UK Criticised For Surveillance Culture

The UK has failed to control the growth of sucaspaveillance and the misuse of data by public and private bodies, a London meeting heard yesterday.

UK legislation – such as the Regulation of Investigatory Powers Act (RIPA) has been criticised by the European Union, and subsequent legislation shows that government privacy policy does not have the checks and balances of effective scrutiny, said Caspar Bowden, a privacy activist who led the unsuccessful fight against RIPA twelve years ago. Now chief privacy advisor for Microsoft in Europe, Bowden was speaking at the meeting in a private capacity, not presenting a Microsoft view.

Government plans to increase surveillance are defended with emotive language, creating a “visceral” reaction that persuades people to “fall in line with ever greater levels of surveillance,” said Stephen Deadman, head of legal, privacy, security and content standards at Vodafone.

“Our parliamentarians are better than that,” said Jonathan Bamford, an assistant commissioner at the Information Commissioner’s Office, but he warned that privacy advocates can still be labelled as friends of paedophiles and terrorists to dismiss their arguments.

More modern technologies could ensure privacy by using digital credentials, said Bowden, but these will only be installed if governments and companies are forced to use them: “The economics is against these technologies – why install them unless the regulator hits you over the head.”

Although the Conservative Shadow Minister for Justice, Eleanor Laing, promised to give the Information Commissioner more powers if a Conservative government is elected, this did not impress Bowden, who claimed that none of the 200 staff at the ICO have a post-graduate qualification in IT security: “It’s a bureaucratic culture.”

The ICO’s Bamford said the difficulty is that citizens do not care very much: “the public think there is a guardian angel … there is security there to protect them.”

But this move is a government bid to pass the buck to the citizens, according to Dr James Backhouse, reader in information systems at the London School of Economics, who said that campaigns like Get Safe Online effectively say “We’ve done the best we can, now it’s your responsibility.”

This is not good enough, when policy documents such as Digital Britain do not make any reference to concepts like authentication, which are vital to online privacy, said Dr Backhouse.

In other countries, privacy is guarded better, said Dr Backhouse: Germany requires authentication in both directions, so the citizen knows which government department has his data, while Austria’s government has an identity card system which does not share any personal data – instead it provides an anonymous link to sector-specific information.

This article has been updated with further information from Caspar Bowden.