link to briefings documents at

Magna Carta Plus News

back to index page
orientation to the news at

short briefing dcuments at

This page provides occasional items, linked to the original articles, as we attempt to keep up with the rapidly changing situation on civil liberties.
Archive of old news service:
2002 - 2004

1st Jan to 9th Sept 2005


British government unveils new “criminal justice” proposals

As reported in the Times, this week the British government unveiled a new set of big brother/police state criminal justice proposals:

Every suspect in contact with the police faces having their DNA placed on a national database under government plans for a huge extension of “Big Brother” Britain announced yesterday.

All children will also undergo regular compulsory checks to discover if they are at risk of turning into criminals. They would face the crime test at key stages of their development, including when they start school and at 11.

The children of prisoners and Class A drug addicts would be “actively case managed” by youth offending teams in the crime strategy unveiled by 10 Downing Street .

The Government said the plan should “establish universal checks throughout a child’s development to help service providers to identify those most at risk of offending. “These checks should piggy-back on existing contact points such as the transition to secondary schools.”

It was not clear whether the check would involve an interview with a child, or if it would comprise a review of school and police records.

Ministers are also planning to allow police to take the DNA of suspects, to expand the use of scanning equipment to help to detect explosive devices in crowds, and to scan mail for drugs.

Useful commentary on these proposals include the following:

The proposals themselves can be found here. I intend to comment on them directly in due course.

Home Office issues 10,000 fraudulent passports

From this report in the Guardian:

An estimated 10,000 British passports were issued after fraudulent applications in the space of a year - and al-Qaida terrorists have successfully faked applications, the Home Office admitted today.

This same government wants to issue ID cards to every adult resident of Britain backed by a database storing all the names they’ve been known by, the details of every occasion on which their identity is checked, every address they’ve ever lived at, every identity document that’s ever been issued to them, and a unique identifier that will index into other government databases holding information about them.

How can we trust them not to also issue thousands of these cards to those who fraudulently apply for them or to keep the data safe when they demonstrate such incompetence with passports?

British government to remove all barriers to banks sharing personal data

The Telegraph reports that the government is planning to remove all the barriers that prevent the sharing of personal data between banks and credit reference agencies:

Last year’s inquiry by the Treasury Select Committee into credit card charges specifically raised the question of over-indebtedness, and called on banks to increase the amount of data they shared on consumers, to prevent those with big debts taking out ever more loans and plastic.

Credit reference agencies have existed for more than a century in the US but arrived in the UK about three decades ago, at a time when banks were becoming more generous with credit cards and other accounts, but wanted to weed out problem debtors. Today there are three agencies, Experian, Equifax and CallCredit which hold a range of data about who we are, where we live, how much we earn and who we bank and borrow with.

Initially, they could only hold information on customers who failed to pay their debts on time, but more recently they were allowed to include data on good account holders as well as bad. However, many banks were reluctant to trade details of their good customers, for fear of losing them to competitors, so they restricted their data sharing to defaulters.

This changed over the past year or so, as political pressure mounted in the face of alarming stories of customers clocking up tens of thousands of pounds of debt, after acquiring a whole pack of credit cards. If people couldn’t be trusted to borrow responsibly, the lobby grew demanding that banks protect rogue consumers from themselves.

Now all the big lenders and banks pass full details of 350 million credit and current accounts opened since the late 1990s to the three agencies, but they do so with our consent. Roughly a decade ago, institutions introduced a clause into their standard terms asking for our permission to share our personal details with the agencies. Anyone who refused to give permission would have been turned down for the loan or account.

However, there are a further 40m accounts opened before banks changed their terms and conditions where customers have not been asked if they are happy for their details to be disclosed to third parties for credit checking purposes. These are called “non-consensual” accounts, and data relating to them cannot currently be shared. It is these accounts which the Government now wants to lift the blackout on. The Department of Trade and Industry is due to report in May on how this will be done.

HBOS’s head of risk, Nick Robinson, says: “The whole business of credit scoring and credit reference agencies is a bit of a dark art, but we want to be responsible lenders, and it is very difficult to assess someone’s levels of debt, unless we have access to all the financial information we can get,” he says. “We understand that many people will not be comfortable with the prospect of their financial data being shared without their consent. But we have tried sending out forms asking for permission and that doesn’t work. It would seem we have to look at some other “non-consensual” arrangement, which is what the DTI is examining now.” (emphasis added to Telegraph article)

Note the attitude indicated at the end of this quotation: getting consent did not work, so now we will do it without consent! (How dare these awkward customers protect their privacy?!) So much for financial confidentiality. Our bank accounts will soon all be open books.

UK’s Commons Home Affairs Committee launches a short consultation on “A surveillance society?”

[Hat tip: Spy Blog]

On the 27th March, the Home Affairs Committee of Britain’s House of Commons launched a consultation on “A surveillance society?”:

The inquiry will consider the growth of numerous public and private databases and forms of surveillance with a direct relevance to the work of the Home Office. They either derive directly from the work of the Home Office and its related public functions or are controversial because whilst they offer the potential to play a part in the fight against crime their use may impinge on individual liberty.

The inquiry will be wide-ranging, considering the following issues:

* Access by public agencies to private databases
* Data-sharing between government departments and agencies
* Existing safeguards for data use and whether they are strong enough
* The monitoring of abuses
* Potential abuse of private databases by criminals
* The case for introducing privacy impact assessments
* Privacy-sharing technologies
* Profiling.

The inquiry will focus on Home Office responsibilities such as identity cards, the National DNA Database and CCTV, but where relevant will look also at other departments’ responsibilities in this area, for instance the implications of databases being developed by the Department of Health and the DfES for use in the fight against crime.

The Committee’s aim is not to carry out a comprehensive detailed review of the subject of the kind recently carried out by the Surveillance Studies Network on behalf of the Information Commissioner (and published in his report on The Surveillance Society in October 2006); but to build on the Information Commission’s work in exploring the large strategic issues of concern to the general public, with a view to proposing ground rules for Government and its agencies.

The deadline for submissions is the 23rd of April, meaning that less than a month is being allowed for this consultation!

Bill enabling your social security info to be handed to the BBC (and others)

Posted by James Hammerton @ 8:15 pm on 1 March, 2007.
Categories privacy and surveillance, British politics, the database state.
Edit This Permalink to this article

Another “catchup” post.

Back in December, Spyblog reported on the Digital Switchover (Disclosure of Information) Bill. This bill allows the government to hand over information relating to social security and/or war pensions to another person on request, if that person is:

  • The BBC,
  • A company that the government, the BBC or a nominee of the BBC holds a majority stake in,
  • any person engaged by the BBC, or the secretary of state, or a company as described above, to provide any service connected with switchover help functions (including establishing whether a person needs help with the switchover).

This is apparently related to the upcoming switching off of the analogue signal and its replacement by the BBC’s digital services. The precise information to be handed over will be determined by a statutory instrument once the bill is passed and comes into force. But the explanatory notes, clause 24, gives an idea of the information that the government envisages handing over for this purpose:

The precise details have not been finalised, but it is envisaged that this power will be used to specify for this purpose the following information about an identifiable person, namely—

  • their name, and any alias by which they may be known, marital status (if known), address and date of birth;
  • their National Insurance number;
  • whether they are eligible for any of the benefits that will establish entitlement to help and (if so) those in respect of which they have an award of benefit;
  • the fact that they have ceased to receive such benefits, where that is the case;
  • details of any partner (including details of date of birth and National Insurance number) and whether they receive pension credit, income support or income-based jobseeker’s allowance (to check upon what level of support the household is entitled to);
  • if the qualifying person for disability living allowance is a child, whether the responsible adult or adults is receiving pension credit, income support or income-based jobseeker’s allowance;
  • whether they live in a residential care or nursing home (so helping to ensure that the right kinds of help are available in residential care and nursing home settings);
  • details of any person appointed to act on their behalf (to allow such people to be contacted to alert them to the availability of help);
  • the fact that they have died, where that is the case.

Why should any of this information be handed to the BBC, or to the people employed by the BBC/Secretary of State to help with the digital switchover? As Spy Blog points out, the switching of Radio 4 from long wave to FM, and the retuning of video recorders in order to receive Channel 5 were all achieved without the need for such information to be passed to the BBC (or Channel 5).

Steve Boggan on the database state

Although he doesn’t use the phrase “the database state”, Steve Boggan’s recent article in the Guardian is a useful primer on the development of the database state in Britain, explaining how the National Identity Register fits in with other government databases and the government’s plans to allow more sharing of personal data:

The Identity Cards Act makes provision for the establishment of a national identity scheme commissioner to monitor the whole thing. But it also provides for the sharing of your data - without your consent - with the director general of the security service, the chief of the intelligence service, the director of communications at GCHQ, the director general of the Serious Organised Crime Agency and chief police officers up and down the country. And this, the act says, is not something the commissioner may keep under review. He will have no watchdog powers over the security services in this regard.

The prime minister likes to call all this “transformational government” and few would deny that changes are, indeed, taking place. For example, next year will see the introduction of the children’s information sharing index, which will track every child, and all services they receive, from birth. And, of course, there is the NHS care records system, the so-called Spine database on which the government wants to hold all personal health information.

Once you have a national identity card, a number and an audit trail, all of this - and everything every government department, bank or supermarket has on you - could be accessed, without your knowledge or consent, by the security services, justified by their slightest suspicion of you. And the national identity scheme commissioner, the watchdog without teeth, wouldn’t be able to so much as growl.

Bruce Schneier on ID cards

Posted by James Hammerton @ 9:10 pm on 26 February, 2007.
Categories privacy and surveillance, the database state.
Edit This Permalink to this article

Bruce Schneier, a cryptography and security expert, recently wrote a critique of America’s “Real-ID Act”. Many of the points apply equally well to the ID scheme Britain is in the process of implementing, for example:

But even if we could solve all these problems, and within the putative $11 billion budget, we still wouldn’t be getting very much security. A reliance on ID cards is based on a dangerous security myth, that if only we knew who everyone was, we could pick the bad guys out of the crowd.

In an ideal world, what we would want is some kind of ID that denoted intention. We’d want all terrorists to carry a card that said “evildoer” and everyone else to carry a card that said “honest person who won’t try to hijack or blow up anything.” Then security would be easy. We could just look at people’s IDs, and, if they were evildoers, we wouldn’t let them on the airplane or into the building.

This is, of course, ridiculous; so we rely on identity as a substitute. In theory, if we know who you are, and if we have enough information about you, we can somehow predict whether you’re likely to be an evildoer. But that’s almost as ridiculous.

Even worse, as soon as you divide people into two categories — ­more trusted and less trusted people — ­you create a third, and very dangerous, category: untrustworthy people whom we have no reason to mistrust. Oklahoma City bomber Timothy McVeigh; the Washington, DC, snipers; the London subway bombers; and many of the 9/11 terrorists had no previous links to terrorism. Evildoers can also steal the identity — ­and profile — ­of an honest person. Profiling can result in less security by giving certain people an easy way to skirt security.

There’s another, even more dangerous, failure mode for these systems: honest people who fit the evildoer profile. Because evildoers are so rare, almost everyone who fits the profile will turn out to be a false alarm. Think of all the problems with the government’s no-fly list. That list, which is what Real IDs will be checked against, not only wastes investigative resources that might be better spent elsewhere, but it also causes grave harm to those innocents who fit the profile.

Enough of terrorism; what about more mundane concerns like identity theft? Perversely, a hard-to-forge ID card can actually increase the risk of identity theft. A single ubiquitous ID card will be trusted more and used in more applications. Therefore, someone who does manage to forge one — ­or get one issued in someone else’s name — ­can commit much more fraud with it. A centralized ID system is a far greater security risk than a decentralized one with various organizations issuing ID cards according to their own rules for their own purposes.

I recommend reading the whole thing.

Applying for a British passport? Then (soon) you must attend an interview and give your fingerprints…

The British government’s identity card scheme will involve interviewing people and taking their fingerprints when they register for the scheme. However, initially the government is piggybacking this scheme onto the process of applying for a passport.

On the 26th March, the first of 69 new interview centres will be opened, and from April onwards, some first time passport applicants will find they have to travel to one of these centres to be interviewed before getting their passport.

Later in the year, the collection of fingerprints during this process will commence. Eventually all first time applicants will be called for interview, and then from 2009 onwards the plan is that everyone applying for a new passport will be called for interview, and their details will be entered onto the national identity register. They will also get an ID card unless they “opt out”.

However “opting out” merely means you don’t get the ID card — the info is still collected and store on the NIR. Moreover the government plans to make it compulsory for everyone to register and get a card after the next general election, should they still be in power.

See the following for more info:

Responding to Tony Blair’s email: The £1.7 billion worth of identity fraud claim

Posted by James Hammerton @ 10:04 pm on 24 February, 2007.
Categories privacy and surveillance, British politics, the database state.
Edit This Permalink to this article

Tony Blair’s email to anti-ID card petitioners included a claim that identity fraud costs Britain £1.7 billion per year:

Secure identities will also help us counter the fast-growing problem of identity fraud. This already costs £1.7 billion annually.

This figure has been used repeatedly by the government in its literature and statements on identity fraud and its justifications for the identity card scheme, and comes from this document produced in February 2006. From 2002 until Feb 2006, the government was claiming the amount was £1.3 billion pounds per annum.

I contend that these two figures are bogus. They include figures that are not related to identity fraud per se and figures that are outright guesses. Also, no detail is given on how the government arrived at any of the figures, and it’s not clear that any effort has been made to avoid some obvious risks of double counting. I’ve illustrated these points in the following breakdown of the figures which add up to a total £1.72 billion attributed to “identity fraud”:

Responding to Tony Blair’s email: The information in the national identity register

In his recent email to those who signed this petition against the government’s identity card scheme, Tony Blair said that the National Identity Register (i.e. the database that forms the core of the identity card scheme) will:

…contain less information on individuals than the data collected by the average store card…

I have several points to make in response to this:

  • Store cards are voluntary, where registering on the national identity register will eventually be compulsory under the government’s plans. Indeed starting in April 2007, some first time applicants for passports will be required to register, and eventually (in 2009 according to current plans) all applicants for passports will be required to register, before finally extending the scheme to all permanent residents of Britain.

    It is disingenuous to compare an entirely voluntary scheme, with one that passport applicants, and eventually all permanent residents, will be legally required to sign up to, and provide data for.

  • The retail company that issues a store card cannot legally share store card data with other parties without the customer’s consent, and the retailer will only get information about that customer’s shopping habits at their stores (or perhaps any allied stores that allow their card to be used).

    E.g. the Tesco store card won’t record purchases made with other store cards, credit cards or with cash - you are thus in complete control over how much you let Tesco know about your shopping habits, being able to choose whether to have a card, whether to use Tesco at all, and whether to use the card for any particular purchase.

    However, the information on the National Identity Register can legally be shared with the police, security services and public bodies without your consent. Indeed some of the data, including your fingerprints and National Identity Registration Number (NIRN), will be shared with anyone who checks your identity in order to carry out the ID check. The NIRN will also enable entries in the NIR to be cross referenced with other databases held by public authorities and government departments.

    Note that there are also moves afoot to enable general sharing of personal data across government departments when it is deemed by the government to be “in the public interest”.

    Finally, Blair’s email itself implies some sharing of NIR data with other governments:

    Another benefit from biometric technology will be to improve the flow of information between countries on the identity of offenders.

  • The Store Card will not store the following information that will be in the NIR (see Schedule 1 of the Identity Cards Act 2006 for the complete list of information):
    • Every address you’ve ever lived at.
    • Every name you’ve ever been known by.
    • Every immigration status you’ve ever held.
    • Your fingerprints.
    • The number of every official identity document issued to you, such as driving licences, passports, visas, etc.
    • The details of every occasion on which your identity is checked, and thus a record of, for example, each time you register with a doctor/clinic, sign up for benefits, enroll your kids in a state school, open a bank account, apply for a credit card or take out a mortgage (to provide a selection of the situations where the government envisage you needing to provide your identity card to access a service).
« Previous PageNext Page »


© magnacartaplus.org2008, 2007, 2006 [1 December]

variable words
prints as variable A4 pages (on my printer and set-up)

abstracts of documents on UK Acts of Parliament click for news from orientation to orientation button links to other relevant sites links

Powered by WordPress