Wednesday, November 08, 2006

Confoblogging: The NIR and the surveillance that goes with it

Gareth Crossman of Liberty: "The only way the National Identity Register can fight terrorism is if the amount of information on it is increased to make profiling possible." Next up: Simon Watkin. Former head of David Blunkett's private office at the Home Office, he now runs the HO's Covert Investigations Policy team and the ACPO steering group on covert investigation. To put it another way, he's responsible for all the stuff I despise. We shall try to be civil.

"I am currently looking into an anecdote in which a member of a public authority acted in their own interest rather than the public interest," he says. What can he mean? "Public authorities are constantly coming to us, wanting to spy on the public. We say, have you done so in the past? No. So why do you want to? Because, well, we might, they say. That isn't enough."

Interestingly, he suggests that a much more serious criminal offence of abusing private data is needed. That might actually happen; it involves a new crime and more powers, after all.

We now have a panel discussion chaired by Casper Bowden of Microsoft. "We need to think of a new kind of personal data, this behavioural, tracking data, and how we can bring it in front of the user, create an interface for the user to reach into their data shadow," he says. This is a running theme - Hailes also mentioned the lack of a user interface to the embedded systems world.

Watkin suggests that public authorities ought to be subject to a "privacy impact assessment". Not a bad idea. Bowden remarks that it's been tried in Canada, but it will have to be carried out by experts - and independent experts, or perhaps a statutory "privacy regulator." He also points out that with a weak regulatory environment, there is no incentive to make the kind of investment in security engineering required to make embedded, self-organising networks both secure and private.

When I asked him if he thought such an assessment should be required by the government's procurement process, and if in that case he thought the NIR would have passed Main Gate Review, Watkin stated that he tried not to talk about ID cards and that he was not responsible for them, and refused to speak on-the-record.

No comments:

kostenloser Counter