[Infowarrior] - 25% of UK databases violate privacy or human rights

Richard Forno rforno at infowarrior.org
Mon Mar 23 18:36:58 UTC 2009 

Right to privacy broken by a quarter of UK's public databases, says  
report

• Rowntree Trust cites DNA database and ID register
• Whitehall told 11 systems out of 46 must be scrapped

     * Alan Travis, home affairs editor
     * The Guardian, Monday 23 March 2009

http://www.guardian.co.uk/politics/2009/mar/23/dna-database-idcards-children-index

A quarter of all the largest public-sector database projects,  
including the ID cards register, are fundamentally flawed and clearly  
breach European data protection and rights laws, according to a report  
published today.

Claiming to be the most comprehensive map so far of Britain's  
"database state", the report says that 11 of the 46 biggest schemes,  
including the national DNA database and the Contactpoint index of all  
children in England, should be given a "red light" and immediately  
scrapped or redesigned.

The report, Database State by the Joseph Rowntree Reform Trust, says  
that more than half of Whitehall's 46 databases and systems have  
significant problems with privacy or effectiveness, and could fall  
foul of a legal challenge.

Only six of the 46 systems, including those for fingerprinting and TV  
licensing, get a "green light" for being effective, proportionate,  
necessary and established - with a legal basis to guarantee against  
privacy intrusions. But even some of these databases have operational  
problems.

A further 29 databases earn an "amber light", meaning they have  
significant problems including being possibly illegal, and needing to  
be shrunk or split, or be amended to allow individuals the right to  
opt out. This group includes the NHS summary care record, the national  
childhood obesity database, the national pupil database, and the  
automatic number-plate recognition system.

The study is by members of the Foundation for Information Policy  
Research, including Ross Anderson, a Cambridge University professor.  
It says Britain is now the most invasive surveillance state and the  
worst at protecting privacy of any western democracy.

It highlights the plight of people who have faced database problems,  
including a single mother anxious that social services would take her  
child if she talked to a GP about post-natal depression, and a13-year- 
old girl left with a criminal record for life because of a playground  
incident.

The authors estimate that £16bn a year is being spent on public sector  
IT, with a further £105bn of expenditure planned for the next five  
years.

Whitehall has admitted that only 30% of public-sector IT projects are  
successful. There are now thousands of databases operating in  
Whitehall. The Serious Organised Crime Agency inherited 500 when it  
was created, and is now attempting to rationalise them into 50 or 60.

Anderson, the professor of security engineering at Cambridge, said:  
"Britain's database state has become a financial, ethical and  
administrative disaster, which is penalising some of the most  
vulnerable [in] society. It also wastes billions of pounds a year and  
often damages service delivery rather than improving it."

Too often computerisation had been a substitute for public service  
reform, with little thought given to safety, privacy or value for  
money. "There must be urgent and radical change in the public-sector  
database culture so that the state remains our servant ,not our  
master ... we have to develop systems that put people first."

The report says children in particular are placed at risk. Three of  
the largest databases set up to support the young are failing to  
achieve their aims, it says.

Terri Dowty, of Action on Rights for Children, said young people had  
never been so measured, graded, monitored and discussed; the level of  
intrusion could not be "justified on the basis of good intentions".

The report raises concerns about the Home Office system, ONSET, which  
gathers information from many sources to predict which children will  
offend. The report says children could be stigmatised by a system that  
contravenes the European convention on human rights.

The Rowntree report says databases given an "amber" light should be  
assessed for their impact on privacy. Sensitive personal information  
should normally only be collected and shared with the subject's  
consent; and datasharing occur only in strictly defined circumstances.  
"The UK needs information systems that support citizens and  
professionals on a human scale, rather than multi-billion pound  
centralised databases used to stigmatise and snoop," said the report's  
co-author, Ian Brown, of the Oxford Internet Institute.

More information about the Infowarrior mailing list