Tuesday, November 11, 2008

Centralised Driving Licence Records - Manifestation of the Database State?

Ever watchful for instances of our government’s persistent desire to expand the information about us it holds on official databases, Clameur de Haro? spied in last Friday’s JEP (7th November) a plea from Peter Hanning, the Connétable of St Saviour, for “almost 40,000” islanders, and more especially his own 5,400 parishioners, to submit their driving licence renewal applications early, because of the potential long delays involved in having them processed and returned.
Because there’s an important issue of data privacy and security to consider here, CdeH? will ignore just this once the none-too-subtle demand for £40 up front, as much as 4 months before it’s actually due, thereby enabling the parishes to pocket a tidy sum in interest on ratepayers’ money. (CdeH? trusts that Icelandic banks, credit derivatives, and sundry other exotic - or should that perhaps be toxic? - financial instruments are currently off limits for Parish Treasurers and Procureurs du Bien Public, but you never know…………)
What CdeH? finds much more disturbing are the implications of the post-application process. Look for a moment at Mr Hanning’s own words, and pay particular attention to the highlighted section –
“After you have handed in your application form to the Parish Hall, the details are checked and entered onto an Islandwide database before your photograph and form are scanned into the system. The licences are printed out and laminated in batches at the Town Hall in St Helier before being posted directly to your home address”.
Presumably, this Island-wide database is the one that already exists for driving licence holders’ details, and has done ever since the parishes ceased to be their own licensing authorities, and became merely the issuing authorities (a sop to the parishes if ever there was one, and administratively a very unsatisfactory half-way house which pleases few, and inconveniences the vast majority).
Nevertheless, CdeH? is instinctively suspicious, and would like answers to the following questions –

Is any additional information, over and above that required purely for driving licence purposes, secretly encrypted on to the credit card style licence?

Precisely who has access to the data, and for what purposes? Is access routinely available to all public bodies and officials, or only on a strict need-to-know basis, coupled with justification and authorization?

How tightly are access, viewing rights, and amendment rights controlled? Could, for example, a parish official in St Ouen snoop on the St Clement licence details of a prospective son-in-law, or fabricate an endorsement on to a business rival’s licence?

If law enforcement agencies have access rights in lawful course of their duties (not unreasonable, within limits), what safeguards are in place to prevent and detect improper use, of the kind not exactly unknown in the recent past?

What integration is there with other States’ databases, like Social Security and Income Tax? Could officials of Social Security, say, search for a cross-matching of names and addresses to check whether a recipient of serious incapacity benefit doesn’t also have a no-incapacity driving licence? Preventing benefit fraud by reasonable means is legitimate, but this kind of linkage allows covert spying on the population to a wholly unacceptable degree.

Licensees’ details include a raft of personal data, photographs, forms, and even signatures. With the existence of the database being public knowledge, and with even CdeH? being able to work out that it would yield a treasure trove of sensitive personal information for criminals, what barriers and firewalls are there to prevent data abstraction for nefarious purposes?

In which public body does political accountability for the centralised database reside? Is it the Comité des Connétables? If not, who? On whose desk sits that famous sign “The Buck Stops Here”? Who do we blame, whose head should roll, who should fall on their sword, if a catastrophic data loss or security breach was to occur? In short, just who’s in charge?

What precautions are taken to ensure that the data held about us will not either (1) be lost while being sent on an unencrypted, non-passworded CD-ROM via insecure mail: or (2) copied to a memory stick which then gets left in the pub: or (3) stored on a laptop which gets nicked from the back seat of a car while the owner hops out to pick up the paper on the way home? All three have happened in the UK during the past year.......

Would the States indemnify the database’s entire population from consequential loss occurring as a result of the leakage of sensitive personal data if caused by the States’ or their agents’ reckless or negligent custody? What’s the extent of third party liability cover carried by the States against this? Is it sufficient?

What does the database cost to establish and maintain? Is it cost-effective? Could it be outsourced at lower cost, provided that legitimate access was not impeded and security was not compromised?

And finally - have all the operating parameters and data protection measures been reviewed and signed off by the Data Protection Commissioner?

Now for a couple of other aspects.

Doesn’t the basic concept of an Island-wide driving licences database run counter to the hoary old argument that a system of 12 individual parishes constituting 12 separate issuing authorities is somehow one of the key manifestations of individual parish identity?

And from the purely practical standpoint, if a centralised, all-Island, driving licence database exists, then why on earth does CdeH?, say, on moving house from Trinity to St John, have to go through the archaic and time-consuming rigmarole of surrendering a Trinity licence and applying – probably in person too, for photograph verification - for a new St John version (plus the £40 fee, no doubt)? The widespread assumption among CdeH?’s acquaintances is that it’s to give parish administration at least the fiction of something to do……thereby adding, of course, to the cost of public bureaucracy.

CdeH? did not anticipate the need, quite so soon after launching Clameur de Haro?, to comment at such length on the threats to the privacy and security of islanders’ personal details posed by the unremitting expansion of the database state.

CdeH? is disinclined just to trust Big Brother, much less learn to love him. So satisfactory answers and reassurances please, Big Brother. And now.

Add to del.icio.usDigg It!Stumble This

No comments: