government, saying that they "deplored" the attitude of Minister for Europe Geoff "Buff" Hoon and were "outraged" by the position of the Foreign Office's chief legal adviser Sir Michael Wood.

Sarah Ludford MEP, vice-chair of the committee, said:

"If the EU's aspirations to be a 'human rights community' have any meaning whatsoever, there must now be a forceful EU response to this strong evidence that the CIA abducted, illegally imprisoned and transported alleged terrorists in Europe while European governments, including the UK, turned a blind eye or actively colluded with the United States."

Tuesday, November 28, 2006

Only paranoia can justify the world's second biggest military budget

"So what role remains for our armed forces? A small one. A shrunken army should concentrate on helping the civil authorities to catch terrorists and deal with epidemics, floods and power cuts; the navy should be deployed to protect fisheries and catch drugs smugglers; the airforce is largely redundant. Now that foreign adventures are no longer an option, it is time we turned our war spending into what it claims to be: a budget for our defence." —George Monbiot

Internet brings out the ego monster

"Even in their quieter modes, denizens of the web seem to lug around huge egos and deeply questionable assumptions about how interesting they and their lives might be to others." —Michael Kinsley

Monday, November 27, 2006

Children Act regulations workshop

The Department for Education and Skills is currently running a consultation on their draft Children Act regulations. These regulations will give DfES powers to start operating the Information Sharing Index, which will hold a range of data on the UK's young people.

As Assistant Information Commissioner Jonathan Bamford said on 22 November: “There has been a substantial growth in the information held about children and this is something we need to look at carefully. Just because technology means that things can be done with personal information, it does not always follow that they should be done. Public trust and confidence will be lost if there is excessive unwarranted intrusion into family life.”

We are holding a workshop on Tuesday 5 December at UCL to discuss the draft regulations. Participants will include Dr. Ian Brown from UCL's Department of Computer Science, Terri Dowty from Action on Rights for Children, Liberty, the Independent Schools Council and Liz Davies and Prof. Douwe Korff from London Metropolitan University. Brown, Dowty and Korff were co-authors with Ross Anderson, Richard Clayton and Eileen Munro of the FIPR report "Children's databases - safety and privacy" that was recently published by the Information Commissioner's Office.

Please come along if you would like to hear more about the regulations, and to contribute you and your organisation's perspective to the debate. We hope that the afternoon will be particularly invaluable in informing responses to the DfES consultation, which must be submitted by 14 December.

The meeting will be held from 2-4.30pm on Tues 5 December, in room 6.12 of the Malet Place Engineering Building at University College London. (NB this is an updated venue from our intial announcement.) You can find directions at Please e-mail I.Brown at to let us know you are coming.

Sir Swinton pooh-poohs admissible intercepts

Outgoing Interception Commissioner Sir Swinton Thomas believes that allowing wiretaps to be used in court would not help convict terrorists and serious criminals (thanks, Dave!). He has "no doubt that the view that I have expressed is correct."

Interesting that JUSTICE and just about every other country thinks that he is wrong.

Pigs fly, Blunkett fights for privacy

David BlunkettThe chief cheerleader for the surveillance state has now decided that CCTV microphones go too far even for him (via Open Rights Group). The former home secretary told the BBC they were "simply unacceptable" and continued:

As you walk down the street you expect to be able to have a private conversation. If you can't guarantee that - and here is someone speaking who has been pretty tough in terms of what should be available to protect society - I believe we have slipped over the edge.

There is an enormous difference between surveilling people in terms of CCTV - where what you see is what anyone can see walking down the road - and actually recording someone's private conversations.

Avoid the loony Zune

Bill Gates with Zune
Andrew Ihnatko has just reviewed Microsoft's new Zune MP3 player for the Chicago Sun-Times. The results are not pretty (via Open Rights Group):

"These devices are just repositories for stolen music, and they all know it," said Doug Morris, CEO of Universal Music Group. "So it's time to get paid for it."

Well, Morris is just a big, clueless idiot, of course. Do you honestly want morons like him to have power over your music player?

Then go ahead and buy a Zune. You'll find that the Zune Planet orbits the music industry's Bizarro World, where users aren't allowed to do anything that isn't in the industry's direct interests.

You can't fool all of the people...

Andrew GowersIt seems that the one government department that takes economics seriously (the Treasury) has seen right through the British Phonographic Industry's phony arguments for extending the term of copyright. The Telegraph and the BBC are both reporting that the Treasury-commissioned Gowers review of intellectual property has rejected a term extension.

The report should be published this week

Sunday, November 26, 2006

The really tough way to control drugs is to license them

"British drugs policy is a disaster. Parliament’s refusal for more than a third of a century even to amend the prohibitionist 1971 Misuse of Drugs Act is the most damning comment on the state of politics today, in thrall to the tabloid mob. The 1971 act must be the only criminal justice statute not to have been rewritten a dozen times by Tory and Labour governments. Charles Clarke and John Reid pass four terrorism acts a year, yet not one to tackle the drug market. The act contributes to the deaths of hundreds of young people each year. It stokes violent crime and impoverishes families and communities, while giving Britain the biggest prison population in Europe. Yet nobody in politics has the guts to touch it." —Simon Jenkins

Word on the street ... they’re listening

Sound intelligence
Transport for London and the London police forces are looking into installing microphones alongside CCTV cameras that will automatically detect angry voices.

If this is the only purpose of the microphones, their output should be degraded to prevent them being used to monitor conversations. Legally restricting how the systems are used initially would not prevent a future government from using the microphones to abolish private conversations in public.

Saturday, November 25, 2006

What is the rule of law?

Lord BinghamMartin Kettle has an interesting summary of a recent speech by Lord Bingham on the rule of law, which does not seem to be available online:

The core of the rule of law, in Bingham's version, is that "all persons and authorities within the state, whether public or private, should be bound by and entitled to the benefit of laws publicly and prospectively promulgated and publicly administered in the courts". A bit dry? Consider the implications. Bingham identifies eight of them, all of which he links to John Locke's dictum that "Where-ever law ends, tyranny begins" and to Thomas Paine's declaration that "in free countries, the law ought to be King; and there ought to be no other".

Here are his eight: the law must be accessible and intelligible; disputes must be resolved by application of the law rather than exercise of discretion; the law must apply equally to all; it must protect fundamental human rights; disputes should be resolved without prohibitive cost or inordinate delay; public officials must use power reasonably and not exceed their powers; the system for resolving differences must be fair. Finally, a state must comply with its international law obligations. Now start to tease out what these implications might mean in practice. This is where Bingham's legal principles suddenly lock gears with the real world.

Holding back the smears

Beverley HughesIt seems that the government plans to repeat its strategy of smearing the authors of reports that criticise their policies, pace the LSE Identity Cards project.

In a letter to the Telegraph on Friday, Children's Minister Beverley Hughes (who resigned from the government in 2004 for making misleading claims) attacked our report on the growing government surveillance of children and their families. Here is our reply:

Sir – Beverley Hughes, the Minister for Children (Letters, November 24), does a disservice to families by an evasive response to our report to the Information Commissioner on the range of databases being set up to monitor children.

She makes a vague claim that the report contains factual inaccuracies, but she does not mention that the chapters on the different databases were sent to her department for checking before publication.

She also suggests that it is not based on evidence, when there is extensive evidence in the report drawn from government publications and interviews with senior officials and practitioners.

The Minister's response misleads by referring only to the Information Sharing Index. This is just the hub of several more detailed databases that will contain highly personal and often subjective information on children and their parents. Moreover, the index will reveal which children are known to other databases and hence provide sensitive information (such as attendance at a special school) to any viewer.

The Information Commissioner has called for a debate on the challenges this policy is posing to traditional family life. The Minister for Children should not duck this challenge. Trying to smear us is not an adequate response.

Dr Eileen Munro, London School of Economics
Professor Ross Anderson, Cambridge University
Dr Ian Brown, University College London
Dr Richard Clayton, Cambridge University
Terri Dowty, Action on Rights for Children
Professor Douwe Korff, London Metropolitan University

Friday, November 24, 2006

US torture: justice moves slowly but surely

Senator Patrick LeahyThe Democrats are moving as quietly promised to bring the war criminals of the Bush administration to justice. Senator Patrick Leahy, shortly to be chairman of the Senate Judiciary Committee, writes to Attorney-General Alberto Gonzales:

As you know, for more than two years, I have repeatedly sought answers from the Department of Justice, the FBI, the CIA, and the Department of Defense regarding reported and, in some instances, documented cases of the abuse of detainees in U.S. custody. The photographs and reports of prisoner abuse in Iraq, Guantanamo Bay and elsewhere that have emerged during the past two years depict an interrogation and detention system operating contrary to U.S. law and the Geneva Conventions.

Prisoner abuse is one aspect of a broader problem, which includes the use of so-called “extraordinary renditions” to send people to other countries where they will be subject to torture. We diminish our own values as a Nation – and lose credibility as an advocate of human rights around the world – by engaging in, or outsourcing, torture.

The American people deserve to have detailed and accurate information about the role of the Bush Administration in developing the interrogation policies and practices that have engendered such deep criticism and concern at home and around the world. I ask that you promptly respond to the following questions and document requests…

Why blow money on NHS IT systems?

Derek BrownleeAudit Scotland has complained that not enough health service funds are being spent north of the border on IT systems.

As Tory finance spokesman Derek Brownlee says: isn't it more important that "funds spent on this area deliver better services to patients and value for money to the taxpayer"? It's not as if England's National Programme for IT is a huge bargain at £20bn and climbing. (Thanks, Fearghas!)

Blogzilla meets Godzilla

GozillaA tricky beastie to track down — took an hour to find him hidden away in the back streets of Ginza.

Visiting Tokyo this week with Chris Marsden on a project to compare the UK and Japanese approach to innovative copyright initiatives such as Creative Commons.

Always good to meet friends in faraway places, but to be honest I think Blogzilla's blog is better ;)

EU privacy commissioners strongly criticise SWIFT data transfers

Privacy International complained in June about the transfer of personal financial information by global banking consortium SWIFT to the US Treasury. The EU Working Party on data protection has now come to a decision on these complaints, and they do not mince their words (via EDRI):

As far as the communication of personal data to the UST is concerned, the Working Party is of the opinion that the hidden, systematic, massive and long-term transfer of personal data by SWIFT to the UST in a confidential, non-transparent and systematic manner for years without effective legal grounds and without the possibility of independent control by public data protection supervisory authorities constitutes a violation of the fundamental European principles as regards data protection and is not in accordance with Belgian and European law. The existing international framework is already available with regard to the fight against terrorism. The possibilities already offered should be exploited while ensuring the required level of protection of fundamental rights.

Thursday, November 23, 2006

If you don't owe me by now

"If I drink a glass of wine the effect is entirely good. If I drink half a bottle, the effect is generally good. It doesn't follow that drinking two bottles will solve every problem. Yet that is the way that Mick Hucknall argues in his plea for copyright extension. One doesn't expect vast subtlety in a piece by a millionaire rock star arguing that his paymasters should be given more money: calling the proposal 'fundamentally socialist' is about as subtle as we are going to get. But if this is the best that they can do, their case is poorer than they will ever be…

"Meanwhile, if Cliff Richard really needs the money, let him charge Tony Blair rent for his summer holidays. There is a truly socialist proposal for you." —Andrew Brown (via Open Rights Group)

Down with the quasi-monopolistic moguls!

The Guardian's online editor Vic Keegan didn't take long to rebut Mick Hucknall's copyright baloney:

The creative economy is vitally important, but the way to nurture it is to follow the winds of the information revolution and not the desire of existing corporations to preserve a business model that has been turned upside down by the revolution taking place in virtually every creative industry.

Talent is now starting to come spontaneously from below and being judged by its peers around the world rather than having to go through the rusting filtration plant of the quasi-monopolistic moguls of the music or publishing industries.

Simply stupid on copyright

Mick HucknallThat well-known copyright thinker Mick Hucknall (lead singer of pop has-beens Simply Red) has a rather confused rant in today's Guardian about copyright:

Copyright is fundamentally socialist - it is radical and redistributive, subversive even. How else would you describe a form of property that anyone can create out of nothing? Copyright's democratising effect is seen most clearly in the music business.

Half of GPs will block NHS database

A Guardian poll has found that 50% of GPs will refuse to upload medical records to the central NHS "Spine" without their patients' permission. 80% think that the Spine will put patient confidentiality at risk. (As Glyn points out: so 30% will allow the records to be uploaded anyway?)

Meanwhile, the mother of Connecting for Health chief Richard Grainger has revealed that her son failed his computing degree. (Thanks, Fearghas!)

GPL does not break competition law

Do open source licences like the GPL act as a restraint of trade and hence break competition law? The US 7th Circuit Court of Appeals thinks not (via A2k):

Intellectual property can be used without being used up; the marginal cost of an additional user is zero (costs of media and paper to one side), so once a piece of intellectual property exists the efficient price of an extra copy is zero, for that is where price equals marginal cost. Copyright and patent laws give authors a right to charge more, so that they can recover their fixed costs (and thus promote innovation), but they do not require authors to charge more. No more does antitrust law require higher prices. Linux and other open-source projects have been able to cover their fixed costs through donations of time; as long as that remains true, it would reduce efficiency and consumers’ welfare to force the authors to levy a charge on each new user…

The GPL and open-source software have nothing to fear from the antitrust laws.

Wednesday, November 22, 2006

Circumvent away, my pretties!

The US Library of Congress has announced six categories of copyright works where technical protection measures (aka DRM) protected by the Digital Millennium Copyright Act may be broken for the next three years (via A2K):

  1. Audiovisual works included in the educational library of a college or university’s film or media studies department, when circumvention is accomplished for the purpose of making compilations of portions of those works for educational use in the classroom by media studies or film professors.

  2. Computer programs and video games distributed in formats that have become obsolete and that require the original media or hardware as a condition of access, when circumvention is accomplished for the purpose of preservation or archival reproduction of published digital works by a library or archive. A format shall be considered obsolete if the machine or system necessary to render perceptible a work stored in that format is no longer manufactured or is no longer reasonably available in the commercial marketplace.

  3. Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace.

  4. Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book’s read-aloud function or of screen readers that render the text into a specialized format.

  5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.

  6. Sound recordings, and audiovisual works associated with those sound recordings, distributed in compact disc format and protected by technological protection measures that control access to lawfully purchased works and create or exploit security flaws or vulnerabilities that compromise the security of personal computers, when circumvention is accomplished solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities.

It is a weakness of the EU Copyright Directive that it does not contain this type of provision for TPMs applied to broad classes of copyright works to be circumvented.

Child database 'will ruin family privacy'

The Information Commissioner has today published our report (with their own issues paper) on government systems to centrally monitor all 12 million UK children. The Daily Telegraph has good coverage.

Monday, November 20, 2006

(c) extension is stupid and rapacious

"[Copyright term extension] is very stupid. But if this is the stupid idea we wish to pursue, then simply increase the income tax proportionately and distribute the benefits to those record companies and musicians whose music is still commercially available after 50 years. Require them to put the money into developing new artists – something the current proposal does not. Let all the other recordings pass into the public domain.

Of course, no government commission would consider such an idea for a moment. Tax the public to give a monopoly windfall to those who already hit the jackpot, because they claim their industry cannot survive without retrospectively changing the terms of its deals? It is laughable. Indeed it is. Yet it is a better, saner proposal than the one before us. Which tells us something about the current state of copyright policy." —Prof. Jamie Boyle (via Open Rights Group)

Building democracy but fostering chaos

Carne Ross"We are so inured to the rhetoric of anti-terrorism and macho posturing about building democracy while fostering chaos, that it is hard to imagine an alternate direction for British foreign policy. But it is available, as it always was. This alternative lies in consistency of application of international law and a robust defence (including intervention when necessary, as in Kosovo and Sierra Leone) of those under assault or oppression. It lies in remedy to the 'diplomatic deficit' whereby those affected by our - and others' - foreign policy have no capacity to influence it while those in whose name policy is carried out - us, the public - also have scant means to affect it. Together, such changes will produce a more just and therefore more stable world." —Carne Ross, former senior diplomat, giving evidence to the Foreign Affairs Committee (thanks, William!)

The people are the Attorney-General's clients

"There seems to be room to question whether the ordinary rules of client privilege, appropriate enough in other circumstances, should apply to a law officer's opinion on the lawfulness of war… It is not unrealistic in my view to regard the public, those who are to fight and to die, rather than the government, as the client." —Lord Bingham, the senior judge of our top court, the House of Lords.

"Whenever the attorney general gives his advice to the government on a legal issue that affects all of us - taxes, schools, hospitals, the nuclear future, climate change - the principle of client confidentiality should not apply. We, the people, should have the right to see what the attorney general says, when he says it." —Marcel Berlins

Sunday, November 19, 2006

NATO expert on cyberterror

I spent an interesting day at a NATO-Russia round-table on cyberterror a couple of weeks ago. The best presentation came from Dr Juliette Bird, of NATO's Terrorist Threat Intelligence Unit. I was so struck by its commonsense approach and lack of the hyping of fear common in the anti-terrorism world that I took the notes below. Dr Bird emphasised they represented her personal views and were not necessarily shared by NATO.
Cyberterror is too low key for today’s terrorists: not enough dead bodies result, and attacks are too complex to plan and execute. Instead they use the Internet just like everyone else. They focus on recruitment, incitement to violence and planning, which are old phenomena using a new medium.

The key question is: how do we restrict terrorist use of the Internet without crippling it for everyone else?

Terrorist use of the Internet comes under five key functions:

  1. Communications — bonding, social interaction, planning, executing acts. E-mail main tool, also VoIP. Both suppose existing relationship, so Internet is a tool not a driver. Blogs, chatrooms, message boards also used to reach wider audience (sometimes password protected). One radical website says: “It’s easy to spread news, information, articles and other information over the Internet. We strongly urge Muslim Internet professionals to spread and disseminate news and information about the jihad through e-mail lists, discussion groups and their own websites. If you fail to do this and our site closes down before you have done this, we may hold you to account before Allah on the day of judgement.”

    Encryption is no more prevalent amongst terrorists than the general population. Al-Qaeda has used encryption, but less than commercial enterprises. Steganography is discussed more by intelligence services than by terrorists. It is technically challenging and hence less appealing.

  2. Media impact — propaganda and manipulation of public opinion. Essential to gain new recruits, increase public sympathy for the cause and sow doubts about validity of the status quo. Internet an ideal tool; most extremist groups have Web presence. Cheap, looks professional, adds validity and legitimacy; easy to use multimedia, which appeals to young and less literate. Previously groups had to attract attention of journalists and even then could be pushed out by competing story or editor. Al-Qaeda publishes pictures of attacks and lists of martyrs, and has a seamless PR effort with its own media agency. Looked at by journalists, who replay most shocking footage in mainstream media. Also a route for disinformation and psyops such as casualty figures and attack warnings. Older groups like ETA and IRA relied on word of mouth and newspapers (local) and both nations are now focussed elsewhere.

  3. Research — world’s great library. Varying quality but valuable technical information like maps, plans, how to construct suicide belt or extract toxins. Conspiracy theories, militant texts, interpretations, detailed anti-terrorist programmes. Youngest, least educated and literate are particularly influenced, esp. religious converts.

  4. Belonging — ditto. Web presence like all other minority interest groups. Reassures members of community they are not misfits or loners. Have own iconography – horses, flags and sunrises are online equivalents of barges and scarves. Hezbollah and Hamas produce souvenirs featuring logos. While local situations (Chechnya, Afghanistan, Saudi) are very different, Web gives them a global jihad spin.

  5. Alternative reality — introspective spiral of ideas and isolation, leads to self-radicalisation (e.g. London bombers). Go from misfit to best friend and adviser, replace daily grey reality with chat groups and messages from heroes. Can choose level of profile.

How do we stop the spread of terrorism? Worldwide we have large alienated groups, but all entitled under ICCPR and ECHR to hold and express their opinions. They must not advocate hatred, whether national racial or religious, if it constitutes incitement to discrimination, hostility or violence. The key is to change the environment and prevent alienation. Multinational discussions are still ongoing over terrorist provision of expertise; difficult to legislate against (including glorification of terrorism). Arab expertise very lacking. Shutting down websites is only a short-term solution: they will open elsewhere, perhaps with password protection. This move is expected by terrorists, which adds to the weight of feeling against government action.

Terrorism has not changed by moving to the Internet. Most terrorism issues are old but exacerbated by scale and anonymity of the Internet. Countering with legislation is not a full solution. The Internet’s value exceeds the price we pay for its use by terrorists. Personally looks forward to a long future of using a free Internet.

Database state presentations

Our workshop 'The database state?' went very well a couple of weeks back. I've now had time to put up three of the speakers' presentations: Ross Anderson on 'The safety and privacy effects of NHS IT', Terri Dowty on 'The Information-Sharing Index' and Eileen Munroe on 'Protecting “at risk” children'. Hopefully I will be able to put up Peter Singleton's presentation 'Is healthcare different?' shortly.

We also heard from Douwe Korff on 'Data sharing and human rights law' and David Flaherty on privacy impact assessments.

Friday, November 17, 2006

Children Act regulations meeting

The Department for Education and Skills is running a consultation on their draft Children Act regulations. These regulations will give them the powers to start operating the Information Sharing Index, which will hold a range of data on the UK's young people.

We are going to run a short workshop at UCL on the regulations so that interested organisations can discuss the details in order to help formulate their own consultation responses. I'll announce the speakers shortly once they have confirmed, but if you would like to put the details in your diary now the meeting will be 2-5pm in Drayton B19, Gordon Street, UCL on Tuesday 5 December.

Cracked it!

Surprise surprise: UK passport chips are just as vulnerable to hacking as those cracked in other countries such as Germany and the Netherlands.

Thursday, November 16, 2006

This Big Brotherly love is totally misplaced

Simon Davies has a nice response in today's Guardian to last week's Polly Toynbee column claiming that privacy is just a big middle-class whinge.

Security is not enemy of privacy

"I'm not sure why in some of the debate around the best way of setting up secure systems (whether they be for border security or loans of books in schools) some elements seek to imply that somehow security and privacy are opposites and you can only have one by eliminating the other. That's just plain, duh, wrong." —Jerry Fishenden, Microsoft UK National Technical Officer

Tuesday, November 14, 2006

No terror supremo will overcome public fears of enemies within

"A minister with dedicated responsibility for national security would be justly resented by all the cabinet colleagues on whose corns he or she would trample. And whereas the present home secretary spends only half his time devising ill-considered and often pernicious legislation to protect us, a 'terror supremo' would do nothing else." —Max Hastings

Sunday, November 12, 2006

Even in a time of terror, our liberties must be preserved

"It's easy for politicians and their friends in the tabloid press to scream for ID cards and every possible form of mass surveillance without having to account for the effectiveness of such measures in the fight against terrorism. It is easy for the same people to avert their eyes to the internment and torture that have taken place since 9/11 and to mumble that the greater good is probably being served somehow. They are guilty of careless, impatient utopianism which is not so distant from the neoconservative position - one more push, one more law, one more restriction and we're in the promised land of total order." —Henry Porter

Put religion back in its box

"In the House of Lords we have the extraordinary situation where religious leaders sit ex officio in the legislature. Only one other country entertains the practice — the Islamic Republic of Iran. Now it is being suggested that because bishops are represented in the Lords, therefore rabbis, Catholic archbishops and imams should also sit there. This, in the early 21st century, is grotesque." —David Starkey

Smile, you're on hundreds of cameras

CCTV is watching!"It's the Brits who seem most entwined in surveillance culture — on one hand, accepting it blithely as a part of life, and on the other, unashamedly enjoying its toxic fruits. I'm not even going to imagine what torments George Orwell suffers in the afterlife when he contemplates that one of the biggest hits on British TV is Big Brother, in which a group of one-eighth-wits live for three months in a house while under constant camera supervision. No books, no newspapers, no music — just turnip-headed conversation and the occasional grope in the hot tub, all for a viewership of millions." —Elizabeth Renzetti (thanks, Dave!)

Saturday, November 11, 2006

Privacy engineering at Harvard

Am spending this weekend at Harvard meeting with my project team from this summer's "Ethical design of surveillance infrastructures" workshop.

Dorothy Glancy, Allan Friedman and I have a seed grant from the National Science Foundation to put together a project on privacy-protective traffic surveillance. This is sorely needed in the UK, where we have a raft of existing and proposed privacy-toxic traffic management systems (such as London's congestion charge and the police's Automatic Number Plate Recognition systems).

The Harvard end of Cambridge is much more pleasant than the MIT end, which I found rather bleak in February!

Thursday, November 09, 2006

Pervasive computing and privacy

Motes on wheels
What are the implications of new pervasive computing technologies for privacy? When there are dozens of sensors in every home, office and public space, monitoring and transmitting data on your every activity, do you have anywhere left to be alone?

A Royal Society meeting yesterday featured speakers from various UK research projects, NGOs, companies and government departments that are both designing pervasive technologies and considering how they should be regulated.

The Home Office told us that as long as people know when they might be spied upon by government and employers, there is little to worry about. The "Snooper's Charter" lists in great detail those UK government bodies that may access communications data on people's phone, Internet and mobile usage. But as Microsoft's Caspar Bowden pointed out, why and on whose behalf surveillance is taking place is less transparent.

My question: the Home Office wants the public to trust the integrity of the surveillance process. Why would they do so when hundreds of government bodies authorise their own access to communications data? When a recent Home Secretary has stated that he continued to authorise communications intercepts in the middle of a mental breakdown? And when the Attorney-General (who thinks it appropriate that he has a say on whether his friend Tony Blair should be prosecuted for the cash-for-coronets affairs) has recently blocked the prosecution of a government official alleged to have abused surveillance powers? 

We certainly should not encourage the development of pervasive computing with the vague hope that privacy regulation will eventually catch up. If privacy is not a core design feature from the start of the system design process, it is extremely difficult to retrofit. 

Last week's Database State workshop heard that the Information Commissioner's Office believes that opinion polls on privacy are more important than its nature as a fundamental right. We need to make sure pervasive technologies support privacy by default; we cannot rely on regulation to fix the privacy disaster that will occur if they do not.

Tuesday, November 07, 2006

What does "modernity" have to do with repressive government?

Shami Chakrabarti, director of Liberty, is not impressed by Tony Blair's latest ramblings that "modernity" justifies ID cards whatever the costs to freedom:

"At this stage in his career, he might reflect more and patronise less. Does the public that he claims to speak for really want a future devoid of all the rights and freedoms which previous generations of Britons fought to defend?"

Monday, November 06, 2006

Fixing global warming != screwing privacy

Madeline Bunting, recently anointed head of New Labour think-tank favourite Demos, has a despairing piece on global warming in today's Guardian.

One of her underlying assumptions is that the state must massively intrude into people's use of carbon in order to reduce emissions. There are two simple reasons this is not the case:

  1. The simplest, most efficient and least intrusive mechanism to reduce carbon use is to tax its full external costs. This is the free market solution, and to my mind the obvious choice.

  2. The more interventionist approach is to allocate each UK citizen a carbon allowance and require that they use carbon cards to "spend" this allowance each year (which is reduced annually towards the 90% cuts necessary to stabilise the global climate). Spare allowances can be sold to other individuals or companies than have exceeded their allowance. The anonymous cash technology necessary to implement this solution in a privacy-friendly way will be long out of patent by the time such a scheme could be set up.

We must not allow politicians' ignorance of privacy-enhancing technologies to lead to a massive centralised database listing all of our activities that have a carbon impact. This would put the National Identity Register in the shade in terms of intrusiveness.

Big labels are f*cked, and DRM is dead

Peter JennerInternational Music Managers' Forum head honcho Peter Jenner thinks that DRM is dead (via ORG):

And that was done by Sony BMG - what the fuck was that [rootkit DRM] about? The other was iTunes - and they've seen how kids don't like it. The unitary payment doesn't suit the technology, it doesn't suit how they're actually using downloads - which is to explore and move around. You don't want to pay a dollar for each track when you want to explore music.

He also thinks that non-commercial use of music should be paid for through a levy on Internet and mobile phone use:

Consumers feel that music delivered online is more like radio than buying a record, and prices need to reflect that. Like radio, music consumption online should feel free. If not, illegal or semi-legal music services will grow exponentially and there will be no income for the creators.”

Of course, Jenner has an agenda as a representative of artists (as opposed to music publishers and record labels). He calls for downloaded music to be treated as a performance rather than a reproduction, for example, because his clients would get a much bigger cut of revenues. Still, interesting to hear these comments from someone that has been at the heart of the music industry for decades.

Sunday, November 05, 2006

US voters must take revenge on the Republicans

Martial law"He may not be on the ballot this year, but mid-terms are in large part a referendum on the president. Iraq, Katrina and Guantánamo have become globally recognised one-word indictments of an administration that has been simultaneously incompetent and cavalier…

"Why should the Republicans in Congress take the blame for Donald Rumsfeld's incompetence or Dick Cheney's tolerance of 'waterboarding' terrorist suspects? Because Congress was meant to be the first line of defence. The more an administration errs, the more essential it is that Congress—the first branch of government, according to the constitution—perform its appointed role of supervising the executive with rigour." —The Economist

Friday, November 03, 2006

The leading surveillance states

The Daily Telegraph ran a nice graphic yesterday showing Privacy International's rankings of the world's surveillance states. Unsurprisingly, the UK came bottom of the EU.

Lord Warner misses the point on NHS privacy

Lord WarnerHealth minister Lord Warner wrote a furious response to the Guardian's article on the NHS database privacy disaster. Unfortunately he repeated some of the government's mistakes on European privacy law. My colleague Douwe Korff, a professor of international law, wrote the following reply:

In his "response" in today's Guardian ("This medical database does not herald a Big Brother society"), Lord Warner makes several claims about the security of the proposed NHS database which are dubious, but which I will leave to others to address. However, he also makes a further worrying statement:

He says, in one breath, that on the one hand, "The NHS does not permit any external access to its patient records unless this is explicitly required by law" and that "The police have no powers to require access to patients' NHS records" - but then goes on to say that "In the absence of a legal requirement the NHS may, and indeed should disclose patient information ... in relation to serious crimes".

Note the "in the absence of a legal requirement" — what does this mean? That the NHS provides medical information to the police even without a warrant, i.e. when it is not "explicitly required by law", at their (the NHS') discretion, if they (the NHS) are convinced the crime is serious enough? Surely, if ever there was an area in which data should ONLY be disclosed if there is a legal requirement to do so &mdash i.e. if the police obtain a warrant to produce the evidence — this is it!

Yours sincerely -

Douwe Korff
Professor of International Law
London Metropolitan University
Department of Law, Governance
& International Relations

Wednesday, November 01, 2006

NHS data rape hits the headlines

The media has finally woken up to the dangers of the NHS scheme to put details of all UK citizens' medical treatment into a massive government database. Today's Guardian leads with the headline 'Warning over privacy of 50m patient files', and includes a guide to how you can opt out of the system.

I am going to try the Guardian's suggested direct approach, because so far I have been fobbed off by the NHS while trying to stop my medical record going into this database. The latest letter I received from the Department of Health is below.

Richmond House
79 Whitehall London
Tel: 020 7210 3000

1 September 2006

Dear Mr Brown,

Thank you for your further letter of 22 August to Dominic Ward in response to his reply of 3 July. Your letter has been passed to me for reply.

You reiterate your request for your name to be removed from all secondary processing of your personal health information. I recognise that you feel strongly about your rights in respect of this issue.

In your correspondence you raise a number of important issues, including patient rights in respect of data processing, the NHS Care Records Service, NHS confidentiality standards, and NHS staff behaviour. I will deal with each of these in turn. You also raise a number of specific questions which I have sought to address, following consultation with policy officials at the end of what will inevitably be a rather lengthy reply.

Patient rights in respect of data processing

The instructions that you provided in your letter of 22 August are based, on a presumption that as a patient you are able to instruct the NHS on what are essentially matters of general health service management or administration. In the debate on 16 June 2005, Caroline Flint was referring to a specific patient who had elected to withdraw from NHS care and who had demonstrated that she met criteria in Data Protection legislation that meant that continuing to hold data about her was not considered to be warranted. Ms Flint made it clear that we have significant concerns about the provision of care for patients who make the same choices as the patient at the centre of that debate. No-one will ever be denied access to healthcare, but everyone receiving NHS care will need to have a record of their contact details in the new IT systems. This is necessary to satisfy legal requirements, but is also important for patient safety and efficient management of services. I will explain this in more detail below. The extent to which clinical information is held will depend upon the care provided, but care can only be provided to patients who consent to that care and its record keeping implications.

You rights in respect of information that can identify you are provided by common law obligations of confidentiality, and by Data Protection and Human Rights legislation. Taken together, these provide a robust framework for protecting the rights of individuals but they do not prevent processing of information in all circumstances, not do they provide any general right for individuals to instruct or direct those who process information.

Doctors are required to keep records and the organisation that they work for, be it a GP Practice or a Hospital Trust, is required to ensure that information is held securely and that confidential information is not shared inappropriately. As a patient, you do not have the right to determine: the media on which the records are kept (eg on paper or in computer systems); the physical location of the information; or who manages those systems. Your GP, therefore, does not have to seek your approval if he/she decides to keep records about you on a system supported by the local Primary Care Trust, or indeed a system supported by any other part of the health service. However, you can complain if your confidentiality is compromised.

In certain circumstances, it may be possible to persuade a clinician to record items of information on paper or on stand-alone systems, but many types of care will in future depend upon information being shared through these systems, and for these it may never be possible to agree alternatives.

NHS Care Records Service

It will be necessary for some information to be held about everyone who is a patient of the NHS. In particular, contact details must be held to:

  • satisfy legal requirements for registers of which patients are under the care of each GP Practice;
  • to ensure that each individual presenting for care is ordinarily resident in this country and therefore eligible for free care;
  • to ensure that information about one patient does not become confused with that of another patient; and
  • to contact patients when they need to attend for check-ups and follow-up appointments.

Similarly, if a patient is admitted into hospital it will be necessary to hold administrative details within local elements of the NHS Care Records Service in order to manage the period spent in hospital, assign the patient to a ward and a bed, and to keep track of blood tests and the like, Core components of care such as laboratory tests and radiology results will be in future only be available within the NHS Care Records Service systems. There will not be an alternative system available for local clinicians to use when providing NHS care.

The means by which information will be fed into the non-local element of the NHS Care Records Service is still being developed, but you will be provided with more information about this through a letter drop in advance of the systems being introduced in your area, and informed who to contact to express your preferences at that time.

NHS confidentiality standards

The NHS recognises that confidentiality and privacy are fundamentally important to individuals and strives to provide a good service. The standards that are required to be followed in the NHS are set out in the Department of Health publication Confidentiality: NHS Code of Practice, which can be found by visiting:, and typing the title in the search bar, and again more succinctly in the NHS Care Record Guarantee published by Ministers in April 2005 and updated in July 2006, which can be found at:

The responsibility for complying with those aspects of the law that underpin these guidelines rests with local organisations and complaints about any failure to meet the standards must be address to local NHS organisations through the established complaints procedures. Information about the NHS complaints procedures can be found by visiting the Department’s web-site at and typing ‘Complaints about the NHS in the Search Bar’ (sic).

When the new NHS Care Records Service systems are fully deployed, there will be a range of new controls in place. Staff will only be able to access systems and records if they have a current secure smartcard and valid pass code – these are issued to staff by newly created Registration Authorities that verify the identity of staff and control the issue of smartcards. No one will be able to access your clinical records unless they are working in a team that is providing you with care. If there is information in your records that you do not want to be shared even within this controlled environment, you will be able to place extra restrictions on who can see it. There will be exceptional arrangements for overriding your restrictions in case you are unconscious or if a Court requires disclosure of the records, but in these exception circumstances the system will generate an alert to ensure that an appropriately senior member of staff is informed and can properly investigate the occurrence. You will be able to specify whether you want your identifiable clinical information to be shared between different organisations and your specification will be held within the system. A record will be kept of everyone who accesses information about you.

In addition, up-to-the-minute security protection has been incorporated, across the system, and international security standards are applied across all system implementations. These include the use of encryption to communication links between systems, and to user interfaces with systems. The quality of both the logical and physical security of data centres is assured using both international and British standards, and all systems suppliers are contractually bound to auditing their adherence to these.

Over and above these implemented safeguards, the NHS maintains an effective liaison with the UK’s information security authorities and others for the sharing of relevant advice and guidance on known information security threats and vulnerabilities.

NHS Staff Behaviour

As staff are registered to use the new NHS Care Records Service systems they are required to sign a form binding them into explicit terms and conditions relating to patient confidentiality. Any abuse of systems or the data they contain is taken very seriously. The Department of Health has provided guidance to the NHS to the effect that any breach of confidentiality should be subject to disciplinary action and fully supports the Information Commissioner’s proposals to seek increased penalties for unlawful use of data about individuals.

Local NHS organisations are responsible for the actions of their staff and there are local complaints procedures in place to investigate issues and concerns raised by patients. The Department of Health cannot intervene in these locally managed processes, but does provide guidelines on how they should operate. If local procedures fail to resolve a complaint, there is also the possibility of taking matters further, for example, to the:

Healthcare Commission (;
General Medical Council (;
Health Ombudsman at (;
Information Commissioner at (;
or through civil action in the Courts.

Specific questions

i. Validation of data: It is the responsibility of the individual clinician to ensure that electronic data they have entered or transferred to a new or replacement electronic system is correct. For example, GPs already frequently transfer patient records to another GP when a patient changes their address or GP. An electronic facility to assist this process is currently under development – the ‘GP2GP’ record transfer service. This will reduce the amount of re-keying required by enabling the direct transfer of the electronic component of a patient’s existing care record.

The Data Protection Act 1998 establishes a set of principles with which users of personal data must comply. These include the duty to ensure that information is accurate and up to date. This duty would extend to individual GPs and other clinicians when transferring local electronic records, or transcribing or scanning paper records, to the NHS CRS. Guidance for transcribing paper records developed by the Royal College of General Practitioners and issued by the Department of Health makes it clear that responsibility for the quality of the necessary processes lies with the individual practice.

When the NHS Care Records Service is deployed locally, a senior clinician – for example, the principle practitioner in a GP practice – is responsible for approving the transfer of data. This only occurs after industry-standard testing procedures have demonstrated that the data has been safely transferred. Verification is by a series of quantitative and qualitative pre- and post-validation checks that ensure that the data stored on the new system is the same as the original.

It is considered to be good practice for NHS Trusts and GP Practices to preserve the existing paper records. The facility exists to easily store a case note reference on the electronic system that allows ready identification of the paper record where this may be required.

ii. Whilst the basic web architecture and functionality required for patient access to their electronic care record already exists, the timing of its widespread availability is linked to the roll-out of the NHS Care Records Service itself. In general, implementation is being achieved in carefully managed stages, via incremental rollout both geographically, and by increasing functionality over time to build the care record.

The approach, in line with best practice, is to implement new services incrementally, avoiding a ‘big bang’ approach, and to provide increasingly richer functionality over time. However, full access to elements of the NHS Care Records Service as described in our previous reply should be generally available by mid-2008.

iii. Correction of errors: prior to the introduction of the Data Protection Act 1998, patients had a rights under the Access to Health Records Act 1990 to have their concerns or objections noted in records even where the holder of the record did not agree. This legal right was lost when the data Protection Act replaced the Access to Health Records Act, but has been sustained through good practice guidance to the NHS. However, this is not a simple matter, as there are significant medico-legal implications to deleting health information, even where it is incorrect, if someone has relied upon it to make a decision. The key issue here is the potential need to be able to demonstrate that a misconceived clinical decision, based on erroneous ‘facts’, may nonetheless have been a valid decision, whatever its unfortunate consequences. This can be a matter of vital important where, for example, clinical negligence is alleged, and where the unfetter right of a patient retrospectively to expunge incorrect information in the name of ‘data protection principles’ could leave clinicians exposed to false accusations of incompetence or wrong-doing.

iv You ask about the evidence the Department holds on the risk of avoidable death or inappropriate care resulting from lack of, or inability to share, key patient information. Evidence is extensive in both the academic literature and from operational experience. Conspicuous examples include:

  • “The root cause of 27 per cent of medication errors is poor information availability” (Building a safer NHS for patients: Improving Medication Safety, DH, January 2004);
  • “1,200 people die each year in England and Wales as a result of medication errors, costing the NHS £500m a year” (A spoonful of sugar: medicines management in NHS hospitals, Audit Commission, December 2001, p4);
  • “10% of patients on medical wards experience an adverse effect, 46% of which are judged to be preventable. One third of adverse events lead to greater morbidity or death. Each event leads to an average of 8.5 additional days on hospital.” (British Medical Journal, 2001; 322: pp517—519); and
  • the instant transfer of images to a remote PC via Picture Archiving and Communications Systems (PACS) linked to electronic patient management systems reduces diagnostic waiting times and unnecessary repeat X rays.

There is, in fact, no substantial body of medical opinion in this country or abroad that suggests that modern electronic records and clinical communications systems do not have massive potential to cut through the demands and problems caused by the complexity of 21st century medicine, and significantly to reduce the causes, and the human and financial cost, of medical errors.

I hope this fuller information helps allay your concerns.

Yours sincerely,


John Kelly
Customer Service Centre
Department of Health

Faraday caged apparel

Tin-foil wallets
Worried about spychips in your wallet? (You should be).

Get your tin-foil protected wallet today and keep nosy parkers out of your pockets!