Civil Liberties: Electronic Surveillance — Debate

– in the House of Lords at 2:08 pm on 23 April 2009.

Alert me about debates like this

Moved by Lord Craig of Radley

To call attention to any effect on civil liberties from electronic surveillance and the collection, monitoring, storage and loss of digital information about individual members of the public; and to move for Papers.

Photo of Lord Craig of Radley Lord Craig of Radley Crossbench 2:29, 23 April 2009

My Lords, 12 years ago I chaired a Science and Technology Select Committee inquiry into the use of digital images as evidence, in which we drew attention to civil liberties implications. My debate is to call attention to any effect on civil liberties on electronic surveillance today.

First, I pay tribute to noble Lords who have taken part in debates and inquiries into the digital age. Three weeks ago, the noble Earl, Lord Northesk, led a most interesting debate in your Lordships' House. In February, the Select Committee on the Constitution published a report entitled Surveillance: Citizens and the State. I thought it significant that this constitutionally focused committee should have spread its wings to delve in considerable and knowledgeable depth into this issue. A Home Affairs Committee report last May was entitled A Surveillance Society?—and I note the question mark.

There are four points on which I shall dwell. What are civil liberties? What does surveillance imply? What might evolve in the future—and what will be the effect for individual members of the public? For me, civil liberties are freedoms which are, or should be, guaranteed to individuals. These range from rights to free speech, fair trial, property ownership, to free association, privacy and, most importantly, freedom from the abuse of power by those who have the means and methods of dictating and of enforcing it.

The concept of our civil liberties stretches back through the centuries, notably to the Magna Carta and, arguably, pre-1066 to the Anglo-Saxon witans. In more recent times, in the face of national danger and survival, the exercise of power by government to curtail or direct individuals has been accepted as a necessary restraint on civil liberties. But terrorism, however ghastly its manifestations, should never be equated with a threat to national survival. Curtailing civil rights is playing the game by terrorists' rules. We owe it to not only ourselves but to future generations to do our utmost to uphold and safeguard our civil rights. Creeping irreversible curtailment is the danger today.

A decade or so ago, as the capabilities of information technologies expanded, we referred to the information age and the information society. Individuals were expected and encouraged to feast on the new capabilities to inform and manage their lives and aspirations. Browsers opened a vast new world of information and knowledge. The Science and Technology Committee, of which I was a member in the mid-1990s, completed a study called The Information Society; Agenda for Action. There was no question mark in that title. Ours was the first Select Committee report from either House to be published electronically.

We saw the information society based on an information superhighway as one of the most important technological developments of the century. Directly or indirectly, the digital and communications revolution would affect us all. So it has, and at astonishing speed. In the past decade, information society—no question mark—has morphed into surveillance society—question mark. For some the question mark is no longer apposite. In 2004, the Information Commissioner was warning that the UK must not sleepwalk into a surveillance society. There have been further advances in data collection and usage since.

The various reports and debates, to which I have referred, dealt with perceptions of what forms a surveillance society, and what it now means for individuals going about their daily activities. Noble Lords will have an opportunity to consider and to debate the Constitution Committee's hard-hitting report once the government response is to hand. The committee drew attention to the growing use of surveillance and data collection, which should be regulated by executive and legislative restraint. What, it asked, is the justification for the incessant creep towards every detail about an individual being recorded and pored over by the state? It also commented on the concept of a national DNA database, and warned that this could be used for malign purposes. It proposed new responsibilities for the Information Commissioner in overseeing the collection and use of digital data. I was pleased to note a reference to the Select Committee inquiry that I chaired way back in 1997.

While much of the report, understandably for a constitutional committee, is concerned with the impact of government and other public authorities' activities, it notes the raft of data collection, storage, and dissemination undertaken in the private sector. I doubt, for all its good intentions, that the Data Protection Act 1998 is man enough to cope with new digital manipulations such as data matching and data mining. Marketing questionnaires, competitions, and card purchases provide a record of the interests and aspirations of individuals, which can be stored, compared and sold on. How useful for the producers of junk mail to target their activities towards possible customers. The rollout by Google of its Street View, available to all on the internet, has sparked a determined reaction by some who feel that their personal privacy and interests are being abused and even threatened. This Google activity does not seem to be troubled by data protection legislation or codes of practice.

Similar reactions have been sparked by the proposals for national identity cards. I and other members of the public have been caught by cloning of personal details through credit and debit card fraud. Noble Lords will be well aware of the explanations offered by government and others for the depth and coverage of personal data collection. CCTV, rolled out at considerable public expense over the past two decades, has certainly been an aid in identifying and tracking down suspects. Whether all the other asserted advantages of such widespread coverage in most urban areas have materialised is questionable. Crime on our streets has not significantly reduced. How many of the thousands of prisoners held in jails owe their convictions to being caught on CCTV? We know of a few high-profile cases, but I am not aware of any deep research that has upheld as cost-effective the decisions over the past 10 to 15 years to provide wide-scale CCTV coverage—one estimate is of over 4.2 million cameras—at a cost of several hundred millions of pounds to the taxpayer. Perhaps the Minister will be able to reassure the House on this.

In the inquiry into the use of digital images as evidence, we acknowledged that CCTV could intrude on individual privacy and civil rights, but we thought that it would be right to see public acceptance and approval of the use of surveillance in public places maintained and encouraged. Twelve years on, with the growth in coverage, image-matching and other techniques, we have learnt to live with it. Not all are relaxed or unfazed by the implications that it has for individual privacy, but live with it we surely will.

Where will new developments and experiences take us in the next 10 years or so? Will they be as acceptable, subject to some tightening of regulation and supervision, as the astonishingly rapid developments of the past decade have become? I fear that it is unrealistic in this digitally evolving age to attempt, Canute-like, to reverse the tide of digital development. At best, it is more sensible to attempt to control what we now have more carefully, and to consider closely the overall implications of new proposals and ways of exploiting digital developments.

What might happen in the next decade? First, loss and misplacement—let alone improper use—of any number of data banks must remain a reality. There is no way totally to eliminate such mistakes. They are as much a part of human frailty in this field as in any other, where for good or ill, mistakes and/or corrupt practice, such as hacking, cannot be ruled out. Such losses will continue and have to be accepted as a hazard of data storage, retrieval and transmissions. There may be a media outcry which will last for a few days, but unless national survival is seriously threatened, the loss will be mentally archived or forgotten. Personal privacy may have suffered, but life will go on.

There are EU proposals to fit all vehicles with a transponder, whereby their whereabouts, their speeds on the open road, information about hold-ups on the driver's planned route and so on could be collected, collated and disseminated to the driver to aid his journey. But such data collection could also be used to impose fines for speeding, jumping lights, illegal parking, or road congestion charging. Would the perceived benefits of making journeys easier and timings more predictable outweigh the certainty of punishment for every minor traffic offence? Will we really ever become that much more self-disciplined?

German research on ways of applying road charging ruled out the use of cameras that would image the driver and passengers from the front. It was deemed to be an infringement of personal privacy. Who knows who the driver might be taking out for an evening's entertainment unknown to other members of the family? The British citizen, it seems, is more phlegmatic about camera coverage than some on the continent.

Mobile phone records also pinpoint the user's location globally, and provide a geographical tracking log for the phone. Technically, much more can be extracted from this and other communications data, but the key issue is who has access to profiling such a database and how it is regulated. The police force in my home county, Norfolk, is to fit electronic tags to its police radios and vehicles. Combined with equipment which pinpoints the location of 999 callers, the police will achieve faster response times than before by identifying and contacting the patrol nearest to the scene. I am not aware of any adverse reaction from police officers who will be tagged, much as some prisoners on home release are today.

Such technologies might have much wider applications. We know that cats and dogs are routinely fitted with an embedded chip programmed to give details of the owner's name and address. Now the EU wants all sheep to be tagged. Tagging humans would be unacceptable today, but after another decade or more, I wonder. If all people were to be chipped at birth, the information could be used for a variety of applications favoured by the state, such as national identity cards, periodic censuses, medical and educational records and so on. Even now, there may be some enthusiasts who claim that it would be better to embrace all these new extreme digital capabilities, rather than to stem the tide of their advance. But if stemming the tide is to be successful, it has to be based on sound rational argument about rights and civil liberties, not merely on emotion and nimbyism.

One critical issue is the concept of surveillance, with its malign inference of spying and snooping on the individual. A decade ago we were using the word "information" as in "the information society", which is a much less threatening concept. The inference was that the individual was being empowered by the growing availability of information which would help and enhance daily life. In the next decade, we should try to move away from the concept of surveillance.

The Armed Forces, which have also developed their operational capabilities around the technologies of the digital age, speak of network-enabled capabilities. That is a bit of a mouthful, but it empowers individuals in the course of their operations to access and be alerted to the activities of friend and foe. Intelligence and much else of importance to the individual is processed and filtered to provide the user in a timely manner with relevant information and instruction. Seen from the perspective of the individual citizen, giving him or her the sense that all that is known and collected about them will give them greater possibilities in their daily lives must be the pitch for the future. They must feel enabled.

In particular, a better balance has to be found between the collection and the use of innumerable bits of data which at present are not all monitored, updated, analysed nor turned into timely effective use. As in so much of information gathering, as the Minister will recall, unless there are the right capabilities to manage and exploit the raw material, the cost of its collection and storage is questionable and may even be objectionable. There needs to be a better understanding of this balance, which would help individual citizens to accept what is happening digitally all around them, often without their direct knowledge or involvement, and to perceive clearly real benefits and advantages in their daily lives, not just further infringements of their rights and privacy. I beg to move.

Photo of Lord Soley Lord Soley Labour 2:45, 23 April 2009

My Lords, I do not think that I will be the last person to thank the noble and gallant Lord, Lord Craig, not only for bringing forward this debate but for the way in which he has done it, which was constructive and thoughtful. I have chosen to intervene because I have had a long interest in this matter. One of the things that I wish to spell out is that the nature of the debate is changing in a fundamental way, because of the advances we make in science and technology.

I start a little way back from that, because if I had been addressing this issue some years ago, as I used to in the House of Commons, I would have agreed with many of the things that the noble and gallant Lord said; in fact I would have agreed with all of them, perhaps with one caveat on the nature of terrorism. It is right that in the past 50 or 60 years terrorism has not been a threat to the state, but given the nature of some modern weapons, the greater knowledge about how to create, assemble and use them, and the potential for transporting them, some of the previous assumptions about terrorism are not as clear cut as they used to be. There is a danger in that area that we have to think through rather carefully.

I began to take an active interest in this issue in the 1960s and 1970s, because I became concerned that the way that much legislation was being introduced—the Prevention of Terrorism Act was a clear early example—was slowly but with understandable reasons eroding the general liberties that we had always taken for granted. That is always a threat, and it is encouraging to have debates of this kind and for organisations such as Liberty to constantly question the state.

As I have indicated, the problem is much wider. I think back to my early days as a Member of Parliament from the 1970s onwards. I was very dubious about cameras in public places to deal with crime, for example. The difficulty was that, as an elected Member of Parliament, the population in high-crime areas and in areas of street disorder wanted cameras. You could have all sorts of arguments at public meetings, often with the police on your side, as to why cameras would not necessarily prevent crime, but the public wanted them.

One of our problems in this area is that issues such as the fear of crime are often of most concern to the public. Fortunately, crime levels are reducing, as is street disorder. That should enable us to row back a bit, but you should have no illusions that when going into areas with a high-crime level at that time, it was difficult to resist the idea of cameras in public places. People wanted them. The same is true in other areas of surveillance. People felt safer, even if there was a relatively low level of crime. It was no good pointing out that there had not been as many murders as the press said. Many headlines stating "Another murder" often referred to the same murder, but to the suspect being caught and then to him being brought before the court. People would say, "Well, there have been three murders", when in fact there had been one; but people had a fear and the cameras provided a sense of security. As with street lighting, cameras probably do not diminish the level of crime, but they certainly diminish the fear of crime. That is an important factor.

In recent years, I have thought about DNA. I have said previously in this House and elsewhere that I do not have a problem with there being a DNA database. It cannot do a lot of damage to me as an individual, as long as there are clear legal constraints; for example, in using DNA to prevent someone obtaining an insurance policy on their life. That is a classic example. By and large, DNA has been very good not only in correcting wrongful convictions but, perhaps more importantly, in indicating that anyone who commits a violent crime such as rape or murder is very likely to be caught if their DNA is available.

The other part of this argument, which again touches on the issue that I want to expand on in a moment, is the pace of scientific advancement. It is very easy to get anyone's DNA: you just need something such as a hair from their head. If I invite you round to my house and then afterwards pick up a hair that has fallen off your head on to my armchair or whatever, I can get your DNA. The question is how to protect people from such use, whether by an individual with evil thoughts in mind or by a large organisation, public or private.

We tend to conduct this debate in terms of the state, but in fact information is increasingly collected and used by private organisations and, indeed, at times by individuals. Most of us accept that without too much questioning. As many people know—I do not need to rehearse the argument here—all the big supermarkets have a great deal of knowledge about our behaviour. They also have knowledge about the numbers in our households and so on. However, you do not have to go that far; most of us will regard the Google maps of the earth as very useful but we easily overlook the fact that those mapping techniques can display whether we were in the garden and can even detect the size of our shoes.

The noble and gallant Lord, who has an Air Force background, will know that surveillance from space or from the air is much more developed now. Subject to weather conditions at the moment—I stress: at the moment—you are able to define objects in very fine detail by the use of aerial or space surveillance down to the registration numbers of vehicles parked on or near your property. In fact, currently on Google maps you can see the cars outside your house. This technology is expanding almost exponentially. It is worth reminding ourselves every now and then that it is now reckoned that the power of computers doubles every three years in terms of memory and analysis and so on, and thus we are accelerating the process of the collection and analysis of data.

I am sure that, for obvious reasons, the political parties—my own included—will from time to time get into trouble for not encrypting data. When data are lost and have not been encrypted, that is obviously a headline story. My noble friend on the Front Bench will know more than a little about that sort of problem. Obviously the more encryption there is, the better that is and the less likely the data are to be misused.

However, we should bear in mind the difficulties here. There is a lot of discussion about the desirability or otherwise of our medical records being available around the country within the National Health Service. Again, I am one of those who take the view that they should be available, as long as a person has the right to remove their records from the database. That right is important, but it is very difficult to have a level of control to the point where you can guarantee absolutely that no one will have access to those records. We get very worried about that. Sweden is a country with good civil liberties and a good record of freedom, democracy and rule of law. There, you can present your card to a doctor anywhere in the country—I acknowledge that it has a much smaller population than ours—and your whole medical record will be available on the computer screen. However, you get very good treatment as a result, and that is one reason why I tend to favour such a proposal, provided that the right legal constraints are in place.

Part of the answer here lies in the law. In some ways, the law has been catching up with the technology but, in other ways, it has lost out quite badly. Data protection has been an advantage, and the Data Protection Act has helped to move things forward. I am on record as having been strongly against a privacy Act because I have felt that it would be used to stop the media carrying out proper investigations. My attempts to get the media to reform the way that they reported, particularly factual reporting, never included privacy legislation. However, leaving aside the media, the other areas that now affect privacy are so considerable that we may need to think of a privacy Act. I do not know whether this will come up in future speeches here but I know that, increasingly, judges in the UK are developing what is in effect a privacy law. It is emerging almost by stealth, if that is the right phrase, along with rights under the European Union human rights charter. If I remember rightly, Article 8 of the charter deals with privacy.

Mobile phones are the other area of immense potential. You can tell not only where a person is, regardless of whether their phone is on or off, but, due to the technology, it is not difficult to tell what they are doing with it—for example, taking photographs, if it is a phone with a camera attached. Therefore, again, the technology is moving incredibly fast. As the size of handheld sets diminishes, the ability of the units to produce and analyse information increases exponentially, and it is a massive increase.

I sometimes think that we no longer give enough thought to the relationship between science and government. I remember reading many years ago CP Snow's lecture on science and government. I cannot recall the exact date but it must have been in the 1950s or perhaps the early 1960s. In it, he described the battle to win the ear of Churchill by Lord Cherwell on the one side, who was German in origin but came out very strongly against the Nazis, and Professor Tizzard, the scientific adviser who was, in effect, removed by Cherwell. The issue at that time was the bombing raids on Germany. The argument, which will be well understood by the noble and gallant Lord, Lord Craig, with his Air Force background, was that the carpet-bombing raids would be more effective if they were targeted not just on industrial areas but on working-class areas as well. This was not some great anti-working-class crusade; it was based on the simple and obvious fact that bombs dropped on housing areas where the houses are in close proximity to each other are far more likely to be effective than bombs dropped on areas where the houses are far apart. That was a factor that influenced the direction of the bombing campaign.

I was struck by CP Snow's analysis that the more science advanced, the more we needed to think about the relationship between science and government. From previous questions that I have asked him on the Floor of the House, my noble friend Lord West will know of my concern, which I know he shares, about the growing ability not just of state hackers but of other organisations and individuals to crash countries' whole computer systems. It is a profoundly dangerous and rapidly developing area. Indeed, you have to ask whether the technology moves so fast that you can never guarantee keeping up with it in terms of your ability to resist its extension.

For me, it is not so much that the principles of the issue have changed, because some of the principles mentioned by the noble and gallant Lord, Lord Craig, were present in the debate during the Civil War in Britain in the 1600s. Then, people said, "My freedom is", and they listed those freedoms, and many of them were the things spelt out by the noble and gallant Lord, Lord Craig. I do not think that the nature of that part of the debate has changed; nor do I think that the nature of the debate has changed in terms of our needing laws to address this matter. The science and technology has now advanced so fast, and is advancing even faster, that the problem lies in our ability to know how to address it. At the same time, people want better services, be they in the health service with the ability of a doctor to see your record on screen, or the ability to prevent and detect crime. That relationship has become distorted and is difficult to keep up with.

I do not have any simple answers to this; I simply say that we need to give a lot more thought to the pace of development in science and technology and its availability to others, although I emphasises that I am referring not just to its availability to the state. We tend to have this debate in terms of the state versus civil liberties, but increasingly we need to talk about large organisations and civil liberties and, indeed, individual abuse, of which terrorism is but one example. In order to do that, we need to think very hard about the relationship between science and technology on the one side and government on the other, and how we use the law both to protect our freedoms and enhance the services that our citizens want.

Photo of Lord Woolf Lord Woolf Crossbench 3:00, 23 April 2009

My Lords, like other Members who have already spoken and those who will no doubt make it clear in due course, we are most grateful to the noble and gallant Lord, Lord Craig, for giving us the opportunity to discuss this very important subject.

We are concerned with a balance, as has been indicated, between the rights—the civil liberties—of individuals and organisations and the right of the state to have responsibilities for protecting society against crime. There is a further dimension: the rights of the individual who the state seeks to protect, which are often lost sight of, I fear. That is of particular importance in respect of DNA. It is with regard to DNA and that aspect of the responsibilities of the state on which I want to focus. There have been difficulties in determining the approach that should be adopted by the European Court of Human Rights, as well as our domestic courts.

There is a distinction between the reported decisions of our domestic courts and the most recent decision of the ECHR in the case of S v Marper. It is an important distinction because the courts in this jurisdiction in the same case up to the House of Lords took the view that the retention of DNA data—both samples and profiles—was justifiable if Article 8.1, which protects privacy, applies. The European Court concluded that the approach in that case by the House of Lords—I disclose that I was sitting as Chief Justice in the Court of Appeal—was wrong because the European Court thought that this country's approach was disproportionate and arbitrary. It is in that regard that I want to say a few words. I do so in the light of the recent report of the Constitution Committee of which I have the privilege of being a member, which looked at these matters and emphasised their difficulty and importance.

Like the noble Lord, Lord Soley, it seems to me that the intrusion into the private rights of the individual of retaining DNA data, in so far as it constitutes an interference with Article 8, such interference is the minimum. The problem arises as regards the use to which what has been retained is put and the protection to safeguard that retention. There is also the difficulty of how long it is appropriate for the samples to be kept. The matter was examined in detail by the House of Lords in the case to which I referred in a speech by the noble and learned Lord who will follow me, although he may not follow the views that I express. I strongly endorse his speech when he considered and weighed the balance of advantage between the retention of samples as against the intrusion which was constituted.

The Government have yet to indicate what their response will be to that decision. They are still considering, as we have heard, their response to the report of the Constitution Committee. I emphasise that the DNA presently available could hugely benefit individuals who may be the subject of crimes, never mind any increase in the amount retained. It is important to bear that in mind. First, particularly in relation to sex crimes and offenders who are unknown to the victim, great protection can be provided by a DNA bank. If the DNA bank becomes extensive, as it should in the course of time, the ability to commit that sort of crime without being detected will be substantially reduced. That has to be placed on the scales as against the inroad into the privacy of those whose samples are being stored.

If, as I believe many of us would be prepared to do if encouraged and invited to give samples voluntarily, no problem would arise. But the likelihood is that those whose DNA we need to know about will not voluntarily contribute their DNA to be retained. In order to achieve protection for a section of the public, the Government must carefully devise a system that is not arbitrary. I use the word "arbitrary" as incorporating the word "discriminatory". The European Court decision was based largely on discrimination. We were said to be discriminating in our present legislation between those who had been acquitted of a crime and those who had been convicted. It was thought that there was an imputation that if someone's DNA was retained it was a suggestion that you had been or would be guilty of a crime, which was inconsistent with the presumption of innocence.

Personally, I do not believe that that is an inference that, in the context of that case, could properly be drawn on, but there is a hierarchy of courts and Section 2 of the European Convention on Human Rights Act requires us to take that into account. We do not have to follow the European Court's decision, but in the normal way, we do, and the circumstances in which we dissent from a decision of the European Court should be kept to a minimum. That is why we need to look at our law and produce something different from what exists—I believe that that could be readily achieved—which could not be said to be discriminatory, because it was based on the premise that benefits can be attained by having a bank of DNA irrespective of the guilt or innocence of those whose DNA is being retained. At the moment, what is complained about is the fact that the majority of those whose DNA has been retained had been convicted of a crime, thus the inference. We could revise our system so that it did not fall into that trap.

Secondly, we must have proper safeguards clearly required by statute to ensure that the database can be used only for appropriate statutory purposes. Thirdly, we must limit the uses to which it can be put and those who have access to it. If those safeguards are observed, I believe that we can take forward the benefits of DNA without infringing inappropriately the human rights or civil liberties of the individuals whose DNA is being preserved.

Photo of Lord Steyn Lord Steyn Crossbench 3:11, 23 April 2009

My Lords, I would like to apply what is sometimes called the casino principle. That is that everyone has only a limited number of chips to play. I would like to address the subject of the national identity register, which will store biographical information, biometric data and administrative data linked to the use of an ID card. Upon my retirement as a Law Lord in the second half of 2005, in reply to media inquiries, I expressed sceptical views about a national identity card system. My views have hardened. I am now strongly opposed to such a system. I would like to explain why.

The Identity Cards Act 2006 received Royal Assent on March 30 2006. That legislation was no doubt influenced by the global insecurity following 9/11 and the Patriot Act and the Homeland Security Act in the United States in the era of President Bush. It is noteworthy that even in that era, the United States did not permit the development of a national identity card system.

Our legislation is geared towards the creation of a central register and the powers to issue identity cards for everyone living permanently in the United Kingdom. The status of the scheme is that foreign nationals will need biometric residence permits from 2008. From 2009, identity cards will be issued to British citizens on application for a passport or driving licence. The Government are at present intent on introducing in due course a universal identity card system for all persons aged 16 and above legally resident in the United Kingdom.

The Government have sought to justify the ID card system on the grounds of security considerations. This is an unwarranted premise. ID cards will have no value as far as security is concerned. ID cards and the national identity register are, of course, identity-related, but there is absolutely no evidence that they will improve security. If that view is right, the case for an ID card scheme is gravely emasculated, and the Home Office attempt to sell the concept of ID cards to the public as a weapon for controlling immigration is quite misconceived. A drastic invasion of our civil liberties cannot be justified on grounds of mere administrative convenience.

If there had been a real security justification, one would have expected the Government to bring the Identity Cards Act 2006 into effect with some alacrity, but the Government are aware that there is strong and ever increasing public opposition from all sectors of the political divide to the introduction of ID cards. The Government hope that they can soften up public opposition by a phased introduction. They underestimate the robust common sense of the British people. The tide of public opinion is running against the Government on this matter. Since May 2007, there have been losses of data on a massive scale, of which some details are given in an article that I wrote which is due to be published in Public Law 2009. It is part of the evidence that the Government have not mastered the way to competently run an identity card scheme.

A central concern about the creation of a national identity register is the privacy implications that flow from having millions of individuals' personal data contained in the scheme. Moreover, if there is an inopportune time for the introduction of an unnecessary ID card scheme, it must be now as we head into what may be a prolonged economic downturn.

It is true that there are countries, such as France, Germany and other western European countries where, due to their different historical or cultural developments, ID card systems are in place, but our heritage is different. In one of his famous English letters, Voltaire said that the civil wars of Rome ended in slavery and those of the English in liberty. The English are jealous of their liberty, he said. Our commitment to the European ideal does not require us to adopt an ID card system. The British public have no confidence in the introduction of a national identity card system and wish the Government to speak for Britain.

Photo of The Earl of Erroll The Earl of Erroll Crossbench 3:18, 23 April 2009

My Lords, I thank my noble and gallant friend Lord Craig for giving me the opportunity to speak. I probably ought to declare some interests. I sit on the business advisory board of the PGP Corporation, which deals with software encryption and security, and the International Council of the Global Trust Center in Sweden. I am paid to speak on information security issues from time to time.

Like the noble and learned Lord, Lord Woolf, I shall talk about the balance of power between the citizen and the state, because that is where this entire debate lies. We must factor into this the legacy of socialism in the expectation that the state will protect and provide for its citizens. On one hand, I accept that we must maintain the capability to trace, track and terminate terrorist and criminal activities. We must do that to protect people. At the same time, however, we must be aware that there are huge dangers. Some people say that the Government are trying to achieve freedom from fear, but we must be careful that that does not translate into a fear of the protectors. We therefore need to be aware of these dangers and to maintain strong and inviolable structures to try to protect people, privacy and freedom.

I shall deal first with the dangers that I envisage arising from the enormously enhanced executive powers that are being given at the moment. Then I shall talk about how those powers can be applied inappropriately, given the technology of today, and the danger of misinformation and disinformation that will arise from these huge databases.

Some of the history and the extension of powers stems from little incremental things. We used to distinguish between border police and internal police. Customs and Excise used to patrol our borders looking for goods and immigrants coming in, and they had hugely enhanced powers of seizure and arrest, whereas our internal revenue service was much more restricted in what it could do. Our internal police used to have to go to a magistrate or a judge for warrants to do certain things. Then we gave VAT to Customs and Excise and said that, because it was a duty, Customs and Excise must have powers inside the country, and suddenly we had an internal police duty for border police with border policing powers. There were moments in the early days when they probably exceeded what they should be doing, but they soon realised that their powers would be taken away from them if they did, and so things became reasonable. Now we seem to accept quite happily that we make no distinction between internal and border police, and these powers extend in a mishmash inside the country.

I think back to other things that I find interesting, such as how some people understand these dangers. In the United States, the Sarbanes-Oxley Act contains the rule that every company must set up a whistleblower line. The line must be anonymous because they do not trust people to reveal the secrets of senior corporate people if their identity cannot be kept private. In France, the Data Protection Act insists that any whistleblower line must identify the whistleblower. The two Acts are in direct conflict very simply because of the Second World War. In France, the quickest way of acquiring your neighbour's land and property was to report them to the Gestapo. Your neighbour would be removed and you just walked in. That happened all too often: a fact that is not widely thought about today.

I watched "Dr Zhivago" the other night with my daughter and wife and looked at the whole business of the state manipulating people and information, who was where and related to whom, and people controlling other people's lives. If you think about it, in the last century our forefathers fought for freedom from tyranny. They were very worried about the centralisation of power and the fact that the state wanted to tell people what to do. Dictatorships were seen as bad. The thing that worries me as we enter a time of instability, which some people suggest might last longer than others hope, is that that is when the charismatic leaders emerge. We need only look at the emergence of leaders back in the 1930s. There can be huge dangers there, and saying simply that it would not happen in Britain is not good enough. We must think about this. There was a very good short series last year on, I think, the BBC called "The Last Enemy", which was very much on this subject. I certainly enjoyed it greatly and I hope the BBC shows it again.

On the technology, I am very happy that there should be the closely targeted tracking and acquisition of data and information about people when the security services and the police need to have them. I am, however, very much against the blanket acquisition of data which the security services and the police can trawl through and look at. On such blanket acquisition, I ought to make a distinction—and the security camera issue is interesting here. If it cannot be indexed and you cannot simply be tracked through it, I am not nearly so worried about it. Surveillance cameras that are not indexed and do not track me going through the streets every day are no concern; if something happens, they can work backwards and find it out. If they are indexed and it is possible to mine them for people's data, then I have concerns. While facial recognition technology is still in its early days we have no serious problem with those cameras, but that could change very easily and rapidly. We should start thinking about the problems that come from that—controlling how that information is kept and used, and who has access to it.

In the same way, I have no problem with the Regulation of Investigatory Powers ActRIPA, as it is often called—and the lawful intercept. I fully accept that the security services should be able to look at the content of e-mails and telecommunications and to intercept and eavesdrop. That is carefully and tightly regulated and signed off by a proper person who is not a member of the security services. I start having a problem when it comes to telecommunications data that simply record who you rang up and when, which website you visited and who you sent an e-mail to and when. That can easily be mined for data, and a picture can be built up of someone's life—their interests, what they do and who they deal with—both at the individual and corporate level.

Here we get into the issue of business espionage. I am very worried about the issue because the Government can start tracking things down by looking at people and their behaviours or at the behaviour of their friends and family. Equally, foreign Governments or perhaps rivals could get people with access to information to look for things. So if a company were tendering for a defence contract with a foreign country, a rival in another country might, for example, be interested to see who its key account people were dealing with. If they thought you might be subject to a takeover bid, looking at telephone and e-mail traffic could reveal a lot about what was going on. Such information is very sensitive, much more so than people realise. The fact that it is susceptible to data mining really worries me.

Some people would say, "There will be too much data. Yottabytes of it will be out there". Interestingly, quantum mathematics suggests that there are ways of finding patterns much faster than we currently can by orders of magnitude. If that comes along, it will change the picture or the equation again, so we have to be very careful who has access to the information and how it is used. We know, for instance, that a European Government admit that 60 per cent of their intelligence budget goes on business intelligence—spying on friendly countries, in other words. So we have to worry about that.

Another thing that I worry about is that if I am a criminal or a terrorist and I know that there will be mining for information and things will be tracked down, I can easily create red herrings. For instance, I could pick out your mobile telephone when it is inadvertently or casually left in a pocket, make a quick call to a known criminal or terrorist while you were not looking, and drop it back into your handbag or pocket. I could then get someone to do the same thing a week later to reinforce the link. I could, perhaps, be quite clever and do that in two or three places. We must be very careful about the interpretation of the intelligence that we get.

Ultimately, the people who operate these systems are not highly paid. I fear that individuals can be found in any large organisation who can be suborned, blackmailed, or frightened into doing things for one reason or another—or even to think that they work for a different side than they do. Those are all traditional things; we have all seen them in the films. It may well be found that private investigation agencies and the media will also start getting access to that information; that has already been happening on a large scale with telecoms data, as we know from the Information Commissioner's report of a couple of years ago which was entitled What Price Privacy Now?.

We will also inadvertently be setting up the thin end of a wedge. For instance, at present, because the people who own the rights to music and films have a lot of money and have been lobbying around the place, they discovered that the IPO—the intellectual property office that used to be part of the Department for Trade and Industry—is open to the idea that we should perhaps have a crackdown on people who download films and music. To do that, they want the internet service providers to start looking at what is being downloaded so that they can report on people. There is a lot of talk about three strikes and you're out. However, the root of that is that people who are currently not permitted to look at the content of what goes through their systems will be asked to do so in order that they can say whether there is illegal file-sharing.

That thin end of the wedge is dangerous, because where do we then extend that power? It is changing the law through the back door, without people considering the consequences of effectively being allowed to open other people's communications and mail. That is illegal in the physical world and is currently illegal under various EU and UK directives in the electronic world. But there are backdoor ways in which people try to open this up, which is another of the dangers.

The accuracy of the data really concerns me. In the information and insurance world, we talk about confidentiality, integrity and availability—CIA. People are dealing with confidentiality and worrying about availability but it is integrity that concerns me. Fairly recently, when the Audit Commission did an audit of the National Health Service and the police, it found that 40 per cent of the data were inaccurate. I do not know how serious it was, but the point is that a lot of this information is incorrect.

There was a sad incident of a father who wanted to help to coach some children in sports. His enhanced Criminal Records Bureau check failed. Why? It was because years earlier his five year-old daughter had been heard in the playground by a teacher to say, "Oh, Daddy bonked us last night". Immediately social services were rung up and the police were informed. It was quickly established that a game had been played with a plastic mallet bought at a funfair and everyone had bonked each other on the head. There was no problem. Social services expunged the record and no one thought any more about it. The police did not think to expunge the record, whether they knew that they should or not. Years later, that record showed up on an enhanced CRB check. The police did not tell the chap why. It is very difficult to get that type of record expunged. The real problem is accuracy and the consequences for the citizen of some of the data that are out there.

The easiest way to employ people who will not show up on an enhanced CRB check—people who did not have a little fight in the playground when they were young or foolishly accepted a reprimand which stays on your record for ever—is to employ foreign nationals who have been here just long enough. They probably do not have any record that goes back very far. There is the very odd, unintended consequence that the easiest people to employ are those whom you know least about.

My message is that we need to be sceptical and not believe that technology gives a truthful picture. It can easily happen that incorrect inferences inspire investigators to target innocent individuals. The problem is interpretation. Earlier we talked about DNA. I believe that the stored bit of DNA is called junk DNA, which is not of interest to medical records. But the challenge is that it is a digital match of something real. It is limited by the accuracy of the laboratory tests and the equipment that measures it. There will be template matches with people who are different.

There is also the problem of a hair that gets translocated to a crime scene. You must know how it got there. You cannot assume that because there is an apparent DNA connection, there is a real or criminal connection or whatever between the two. We must stop believing that technology is showing us the way. For example, on relationship mapping, I should warn you that you are all three removes from Osama bin Laden. I used to think that I was about four or five removes until I said it in a lecture and someone stood up and said, "Terribly sorry Merlin. I taught him in school". Therefore, I am two removes and you are three, as is everyone who has met me. I have now discovered a second link of someone who did business with his brother in America. Clearly, I am guilty of something.

The pressure of meeting centrally set targets is dangerous because people look for things that are not there in order to meet them. That could be very dangerous because on an average day in the summer probably 1 million tourists are wondering around Britain with foreign issued identity. Can we really track everyone in and out of the country all the time?

We need good protections. We need a stronger version of the role of Information Commissioner which would be answerable only to Parliament, protects the system and watches out for breaches of rights. We need to forbid internal authorisation or self-authorisation by departments. We must always have someone outside who can authorise things that go on. We cannot have people saying, "It's okay because I'm a senior member of the department". Lastly, we need to keep things in silos. I like Chinese walls. One government department should say to another, "This is what I am up to". If things are going wrong, someone will say, "I think this should be looked at". If there is an emergency, such as someone being kidnapped, you can break the rules. People can justify that afterwards. But at least two people would have looked at the situation and we would know what rules were being broken. We must avoid getting a J Edgar Hoover II (UK), with huge powers to look at everyone's data, starting here.

Photo of Baroness Miller of Chilthorne Domer Baroness Miller of Chilthorne Domer Spokesperson for the Home Office 3:35, 23 April 2009

My Lords, Members on these Benches pay tribute to the noble and gallant Lord, Lord Craig of Radley, for introducing this debate, for the benefit of his considerable experience in talking about the balance that has to be struck between national security and civil liberties, and for his excellent introduction. I am glad that we are able to have a second bite at the cherry since unfortunately I missed the debate initiated by the noble Earl, Lord Northesk, because I had to be elsewhere. It was excellent, but there is plenty of room for a continuation of the debate in general. Further, I am particularly glad to note that the noble Lord, Lord West of Spithead, is to answer our debate today because many of the questions that have been raised are for the Home Office, while of course the debate of the noble Earl, Lord Northesk, was answered by the Ministry of Justice. Within a month, we shall have heard from both government departments on these issues, which is important.

A number of the themes considered in the debate held shortly before Easter have been repeated today. Noble Lords have commented on the sheer quantity of data being kept, and indeed the noble Earl, Lord Northesk, cited an interesting figure when talking about the national identity register. He pointed out that there would be 960 billion data fields just for that one database. The scale is almost unimaginable. The heart of the first debate was the balance between the Government's responsibility to reap the benefits of technological improvements along with the ability to keep data for beneficial reasons, and the need to safeguard the right of British citizens to privacy. Quite rightly it has again been a theme of our debate today. The noble and gallant Lord, Lord Craig of Radley, spoke of balance, and all speakers have agreed that at the moment the Government are failing to maintain that balance. Indeed, on two occasions recently the European Union has had to step in and call into question the inability to do so.

I am grateful to the noble and learned Lord, Lord Woolf, for his terrific speech on the issues surrounding DNA retention because I had intended to speak on that, but following his excellent explanation of the issues I shall not. The Government have made a commitment to review the rules on data retention in the forthcoming forensics White Paper, but qualified it by saying that they would examine the ways in which the retention of samples and fingerprints should take into account the age, risk and nature of the offences involved. My problem is that if a person is innocent, it is hard to imagine risk factors that would actually justify their personal information as if they were guilty. If the person already has a criminal record, it is likely that they will already be on the system, and other risk factors to do with social and economic demographics are far too hazy to justify turning an individual into a suspect. The conclusion is that there really does need to be a wide public debate about a national DNA database, which is something that the Government have avoided so far. However, the contribution of the noble and learned Lord, Lord Woolf, certainly points us in that direction, and surely a wide and open debate would be welcomed.

The contribution of the noble and learned Lord, Lord Steyn, on the national identity register was equally riveting, and he will not be surprised to learn that Members on these Benches agree with every word he said. Again, he has saved me considerable time because he set out very clearly many of the points that it is so important to make when debating these issues. I agree absolutely with his comment that it is particularly regrettable that the Government have chosen basically to soften up public opinion by rolling out the register on people such as foreign nationals who do not have the vote and are therefore unlikely to object.

The noble Earl, Lord Erroll, again made an interesting speech. I appreciate his comments on the dangers of the use of face recognition; he is right to be concerned. The other day, I raised briefly with the Minister the practice of the police filming people. I was filmed in Brighton on a protest outside the council offices and, when I asked why, I was told that it was in case I committed a criminal activity. That film was retained and, of course, it is now there for face recognition in the future. It was not taken with my permission and I objected; nevertheless, it is there now. That is another area of activity that we have to question very strongly.

In the debate before Easter, the noble Baroness, Lady Neville-Jones, put her finger on a couple of points to do with the scale of the databases. She said that the point is not always about the scale but about having separate disaggregated databases rather than centralised databases. She is absolutely right.

I would like to comment on two closely related issues: the weak regulation of private sector data collection and storage, and the increasingly porous boundaries between data storage systems and between public and private data.

In the earlier debate, the Minister, Lord Bach, commented that the legislative framework for data protection and privacy is the Data Protection Act and the Human Rights Act, but of course we need to add in the Regulation of Investigatory Powers Act. Since that debate on 14 April, the European Commission has launched infringement proceedings against this country for the way in which the Government are implementing the EU directive on privacy and electronic communications. The public controversy has centred on the technology company Phorm and the secret trials of its systems by BT in 2006. The noble Lord, Lord Soley, spoke about private use for private profit. That is exactly what we are dealing with here, where a private company intends to intercept, through new technology, people's web traffic for private profit. Providing that is within the regulatory scheme, there would be nothing wrong with it. But the regulatory scheme has been unable to cope with whether or not it is legal and, as the EU proceedings show, the real issue is that the UK Government have been willing to leave open a grey area of uncertainty about the legality of Phorm's technologies.

I have asked the Minister numerous questions about this and I am sure that he is fully prepared for my questions today. BT was never brought to book for conducting the secret trials and, in answers to Parliamentary Questions, Her Majesty's Government have called the legal opinion published online by a Home Office official "informal advice".

The letters from the EU Telecoms Commissioner, Viviane Reding, led the Commission to conclude that there were structural problems in the way in which the UK had implemented the EU rules ensuring confidentiality of communications. The problem is that the responsibility for these issues has been passed between the Home Office, the Information Commissioner's Office, the police and others. I am sure that the Minister will remember responding to me by saying that this matter would have to be settled in court.

The infringement proceedings assert that, in line with the data protection directive, consent for interception must be freely given, specific and informed. UK law, on the other hand, has allowed that interception is lawful when the interceptor has reasonable grounds for believing that consent has been given. The EU Commission is also concerned that the UK does not have an independent national supervisory authority dealing with such interceptions. As the clock is ticking on the two months given by the Commission for a response, will the Minister now commit to a review of the consent provisions under RIPA, and will he commit to establishing responsibility for private sector communications interception and storage, under the aegis of either an existing body such as the ICO or a new independent authority?

Answers to Parliamentary Questions confirm that the Government are considering utilising deep-packet inspection as part of the interception modernisation programme, which was confirmed to me in Written Answer HL2760. The use of DPI has been one of the main objections in the Phorm saga because of its potential to uncover personal information by reading the data part of internet traffic, rather than just the header. I do not believe that it is consistent with RIPA, but the Government have not made clear whether or not it is.

Will the Minister explain what uses DPI is being considered for as part of the interception modernisation programme? Will he confirm that one of the reasons why the Home Office has been unwilling to clarify its position on Phorm-like systems is because it is interested in using the technology itself, perhaps in the "black boxes" being considered as part of the communications database?

Before the Minister suggests to me that this is just a conspiracy theory on my part, this morning I received the answers to freedom of information requests to the Home Office from Mr Phil Main that confirm that the department e-mailed Phorm's legal representative on 23 January 2008, offering the company the draft paper for its comments on exactly how targeted online advertising would comply with provisions under RIPA. I find it extraordinary—shocking, even—that the Home Office, when drawing up what was legal under RIPA, would consult the very company that may or may not be acting legally. That is beyond any question of "poacher turned gamekeeper", and I would be grateful for the Minister's comments.

On the crossover between the public and private sectors, there have been revelations in the news over the past few days that the Department for Business, Enterprise and Regulatory Reform gave E.ON secret police information regarding the peaceful protest at Kingsnorth. It is one thing for the police to gather intelligence about a demonstration, but it is quite another for the Government to be able to access that information and then leak it to a private company. That sort of informal data sharing should be governed by clear and transparent rules in the same way as sharing between databases, especially at the crossover between public and private bodies. Not only should data be kept for very clear purposes, but we must remember that the way in which it is shared can be dangerous.

Fortunately, we in this House will not be faced with the appalling provisions that were originally in the Coroners and Justice Bill because they were withdrawn in the House of Commons in the face of united opposition to them. Very wide data-sharing powers were proposed, and I am glad that the Government realised that they would never get them through this House.

I am glad that the noble Lord, Lord West, is answering these points today. On Tuesday, when I asked him my Question about protest, I had not realised that it was his birthday so I had no opportunity to put on the record my wishes to him about a happy birthday. I am able to do so only belatedly, but now the date of 21 April will be burnt into my memory and I shall never forget again.

Photo of Baroness Hanham Baroness Hanham Shadow Minister, Home Affairs 3:50, 23 April 2009

My Lords, perhaps I may follow that by saying that I was done out of my speaking part on the same day by the Deputy Leader of the House calling the Liberal Democrats at the last minute. I, too, had been poised to wish the noble Lord happy birthday. Now he has it on at least three occasions, because I said it to him informally as well.

Like other noble Lords, I thank the noble and gallant Lord, Lord Craig, for giving us another opportunity to debate this extremely important subject. As he stressed, the importance of civil liberties and the balance between the requirement of the state to have a limited amount of information and the need to guard against intrusiveness are the main ingredients that we need to be addressing.

One of the main questions arising from the debate is that this country is now, in the assessment of the organisation Privacy International, ranked as the most invasive surveillance state and the worst at protecting individual privacy of any western democracy. Is that a sobriquet with which we are happy to live? As other noble Lords have said, including the noble and learned Lord, Lord Woolf, in his excellent speech, the balance between the state and the right of the individual is now clearly of great importance.

There are always sound and beguiling reasons for the collection and retention of data. One of the most prevalent reasons currently, as has been said, is for the protection against and detection of terrorism—for who can argue against the need to provide security and safety? That is the rationale that lies behind the new e-Borders scheme and the retention of DNA and it was, at least initially, the ground for the Government deciding to introduce identity cards. I was enormously encouraged by the stringent critique made by the noble and learned Lord, Lord Steyn, of this proposal. I agree with him: if people in this country begin to realise that they are going to have to carry identity cards, they will be less than happy about it. Identity cards are already on the way, however. We have already introduced biometric visas for foreign nationals. That information will be put on passports in the future, and more information will be contained as time progresses.

As other noble Lords have said, most recently we have had the EU directive, which this Government have agreed to implement, that all e-mail and internet traffic should be kept indefinitely, so that such information can be interrogated at any time to check on the position and activities of anyone suspected of crime. That is, of course, the initial rationale for it. Other noble Lords have drawn attention to the use of CCTV and the increasing technology to control drivers and road law. It is hard to know whether to laugh or weep at the general justification for the retention of details to keep us all safe.

In addition to those databases associated with prevention of crime and terrorism, there are others that collect information for social or good purposes, such as the NHS IT system. That system will, although it is taking a long time to become operational, contain information on every patient in a hospital or doctor's surgery. Then there is ContactPoint, the comprehensive database on children, and the national pupil database, which will carry even more details on children's progress through their school lives.

The fact that this information is designed to be accessed and transferred to other public bodies without the consent of the person in question raises many concerns, most especially where children are involved. Noble Lords may have seen the recent publication by the Nuffield Foundation on the widespread sharing of often highly sensitive personal data in the context of Every Child Matters. It states:

"The data sharing, and the improper use of children's consent for this, was criticised by the Foundation for Information Policy Research ... in a study carried out in 2006, 'Children's Databasessafety and privacy'. The study also concluded that the data sharing was in violation of European law".

We have heard a bit about that this afternoon.

There are now an alarming number of "best of reasons" databases on children, including the national childhood obesity database, which will calculate and retain details of a child's body mass index. There is also, as already mentioned, ContactPoint, which came about as a result of the Victoria Climbié disaster to try to prevent the situation that occurred when several agencies were involved in overseeing that poor child's life, each failing to liaise properly with the other. ContactPoint was billed as,

"the quick way for a practitioner to find out who else is working with the same child or young person, making it easier to deliver more co-ordinated support. It will be a basic online directory".

However, together with the other child systems, it is a further encroachment on what should be a right for families to bring up their children in privacy—unless, of course, they are doing something very wrong.

So much is done for the best possible reasons. However, the downsides are beginning to be well understood, particularly the inability of the Government to guarantee the safety and confidentiality of information, with disks lost in the post or left on a train. The Information Commissioner had recorded 277 breaches of data confidentiality at the end of October 2008, with a further 99 in the three months to January 2009. That is considerable number of breaches, some worse than others.

The other downside is the encroachment on people's lives and the impossibility of having one's name or details removed from any of these databases, even if one wants that. The worst of these, of course, is the DNA database, which now has details of some 5 million people, all having been screened as part of a criminal investigation. It is nigh impossible for someone who is cleared of any involvement in a crime to have their details removed, whether proved guilty or not.

I and my party are not against a database for serious offences, particularly for those who have been found guilty. However, we object to the amalgamation of an enormous number of details about a lot of people who should have no contact with enforcement agencies of any sort. A number of voices have now been raised in concern about what is going on. The Home Affairs Select Committee, the European Court of Human Rights—I hear what the noble and learned Lord, Lord Woolf, says—the Government's own ethics committee on DNA and, most recently, the Rowntree report Database State have all said that the unlimited retention of DNA samples is at worst illegal and at best unethical. Does the Minister not think that the most recent statistics, which indicate a fall in the number of crimes for which DNA matches were available, should give the Government pause for thought?

As the noble Baroness, Lady Miller, mentioned, the Government were, as a result of the decision of the European Court of Human Rights, going to undertake some form of public consultation on DNA retention, with primary legislation following in a forensic White Paper. However, it now seems that even that limited exposure to public scrutiny may be denied as attempts are made to shoehorn amendments into the Policing and Crime Bill to give the Home Secretary the right to make regulations on the retention and destruction of photographs, CCTV images and fingerprints. The questions raised by the holding of all this material, and its possible destruction, should not be a matter for a limited debate on a regulation—if, indeed, it ever comes to Parliament. The European Court of Human Rights made it clear that there was a need for greater openness and accountability around the governance of DNA data and the destruction of fingerprint samples. What are the Government going to do to ensure that those strictures are met? I have some sympathy with what the noble Lord, Lord Soley, said about the usefulness of DNA collection, but usefulness and the case and causes for which it may be collected do not necessarily run together.

The subject raised by the noble and gallant Lord, Lord Craig, today and in the debate initiated by the noble Earl, Lord Northesk, a couple of weeks ago is becoming one of enormous complexity, yet it really rests on the words of the Information Commissioner, who said:

"Before new databases are launched careful consideration must be given to the impact on individuals' liberties and on society as a whole. Sadly there have been too many developments where there has not been sufficient openness, transparency or public debate".

The Government need to heed what is being said and take note of the creeping concerns that, to quote the Information Commissioner again, this time on the subject of a communications database:

"The plans are a step too far for the British way of life".

We need to be aware of the British way of life and ensure that we do not transgress it or trespass on it.

Photo of Lord West of Spithead Lord West of Spithead Parliamentary Under-Secretary (Security and Counter-terrorism), Home Office, Parliamentary Under-Secretary (Home Office) (Security and Counter-terrorism) 4:00, 23 April 2009

My Lords, I am very grateful to all those who have spoken in this important debate and particularly to the noble and gallant Lord, Lord Craig of Radley, for this Motion for Papers. It is only right and proper that this debate is taking place. The debate seeks to consider the profound question of the role of the state in protecting individual freedom, including privacy and civil liberties, while ensuring protection from those who would seek to do us harm. A number of speakers raised that issue, which is the nub of the matter.

While there will always be people on either side of the debate claiming that things have gone too far in one direction or another, the role of government is to protect and balance both types of freedom. In an era of rapid technological change—this was touched on by my noble friend Lord Soley and the noble Earl, Lord Erroll—it is right that we constantly satisfy ourselves that we have that balance correct. That balance is maintained by a strong legislative framework; namely, the Data Protection Act and the Human Rights Act. As Article 8 of the European Convention on Human Rights, as set out in the Human Rights Act, stipulates:

"Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others".

It is the very fact that privacy is a qualified right—one that needs to be balanced against collective interests such as national security and prevention of crime—that creates the debate. The technology of the 21st century has completely reshaped the way we live our lives. Each day all of us give out a huge amount of personal information about our finances, travel arrangements, phone calls, internet use and purchases. We all recognise the benefits this brings us as individuals. The use of personal data is essential to protecting the public and, as my noble friend Lord Soley explained, to delivering efficient, effective and joined-up public services. It is required to tackle severe threats including serious crime and terrorism, to protect the public from crime more generally and anti-social behaviour, and to help people get access to the benefits and new opportunities to which they are entitled. We want to create services that improve people's lives and are simple and easy for them to use.

Technology has dramatically improved our capability to protect people from serious crime and terrorism. The use of communications data helped to avert at least 35 threat-to-life situations, including murders, in 2006-07. DNA techniques have helped bring thousands of serious offenders to justice, helping police to solve around 1,000 rapes and murders in 2006-07. Employment checks have prevented around 80,000 unsuitable people gaining work with children and vulnerable people between 2004 and 2007. Focused targeting of dangerous individuals has helped us to pre-empt many attacks and bring serious criminals and terrorists to justice. I mention those figures to show some of the things that can be achieved. But such changes are also challenging to our capabilities. We need to modernise our safeguards to ensure that personal data are protected, that they are kept secure, and that there is an effective and transparent means of redress when things go wrong. These are difficult things to do, and we are trying hard to achieve them.

We have strict controls on the way in which data are held in the public sector and who has access to them. For example, the DNA database, which a number of speakers have raised specifically, can be directly accessed only by a very small number of people and for limited information, to allow for potential crime scene matches.

Departments are also investing time and energy on implementing the mandatory minimum standards set out in the Data Handling Procedures in Government report published in June 2008, to make certain that personal information is managed properly and used securely for the public's benefit. That was the report that came after the study post the HMRC issue where there was a major error. I understand the concerns regarding the loss of data by government departments in the past. Such losses are unacceptable, as I have said on the Floor of the House a number of times.

We have done a lot to tighten this up, and we are continuing to do it. A major teaching effort is required there. In the Home Office, we have taken a number of steps to improve our management of personal information. One such step is the publication of an information charter setting out the standards that the public can expect when the Home Office requests or holds their personal information, how they can access their personal data and what to do if they do not think that standards are being met.

We are also committed to the independent oversight of information and making sure that the public are confident that the information we hold is accurate and secure. A number of speakers have touched on that and on the concerns that that raises. For example, the ID cards scheme will be overseen by a newly appointed independent commissioner, the Identity Cards Act strictly limits the provision of information, and we will make it easy for people to check what is held about them and who has checked their information.

We need to make sure that policies are proportionate and balance the respect for privacy with the potential harm. Sophisticated surveillance techniques must be used to deal with severe threats to the public from serious criminals and terrorists. But it is equally important that ordinary, law-abiding people are free to go about their daily lives without fear of intrusion. That is why, last week, the Government launched their public consultation on the use of the Regulation of Investigatory Powers ActRIPA—explaining and seeking views on which public authorities should be authorised by Parliament to use which covert investigative techniques, and how they can do so in compliance with the law to combat crime and terrorism and to protect public safety, but not to investigate trivial offences, which is not appropriate.

Closed circuit television has been a vital weapon in fighting crime for a number of years, and I shall come to some further related points later. The reassurance that CCTV provides to the law-abiding public is quite evident to me. I live in Hackney, and people there have told me that they like having CCTV covering certain areas, and I think that it is the same across the nation. However, there are accusations of invasion of privacy and, if CCTV is to work effectively, it must be operated in a way that commands the confidence of the community that it is there to serve. The Home Affairs Select Committee made a number of recommendations in respect of CCTV, including the establishment of a national body, the undertaking of further research into the effectiveness of CCTV as a deterrent to crime, the creation of standards to enhance the value of CCTV images and a review of retention periods for CCTV footage. All these important issues will be addressed as part of the work being undertaken by the National CCTV Strategy Programme Board.

The issue of personal privacy and public protection will, rightly, always be a live debate. This Government are committed to making sure that Britain is a safe place to live, while maintaining its long-standing traditions of liberty and privacy. A number of speakers have talked about that, and I assure noble Lords that it is absolutely the view of the Government as well that they should be maintained. We will be as open and transparent as possible with the public about what we do and why.

That is why we are launching a public consultation on the way that we maintain our ability to access communications data in the face of a changing world of communications technologies. We will shortly publish a public consultation paper with proposals on a new retention framework to effect the implications of the judgment on DNA in the light of the finding from the judgment and the requirement of the European Court. We will draft regulations for consideration and for submission to Parliament later this year for approval. That point was remarked on by the noble Baronesses, Lady Miller and Lady Hanham. I hope that covers some of those points.

We are establishing a public panel to help us to understand public concerns around ID cards. We will listen to and engage with the public to make sure that we strike the right balance for the continued protection of the country and its citizens.

Let me touch on some of the specific points that were raised. The noble and gallant Lord, Lord Craig, is quite right that there has not been a detailed look at exactly what benefit CCTV has in reducing crime. That has not been done in a proper, empirical way, although we have a lot of evidence that is not empirical. The national CCTV strategy programme board will be doing a lot more work on this. We know, for example, that ANPR is a very useful tool. We know that CCTV played a key role in the investigation into the London terrorist outrages in the attack on Tiger Tiger and then on the airport in Glasgow. We were almost able to catch the men just before they set off to attack the airport—that is how good we were at using that CCTV and how important it was. Sadly, we just missed them, and so they got there.

The noble and gallant Lord, Lord Craig, also asked about the period for which CSPs are required to retain communication data. The answer is 12 months. I was also asked about the Constitution Committee report on surveillance. We are currently preparing the response, which will be issued very shortly.

The noble and gallant Lord said that crime was not going down. I am always wary of quoting statistics. We all know about statistics—one has to assume that they are correct and, if one is basing things on them, there is no doubt whatever that there has been a major fall in crime since 1997. Overall crime has fallen by 39 per cent, violence by 40 per cent and burglary by 55 per cent. We are facing some challenges in that there seems to be a slight rise again in burglary, but overall those are the sorts of figures that we are talking about.

I touched on the protection of personal data. A specific point was raised about Google Street View. The Information Commissioner has stated that he is satisfied that Google is putting in place adequate safeguards to avoid any risk to the privacy or safety of individuals, including blurring registration plates and faces. Google is also providing access to a mechanism by which anybody can report an image that causes them concern and request for it to be removed, which will then be done.

I have touched on ensuring how data are kept up to date and secure, stemming from the review on data handling. That was mentioned by the noble and gallant Lord, Lord Craig, my noble friend Lord Soley and a couple of other speakers.

The noble and learned Lord, Lord Steyn, raised the issue of identity cards. The prime reason for this scheme is not anti-terrorist. It will provide a single, safe and secure way of protecting personal details and proving identity. At the moment, we constantly have to show council tax bills, driving licences, electricity bills and so on as a way of proving our identity. This is one absolutely secure way of doing that; it is a universal and simple proof of identity, which I think will bring convenience. The public, by and large, support it. Research done over a period of 18 months showed that 59 per cent of people absolutely support it. There is no doubt that locking a person to one identity does not necessarily mean that that is who they are but, with biometrics, it is the only identity that they will be able to have. It helps to protect us against the use of multiple identities. We know that criminals, illegal immigrants and terrorists all make use of multiple identities; indeed, its training brochure shows that that is one of the things al-Qaeda teaches its people to do. This will stop that happening. So while identity cards are not the complete answer to terrorism, they have an impact on it.

The noble Baroness, Lady Hanham, talked about carrying ID cards. There is no requirement for people to do so. The noble and learned Lord, Lord Steyn, mentioned data security. The Identity Cards Act 2006 establishes a statutory duty for the national identity register to be secure and reliable. Its management and processes are overseen by the independent National Identity Scheme Commissioner, who reports annually on the uses to which ID cards are put and the confidentiality, integrity and availability of information recorded in that register. The national identity register data will be held in a very secure repository. It will be security-accredited to meet government and industry standards, and any viewing or provision of data will be subject to access controls and audited. Indeed, the levels of security very much tally with some of those that I have seen in military systems that I have seen in my past life.

My noble friend Lord Soley asked who has access to communications and how they are regulated. We launched a consultation last Friday on RIPA, which I have talked about; it will go through who can have access to things and which public authorities are allowed access to what bits. That will put a stop, I hope, to the nonsense of using the legislation for something silly like dog-fouling, which was clearly never the intention. It is absolutely ludicrous and it is good that we are having that consultation now.

I very much welcome the helpful comments made by the noble and learned Lord, Lord Woolf, on the effective use of the National DNA Database. This is a very difficult and complex issue; it was gratifying to have someone put such a good case pro it, because very often people are very anti it, out of hand, as being something appalling. The noble and learned Lord's comments were extremely useful, and I thank him for them. The issue was touched on by a number of speakers, including the noble Baronesses, Lady Miller and Lady Hanham. We are drawing up proposals that will remove the current blanket retention policy; we intend to introduce a retention framework, setting a proportionate and evidence-based approach to retention. We have taken a number of actions already and will shortly respond fully to the requirements as a result of the S and Marper judgment.

The noble Earl, Lord Erroll, raised some points on data mining. As an aside, if he is actually talking to UBL, I should be very grateful if he would get in contact with me; I would be interested to find if there was just one degree of separation. The noble Earl raised some very good points. Data mining is definitely an issue; personal data must be protected in compliance with data protection principles, which are in the Data Protection Act, as we know. Data mining can involve processing personal data; in such circumstances, that can be carried out only in line with the DPA. However, there is no doubt that, to date, the ICO has not published any guidance on data mining; possibly, that is something that it will have to look at, because it is an area of concern.

The noble Baroness, Lady Miller, mentioned Phorm, as she has a number of times in this House. I know that she has a particular concern about this issue, as do I. However, I cannot really talk about it at the moment, as the CPS is still looking at the Phorm case, which is still under investigation, so it would be inappropriate for me to comment further.

b

"Everyone has the right to respect for his private and family life, his home and his correspondence."

Yes, well in this country right now, victims of institutional child abuse are exempt from that right. We are the most spied upon and put upon people in this country.

I lost all my human rights the day I was a victim of the evil Staffordshire Pindown child abuse system. I do not have any rights - I am an alien in this country. You can only have rights if they are enforcable, but victims of Institutional child abuse are treated as lepers by just about everybody. We have no rights. We are treated much worse than terrorists, rapists, paedophiles and murderers. We are lepers.

Submitted by barbara richards

Photo of Baroness Miller of Chilthorne Domer Baroness Miller of Chilthorne Domer Spokesperson for the Home Office

My Lords, will the Minister comment on the one point that I raised that came out in the FOI request? The Home Office drew up a policy document on whether targeted online advertising was lawful interception. Was it normal Home Office practice for that document to be reviewed and commented on and for deletions to be suggested by the very company intending to undertake the activity?

Photo of Lord West of Spithead Lord West of Spithead Parliamentary Under-Secretary (Security and Counter-terrorism), Home Office, Parliamentary Under-Secretary (Home Office) (Security and Counter-terrorism)

My Lords, I cannot really comment on that, because I do not know the details. I shall get back to the noble Baroness in writing. I was not aware that that had gone on, but I shall look into it.

We are considering the issues raised in the European privacy directive letter of infringement and will respond in the required timeframe. Therefore, it is inappropriate to comment on that. On the subject of DPI, that is a quite accepted methodology for communication service providers, because it is how they ensure the health of their systems and ensure that there is not too much spam. They do it all the time; it is perfectly valid, as long as they do not use it for any other activity. As I say, however, the Phorm issue is still being looked at and is under active investigation by the CPS, so I cannot really talk about it. On E.ON, I was not at all aware of the issue that the noble Baroness raised. I shall go away and ask a question and come back in writing.

The noble Baroness, Lady Hanham, talked about ContactPoint very eloquently. These are very difficult issues. We went down this route because clearly the fact that people were not linked in together by using the advantages of electronic recording meant that some poor child died. We are looking at how we can best resolve this. Technology is the right way of doing it. We do not make people put certain information on there. We are probably going forward in the best way that we can. We would be grateful for suggestions from anyone on any way of improving this, because one has to do these things. If we do not, we get a fractured hold of information, which caused all the problems. Indeed, as the noble Lord, Lord Laming, said, that was the very reason for going down the route that we chose. I know that the noble Baroness is aware of that issue. We will have to keep wrestling with this matter, which raises some very difficult problems.

I have probably said enough. I hear the concerns of all those who fear that the Government intend to expand their collection and storage of personal information, but I can assure noble Lords that that fear is unjustified. We do not want to do this just because we want control. While, as one would expect, our objective of protecting the public is paramount, we do not intend to obtain or access any data unless doing so would be necessary and proportionate under the European Convention on Human Rights and the Human Rights Act 1998, particularly to defend our national security, to fight crime and disorder and to protect the public. However, there is a need for the Government to demonstrate this better and to explain more clearly how they are seeking to achieve the right balance between privacy and security. That is why today's debate has been valuable and I thank noble Lords for their welcome contributions to it.

Photo of Lord Craig of Radley Lord Craig of Radley Crossbench 4:21, 23 April 2009

My Lords, I thank the Minister and all noble Lords who have spoken so eloquently in this debate. The Minister's last point was well worth bearing in mind and I welcome it. Perhaps I may leave one final thought. We never give any real consideration to what I would call an exit strategy on all the security arrangements that are introduced, whether they involve barriers, identity cards or data collection. We are led to believe that it is all done for very good reasons, but each measure gets added to the previous ones. If we are not very careful, we will end up in a very unhelpful situation that seriously impinges on our civil liberties and our privacy. I beg leave to withdraw the Motion.

Motion withdrawn.