Phil Booth cached version 17/01/2019 15:42:33 en What does the government know about you - and have they got it right? <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>Personal data is now used not only to deliver but to deny services, so it's more important than ever to check what's on your records. Here's how.</p> </div> </div> </div> <p><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="// data is watching you.jpg" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="// data is watching you.jpg" alt="" title="" width="460" height="460" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_xlarge" style="" /></a> <span class='image_meta'></span></span><em><a href="">Image: Jeremy Keith/Flickr, CC 2.0.</a></em></p><p>Quite apart from the appalling mistreatment of <span><a href="">generations</a></span> of people, the Windrush scandal highlighted two deep problems about government’s handling of personal data. It confirms the government’s default position is one of disbelief – “guilty until proven innocent”, for some groups at least. And it also confirms that – despite years of experience of the consequences, the government remains utterly cavalier in its stewardship of your data.</p> <p>From the Home Office hunting people down <span><a href="">through their NHS data</a></span> and their <span><a href="">children’s school records</a></span>, to <span><a href="">Google DeepMind’s secret deal</a></span> intending to feed 1.6 million Royal Free Hospital patient records to its Artificial Intelligence project to <span><a href="">Job Centre bosses</a></span> interfering in medical records, and the Department for Education packaging up <span><a href="">students’ personal data for private exploitation</a></span> – as many have learned, “the power of data” is not always benign. </p> <p>Whether <a href="">destroying the Windrush generation’s vital records</a> or <span><a href="">losing 25 million people’s records in the post</a></span>, the consequences of poor information handling practices by Departments of the database state are always damaging to citizens.</p> <p>Concerns will only grow greater, and affect more people, as new laws to legitimise official re-use of citizens’ data come into force; powers that mean whatever information governments holds – from wherever it was collected, and for whatever ostensible purpose – can be used for an ever- escalating number of <em>other</em> purposes from now on.</p> <p>Given that data is used not only to deliver but to <em>deny</em> services, it is more important than ever to know what government knows about you, and how it is using it. </p> <p>Home-grown regulations or ‘codes of practice’ will continue to be the enablers of a whole series of data <span><a href="">scandals</a></span> of proportions. And there’s no evidence to suggest citizens in 2018 and beyond will like such “<span><a href="">surprises</a></span>” any more than they did <span><a href="">back in 2009</a></span>, when Ministers of a previous Government proposed almost identical measures.</p> <p>The Government uses “<span><a href="">ethics</a></span>” to justify whatever it is that officials wanted to do in the first place – no tyrant ever failed to justify their crimes. And, while citing subjective ‘ethics’, it is notable that Government obligations under the Rule of Law don’t merit a mention. How positively Trumpian...</p> <p>We already have laws, and clearly defined rights, that (should) protect us from intrusion and abuse – so why such an effort to frame things in terms of ‘ethics’?</p> <p>We have a proliferation of strategies based on yet more exploitation in the name of “innovation” – a <a href="">UK Digital Strategy</a>, a <span><a href="">Government Transformation Strategy</a></span>, a <span><a href="">Digital Charter</a></span>, an <span><a href="">Industrial Strategy</a></span>, a <span><a href="">Life Sciences</a><em><a href=""> </a></em><a href="">Industrial Strategy</a></span> and ‘<span><a href="">Grand Challenges</a></span>’, and soon a new National Data Strategy, “<em>to unlock the power of data in the UK economy and government, while building public confidence in its use</em>”. But so much of what is already being done with your most sensitive personal data is, as the partial list in my second paragraph above indicates, <span><a href="">unlawful, if not downright illegal</a></span>.</p> <p>Officials assume whatever story their computers contain must be true, and leave it up to you to convince them otherwise – including where they’ve destroyed the very documentation that only they had, that you need to cite.</p> <p>If the Home Office decided to upend your life tomorrow, the Windrush scandal has exposed that its policy appears to be to assume that all ‘evidence’ you provide is false. So what <em>would</em> happen to you?</p> <p>How many mistakes has Government made in your records already? And do you want to correct them, before it’s too late? </p> <p><strong>Check your data today</strong></p> <p>Using currently available tools, this is how you can find out what activity history DWP, HMRC and DVLA hold on you. (These are the places that Home Office looks too.) This applies to British citizens, as well as others resident in the UK – would you receive residency if the Home Office decided you suddenly weren’t British enough? </p> <p>To check: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; HMRC (tax payments): <span><a href=""></a></span>&nbsp; </p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DWP (NI contributions):<span><a href=""></a></span>&nbsp;&nbsp; </p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DVLA (driver’s license): <span><a href=""></a></span></p> <p>To get a copy of your records, you will be asked to use your <span><a href="">‘GOV.UK Verify’ account</a></span> – something you can set up the first time you need one. </p> <p>(Replacing the Home Office’s deeply flawed ID cards scheme – based on the creation of a massive centralised biometric database, and compulsory registration of all citizens – GOV.UK Verify instead uses a small number of certified but non-government ‘identity providers’ to ‘assure’ your identity. You choose the provider, or providers, that suit you to establish your trustworthiness, rather than being assigned an official identity by the government. A process more pleasant than having to convince the Home Office to <span><a href="">spell your name right</a></span> in its files, that it <span><a href="">refuses to show you</a></span>...) </p> <p><strong>What to do if you find mistakes in your data</strong></p> <p>If the information that any or all of these Departments hold about you is wrong, the services linked to above will also tell you how to start the process of correcting it. It may help to know that the helplines they provide are staffed by people who are measured by whether they helped you or not – rather than the more chilling metrics of the hostile environment, under which at least some officials believe their job is to “<span><a href="">piss you off</a></span>”.</p><fieldset class="fieldgroup group-sideboxs"><legend>Sideboxes</legend><div class="field field-related-stories"> <div class="field-label">Related stories:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="/uk/jennifer-cobbe/problem-isn-t-just-cambridge-analytica-or-even-facebook-it-s-surveillance-capitali">The problem isn’t just Cambridge Analytica or Facebook – it’s “surveillance capitalism”</a> </div> <div class="field-item even"> <a href="/ournhs/phil-booth/is-government-telling-us-truth-about-gdpr-and-your-nhs-medical-data">Is the government telling us the truth about GDPR and our NHS medical data? </a> </div> <div class="field-item odd"> <a href="/ournhs/jane-fae/sleepwalking-into-information-grab-by-private-health">Sleepwalking into an information grab by private health?</a> </div> <div class="field-item even"> <a href="/ournhs/phil-booth/your-medical-data-on-sale-for-pound">Your medical data - on sale for a pound</a> </div> </div> </div> </fieldset> <div class="field field-rights"> <div class="field-label">Rights:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> CC by NC 4.0 </div> </div> </div> uk uk Phil Booth Wed, 04 Jul 2018 12:33:42 +0000 Phil Booth 118693 at Is the government telling us the truth about GDPR and our NHS medical data? <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>If you want to make sure your medical data isn’t shared with third parties for unknown purposes, you may need to take action now. Here’s why – and how.</p> </div> </div> </div> <p><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="//" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="//" alt="" title="" width="460" height="227" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_xlarge" style="" /></a> <span class='image_meta'></span></span><em>Image: Yuri Samoilov/Flickr, CCBY licence.</em></p><p>If you happen to visit your doctor in the next few weeks, you may (or may not) spot a new poster or leaflet; they are NHS blue, with a yellow stripe at the bottom, headlined “Your Data Matters to the NHS”. Like all those e-mails you’ve been receiving asking you to opt in to receiving marketing, the poster and leaflet has been prompted by GDPR – but it’s about something rather different, and the choice you are being offered is an opt <em>out</em>, not an opt in.</p> <p>Simply put, if you have concerns about what’s being done with your medical records – who is getting access to them, and how are they being used – you have the right to opt out of uses of your own health information for purposes beyond your individual care.</p> <p>This ‘new’ National Data Opt-out that you may (or may not) hear of is in fact based on one of the old opt-outs, formerly known to doctors and Government as a ‘Type 2’, renamed so that – by 2020, we are told – care providers all across the NHS and care system will be able to see and honour your consent choice about what happens to your medical data.</p> <p>Great, in theory. But in practice?</p> <p>If you do see the poster, and follow the link – it’s <span><a href=""></a></span> – you’re told you can exercise your right to choose using a new ‘digital’ opt out process. Unfortunately, NHS Digital’s new process ignores the reality of many patients’ lives and – despite Government digital guidelines – fails to serve families, or the most vulnerable. So much for bridging the digital divide, and reaching the ‘furthest first’...</p> <p>Notably, too, if your family has children under the age of 13, or if you look after a dependent older relative, then things are even more complicated. Rather than giving a simple instruction to your doctor, those who would prefer their children’s data <em>wasn’t</em> sold to third parties for unknown purposes, will be required to send to NHS Digital, by post, four pieces of ID and documentation along with a seven-page form. So much for Jeremy Hunt’s much-vaunted commitment to a ‘paperless’ NHS</p> <p>So much for the process – what then happens to your information?</p> <p>The poster and leaflet go on to say:</p> <p>“<em>In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.”</em></p> <p>You only have to look at (our slightly more readable version of) NHS Digital’s Data Release Register at <span><a href=""></a></span> to see that little substantive has changed in practice. </p> <p>NHS patients’ data is still being sold to a variety of customers – including for-profit ‘information intermediaries’ which continue to serve commercial customers of their own, including pharmaceutical marketers and private providers.</p> <p>The law, however, <em>has</em> changed. </p> <p>As of May 23rd, the UK has a new Data Protection Act 2018 – replacing the expired 1998 Act and bringing the provisions of GDPR into UK law.</p> <p>NHS Digital, however, holds itself to the Information Commissioner’s old, pre-GDPR, non-statutory Code of Practice on Anonymisation – claiming this allows it to continue to <span><a href="">ignor</a><a href="">e</a><a href=""> 1.4 million patients’ opt-outs</a></span>, as it carries on selling ‘Hospital Episode Statistics’ data. </p> <p>This approach has passed its sell by date; GDPR provides a wider definition of what is ‘identifiable’ data – i.e. data that can be used, including by combining it with other sources of data, to identify individuals, <a href="">even if supposedly anonymised</a>. UK law agrees with this wider definition, at least in theory – and both GDPR and our new Data Protection Act agree that any information about a person’s physical or mental health is <em>sensitive</em> personal data, and requires additional protections. </p> <p>Given that ‘Hospital Episode Statistics’ (HES) consists of ‘patient-level’ lifelong medical histories – each row in the data referring to a single person, with every individually-dated hospital event they experienced linked together using a ‘pseudonym’, and containing many other items of data that can act as ‘identifiers’ – it can count as ‘identifiable’ data under the new law and therefore also sensitive personal data, as medConfidential and others have been saying for years – although <a href="">confusion over the new laws seems to have stretched to the top of NHS Digital</a>, and discussions are ongoing.</p> <p>Why does this matter? Your medical history is like a fingerprint – unique to you, and identifiable by almost trivial means: a mother with two children is over 99% likely to be identifiable from their children's birth dates alone, and <span><a href="">a single news report</a></span> could provide the information required to identify the unfortunate subject’s entire hospital history. A single breach of HES could expose millions of patients’ hospital histories, a disaster orders of magnitude greater than the <span><a href="">loss of the HMRC Child Benefit discs</a></span> in 2009.</p> <p>This also means that, as of May 25th, any <em>customer</em> of NHS Digital receiving full copies of HES is now handling identifiable, sensitive personal data – so if any patient’s opt-out is not being honoured (i.e. if their row of data is not being removed from HES) then, once again, NHS patients are being lied to. You can check for yourself the lists of organisations with projects that ignored opt outs, and those that honoured them, at <span><a href=""></a></span>.</p> <p>Aside from the posters and leaflets, some patients are being written to directly. But only those who already opted out – clearly NHS England is content, as it was in 2014, for large parts of the rest of the population to remain in the dark. (While NHS Digital must write to those patients who opted out already, it is NHS England’s responsibility to communicate with everyone else.)</p> <p>Is what patients are told true? The opt-out should apply to all identifiable data; is that what NHS Digital is doing?</p> <p>NHS England is looking to “empower the patient” by giving already empowered patients marginally more, while ensuring it remains accountable to no-one. For example, aside from “research and planning” uses, how does NHS England itself use data? And can a patient see the list?</p> <p>medConfidential works to ensure every use of patients’ data is consensual, safe, and transparent. Unlike NHS Digital, NHS England has largely avoided writing down who does what with patients’ data and why, and because of that has accumulated a massive transparency backlog. Though they go beyond research and planning, NHS England’s current uses are likely (almost) all legal – but it can’t explain how, and some of its proposed future uses are still obscure. </p> <p>medConfidential believes there need be no conflict between good research, good ethics and good medical care; indeed we are enthusiasts of lawful, ethical medical research. By and large, the standards researchers have to meet mean their use of NHS patients’ data already meet GDPR requirements – the paperwork they have to fill in has helped in that.</p> <p><strong>Commercial deals</strong></p> <p>Many people have concerns about private companies doing data processing for the NHS; cases such as the <span><a href="">illegal deal between Google DeepMind and the Royal Free Hospital</a></span> suggest some caution is justified. The most toxic problem, however, remains commercial <em>reuse</em> by ‘information intermediaries’ – some of which appear in the <span><a href="">list of organisations that have breached</a></span> not only their contracts with NHS, but existing data protection law.</p> <p>Promises about the NHS “<em>always being clear about how [patient information] is used” </em>(that poster again...) ring somewhat hollow, while for-profit companies continue using contractual agreements with the NHS as a figleaf to do work for commercial customers such as Pharma marketers who – <span><a href="">despite promises elsewhere</a></span> that patient information <em>won’t</em> be used for “marketing purposes” – use the information to market to doctors. </p> <p>Patients should know how their information is used if they are to make an informed choice. ‘Your NHS Data Matters’ provides <em>some</em> information about this, but omits some of the more unpalatable truths about what is happening – undermining the important promises it makes.</p> <p>If after checking <span><a href="">what the NHS says</a></span> and <span><a href="">what it does</a></span>, you do have concerns, medConfidential suggests you opt out now. Opting out will not affect your individual care, and you can always opt in later – e.g. when you are satisfied proper protections are in place. </p> <p><em>If you use medConfidential’s <span><a href="">opt-out form</a></span>, your GP data will be covered as well as your hospital data.</em></p><fieldset class="fieldgroup group-sideboxs"><legend>Sideboxes</legend><div class="field field-related-stories"> <div class="field-label">Related stories:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="/ournhs/phil-booth/your-medical-data-on-sale-for-pound">Your medical data - on sale for a pound</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/sleepwalking-into-information-grab-by-private-health">Sleepwalking into an information grab by private health?</a> </div> <div class="field-item odd"> <a href="/ournhs/phil-booth/caredata-is-dead-long-live-caredata"> is dead - long live</a> </div> <div class="field-item even"> <a href="/ournhs/tamasin-cave/tim-telstra-and-tech-takeover-of-nhs">Tim, Telstra, and the tech takeover of the NHS</a> </div> <div class="field-item odd"> <a href="/ournhs/jane-fae/your-medical-data-in-their-hands-concerns-mount-over-new-nhs-it-project">Your medical data in their hands - concerns mount over new NHS IT project</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/caredata-questions-mount-just-wholl-get-our-medical-data"> questions mount - just who&#039;ll get our medical data?</a> </div> </div> </div> </fieldset> <div class="field field-rights"> <div class="field-label">Rights:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> CC by NC 4.0 </div> </div> </div> ourNHS uk ourNHS Phil Booth Mon, 25 Jun 2018 11:47:48 +0000 Phil Booth 118577 at Why BigData is running roughshod over the NHS - and what to do about it <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>The NHS is being treated as both a 'cash cow' and a 'data cow', a string of recent scandals suggest. And now there's another privacy-bashing tech bonanza on the way, as ID cards rise from the ashes of Brexit policy.</p> </div> </div> </div> <p><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="//" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="//" alt="" title="" width="460" height="460" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_xlarge" style="" /></a> <span class='image_meta'></span></span><em>Image: <a href="">Flickr/Jeremy Keith</a>, some rights reserved.</em></p><p>It’s no secret. We all know we pay for the NHS through our taxes. But increasingly we’re also paying for health and care services with the invisible currency of our most sensitive personal data; our medical records.<span>&nbsp; </span> </p><p class="MsoNormal">As data companies insinuate themselves into every aspect of our private lives, in the global Information Gold Rush, we must ensure the founding principle of the NHS – healthcare for all, without discrimination, free at the point of delivery – does not fall prey to the curse of free services: “If you ain’t paying, you <em>are</em> the product.”</p> <p class="MsoNormal">Since long before the controversy, patients have been paying with their privacy, and it’s almost always the companies that define the terms of the deal. </p> <p class="MsoNormal">In a data-driven world, corporations run rings around the analogue administrators of the NHS. They siphon off resources and when it goes wrong simply walk away from their responsibilities – as <a href=""><span>we were reminded this week</span></a> when the NAO slammed the disastrous mess that a part-privatised company made of NHS letters.</p> <p class="MsoNormal">How can Google DeepMind continue copying the data of 1.6 million patients from the Royal Free Hospital, despite having <a href=""><span>no lawful basis</span></a> to do so? DeepMind paid negotiators to go to the meeting; the NHS sent doctors.</p> <p class="MsoNormal">How can <a href=""><span>GP IT provider TPP</span></a> get away with deciding that it knew better than GPs who should have access to GP records – and get away with refusing to implement adequate security measures, even when asked? And then, rather than spending engineers’ time fixing the problem, choosing instead to pay its lawyers, strenuously denying to all who would listen that it had done anything wrong?</p> <p class="MsoNormal">Because – as we’ve also seen in the fallout from the Grenfell Tower disaster – commercial interests are allowed to subvert the public good, whilst politicians and senior civil servants fail to reign in those interests, putting deregulation above people’s rights to safety, privacy, and due care.</p> <p class="MsoNormal">Whitehall and Westminster seem locked into a failed model of ‘cutting red tape’ to ‘liberate’ commercial entities to exploit us as they see fit,<strong> </strong>despite the best efforts of clinicians and public-spirited technical staff. In the world of NHS IT, we’ve seen a long line of<strong> </strong>policy decisions, <a href=""><span>ignored warnings</span></a>, inexcusably delayed action and <a href=""><span>bodged responses</span></a>, such as when the WannaCry ransomware hit the NHS.</p> <p class="MsoNormal">Meanwhile, the announcement last week that ID cards are effectively back on the table as Brexit Britain draws closer, offers the possibility of a massive bonanza for whoever gets the contracts – and a<strong> </strong>massive challenge to the fundamentals of what we believe as a country.</p> <p class="MsoNormal">Having already introduced measures that try to make NHS staff <a href=""><span>hassle </span></a><a href=""><span>brown people</span></a><a href=""><span> for documentation</span></a>, the NHS now faces a three-way stand-off – a ‘Brexit Triangle’. In the simplest terms: does the Department of Health now direct NHS staff to hassle people with ‘foreign accents’<strong>,</strong> or to hassle everyone, or do we simply give in and issue everyone with ID cards?</p> <p class="MsoNormal">Do we want more cases like Dena Bryant – a <a href=""><span>deaf British woman</span></a> who struggles to communicate verbally, who turned up to A&amp;E with an injured arm only to be quizzed about her nationality after staff didn’t think she looked or sounded English enough?</p> <p class="MsoNormal">It doesn’t have to be this way, of course. The other option, the choice we first made 69 years ago today, when – having survived the horrors and deprivations of WWII, and when people’s now-defunct ID card numbers were used to generate the very first NHS numbers – we as one nation chose to all contribute to the provision of universal healthcare, free at the point of use, without discrimination. </p> <p class="MsoNormal"><a name="_gjdgxs"></a>We heeded well the words of NHS founder Nye Bevan, who said: “<span>How do we distinguish a visitor from anybody else? Are British citizens to carry means of identification everywhere to prove that they are not visitors? For if the sheep are to be separated from the goats both must be classified. What began as an attempt to keep the Health Service for ourselves would end by being a nuisance to everybody.”</span></p> <p class="MsoNormal">So what can <em>you</em> do to break the stand-off? While forces far bigger and more complicated than anyone seems to have planned for steamroller on?</p> <p class="MsoNormal">It starts with something quite straightforward: inform yourself, so you can inform others. Get the facts; for, armed with facts, <em>every</em> patient can speak with the authority of their own lived experience of the NHS.</p> <p class="MsoNormal">If you <a href=""><span>have a login for your GP practice’s website</span></a>, go and look at the letters that have been scanned into your record, and count the logos. (If you don’t already have a login for online access, <a href=""><span>here’s how to get one</span></a>.) Then, as your NHS changes over the next few years, do you see more commercial logos or fewer? </p> <p class="MsoNormal">While you’re at it, you may also want to check who’s <a href=""><span>accessed your GP record</span></a>. </p> <p class="MsoNormal">And while everyone’s been distracted by Brexit, the latest reorganisation of the NHS – the “Sustainability and Transformation Plans” – is descending into a divide-and-conquer carve-up. </p> <p class="MsoNormal">With a democratic deficit in the NHS that does Theresa May proud, there is very little scrutiny of the process by which decisions are made locally around which services will be cut – the amounts of cuts having been decided centrally, with minimal regard for <a href=""><span>effects on services</span></a>. (Meanwhile, DH and NHS England still want to copy all your medical records into a <a href=""><span>data lake</span></a>, <a href=""><span>t</span></a>o<a href=""><span> </span></a>m<a href=""><span>i</span></a>c<a href=""><span>r</span></a>o<a href=""><span>m</span></a>a<a href=""><span>n</span></a>a<a href=""><span>g</span></a>e<a href=""><span> </span></a>h<a href=""><span>o</span></a>s<a href=""><span>p</span></a>i<a href=""><span>t</span></a>a<a href=""><span>l</span></a>s<a href=""><span> </span></a>o<a href=""><span>n</span></a> <a href=""><span>a</span></a> <a href=""><span>d</span></a>a<a href=""><span>i</span></a>l<a href=""><span>y</span></a> <a href=""><span>b</span></a>a<a href=""><span>s</span></a>i<a href=""><span>s</span></a>…) How would your experience of NHS care have been affected, had those cuts already taken place? </p> <p class="MsoNormal">Since its inception, reorganisation of the NHS has been an ongoing bureaucratic activity – with the expectation that the public and patients will continue to be passive observers. So, what if the public’s interest were to become an active ally to the Hippocratic Oath: do no harm? As STPs move forwards, whether you wish to be a passive observer of the NHS or not – based on your lived experience and that of your loved ones – is a decision only you can make, and talk about with others. </p> <p class="MsoNormal">If you don’t think your experience matters enough to speak up, who do you believe will speak up for you? </p> <p>&nbsp;</p><fieldset class="fieldgroup group-sideboxs"><legend>Sideboxes</legend><div class="field field-related-stories"> <div class="field-label">Related stories:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="/ournhs/phil-booth/your-medical-data-on-sale-for-pound">Your medical data - on sale for a pound</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/your-medical-data-in-their-hands-concerns-mount-over-new-nhs-it-project">Your medical data in their hands - concerns mount over new NHS IT project</a> </div> <div class="field-item odd"> <a href="/ournhs/colin-leys/how-trustworthy-is-nhs-digital">How trustworthy is NHS Digital?</a> </div> </div> </div> </fieldset> <div class="field field-rights"> <div class="field-label">Rights:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> CC by NC 4.0 </div> </div> </div> ourNHS digitaLiberties uk ourNHS Phil Booth Wed, 05 Jul 2017 08:31:38 +0000 Phil Booth 112099 at is dead - long live <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>Whilst the 'brand' has collapsed, the widespread sharing of your data looks set to expand - and not just in health.</p> </div> </div> </div> <p class="MsoNormal"><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="// brother eyes_0.jpg" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="// brother eyes_0.jpg" alt="" title="" width="400" height="300" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_xlarge" style="" /></a> <span class='image_meta'></span></span><em>Image:&nbsp;<a href="">Flickr/Duncan C</a></em></p><p class="MsoNormal">So is dead. </p> <p class="MsoNormal">It was killed off – not because of ‘<a href="">privacy paranoia’ as Polly Toynbee put it in a recent Guardian article</a> – but because promises from politicians and some of those entrusted with patient data proved to be false.</p> <p class="MsoNormal">But while the toxic <em>brand</em> of may have finally been laid to rest, the Government is pressing ahead with its ‘data-sharing’ plans. </p> <p class="MsoNormal">To understand what happens now to privacy and to the good research that needs to be done, let’s look at the record. </p> <p class="MsoNormal">It took over 2 years to even begin to respect patients’ wishes. There had been no proper planning for what might happen if people took up the offer to opt out. A level of presumption from those in charge towards public sentiment that seems all too familiar.</p> <p class="MsoNormal">We now know that <a href=""><span>about 1 in 45 patients across England opted out</span></a> of having their medical information sold on or shared. That’s a figure roughly equal to the margin of error in every opinion poll you’ve ever seen. Even the census, the gold standard for population data, misses data equivalent to twice as many people. </p> <p class="MsoNormal">Of greater concern to most public health researchers is not the opt-out numbers themselves, but the loss of trust in any health research, due to the government’s failure to guarantee the data from HSISC wouldn’t go to commercial sources who’d misuse them. We now have a situation where genuine health research is impeded even as commercial access to an ever wider pool of data is maintained.</p> <p class="MsoNormal"><span>As <a href="///C:/Users/User/Downloads/.%E2%80%9D%20%20http:/">the Association of Medical Research Charities says</a>:</span></p> <p class="MsoNormal"><span>“People need to feel that they can trust the system to handle their information with care and competence, and respect their wishes. If the public do not trust the system, they will be unwilling to share health information for medical research and this will seriously hinder progress on new treatments and cures of diseases such as cancer, dementia, rare conditions and many more.”</span></p> <p class="MsoNormal">Instead, the announcement that retired the brand was neatly buried under the Chilcot report. </p> <p class="MsoNormal">At the same time, the Government released the Digital Economy Bill – which extends the spirit of across the rest of Government. This is a bill that the Open Rights Group says “<span>is creating the data sharing powers to enable policies that have not been properly outlined or discussed</span>”.</p> <p class="MsoNormal">And at the same time, almost unnoticed, a long-delayed <a href=""><span>review of data security, consent and opt-outs</span></a> in the health and care system was also published.</p> <p><span>The Review suggests removing your existing opt out for GP data going to the HSCIC (page 31). Information you share with only your GP, will be copied into the HSCIC against any wishes you have already expressed.</span></p><p><span>&nbsp;</span><span>But then </span><span>data about you will leave the HSCIC. </span><span>The review also suggests that the opt out covering the very same hospital data that caused so much consternation when it was shown to be sold on and shared – linked, individual-level medical event histories which 1.2 million people don’t want passed on – should simply not apply (page 34). &nbsp;</span></p> <p class="MsoNormal">Even people who are eager for their own data to be used can understand why someone at risk might make a different decision for themselves or their family. <span>"It seems the Department of Health is trying to have it both ways - tell patients one thing and commercial entities the other. </span></p> <p class="MsoNormal"><span>The last data release register from HSCIC contains continued release to commercial companies. One, Beacon consulting, on their homepage, advertise "we help our pharmaceutical clients solve difficult commercial problems". Their commercial access was renewed in the most recent HSCIC data release register.</span></p> <p class="MsoNormal">Those without an agenda see that promising one thing and then doing another will undermine, not rebuild, trust in handling of patient data. But such understanding seems entirely absent in these latest proposals and, yet again, critical planning for implementation will not begin until after the decision has been made.</p> <p class="MsoNormal">So Ms Toynbee can rest assured. The proposal in 2016 is to roll back to the <em>status quo</em>, as if Jeremy Hunt had never been Secretary of State: no meaningful opt opt, even more of your medical information passed on for purposes beyond your care – and, the sting in the tail, overstretched doctors expected to explain all this to patients and get blamed when Government once more changes the rules underneath them. Junior doctors will know what that feels like; anyone concerned with their privacy will soon know it too. But not because those in authority will tell them.</p> <p class="MsoNormal"><a href=""><span>You can respond to the consultation online</span></a><span>.<span>&nbsp;</span></span></p><fieldset class="fieldgroup group-sideboxs"><legend>Sideboxes</legend><div class="field field-related-stories"> <div class="field-label">Related stories:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <a href="/ournhs/jane-fae/caredata-questions-mount-just-wholl-get-our-medical-data"> questions mount - just who&#039;ll get our medical data?</a> </div> <div class="field-item even"> <a href="/ournhs/tamasin-cave/tim-telstra-and-tech-takeover-of-nhs">Tim, Telstra, and the tech takeover of the NHS</a> </div> <div class="field-item odd"> <a href="/ournhs/phil-booth/your-medical-data-on-sale-for-pound">Your medical data - on sale for a pound</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/your-medical-data-in-their-hands-concerns-mount-over-new-nhs-it-project">Your medical data in their hands - concerns mount over new NHS IT project</a> </div> <div class="field-item odd"> <a href="/ournhs/jane-fae/future-of-caredata-hangs-in-balance">The future of hangs in the balance</a> </div> <div class="field-item even"> <a href="/ournhs/jane-fae/sleepwalking-into-information-grab-by-private-health">Sleepwalking into an information grab by private health?</a> </div> </div> </div> </fieldset> <div class="field field-rights"> <div class="field-label">Rights:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> CC by NC 4.0 </div> </div> </div> ourNHS ourNHS Phil Booth Fri, 19 Aug 2016 12:27:10 +0000 Phil Booth 104855 at Your medical data - on sale for a pound <div class="field field-summary"> <div class="field-items"> <div class="field-item odd"> <p>The arbitrary resetting of people’s ‘privacy settings’ is a behaviour one might expect of Facebook, not the NHS.</p> </div> </div> </div> <p class="MsoNormal"><span class='wysiwyg_imageupload image imgupl_floating_none 0'><a href="// data.jpg" rel="lightbox[wysiwyg_imageupload_inline]" title=""><img src="// data.jpg" alt="" title="" width="400" height="300" class="imagecache wysiwyg_imageupload 0 imagecache imagecache-article_large" style="" /></a> <span class='image_meta'></span></span><em>Picture: Flickr / Community Eye Health. Some rights reserved.</em></p><p class="MsoNormal">The government’s announcement <a href="">today </a>that private companies are to be given access to patient data for the princely sum of £1, is just the latest attack on the principles of patient confidentiality in the interests of commerce.</p><p class="MsoNormal">David Cameron signalled the intent back in 2011 when he announced that we are all to be <a href="">research patients by default</a>. Behind the window-dressing of scientific progress, lies a determined new policy on ‘open data’ which is about using your data – including your medical records held by the NHS – in order “<a href="">to drive economic growth</a>”. Under the new regime, your sensitive health information will be taken directly from your GP’s record system and presumed available for a variety of “secondary uses” that go beyond research or your direct medical care. </p><p class="MsoNormal">To enable this, the NHS Constitution has been rewritten and fundamental assumptions such as medical confidentiality are being overturned. In private, officials admit the end state of all this is unclear, but the public language about what is happening to your confidential medical records is carefully chosen to obfuscate and pacify.</p><p class="MsoNormal"><strong>‘Anonymisation’</strong></p><p class="MsoNormal">One of the more misleading half-truths you will hear is that your data will be ‘anonymised’. Quite aside from the fact that NHS England applied for and has now been granted <a href="">exemptions</a> by the Secretary of State to process and pass around patient data in identifiable form, the ‘anonymising’ of data to avoid the rules which would otherwise apply to personal data does not guarantee privacy. </p><p class="MsoNormal">Truly anonymous data cannot be linked or matched to particular individuals. It requires statistical techniques like removing small number counts, adding ‘noise’ or perturbing aggregate data – to minimise the chance that particular individuals can be identified. </p><p class="MsoNormal">The ‘anonymisation’ proposed for your medical information is nothing like this. What in fact will be done is <em>pseudonymisation</em> ­– substituting identifiers such as your NHS number with less identifiable numbers or removing obvious identifiers such as name or address.&nbsp; </p><p class="MsoNormal">This means - along with the cross-matching of data from different sources - means that it will not be hard to apply clever statistical techniques for private companies to obtain data on identifiable individual patients. There has even been a <a href="">suggestion</a> that the NHS would provide this service for companies itself, for a token fee. </p><p class="MsoNormal">Even if this doesn’t happen, a lifelong aggregation of episodes, diagnoses and prescriptions, even if not in themselves rare or unusual, provides a wealth of reference points. Filtered by age, gender or geographical area it is surprising how few of these are necessary to pinpoint an individual. The task is made even easier when data is made linkable to other information gathered in other contexts in a patient’s life. And that is exactly what will happen: ultimately, each person’s social care records will join with their health records in one single, central repository.&nbsp;&nbsp; </p><p class="MsoNormal">As the marketing industry and researchers know, the value of your data lies in being able to make matches; truly anonymous data that cannot be linked is nowhere near as useful or exploitable. </p><p class="MsoNormal"><strong>Consent</strong></p><p class="MsoNormal">Consent means giving your permission. In order to be valid, consent needs to be properly informed and freely given by a competent individual; patients need to know the intended use of their medical information and be able to choose to participate or not. </p><p class="MsoNormal">Most people would agree with the notion of ‘presumed consent’ in the context of their medical treatment. When going to a doctor or hospital, you expect that your information will be shared with other health professionals responsible for your direct care. But this “consent deal” – based in the trust people have in their doctors and the NHS – has been stretched to encompass a whole range of other uses, many of which are obscure or completely unknown to patients. </p><p class="MsoNormal">Dame Fiona Caldicott’s recent Information Governance <a href="">Review</a> refused to support the proposition that - because patients are presumed to trust their own doctor with their medical data - they should be presumed to trust commissioners, too. &nbsp;</p><p class="MsoNormal">Purposes such as medical research – for which most people are happy for their information to be used, so long as they are asked – are being conflated with uses such as patient-level tracking and monitoring, business planning and contract management. The drive to commodify medical records means the default is to make them accessible to more and more people less and less directly related to your medical care, constrained not by the professional duty of confidentiality that most patients presume but only by data protection compliance or contract terms and conditions. </p><p class="MsoNormal">The word ‘sharing’ has become a euphemism for the systematic extraction, processing and disclosure of vast amounts of deeply personal information. Taking something without consent is not&nbsp; sharing. Passing legislation to override doctors’ duty of confidence may make a practice lawful; however it does not legitimise it.&nbsp; </p><p class="MsoNormal">Explicit consent has been replaced by an assumed consent, with opt-outs about which minimal information is provided to patients<a name="_GoBack"></a>. This is not informed consent. Worse still, despite promises that patients who have already opted out will have their wishes respected, new initiatives such as <a name="OLE_LINK1"></a> a <a href="">monthly upload</a> of identifiable data from millions of patients’ GP-held records – mean that hundreds of thousands of people who have already acted to protect the confidentiality of their medical records will be forced to opt out all over again. Assuming, of course, they are even made aware of what is happening.</p><p class="MsoNormal">The arbitrary resetting of people’s ‘privacy settings’ is a behaviour one might expect of Facebook, not the NHS, and it speaks to a deeper erosion of trust.&nbsp; If patients cannot trust that what they say to their doctor will be kept in confidence, some will withhold information – putting not only their own health but the public health at risk.</p><p class="MsoNormal"><strong><em>Like this piece? Please donate to OurNHS&nbsp;<a href=";hosted_button_id=T625S8Z4BN8DL" target="_blank">here&nbsp;</a>to help keep us producing the NHS stories that matter.&nbsp;Thank you.</em></strong></p><p>&nbsp;</p><p class="MsoNormal">&nbsp;</p><div class="field field-topics"> <div class="field-label">Topics:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Democracy and government </div> </div> </div> ourNHS uk ourNHS Democracy and government Big Data Technology and privacy Phil Booth Fri, 09 Aug 2013 12:30:51 +0000 Phil Booth 74649 at Phil Booth <div class="field field-au-term"> <div class="field-label">Author:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Phil Booth </div> </div> </div> <div class="field field-au-firstname"> <div class="field-label">First name(s):&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Phil </div> </div> </div> <div class="field field-au-surname"> <div class="field-label">Surname:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Booth </div> </div> </div> <p><span>Phil Booth co-ordinates medConfidential - campaigning for medical data privacy. For more on how the changes will affect your medical records, visit medConfidential’s ongoing ‘<a href=" ">masterclass</a>’ blog series.&nbsp;</span></p><div class="field field-au-shortbio"> <div class="field-label">One-Line Biography:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> Phil Booth co-ordinates medConfidential - campaigning for medical data privacy. For more on how the changes will affect your medical records, visit medConfidential’s ongoing ‘masterclass’ blog series. </div> </div> </div> Phil Booth Fri, 26 Mar 2010 13:12:47 +0000 Phil Booth 51225 at We must stop Clause 152 <p><em>Phil Booth of NO2ID responds to Anthony Barnett and Henry Porter&#39;s call for suggestions as to <a href="">&#39;what next&#39; </a>in the wake of the Convention on Modern Liberty...  </em> </p> <p>Please write NOW to your MP - <a href=""></a> is a single<br /> click away - telling him or her that you *refuse your consent* to the<br /> arbitrary sharing of your information under any ‘Information Sharing<br /> Order’ and that you want him or her to vote to have Clause 152 of the<br /> Coroners and Justice Bill (currently being debated in Parliament)<br /> *completely removed* from the Bill.</p> <p>If you care about our fundamental rights and freedoms, the time to act is now - before we lose yet another one!</p> <p>For those who don’t have time to read Clause 152, it would enable<br /> any Minister by order to be able to take any information gathered for<br /> one purpose - across the public and private sector - and use it for any<br /> other purpose.</p> <p>All by itself, it is more dangerous than the entire Identity Cards<br /> Act - it literally provides the powers to build the Database State.</p> <p>Please write to your MP *now* - and tell everyone you know about Clause 152, and ask them to write to their MP too.</p> <p><a href=""></a> - “I refuse to consent, stop Clause 152″</p> <p>We CAN stop this. Over to you…</p> uk uk Phil Booth OurKingdom Mon, 02 Mar 2009 12:55:50 +0000 Phil Booth 47430 at Privacy: This is a 'Magna Carta moment' <p><strong>Phil Booth (London, <a href="">NO2ID</a>): </strong>At a conference in Manchester organised by the Information Commissioner twelve months ago, NO2ID raised a wry smile from delegates by handing out pairs of (blank) CDs marked &#39;HMRC&#39;. A year on, it is no joking matter that so little has been done by the government to address the systemic and policy failures - and internal culture - that led to the worst data breach in UK history.</p> <p>In fact, government data breaches are on the rise - a 77 per cent increase so far this year - and almost every branch of government is involved: the Home Office, MoD, NHS, DWP, HMRC again (repeatedly), the list goes on and on. Every week there is another story of more people&#39;s personal details being mislaid, citizens put at risk by a government that not only can&#39;t protect them but which doesn&#39;t seem particularly bothered to do so. The scale of the problem 12 months on is so great that the Information Commissioner himself has quipped that his office is being used like a confessional.</p> <p>This year&#39;s ICO conference, on &#39;Privacy Enhancing Technologies&#39;, may have looked like an event for Data Protection and IT geeks - it was anything but. Speakers included Sir Edmund Burton, the man who conducted the inquiry into the first major MoD breach to come to light, Dr Louise Bennett, chair of the British Computer Society&#39;s Security Forum Strategic Panel and &#39;Building Trust in eGovernment Working Party&#39;, and Dr Steve Marsh who works at the Cabinet Office, the author of the government&#39;s National Information Assurance Strategy published in 2003 (yes, 2003), whose wise words have tragically fallen on deaf ears.</p> <p>Hearing these people speak it was impossible to conclude that the government&#39;s failure is anything other than wilful. It&#39;s lack of appropriate action cannot be excused. In pursuing strategies such as &#39;Transformational Government&#39; it is actively ignoring the advice of people who clearly know what they are talking about, and is breaking fundamental principles in pursuit of a bureaucratic/technocratic fantasy.</p> <p>Most striking were the consistent themes emerging from their presentations:the problem is imminent and serious; rapid, effective action is required;the solution is not just about IT, it is about people, processes and culture change; people at every level must be aware of the risks, must accept responsibility and actively seek solutions; protecting personal information, valuing and preserving privacy and confidentiality (both essential to trust) should be &quot;HOW you do what you do&quot;, not a bolt-on additional task.</p> <p>And it is imperative that privacy, information security and data protection (and they are NOT the same thing) must be taken seriously at Board level in every organisation - private and public - for unless the people at the top take responsibility and are accountable, how can the necessary culture change take place? As Sir Edmund and others said, this is essentially a leadership issue.</p> <p>But what sort of leadership is demonstrated by a Prime Minister who says &#39;we can&#39;t promise to keep your information safe&#39;? Who abrogates responsibility for a bankrupt policy (rampant accumulation and &#39;sharing&#39; of personal data), while continuing to pursue an agenda of state identity control (&#39;ID cards&#39;), mass surveillance (Communications Data database) and centralisation ofsensitive personal records for mere administrative convenience (NHS Care Records and &#39;Secondary Uses Service&#39; (SUS), ContactPoint, and literally dozens of other initiatives)?</p> <p>As NO2ID has said: if you can&#39;t protect it, don&#39;t collect it.</p> <p>The arrogance to even try to shift all the blame onto human or technical error is staggering. The imperious attitude that says, in essence, &#39;we, your masters, shall be the arbiters of trust&#39; is chilling. The fear-driven control freakery intent on fingerprinting and tracking every person in the country throughout their entire lives &#39;just in case&#39; is government out of control.</p> <p>Literary or recent historical allusions are no longer sufficient. It is cliché to say &#39;the Nanny State&#39; has tipped over into &#39;Big Brother&#39; when more young people cast votes in a TV show of that name than turn out in a general election. Comparing our leaders to tyrants is ineffective - these people are not genocidal, their particular dangerousness lies in the fact that they think &#39;we are the good people&#39; while ignoring or suppressing the negative consequences of their actions.</p> <p>No wonder that Sir Edmund Burton, when I asked him a question, thoughtfully replied that this was &quot;a Magna Carta moment&quot;. It is.</p> uk uk Database State Phil Booth OurKingdom email Fri, 28 Nov 2008 13:33:46 +0000 Phil Booth 46897 at The stalker state <strong>Phil Booth (London, <a href="">NO2ID</a>):</strong> The mainstream media has finally woken up to the dangers of the government&#39;s proposed Communications Data database – the detail of which openDemocracy <a href="/blog/ourkingdom-theme/phil-booth/2008/08/25/the-secret-silo-for-your-familys-data">published back in August</a>.<br /> <br /> As National Coordinator of NO2ID I suppose I should be grateful for small mercies. But this hardly includes the thin sugar-coating on the Home Secretary&#39;s speech last week when she described her promised &#39;consultation&#39; on the Communications Data Bill. Hers was a transparent attempt to misdirect the argument. <br /> <br /> The government says it won&#39;t be storing the <u>content</u> of your telephone or internet use, as if that makes it all right. It is however proposing to record – for life – the details of everyone you call or write to and what websites you visit.<br /> <br /> Do you want the State (which in the UK means a large and growing number who can gain access to its systems) to have a record of your religious and political interests, your sexual curiosities, your financial and medical worries, your wider (or narrower) concerns and your special relationships; not to mention a trace of what it reckons ‘you’ have done on your computer even when it is done by someone else? You don’t?<!--break--><br /> <br /> But Jacqui Smith says they are only keeping this information &quot;just in case&quot; it ever become of interest to the authorities.<br /> <br /> Were an individual to spy on you like this, it would be called stalking. Which is a crime. It is not a defence for a stalker to claim, “I was only following her in case she fell over”. The action of continuous snooping is itself recognised in law as a wrongdoing. <br /> <br /> Now <a href="">we hear</a> that the government is considering compulsory registration of all mobile phones. Clearly, this is motivated by the same desire to monitor all communications data in yet a further extension of the stalker state.<br /> <br /> Sometimes, quite often in fact, the government comes up with ideas that are not just very expensive and inefficient and – as with stalking – plain wrong. In addition there are times when it is hard to imagine anything more designed to make matters worse. <br /> <br /> This is a classic example. Registering ownership of a mobile phone with your passport would work only on the compliant. Organised criminals (and terrorists) would have a neat range of options open to them: they could use stolen phones, or buy phones second hand in private deals; they could re-programme the International Mobile Equipment Identifier (IMEI) of the mobile phone handset, and maybe sell such a service to others; they could forge or steal the ID required to buy the phones; bully or deceive others into buying a phone for them (or even just swap phones); use a foreign phone, clone phones or corrupt the supply chain.<br /> <br /> Compulsory registration not only won&#39;t seriously hinder criminals, it may actually assist them and will certainly create a profitable ‘secondary’ market in sub-prime, sliced up fraud. <br /> <br /> Fraud is already enough of a problem with dodgy mobile phone shops or crooked employees getting access to your credit card or bank details, without any need to make it worse. But worse it will become if as now proposed the government forces you to hand over your passport or ID card when you acquire a new blower. Such a law will only fuel more copying, cloning and trafficking in personal data. Fraudsters and organised criminals will be rubbing their hands with glee.<br /> <br /> But, however much it may not work in defending us from crime, terrorism and identity-theft, the problem with arguing against these measures in this way is that it accepts the premise and appears to accept that they are being put forward in good faith. It is a bit like arguing against torture on the grounds that it produces bad information. <br /> <br /> The government’s desire to track and record all digital traces of our lives is an assault on liberty. It is a basic right – yes, a human right – to be free to call whoever you choose, to read, write and watch what you want in your browser without the State keeping tabs on you, and your friends and your connections. <br /> <br /> The government is attacking our right to remain a <u>private</u> citizen. <br /> <br /> Ah, but &#39;if you have nothing to hide, you have nothing to fear&#39; comes the tired refrain…<br /> <br /> Wrong. Dead wrong. Privacy is necessary, many secrets are good.<br /> <br /> Let&#39;s just take a few examples – such as high-level negotiations in either the private or public sectors. Under the proposed system of blanket surveillance, the government of the day may always gain an advantage in, say, pay negotiations or industrial disputes when it can easily identify which union leaders and officials are talking to each other away from the table. The content of the call or e-mail is never the only useful information. In many situations, simply knowing who is talking to who can provide the upper hand.<br /> <br /> And what sort of deterrent to commercial investment in the UK will it be when directors realise that the British state apparatus is monitoring who they and their employees are calling, and when? Or will <u>their</u> communications be given a cosy exemption when the government belatedly wakes up to the fact that trampling on commercial confidentiality is bad for business. <br /> <br /> And for campaigners like me and my colleagues, fighting against this or any future government? Or investigative journalists rooting out corruption within an establishment which will, of course, have back door access? Or a whole host of others whose safety depends on anonymity - are we to be forced into criminality in order to protect our sources and contacts, ourselves and our loved ones?<br /> <br /> You don&#39;t have to agree with everything I&#39;ve said. I certainly hope it won&#39;t come true. But it could, if you simply put up with what the stalker state is trying to do.<br /> <br /> Please <a href="">write NOW to your MP</a> expressing your disgust at this government&#39;s move towards spying on its people continually, and ask what he or she intends to do about it. (N.B. Please write in your own words - it is <u>much</u> more effective.) uk uk Database State Phil Booth OurKingdom Tue, 21 Oct 2008 11:49:17 +0000 Phil Booth 46552 at The secret silo for your family's data <p><em>Those who question the &#39;database state&#39; are often <a href="">accused of alarmism</a>. But what if we were to report that a recent series of announcements show that the government is already spending millions on a vast database that will retain digital copies of all variety of tracking and information about the whole population, our phone calls, bank accounts, commercial records as well as personal ones, and that it is creating the authority and powers which allow it to do this by hiding behind EU regulations which it has inspired, to impliment them without a parliamentary debate? Now read on:</em> </p> <p><strong>Phil Booth (London, <a href="">NO2ID</a>): </strong>Back when Charles Clarke was Home Secretary, not long after the London tube bombings, he pushed EU justice ministers to massively increase communications data retention powers. Terrorism was, of course, at the forefront of everyone&#39;s minds - and frequently referred to by Mr Clarke in his championing of mass surveillance. Other countries such as Germany did not see the need for such wholesale interception of personal phone, text, e-mail and internet usage data. They were overruled.</p> <p>Two years later, this turns out to have been a classic of policy laundering. The EU Data Retention Directive <a href="">(EUDRD) 2006 /24 /EC</a> provides powers to retain communications data, powers which the Home Office intends to take to the limit. Germany, which resisted the exercise, will probably take the minimum 6 months&#39; retention; the UK is taking 4 times as long.</p> <p>Yet again the Home Office refers to terrorism as a prime motivation for the creation of these powers, but the way the information will actually be accessed is through the Regulation of Investigatory Powers Act (RIPA). As we now know, this means it will be made available to the hundreds of official bodies, including those well-known counter-terrorist agencies, our local councils - responsible for half-a-million surveillance applications last year alone.</p> <p>(Don&#39;t forget that the so-called watchdog in this area, the Interception of Communications Commissioner, just recently went on record saying that local authorities are not using their <a href="">RIPA powers</a> enough. He literally called for MORE snooping! The lunatics really are running the asylum.)</p> <p>Since this will be enacted as a Statutory Instrument enforcing an EU Directive, it is unlikely even to be debated in Parliament and, of course, it cannot be amended by our elected representatives. Perhaps this is why the &quot;consultation&quot; is taking place while they are on holiday. Are MPs being treated with contempt because they simply don&#39;t matter? </p> <p>N.B. It should be noted that bugging and tracking genuine suspects in real ongoing investigations is unaffected. What is being developed  is mass-surveillance for the retrospective convenience of officialdom in general: keeping records of everything that <em>might</em> be convenient to know about you and me. &quot;Just in case&quot;, is the justification.</p> <p>At the same time the government continues to plan the building of a massive central silo in which to store all this retained communications data. And, of course, once it&#39;s in the silo (not held by ISPs and phone companies) it may well stay there indefinitely or for as long as they damn well please.</p> <p>Payment for this marvellous snooping toy falls under the Interception Modernisation Programme (IMP), i.e. it&#39;s black money - part of the spooks&#39; undisclosed funding. The Home Office has refused to answer parliamentary questions on the budget, citing national security concerns, but a <a href="">recent article</a> in The Register suggests that a senior official has already been appointed to run the project and that a nine figure sum has been committed, before the thing is even official policy.</p> <p>And this is where things start to join up. In May, Gordon Brown said the Communications Data Bill - which everyone expects to include this central database - would be laid before the Commons prior to the Parliamentary recess. It wasn&#39;t. Now the powers in the EU Data Retention Directive will be forced onto the statute books as a Statutory Instrument, to populate a database already being built with spook cash beyond sight of Parliament. </p> <p>Do you smell something rotten? Even the Information Commissioner thinks this stinks - and he can be a bit of a wet fish himself. But one source of complaint may be stilled. Companies have protested at the prospect of having to keep masses of data and then service the new directive. Hey presto! Here&#39;s a lovely new database to take the burden off big business and put it back on the very people who are being surveilled. Isn&#39;t it wonderful being a taxpayer?</p> <p>The Home Office has the gall to claim that this is all compliant with the Human Rights Act and represents a &quot;proportionate interference with individuals&#39; right to privacy&quot;. Proportionate, my foot! The problem is that - yet again - the Government is playing incrementalism on duration. This time it&#39;s 24 months data retention, instead of twelve. 42 days for your physical body, how long for your digital one?</p> <p>And, of course, as with the deterntion of the innocent without charge, the basic principle is being utterly ignored. They are proposing to abuse the privacy of tens of millions of innocent, law-abiding people by storing and searching their personal connections and communications. You, your partner, your kids, your parents. And the practical reality will be that this new system provides anyone who has access, direct or indirect, with unprecedented powers - cross-referencing and triangulation, profiling and sorting, fishing trips galore. The potential for abuse, misuse and mistakes (leading to miscarriages of justice, or worse) is simply terrifying.</p> uk uk Security Phil Booth OurKingdom Tue, 26 Aug 2008 01:42:25 +0000 Phil Booth 45992 at