Oh dear, so the Maximum Tone’s blown the gaff on one of the worst kept secrets in British politics with his recent missive to 27,000 or so signatories to an anti-ID cards petition on the Downing Street website:
“I believe that the National Identity Register will help police bring those guilty of serious crimes to justice.
“They will be able, for example, to compare the fingerprints found at the scene of some 900,000 unsolved crimes against the information held on the register.”
It goes without saying that the 900,000 unsolved crimes statistic is a load of bollocks, as usual – what the police actually have is 900,000 unidentified ‘marks’ (i.e. fingerprints) from crime scenes, which includes multiple fingerprints from individual crime scenes, partial fingerprints that are useless for matching against the biometric data to be held in the National Identity Register and, of course, unidentified fingerprints that are of no relevance whatsoever the crime that took place at a particular scene.
If all this seems farcical, it’s nothing to the reaction of the opposition parties:
Lib Dem home affairs spokesman Nick Clegg told BBC Radio 4’s World at One: “We were left clearly with the impression that the police simply wouldn’t be able to go on fishing expeditions just with their own say so.”
And…
For the Conservatives, shadow home office minister Damian Green said: “It flatly goes against all the undertakings the government gave Parliament during the course of the bill.
“Obviously it has huge implications for people’s privacy if the authorities are going to be allowed to go on a fishing expedition through the files of innocent people.
“Everyone assumes that fingerprint technology is 100% accurate. And it just isn’t, experience tells us that it’s not infallible.
“With the vast number of crimes involved, it is guaranteed there are going to be miscarriages of justice if the government goes down this route.”
All of which appear to rest on a narrow interpretation of a single comment by Tony McNulty (you might guess that this twat would right in the middle of things):
Mr Blair’s email appears to contradict an assurance given by Tony McNulty, a Home Office Minister, when the legislation was going through the Commons in 2005. Mr McNulty said there were safeguards against state agencies “for want of a better phrase, going fishing in the database”.
Assurances, my arse.
Try reading what’s actually in the fucking bill (or Act as it is now) for a change.
The relevant part of the Act runs from s17 to s21, which covers the disclose of information from the NIR to public authorities (including the police and security services) without the consent of individuals – tell you what, let’s include a few selected highlights:
17 Public authorities etc.
(1) The Secretary of State may, without the individual’s consent, provide a person with information recorded in an individual’s entry in the Register if-
(a) the provision of the information is authorised by this section; and
(b) there is compliance with any requirements imposed by or under section 21 in relation to the provision of the information.
Following which the section goes on to specify who the information can be given to – which includes the security services, the police and HM Revenue and Customs. other government departments and any ‘designated documents authority – and what the circumstances in which they can be given the information; i.e. in the interests of national security, for the prevention and detection of crime and, in the the case of HM R&C for:
(c) for purposes connected with the prevention, detection or investigation of conduct in respect of which the Commissioners have power to impose penalties, or with the imposition of such penalties;
(d) for the purpose of facilitating the checking of information provided to the Commissioners in connection with anything under their care and management, or with any other matter in relation to which the Commissioners have duties under any enactment;
(e) for purposes connected with any of the functions of the Commissioners in relation to national insurance contributions or national insurance numbers;
In short, when it comes to collecting tax and locating people to screw the tax out of, HM R&C have more or less the free run of the NIR system, which is all pretty obvious when you come to think about it.
As for the other agencies mentioned, a designated documents authority, as those with a fair memory may recall, is one where the government has decided that to get whatever official document it is they provide you must also take out or have an ID card. So, in a nutshell, this paves the way for automatic updating of things like the Passport, Driving Licence and Visa systems directly from NIR, plus anything else not expressly mentioned in the Act that the government might add at a later stage by statutory instrument – expect to see things like the Criminal Records Bureau, Registrar of Birth, Deaths and Marriages added by the time it goes live, if its not already been added plus the obvious, if rather more controversial future targets, NHS Medical Cards, UB40s (or whatever the equivalent is these days if its changed) and pretty much anything to do with the receipt of welfare benefits, and the Electoral Register.
That just leaves other government department, who can access your information just so long as its:
for purposes connected with the carrying out of any prescribed functions of that department or of a Minister in charge of it.
Which covers just about anything and everything.
Let’s face it, that last bit is a real piece of work isn’t it? What it amounts to is that if the government finds a new use for your personal data it doesn’t necessarily actually have to pass anything so messy as a piece of new primary of secondary legislation – as long as this new function does not require legislation to enable it, it can just tack it on to the duties of the relevant department and away that department goes.
And even such a new function does require legislation, who’s going to think of asking whether it has an implications for the use of personal data from the NIR? After all, this is all in the Act, as passed by Parliament, and if their reaction to Blair’s email is anything to by then none of the bastards noticed it, having been lulled into a false sense of security by Tony McNulty of all people!
Moving ahead slightly, s18 of the Act covers the specifics of using information from the NIR for the prevention and detection of crime:
18 Prevention and detection of crime
(1) The Secretary of State may, without the individual’s consent, provide a person with information recorded in an individual’s entry in the Register if-
(a) the provision of the information is authorised by this section; and
(b) there is compliance with any requirements imposed by or under section 21 in relation to the provision of the information.
The actual payload in this section is ferreted away in paragraph under a bunch of guff about anti-terrorism legislation:
4) The provision of information falling within paragraph 9 of Schedule 1 is authorised by this section if it is provided-
(a) to a person to whom information may be provided by virtue of any of subsections (3) to (5) of section 17 or is made as mentioned in subsection (2) of this section; and
(b) for purposes connected with the prevention or detection of serious crime.
Let’s clarify a few things first.
Schedule 1 actually sets out what information can be held on the NIR and the persons mentioned in subsections (3) to (5) of s17 are the police, HM R&C and other government departments.
And paragraph 9 of the schedule? Well what that covers is the NIRs ‘Audit Trail’, i.e. the record of every occasion that the NIR is accessed in order to verify an individual’s identity, which amounts to:
(a) particulars of every occasion on which information contained in the individual’s entry has been provided to a person;
(b) particulars of every person to whom such information has been provided on such an occasion;
(c) other particulars, in relation to each such occasion, of the provision of the information.
Although not made explicit, one can safely bet that the particular of ‘every person’ to whom information has been supplied will include the location of that person and the time of verification, and therefore your own location at that time.
This is the infamous ‘tracking system’ – make a credit purchase in Currys which requires to you to provide your ID and the NIR logs your location, etc.
S19 and 20, I’ll skip over briefly.
S19 confers the power to automatically update records if anything is found to be in error or incomplete and facilitates data sharing, so if the info on your tax records is found to be out of date when compared to what’s held by the DVLA, then everything can be brought up to date without you knowing about it, while S20 is a catch all allowing the government to tack on new authorised users subject to secondary legislation.
And that brings us to S21, which completes the deal:
21 Rules for providing information without individual’s consent
(1) Under sections 17 to 20 the Secretary of State may provide a person with information within paragraph 2 of Schedule 1 only if he is satisfied that it would not have been reasonably practicable for the person to whom the information is provided to have obtained the information by other means.
You got that? Paragraph 2 of the schedule covers the following:
(a) a photograph of his head and shoulders (showing the features of the face);
(b) his signature;
(c) his fingerprints;
(d) other biometric information about him.
So any of the agencies specified in s17 can be provided with any of the biometric information in the NIR just as long as its for any of the purposes specified in that section – which includes prevention and detection of crime – but only if it would not be ‘reasonably practicable’ to get it by other means.
So when it comes to fingerprints, it would only be ‘reasonably practical’ for the police to get that information if its already in the police’s own system – and if it isn’t they can get it out of the NIR anyway.
This is all already in the Act as it was passed by Parliament, and while the rest of s21 covers all the different circumstances in which the government may regulate how this information is passed on, by statutory instrument, the core principle – that certain agencies have near free reign to mine the NIR for information for certain specified purposes is already clearly established. All that up for debate is how such access granted place, not whether its granted in the first place and about the most that could be done to stymie this would be for the opposition to throw in an amendment requiring a warrant issued by a court to authorise a police ‘fishing expedition’…
…All assuming that further regulations are necessary to facilitate the specifics of police access to NIR, as it could well be argued by the government that this is already covered in other legislation – such as PACE.
This is all there in the legislation that was put to parliament and approved, and yet both the Lib Dems and the Tories are now acting surprised when it turns out that one of main function of the NIR is going to be for it to serve as a full population, master fingerprint database for the police – just exactly what the fuck are we (the taxpayer) paying these wankers for when they go an miss something as fucking obvious as this when its put right in front of them?
Just exactly what kind of fucking morons have we got in parliament that they fail to ask even basic questions when the whole thing is laid out before them and all on nothing more substantial than a one-line ‘assurance’ from a mendacious twat like McNulty?
Let’s not forget here that the only reason that this Act passed was because Cameron allowed himself to be ‘Sir Humprey’d’ in the House of Lords over the question of whether ID cards should be issued alongside passports right from the off and put out the whips to ensure that a compromise clause went through – and then they claim to have completely missed something like this?
Talk about a complete bunch of morons, or what!
“acting surprised” is the key phrase here. If you read a bill and vote against a bill and it gets passed into law, all you can do to get the public interested is “act surprised” that ministerial statements turn out to be crocks of shit.
We’ve all seen enough of the action in Parliament to know that ministers rarely answer difficult questions directly, and usually (if they’re not too thick) give themselves enough wiggle room to turn black into white. They have the last word.
Given that we’re talking about a government that expects us to believe that introducing tuition fees was entirely consistent with its 2001 manifesto pledge, that McNulty said as much as he did is a bit of a result.
What was the question that prompted McNulty
If all you have is a fingerprint, this is not ‘an individual’. Any request for information would be for ‘information concerning an individual whose fingerprint matches the data provided, if a match is found’, i.e. speculative, i.e. fishing. Until a match is found, there is no ‘individual’ in any legal sense, surely?
Requesting information on the basis of an individual’s fingerprint would require that the requestor has some notion of the individual to whom said finger is attached.
So, in effect, a ‘search warrant’ or special order would be required because it would be a speculative search. Though of course there is always the possibility that the Home Secretary might issue a general order granting a permanent fishing licence.
That aside, the searches are likely to be a nonsense in any case – incomplete and/or smudged crime scene marks to be matched against the flat low-quality prints stored by the IPS will either throw up so many matches so as to be a waste of time, or give a false sense of accuracy when a record appears to be ‘the one’ despite only covering a fraction of the population. Enjoy your 28-soon-to-be-90 days holiday…
The exchange in question (but is an undertaking in a committee binding in any way?) was:
“Mr. Garnier: Access by officials or police officers to the register is clearly going to be an area in which there will be great public concern about the invasion of people’s privacy and private lives. In the current regime, which I am sure that the Government support, if the police want, in certain circumstances, to invade my house, they have to get a search warrant from a court. Does the Minister not think that the same philosophy should apply to coming not into my house but into my private space in so far as it is an electronic representation of my private space?
Mr. McNulty: Again, the police, like other public bodies, even though there is that exemption under the DPA, need to substantiate why they would want to go through somebody’s record in detail. They are allowed to, but not on a fishing expedition. The form of that is elaborated on later in the Bill
DW:
As ever (and this is not necessarily directed at yourself), what blinds people to the reality of the NIR is a lack of understanding of the nature of the technology, particularly when it comes to the nature of biometric data.
A biometric record of a fingerprint is likely to contain two key elements.
One will be a raw image of the fingerprint itself – just a picture of the pattern much as one sees on screen in programmes like CSI whenever they search the fingerprint database’.
The second element will be a record of key features of the ‘pattern’ of the fingerprint, which is a purely mathematical description of the fingerprint.
Again, referring to CSI for reasons of familiarity, this mathematical pattern consists of what is shown as a pattern of points and lines that is overlaid on the image of the fingerprint when it is analysed prior to the database search taking place.
In practice, these mathematical patterns are likely to be, if not unique, then sufficiently close to being unique to substantially reduce the number of actual fingerprints that it is necessary to go fishing through to find a complete match. And as mathematical pattern, it is also very likely that it can be reduced to a short (in computing terms) datastream – a series of numbers similar to what we call a ‘checksum’ – that is suitable both for storage in database and for use as a index key or search term.
If you look at what McNulty is saying, he interprets a ‘fishing expedition’ in terms of public authorities needing to ‘substantiate why they would want to go through somebody
OK, I understand the image-vs-minutiae side of it though that wasn’t really the key point I was getting at – though on this subject, I’d be very interested to know what proportion of the 900,000 marks are of sufficient quality to make a search worthwhile. And subtract the irrelevant ones (good point there, forgot about those), and you are left with prints from the crooks who didn’t wear gloves…
What I’m really on about is more procedural – that in order to identity an individual you would surely have to have an individual to identify? In the sense of ‘what is the identity of this particular individual’ rather than ‘to which individual does this print belong’?
This is why the police will have to use the IPS as a proxy (as detailed by madam Ryan on the radio the other day) – *they* (and not the police) would be conducting the search before coming back with ‘yes we have a match’ and only provide the information from the NIR when the police (inevitably) say ‘gimme’. All very literal by-the-book. So although I might also regard *this* method as ‘fishing’, I guess the law doesn’t…
But I think all of this can probably be bypassed in any case by an order from the Home Secretary declaring that it’s all completely necessary in the national interest, national security, terrorism, think of the children etc etc so whether or not we exactly agree on what it all means is probably a tad irrelevant, more’s the pity.
So I’ll end on basic statements of irrefutable fact 😀
1) The whole thing sucks big-time.
2) Ministerial assurances aren’t worth the hot air they are written on
3) They will only get my fingerprints when they take them from my cold dead hands
Don