Report - Guardian

More documents

Recommendations

Info

250 The LSE Identity Project Report: June 2005building up an increasingly dense set of transaction events, across the public and privatesectors, so that the trail could become a general means of tracking and profiling thebehaviour and activities of individuals in society, showing where, when and why anychecks took place.The privacy implications were briefly explored in Commons Standing Committee: 671Mr. Richard Allan: ...Another point that it might be helpful to haveclarified is the scope of the audit trail… Will they form a whole-liferecord? That is the key question. Are we saying that from the momentsomebody gets an identity card, which is going to be fairly swiftly ifthe Government have their way, the audit trail will be kept for wholeof life? If at no point will it be deleted as historic data, the data thatcan be disclosed under clause 20(4) will be potentially intrusive andcomprehensive. The public ought to be aware of the extent to whichthose data will be kept and the circumstances under which they maybe disclosed.Mr. Humphrey Malins: …for how long the audit trail will continue.Will it continue to my death, perhaps 50 years later? By then, whatinformation about me will have been built up on the Register?Virtually all my business and domestic activities, and my travel, willbe on there for people to access. Is there a cut-off point, after a certainnumber of years, when this information will be deleted?...Mr. Des Browne 672 : ... in relation to an individual's civil liberties, Iwould much rather that such information was preserved. I can seearguments why deletion of that information would give a falseimpression of the way in which an individual's information had beenaccessed. Once it was deleted and lost, the fact that information hadbeen abortively accessed on a number of occasions would be lost, andthat might be just the sort of thing that a commissioner would want tocomment on. For clear and understandable reasons, I am not preparedto set out now the parameters for when that information should bestored or deleted. That will develop over time, and it will be a matterfor the commissioner.The Identity Cards Bill (clause 26) provides for the Intelligence Services Commissionerto keep under review the Agencies’ acquisition, storage and use of information from theRegister, and for any associated complaints to be dealt with by the Investigatory PowersTribunal, but neither appears to be explicitly empowered to access any portion of audittrails relating to Agencies’ usage (i.e. a clause analogous to Cause 24(4)). In fact, theBill does not require a comprehensive audit trail of access by intelligence and seriouscrime agencies, or by any other parties. Clause 3 and Sch.1(9) only provides that anaudit trail may be recorded. The analysis below presumes these provisions are671 Identity Cards Bill Standing Committee, Hansard, January 27, 2005,http://www.publications.parliament.uk/pa/cm200405/cmstand/b/st050127/am/50127s02.htm.672 http://www.publications.parliament.uk/pa/cm200405/cmstand/b/st050127/am/50127s04.htm.
The LSE Identity Project Report: June 2005 251unintended omissions from the Bill as drafted, which will be rectified in later legislativestages.The audit trail and the Data Protection Act 1998Under the Data Protection Act 1998, individuals have a general right of access topersonal data held about them. The Information Commissioner has commented inrelation to apparent restrictions on this right of “subject access” in the Draft Bill, that inthe current Bill,“there is no longer any attempt to restrict an individual’s right ofaccess under the Data Protection Act 1998 to certain ‘audit’ or ‘datatrail’ information.” 673The Home Office has even attributed their decision to create such extensive data trailsto “representations from the information commissioner”. 674 If true, this amounts to anown-goal for the national regulator of information privacy, because the consequence ofcreating a dense and perhaps ubiquitous audit trail are a much worse outcome forprivacy than the potential abuses against which it is purported to act as a safeguard.Access of any part of an individual’s entry in the Register (including access to the audittrail) should itself generate a corresponding new entry in the audit trail. Therefore theentries in the audit trail will logically comprise two types of event:- consented or aware : a person presenting their card for online verification, toauthorise use of some public or private service, and concomitant disclosure ofinformation from the Register. This includes occasions when an individualexercises their right of subject access to information held in the Register, anddisclosure of that information to the data subject.- non-consented or unaware : access to the Register without the individual’sawareness and/or specific consent, for example to ascertain identity by means ofmatching with a live biometric obtained after arrest by the police, or checks by apublic or private organisation empowered to do so without notifying theindividual.It is critically important to note that audit trail events of the first kind reveal informationabout the individual’s activities, behaviour and movements, whereas the preponderanceof audit trail events of the second kind record the activities and behaviour oforganisations conducting checks on the Register.Disclosure under a Subject Access RequestUnder DPA 1998, disclosure of information to an individual asserting their subjectaccess right is exempted to the extent it would be:673 The Identity Cards Bill - the Information Commissioner’s Perspective,http://www.informationcommissioner.gov.uk/cms/DocumentUploads/The%20Identity%20Cards%20Bill%20Dec%2004.pdf674 Stephen Harrison’s speech to the Law Society, reported in the Guardian 23 rd March 2004, ‘Government will TrackID card use’, http://www.guardian.co.uk/guardianpolitics/story/0,,1175638,00.html.
Page 1:
The Identity Projectan assessment o
Page 5 and 6:
The LSE Identity Project Report: Ju
Page 7:
Page 11 and 12:
Page 13 and 14:
Page 15:
Page 19:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33:
Page 36 and 37:
22 The LSE Identity Project Report:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
100 The LSE Identity Project Report
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 215 and 216: The LSE Identity Project Report: Ju
Page 259: The LSE Identity Project Report: Ju
Page 262 and 263: 248 The LSE Identity Project Report
Page 315 and 316:
Page 317:
show all

Report - Guardian

Create successful ePaper yourself

Delete template?

Save as template?