Overlooked - Liberty

More documents

Recommendations

Info

<strong>Overlooked</strong>: Surveillance and personal privacy in modern Britain 105 Parliament to provide protection benefiting those subject to unwarranted media intrusion as well as those who have suffered excessive targeted intrusive surveillance. It is either likely to be so detailed in providing for appropriate breach, defence and remedy as to be unwieldy, or so broad brush and overarching as to add little to the existing Article 8 framework. A disparate concept such as privacy is essentially context-specific. The appropriate legislative and regulatory response to excessive privacy intrusion is best suited to the specific environment in which that intrusion takes place. For example, the closest thing there is to a ‘privacy act’ in the UK, the Data Protection Act 1998, provides regulation specific to data privacy. Therefore, a piecemeal approach to privacy protection would seem the most sensible option. Having said this, it is clear that the range and scope of privacy engagement is increasing to an extent where differing aspects increasing overlap. For example, in the Introduction to Surveillance section, there were a number of references to growing use of data matching and data mining techniques as a response to the increasing data processing automation. Data matching techniques are now being written into legislation such as Part III of the Serious Crime Bill currently before Parliament, while data mining is increasingly being seen as a legitimate tool identifying potential criminality 210 . Although the powers in that Bill are limited to use in criminal fraud investigations, it is likely that the uses of data matching and data mining will expand to cover crime detection generally and possibly into areas other than the detection and prevention of crime. At the heart of data matching and data mining is the identification of information that is in some way anomalous to other information that is being processed. This raises a series of possibilities once such information has been identified. For example, the process is automated and does not (at least initially) involve human intervention. Once an ‘incongruous’ data pattern has been established the issue is how to use the information. The investigating authority will be in an interesting position in relation to what legitimate action might follow. It is unlikely that there will be sufficient reason to launch a criminal investigation from a set of unusual data results. Presumably the data received will be one of many sets that might indicate some form of wrongdoing but equally might be absolutely innocent. Regardless of whether the powers to take further investigatory action exist, there might be very good resource and logistical reasons why human input into investigation might initially remain limited. However, as has been seen in the section on Targeted Surveillance, there were over 439,000 applications for access to Communications Data made under Part I Chapter II of the Regulation of Investigatory Powers Act 2000. As considered earlier, communications data access is available to an extremely wide range of public bodies. It can be self-authorised with the only requirements being that authorisation is in accordance with a range of justifications (including crime detection and prevention) and if the conduct is proportionate to the aim sought. The throwing up of unusual data 210 As summarised in the Home Office Consultation ‘New Powers against Serious and organised Crime’ – ‘For the purposes of this paper, we see data matching as taking two separate data sets with comparable information (i.e. both contain the same types of information, for example names) and cross referencing them to produce matches. These data sets would typically be for mutually exclusive purposes which can reveal where entitlements are being incorrectly granted, e.g. when the same name appears in connection with pension payments and a list of deceased persons. Data mining, on the other hand, uses more advanced software to analyse data in a number of ways. It can be used within data sets to expose fraud, and is particularly useful when there are many variables within a data set, or the sheer volume of data means that automated analysis is necessary.’ http://www.homeoffice.gov.uk/documents/cons-2006- new-powers-org-crime/cons-new-powers-paperview=Binary at page 22
106 <strong>Overlooked</strong>: Surveillance and personal privacy in modern Britain patterns arising from data matching or data mining might not justify or legitimise the use of human surveillance or reference to the police for investigation. However, it is more likely to satisfy the more easily achievable requirements of accessing communications data. ‘More easily achievable’ in this context can be taken to mean both in terms of the legal grounds justifying the accessing of communications data and in terms of the resource that will be necessary to ‘investigate’ further. Once an application for access to communications data has been authorised, this will allow access to email, mobile and phone traffic which might take investigation further. If for example, it appears that a series of calls or emails have been made to individuals who are themselves suspected of involvement in criminal activity, then a greater level of intelligence-led investigation might be considered necessary. If, however the communications data does not reveal any unusual traffic, then no further action might be considered necessary. It is, however, extremely unlikely that the person who had had his or her communication traffic studied will be aware of the fact. The sheer number of applications made coupled with involvement after the event limits any practical involvement of, or accountability to, the Interception of Communications Commissioner’s office. Therefore, one potential consequence of growing reliance on data matching practices might be a ripple effect impacting upon the exercise of RIPA powers. The growth of data matching and data mining practices are also likely to raise issues in relation to the way suspicions are recorded. If a pattern of data throws up an anomaly that results in investigation and possible identification of criminal activity, then it is likely that that pattern will be recorded for future reference as flags indicating some sort of impropriety. However, as any two sets of data pattern are unlikely to be identical the indicators are likely to be quite general in nature. As a consequence any similar data pattern is likely to be ‘caught in the net’ and might warrant further investigation. Again, largely automated processes could have the potential for a ripple effect. Central to the use of data mining and data matching capability will be the holding of mass informational data. This study has focused on the National Identity Register created by the Identity Cards Act 2006 as being potentially the largest and certainly the most topical example of mass information holding. However, this is only one of many examples. As well as other centralised databases such as the Children Index there are numerous centralised records detailing individual finances, benefit entitlements and so on. Meanwhile the growth of data sale such as with Experian’s credit reference database demonstrates increasing reliance on mass data holding in the private sector. The mass of available data is staggering. As has been said earlier, increasing use of automated sifting is a logical method of identifying potential impropriety. Privacy concerns must be considered in the light of clearly legitimate aims of detecting and preventing crime, protecting children, and so on. The legislative framework Ideally, the legislative environment in which privacy issues arise should ensure proportionality and legitimacy of data sharing and other privacy matters. However, it is arguable that the two main privacy acts, the Data Protection Act (DPA) 1998 and the Human Rights Act 1998 (through Article 8) are unable to keep up with, and by themselves provide sufficient safeguards against, information sharing capabilities.
Page 1 and 2:
Overlooked: Surveillance and person
Page 3 and 4:
Acknowledgements I would like to th
Page 5 and 6:
II Overlooked: Surveillance and per
Page 7 and 8:
iv Overlooked: Surveillance and per
Page 9 and 10:
2 Overlooked: Surveillance and pers
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
10 Overlooked: Surveillance and per
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62: 54 Overlooked: Surveillance and per
Page 107 and 108: 100 Overlooked: Surveillance and pe
Page 111: 104 Overlooked: Surveillance and pe
show all

Overlooked - Liberty

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?