Wednesday, November 11, 2009

DNA of innocents to be retained for 6 years

The Guardian may have jumped the gun in reporting 3 weeks ago that the government was dropping plans for legislation on the retention of DNA of people never changed or convicted of a criminal offence. The folks at the Telegraph seem to think that the retention of DNA of innocents for 6 years is still very much on the table.

The general confusion surrounding this type of issue and the interception modernisation programme is likely to be a continuing feature of the briefing and counter-briefing going on, the manoeuvring in preparation for a general election next year by all political parties (and preparation of government officials expecting a change of administration), and the limited time left to the new labour government to implement new laws.  We can expect lots of tough on crime and terrorism proposals from the government and opposition in the run up to the election though.

The Madrid Privacy Declaration

3 November 2009

Affirming that privacy is a fundamental human right set out in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and other human rights instruments and national constitutions;
Reminding the EU member countries of their obligations to enforce the provisions of the 1995 Data Protection Directive and the 2002 Electronic Communications Directive;
Reminding the other OECD member countries of their obligations to uphold the principles set out in the 1980 OECD Privacy Guidelines;
Reminding all countries of their obligations to safeguard the civil rights of their citizens and residents under the provisions of their national constitutions and laws, as well as international human rights law;
Anticipating the entry into force of provisions strengthening the Constitutional rights to privacy and data protection in the European Union;
Noting with alarm the dramatic expansion of secret and unaccountable surveillance, as well as the growing collaboration between governments and vendors of surveillance technology that establish new forms of social control;
Further noting that new strategies to pursue copyright and unlawful content investigations pose substantial threats to communications privacy, intellectual freedom, and due process of law;
Further noting the growing consolidation of Internet-based services, and the fact that some corporations are acquiring vast amounts of personal data without independent oversight;
Warning that privacy law and privacy institutions have failed to take full account of new surveillance practices, including behavioral targeting, databases of DNA and other biometric identifiers, the fusion of data between the public and private sectors, and the particular risks to vulnerable groups, including children, migrants, and minorities;
Warning that the failure to safeguard privacy jeopardizes associated freedoms, including freedom of expression, freedom of assembly, freedom of access to information, non-discrimination, and ultimately the stability of constitutional democracies;
Civil Society takes the occasion of the 31st annual meeting of the International Conference of Privacy and Data Protection Commissioners to:
(1) Reaffirm support for a global framework of Fair Information Practices that places obligations on those who collect and process personal information and gives rights to those whose personal information is collected;
(2) Reaffirm support for independent data protection authorities that make determinations, in the context of a legal framework, transparently and without commercial advantage or political influence;
(3) Reaffirm support for genuine Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information and for meaningful Privacy Impact Assessments that require compliance with privacy standards;
(4) Urge countries that have not ratified Council of Europe Convention 108 together with the Protocol of 2001 to do so as expeditiously as possible;
(5) Urge countries that have not yet established a comprehensive framework for privacy protection and an independent data protection authority to do so as expeditiously as possible;
(6) Urge those countries that have established legal frameworks for privacy protection to ensure effective implementation and enforcement, and to cooperate at the international and regional level;
(7) Urge countries to ensure that individuals are promptly notified when their personal information is improperly disclosed or used in a manner inconsistent with its collection;
(8) Recommend comprehensive research into the adequacy of techniques that deidentify; data to determine whether in practice such methods safeguard privacy and anonymity;
(9) Call for a moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers, and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate; and
(10) Call for the establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions.

3 November 2009
Madrid, Spain

IMP consultation responses published; IMP postponed?

The UK government has published a summary of the responses to its public consultation on its proposed interception modernisation programme (IMP), or as it prefers to call it: "Protecting the public in a changing communications environment".
"The 221 respondents comprised 167 members of the public and 54 organisations including communications services providers, industry bodies, public authorities and campaign groups. A list of the respondents is provided in Annex B.
90 respondents did not address the questions asked but objected generally to the paper, almost invariably on the grounds of opposition in principle to any sort of surveillance. The percentages given below (in relation to each of the questions asked) therefore only relate to the 131 responses which provided a positive or negative response to the consultation’s specific questions. Where the percentages do not add up to 100% the balance is due to answers that addressed the specific question without being clearly negative or positive.
The main themes to emerge in responses were:
• widespread (but not unanimous) recognition of the importance of communications data in protecting the public;
• widespread appreciation of the challenges which rapidly changing technology poses;
• some support for the Government’s proposed ways of meeting these challenges;
• but also concerns about whether the Government’s proposals would be technically feasible or would impose unreasonable burdens on industry;
• some concern about whether the assessment of the balance of costs and benefits of the Government’s proposals was realistic;
• a desire from a number of respondents for greater clarity on why existing legislation and regulations were not capable of meeting the Government’s stated requirements;
• but also a recognition, particularly amongst those involved in the communications industry, that current legislation and regulations relating to the collection, retention and processing of communications data, particularly third party data, would soon need to be updated in light of changing technology;
• concerns about protecting communications data, where both privacy and commercial interests were engaged; and
• calls for more judicial involvement, and greater visibility and public awareness of existing oversight mechanisms, in order to improve public confidence in the way public authorities use communications data to protect them...
Question 1: On the basis of this evidence and subject to current safeguards and oversight arrangements, do you agree that communications data is vital for law enforcement, security and intelligence agencies and emergency services in tackling serious crime, preventing terrorism and protecting the public?
59% of respondents agreed...
18% of respondents answered ‘no’ to question 1...
Question 2: Is it right for Government to maintain this capability by responding to the new communications environment?
Question 3: Do you support the Government’s approach to maintaining our capabilities? Which of the solutions should it adopt?
Question 4: Do you believe that the safeguards outlined are sufficient for communications in the future?
The Home Office would like to thank all those who took the trouble to respond to this consultation.
The Government welcomes the recognition from a majority of respondents of the importance of communications data in protecting the public and that it is necessary to respond to rapidly changing technology in order to maintain this capability. It acknowledges that to improve confidence and trust in the use of communications data, and to demonstrate necessity and proportionality, it needs to continue to explain the importance of communications data, and the impact any loss of capability would have.
The Government will continue to develop the approach it proposed in the consultation document with a view to bringing forward the necessary legislation. In particular, it agrees with the significant view amongst respondents on the importance of safeguards and will ensure that the same strict safeguards that apply today will continue to minimise the potential for abuse and to ensure the safety and security of communications data under any new proposals. This view is strongly supported by public authorities that use communications data on behalf of the public.
The Government will also continue to work closely with communications service providers to ensure that any additional requirements will be feasible and reasonable, and to minimise, as far as possible, any impact on industry."
The Home Office also seems to have briefed some journalists to the effect that they have now decided to postpone IMP leglislation until after the election next year.

Update: The folks at the Telegraph seem to have talked to officials with a different view, i.e. that imp is going full steam ahead.