Can We Now Drop the ID Cards Lunacy Once And For All?

According to the TeleBarclaygraph this morning, Chancellor of the Exchequer Fiscally Incontinent & Incompetent Glove-Puppet-In-Chief Alistair Darling has dropped a strong hint that the national ID cards proposal is going to be dropped.

Which is excellent news, if true, although, as quickly picked up by several UK libertarian bloggers, the key issue here surely is not so much the "...biometric passports can do the same job..." issue, as the continuation of the all-encompassing state database comprising the iniquitous National Identity Register.

With the need now to re-cast next year's budget expenses downwards in the wake of Deputy Sean Power's successful heading off of more taxes on Middle Jersey, perhaps the Treasury Minister could take the opportunity to pronounce the authoritarian and illiberal idea of any ID card system or centralised identity database for Jersey to be totally and absolutely dead for any time in the foreseeable future.

Confirmation please, Minister.

Add to del.icio.usDigg It!Stumble This

Don’t Put Your Data With The State, Mrs Worthington!

Several more examples of firstly, the way in which the authoritarian state continues to acquire data of questionable legality on law-abiding citizens, and secondly, a cavalier attitude by corporates and public sector bodies alike to data protection, and the security and privacy of individuals’ personal data, came to Clameur de Haro’s attention in the past week.

In the financial world, Zurich Insurance finally admitted losing the personal account details for over half a million people, more than a year ago. The personal details of no fewer than 51, 000 British customers were among data backed up on a tape which was on its way to a South African data storage centre when it was lost in August 2008.

That’s bad enough, but at least people can choose to place their business with an alternative provider and not with Zurich if they feel its custodianship of their personal details is negligent or deficient. Unfortunately no such choice arises in the case of data required to be held by public sector or government agencies. 

The Home Office, in a written answer to a Parliamentary question, admitted that the estimated number of people whose DNA profile is stored by the government has, for the first time, gone through 5m, with some 5,094,568 individuals now thought to be represented on the National DNA Database: on an estimated replication rate of about 13.8 per cent, this means that the number of actual DNA profiles is 5,910,172 - about one for every ten people in Britain.

This unrestricted growth of what is, on a per capita basis, the world's largest repository of human DNA information has continued despite the New Labour regime’s defeat at the hands of the European Court of Human Rights last December, when the ECHR ruled that the policy of retaining – permanently - the DNA profile of every single person ever even arrested (not charged or convicted) in relation to any offence, no matter how comparatively trivial, was manifestly illegal. So far the New Labour regime has taken no action to comply with the ruling.

The UK Information Commissioner revealed (tellingly, only as a result of a demand under Freedom of Information legislation) that there are more data loss reports being submitted to him from companies and governments than ever before – 356 for the period November 2008 to September 2009, compared with 190 in the equivalent period in the previous year. The biggest cause of loss, in 198 incidents, was lost or stolen hardware, usually laptops and memory sticks, while 78 were due to data disclosed in error, typically discs or memory sticks being mis-addressed.

The most recent figures released by the Commissioner in normal course (October 2008) also showed that, of 277 incidents since HMRC lost the entire UK child benefit recipients database a year earlier, no fewer than 197 came from the public sector.

Then it emerged that the UK's Rural Payments Agency (RPA), five months ago, lost tapes which contained the payment details of more than 100,000 farmers in the UK. The agency told DEFRA (the Department for Environment, Food and Rural Affairs), but DEFRA told nobody else, and certainly not the farmers affected.

DEFRA appears to be trying to finger IBM for the loss. Apparently, 39 backup tapes were transferred by the RPA from its Reading offices to Newcastle, following which the tapes then “went missing”: 37 were subsequently found, but not the other two. DEFRA is alleging that the tapes were simply placed on the wrong shelf by the IBM staff who actually operate the RPA data centre in Newcastle.

The last definite record of the tapes' existence was in June 2008: it was only in May 2009, according to the report seen by CdeH, that IBM staff realised the tapes were missing and reported the loss to the RPA, who then told DEFRA. DEFRA has suggested “that it is likely that the lost tapes have been destroyed without anybody realising”. Vaporisation perhaps? Spontaneous self-combustion, maybe?

While bad, none of this should have been too serious in practical effect however, because the tapes and the data on them would have been encrypted and passworded, surely? Er………no, ‘fraid not, this is a government department we’re talking about, after all.

DEFRA has tried saying that all this doesn’t matter, because “extremely specialised equipment” would be needed to extract the data off the tapes. Clameur de Haro’s techie adviser, when asked about this, just laughed – seemingly, said “extremely specialised equipment” basically consists of a tape drive and backup software, the kind of equipment stocked by every tape-using IT store and freely purchasable over the internet.

This may all seem a bit remote from Jersey – but just how comfortable can we be that, somewhere within the vast edifice of personal data held by the States, there isn’t a similarly cavalier approach to data security, or worse, a similar debacle already perpetrated but being feverishly concealed from public view?

Meanwhile, the only sensible approach seems to be to give the state as little personal data as possible.

Add to del.icio.usDigg It!Stumble This

Plaudits for Environment and Data Protection!

Back in September, Clameur de Haro blogged about the further example of the intrusive state and its cavalier approach to data protection which seemed to be represented by Environment’s apparently selective targeting of oil consumers for an advisory about the steps necessary to prevent oil spillage pollution.

Data Protection actually responded to the blogpost very quickly, and (with due apologies for the time gap) CdeH is delighted to thank them and share the information they provided –

Distribution of the Oil Care Sticker

The Oil Care Group was established in 2008 in conjunction with Environmental Protection’s ‘Oil Care Campaign’. The group provides a forum for the oil industry (including the Island’s three fuel distributors and a number of boiler engineers) and Environmental Protection to discuss oil related issues and develop environmental best practice with regard to reducing the risk of oil pollution of the aquatic environment.

The Oil Care Sticker aims to provide simple and practical advice to domestic oil tank owners on how to stop oil pollution occurring and what to do if oil is lost to the environment. The Oil Care Group agreed that the best way to distribute the stickers to householders was through the fuel companies. Environmental Protection provided the oil companies with pre-packed sealed envelopes, which contained the sticker and an advisory letter from Environmental Protection. The letter was written on 26 June, 2008 and does not contain any address data. This method of distribution was decided to avoid data protection issues associated with the provision of personal information.

Oil Care stickers are only sent by the fuel companies to their customers if they do not have an oil sticker visible on their tank. To date approximately 10,000 stickers and advisory letters have been given to the fuel companies for distribution.

Distribution of an advisory letter providing information regarding single-skinned oil tank

Following a request from one of the fuel companies, a further advisory letter has been produced to advise people of the environmental risks of owning a single-skinned oil tank. The advisory letter is distributed at the fuel companies’ discretion and aims to support them in reducing the number of high risk oil tanks on the Island. The single skinned oil tank letter was written on 22 August, 2009, with approximately 50 letters provided to the fuel company.

So it appears that, in deciding the best method of distribution, both Environment and Data Protection had very much of the forefront of their minds the need for the protection of the oil distributors’ customers’ confidential personal data. A large Clameur de Haro plaudit to each of them.

A large raspberry, however, to those oil distributors who clearly didn’t feel it remotely necessary to reassure their customers that receiving a targeted advisory from Environment did not mean that confidential customer information had been disclosed.

Add to del.icio.usDigg It!Stumble This

Another Example of the All-Intrusive State

The suffocating embrace of Jersey's increasingly all-intrusive state continues, it seems, to grow apace.

Clameur de Haro has received the missive below from the rather grandiosely-titled Assistant Director, Environmental Protection, reminding him that oil spillage can (only can?) cause long-term damage to the environment (well Good Heavens - whoever would have guessed?) and enjoining him to affix to his oil tank a sticker urging preventive measures apparently derived, not so much from accumulated environmental expertise, as from the Handbook of the Bleedin' Obvious.

Check, CdeH is beseeched, the oil level in your tank before ordering more oil: gosh, never would have thought to do that.

Now Clameur de Haro would never, other than indulging in a little urinary extraction at the expense of the jobsworths, decry the need to protect our natural environment from avoidable pollution of this type (the need to expose and attack constantly the fallacies of the Great Anthropogenic Climate Change Scam being an entirely different matter). But there are a couple of aspects here which are troubling - apart from the obvious one of yet more public expense.

Firstly, to what extent was the public made aware that the 2007 Building Bye-Laws contained a provision requiring the display of an oil care sticker on domestic oil tanks? This in itself is a comparatively innocuous requirement, but what if it had been something altogether more drastic and far-reaching? Building Bye-Laws are either made by the Minister or go through the States Assembly on the nod with precious little scrutiny, so where was the information to the public?

Secondly, and even more disturbing, just how is the Planning and Environment Department aware that Clameur de Haro even has an oil tank? The majority of his neighbours use gas, and his tank installation was not one that required planning permission at the time it was undertaken, so from where, precisely, is P&E's information derived? The obvious inference has to be that it came from the oil suppliers, who presumably made their customer databases (and what else? - amount of oil usage?) available to P&E for the purposes of the latter's mailshot.

If so, then the oil suppliers have quite possibly breached local data protection legislation, and the States of Jersey in turn have either been complicit, or even procured the breach. CdeH provides personal information to his oil suppliers for the purposes of his business relationship with them, not in the expectation that it will be passed on to the agents of the state, and he will be taking this up with them.

Perhaps Jersey's Data Protection Commissioner, one of the few senior public officials for whom CdeH has much time, could adjudicate.

Add to del.icio.usDigg It!Stumble This

Christmas Eve - Presents From Santa

So, wonders Clameur de Haro? as Christmas Eve advances, what goodies will some of our allegedly prominent citizens and putative lords and masters find in their festive stockings when they wake up tomorrow morning?

Trying to fathom what they may themselves have asked for in their letters to Father Christmas would probably be fairly futile, so CdeH? will just take a quick stab at what presents Santa, being a wise old cove, might usefully decide to leave one or two of them to find when they excitedly tear off the wrappings………………

Terry Le Sueur – destined, one fears, to be disappointed at not receiving a course of public speaking lessons, but hopefully to find, as consolation, an interactive CD called “Effective Communication”.

Philip Ozouf – for the man who claimed firstly, that adding GST individually to each item rather than overall at the till would not be inflationary, and secondly, that the inflationary effect – and yes, Ozo, we all spotted the contradiction - would only be temporary because it would drop out of the calculation after a year (which is a bit like saying that after 9 months pregnancy you’re back to where you were before because you’re no longer pregnant), there really can be only two presents: “Economics For Dummies”, and a modicum of modesty to carry into 2009.

Stuart Syvret – CdeH? first thought that a bile-stained, cracked and warped mirror might be appropriate, so that the People’s Tribune could see himself as others see him, but probably even more appropriate, not to mention instructive, would be a copy of “Murphy on Evidence” and a large slice of humble pie - plus of course a new pile of slinging mud.

Graham Power – a copy of “The Invisible Man”, and a one-way airline ticket - to anywhere.

Jim Perchard – for the new Minister of Health and Social Services, enough nous to assess whether the reported £60m “New Directions” policy on the restructuring of health and social services is just that, or in fact a smokescreen for a further extension of state interference into the private sphere, and a covert justification for retaining or expanding the H & SS bureaucracy

The Editor of the Jersey Evening [sic] Post – the inspiration and courage to launch a fully online edition, with archive search.

Any Parish Administration – any idea for a more meaningful role in the community than the present one of largely minor relevance in practical terms to the majority of islanders’ daily lives.

The Data Protection Registrar – as the only official whose powers CdeH? would not curtail, all the facilities and funding needed to prevent the insidious onward march of the database state, and the continuing independence to speak out when required

The Barclay Brothers – a compulsory purchase order for Colditz-en-Brecqhou, without compensation, validly enacted by Sark’s Chief Pleas and signed by every member.

Clameur de Haro? wishes a very happy and peaceful Christmas to his fellow-bloggers, but above all to the men and women of our Armed Forces serving overseas, continuing to safeguard our freedoms and serve their country, despite being traduced daily by a media and political class not fit to lick their boots or clean their latrines.

Add to del.icio.usDigg It!Stumble This

Centralised Driving Licence Records - Manifestation of the Database State?

Ever watchful for instances of our government’s persistent desire to expand the information about us it holds on official databases, Clameur de Haro? spied in last Friday’s JEP (7th November) a plea from Peter Hanning, the Connétable of St Saviour, for “almost 40,000” islanders, and more especially his own 5,400 parishioners, to submit their driving licence renewal applications early, because of the potential long delays involved in having them processed and returned.

Because there’s an important issue of data privacy and security to consider here, CdeH? will ignore just this once the none-too-subtle demand for £40 up front, as much as 4 months before it’s actually due, thereby enabling the parishes to pocket a tidy sum in interest on ratepayers’ money. (CdeH? trusts that Icelandic banks, credit derivatives, and sundry other exotic - or should that perhaps be toxic? - financial instruments are currently off limits for Parish Treasurers and Procureurs du Bien Public, but you never know…………)

What CdeH? finds much more disturbing are the implications of the post-application process. Look for a moment at Mr Hanning’s own words, and pay particular attention to the highlighted section –

“After you have handed in your application form to the Parish Hall, the details are checked and entered onto an Islandwide database before your photograph and form are scanned into the system. The licences are printed out and laminated in batches at the Town Hall in St Helier before being posted directly to your home address”.

Presumably, this Island-wide database is the one that already exists for driving licence holders’ details, and has done ever since the parishes ceased to be their own licensing authorities, and became merely the issuing authorities (a sop to the parishes if ever there was one, and administratively a very unsatisfactory half-way house which pleases few, and inconveniences the vast majority).

Nevertheless, CdeH? is instinctively suspicious, and would like answers to the following questions –

Is any additional information, over and above that required purely for driving licence purposes, secretly encrypted on to the credit card style licence?

Precisely who has access to the data, and for what purposes? Is access routinely available to all public bodies and officials, or only on a strict need-to-know basis, coupled with justification and authorization?

How tightly are access, viewing rights, and amendment rights controlled? Could, for example, a parish official in St Ouen snoop on the St Clement licence details of a prospective son-in-law, or fabricate an endorsement on to a business rival’s licence?

If law enforcement agencies have access rights in lawful course of their duties (not unreasonable, within limits), what safeguards are in place to prevent and detect improper use, of the kind not exactly unknown in the recent past?

What integration is there with other States’ databases, like Social Security and Income Tax? Could officials of Social Security, say, search for a cross-matching of names and addresses to check whether a recipient of serious incapacity benefit doesn’t also have a no-incapacity driving licence? Preventing benefit fraud by reasonable means is legitimate, but this kind of linkage allows covert spying on the population to a wholly unacceptable degree.

Licensees’ details include a raft of personal data, photographs, forms, and even signatures. With the existence of the database being public knowledge, and with even CdeH? being able to work out that it would yield a treasure trove of sensitive personal information for criminals, what barriers and firewalls are there to prevent data abstraction for nefarious purposes?

In which public body does political accountability for the centralised database reside? Is it the Comité des Connétables? If not, who? On whose desk sits that famous sign “The Buck Stops Here”? Who do we blame, whose head should roll, who should fall on their sword, if a catastrophic data loss or security breach was to occur? In short, just who’s in charge?

What precautions are taken to ensure that the data held about us will not either (1) be lost while being sent on an unencrypted, non-passworded CD-ROM via insecure mail: or (2) copied to a memory stick which then gets left in the pub: or (3) stored on a laptop which gets nicked from the back seat of a car while the owner hops out to pick up the paper on the way home? All three have happened in the UK during the past year.......

Would the States indemnify the database’s entire population from consequential loss occurring as a result of the leakage of sensitive personal data if caused by the States’ or their agents’ reckless or negligent custody? What’s the extent of third party liability cover carried by the States against this? Is it sufficient?

What does the database cost to establish and maintain? Is it cost-effective? Could it be outsourced at lower cost, provided that legitimate access was not impeded and security was not compromised?

And finally - have all the operating parameters and data protection measures been reviewed and signed off by the Data Protection Commissioner?

Now for a couple of other aspects.

Doesn’t the basic concept of an Island-wide driving licences database run counter to the hoary old argument that a system of 12 individual parishes constituting 12 separate issuing authorities is somehow one of the key manifestations of individual parish identity?

And from the purely practical standpoint, if a centralised, all-Island, driving licence database exists, then why on earth does CdeH?, say, on moving house from Trinity to St John, have to go through the archaic and time-consuming rigmarole of surrendering a Trinity licence and applying – probably in person too, for photograph verification - for a new St John version (plus the £40 fee, no doubt)? The widespread assumption among CdeH?’s acquaintances is that it’s to give parish administration at least the fiction of something to do……thereby adding, of course, to the cost of public bureaucracy.

CdeH? did not anticipate the need, quite so soon after launching Clameur de Haro?, to comment at such length on the threats to the privacy and security of islanders’ personal details posed by the unremitting expansion of the database state.

CdeH? is disinclined just to trust Big Brother, much less learn to love him. So satisfactory answers and reassurances please, Big Brother. And now.

Add to del.icio.usDigg It!Stumble This