GOVERNMENT'S DATA WOES: FIPR'S PROGNOSIS

As I idle away the holiday hours - and sip my rum punch(es) - I've been doing a bit of browsing and, as it were, catching up on old friends. So I gravitated to the FIPR site, a bunch of people for whom I have an enormous amount of respect.

Their press release of a week or so ago (reported on here by Ideal Government) is such manifest common sense that, in case you haven't yet 'discovered' these inestimable fellows, I reproduce it here in full (my emphasis):

"The Government misses the point on Poynter

RELEASE: 17 December 2007

The Foundation for Information Policy Research (FIPR) believes that the Government's response to the interim Poynter report shows that they just don't understand what has gone wrong. Their refusal to abandon the headlong rush towards Transformational Government -- the enormous centralised databases being built to regulate every walk of life -- is not just pig-headed but profoundly mistaken.

Both Alasdair Darling, commenting on the HMRC fiasco, and Ruth Kelly, telling the House about the loss of 3 million people's personal information, told us that once 'lessons have been learned' and 'procedures tightened' the march to ever-larger database systems will continue.

Before Transformational Government came along, only small amounts of data were lost -- but as the new databases cover the whole population, everyone's affected now, not just a few unlucky people.

Transformational Government means putting all of the eggs into one basket and it is creating:

• The multi-billion pound identity card scheme, to hold data on the whole population;


• The National Health spine, which will make everyone's health records available for browsing by a million NHS workers;


• ContactPoint which will record details on every child in England, with details of their parents, carers and indicators of whether they have any contact with social services. Three hundred thousand people can look that information up;
  
• A universal pensioner's bus pass scheme which will hold the data on 17 million people, and in principle will let any bus driver learn your age and address -- when all that it should record is an entitlement to free travel.

Ross Anderson, Chair of FIPR and Professor of Security Engineering at the University of Cambridge said, "the Government believes that you can build secure databases and let hundreds of thousands of people access them. This is nonsense -- we just don't know how to build such systems and perhaps we never will. The correct way to design such systems is to localise the data, in a school, in your local GP practice. That way when there is a compromise because of a technical failure or a dishonest user then the damage is limited.

"You can have security, or functionality, or scale -- you can even have any two of these. But you can't have all three, and the Government will eventually be forced to admit this. In the meantime, billions of pounds are being wasted on gigantic systems projects that usually don't work, and that place citizens' privacy and safety at risk when they do."

Richard Clayton, FIPR Treasurer said, "Personal data ought to be handled as if it were little pellets of plutonium -- kept in secure containers, handled as seldom as possible, and escorted whenever it has to travel. Should it get out into the environment it will be a danger for years to come. Putting it into one huge pile is really asking for trouble. The Government needs to completely rethink its approach and abandon its Transformational Government disaster.""

WHAT DID I TELL YOU?

You will perhaps have gathered that I actively loathe airports and air travel - the whole sordid process treats you as if you're some bullock on the way to slaughter. Still it does have its compensations of sorts when ... eventually and after all the hassle ... you arrive at your destination. So I'm now enjoying a spot of R&R in glorious sunshine sipping my rum punch and catching up on news from home via the Web.

So, what a surprise! As I suggested in my post yesterday, yet more data security breaches have come to light, this time courtesy of the Department of Health. It is almost as if these revelations are running through each and every government department in turn - first HMRC/DWP, then Transport and now Health. So who will be next?

A few thoughts come to mind, all essentially reflected in the BBC's reporting of this. First, as Norman Lamb says (and I've been saying consistently ever since I started this blog): "The whole culture of data management in the public sector has to change." The comment from Joyce Robins of Patient Care indicates just how serious the current situation actually is: "I think it's the tip of the iceberg, actually, because there's such carelessness within the NHS and it's always impossible to hold anyone to account and find out who's actually done anything." Bear in mind that this position prevails across the whole of government, not just in the NHS. It therefore follows that, to give effect to this essential cultural change, major primary legislation will be required to recast the whole sorry mess for the benefit of both the individual citizen and the public good. Andrew Lansley's comments are equally pertinent: "You have to wonder why on earth it took the Revenue and Customs to lose their discs and for government to institute an inquiry across government for these losses of data to come to light. It does feel like there's a sense in government, all parts of government, that we're required to provide data and we are constantly told that it will be protected, but in reality that level of protection simply isn't there." You can't argue with this - although the Government will no doubt try.

Next, it is to state the obvious but now there really does have to be a moratorium on the development of ContactPoint, the NHS NPfIT and ID cards - if not outright scrapping of all three - until such time as all the flaws in the Government's data security systems have been ironed out. To repeat, this has to start with primary legislation. The various "reviews" initiated by the Great Bottler simply do not cut it. And whatever recommendations they come up with for improving matters will, in fact, be worthless. There is nothing to be gained in overlaying new, more rigorous procedures on a regime that is manifestly broken at its core.

Finally, there is the issue of the timing of the announcement ... just as we're all winding down from the daily grind and getting into proper festive mood. Burying bad news? More than likely! Because what's the betting that the Government knew enough detail about these breaches to have been able to reveal them to Parliament before it rose of 18th December?

As I've said before, this is going to get worse for the Government before it gets better. There will be more data security breach revelations in the coming weeks. And, bluntly, the issue is just not going to go away until they hold up their hands, admit the error of their ways and legislate to resolve it. Even then there's no certainty that whatever our technologically illiterate politicos come up with on that front will in fact make our data any safer.

Tiddly-pom ... back to the rum punch(es)!!!

GOVERNMENT'S DATA SECURITY WOES

Notwithstanding my previous post, this is by way of a small spot of house-keeping. I can't really let the latest batch of the Government's data security breaches (as per here, here and here) pass without some sort of comment.

Happily others have made appropriate noises about them already - notably Dizzy (who else?)(here and here) who makes the eminently sensible and intelligent suggestion of "a proper technology ministry responsibile for all IT and security". Personally I reckon it needs to go a little further than this. There should be a Cabinet-rank Minister, ideally with some level of technological expertise/knowledge (chance would be a fine thing from our current bunch of politicos!!!), with full responsibility and accountability for IT across the whole of Government not just cross-departmentally. The problem here isn't just about data security but about the whole bundle of IT issues (procurement, project development, infrastructure, &c, &c) which suffer from the dread disease of departmental turf ways and unjoined-up Government. As Dizzy rightly says: "As long as we have a disconnected system of IT development and systems in Government then there will always be someone else to blame".

The other part of the problem is that Government's 'wants and needs' from our data, notwithstanding data protection legislation, are (generally) antipathetic to our own. Worse, there is a cultural malaise within policy development in this area that assumes too readily that our interests should be subsumed to an airy-fairy perception of the 'greater good'. In other words, our data 'wants and needs' for our data play second fiddle to those of Government. The vexed issue of who 'owns' data is inextricably wrapped up in this and gives rise to an extremely persuasive argument that this matter - the rights to privacy of and for data - should be addressed legislatively as a matter of urgency. Quite rightly Dizzy also maintains: "Under no circumstances should any personal data be sent out of the country by Government". Again I favour going further than this. We should revert to a principle that has been floating around for some time, trusted third party "info-mediaries". Responsibility for all data administration and management should be stripped away from the government machine and passed to a sensibly funded, independent (of both the public and commercial sectors) organisation (or organisations) (perhaps akin to the ICO) which would be statutorily charged with all data management, ideally on a federated basis, on behalf of the citizen and the government (in that order).

And finally I slightly disagree with Dizzy when he says: "The Government's proposal for jail time for anyone breaching data security is a misdirected solution". He is of course correct in saying that this is "putting a Band-Aid over a gaping gash". Nevertheless, it seems to me that the complete absence of any effective sanction for "reckless" data security breaches is a major contributory factor to the cavalier/indifferent culture that exists on data security within Government. It therefore follows that some form of deterrent could have the beneficial effect of focussing minds on being rather more assiduous about data security. I can't help thinking that this is a necessary part of the solution.

I have one final point to make. Evidently, the Great Bottler is hoping that the scandals surrounding data security breaches will disappear over the coming weeks - which attitude, incidentally, is itself a manifestation of the cultural malaise of which I speak. If I was in his big tent, I wouldn't have all that much confidence in this expectation. What we know is that the Information Commissioner has made it plain that there is a whole bunch of government-held data has gone 'walkabout' - although none as serious as the HMRC scandal (given the scale of that disaster, we shouldn't be surprised by that). Thus far we've only really been told about the DSA breach. So it is reasonable to suppose that news of others will continue to dribble out for quite some time. Quite apart from that, the whole matter will be revisted by the media and Parliament relatively early in the New Year when the various Reports are published. The issue just isn't going to go away. Additionally, all it would take for the whole issue to flare up again in spades - and for the skids to be put almost terminally under tthe Great Bottler's administration - would be a single instance of fraud or identity theft perpetrated as a result of a loss/breach of government-held data. And that, dear friend, continues to be a seriously viable possibility!!!

(Sorry about that.) But still have a happy Christmas.

BEST WISHES OF THE SEASON

It never fails. Perhaps it's psychosomatic or I'm just a hopeless hypochondriac. Along comes Christmas (or Easter - in fact pretty much any high day or holiday where the concept of en famille is involved) and I get struck down by some bug or another. So I've been hors de combat these past few days, hiding under the bed covers feeling like death warmed up, which, needless to say, explains why I haven't posted anything for a while - not that anyone's necessarily noticed!!!

Happily whatever affliction had taken hold is now easing which is just as well because we're off to warmer climes for a few weeks. So posting, if it happens at all, will be very light until well into the New Year.

It only remains for me to convey my very best wishes to all my readers - are there any? - for a very happy Christmas and a prosperous and joyful New Year.

LIBDEMS' LEADERSHIP RACE

So Nick Clegg wins. Well ... whoop-de-doo!

For most (if not all) of us, isn't it just a relief that the 'Snoozeathon' (hat-tip to Iain Dale) is finally over? Actually I think Iain has it about right in that the ultimate 'loser' in this protracted 'watching-paint-dry' exercise is the LibDem party itself. No momentum or traction was generated within either the media (though the BBC did at least try to help them along) or the minds of the general public by the contest. Nick Clegg has ended up with a 'victory' of sorts but, because of the narrowness of the margin, it is decidedly hollow. And, given his lacklustre performance during the campaign, there has to be a real risk that (a la the Great Bottler) he's not really cut out for the intensity of the top job. The party itself, in not giving either Clegg or Huhne a clear mandate, has manifested its natural inclination towards degrees of tribalism and indecision - typically, their Janus-faced instinct of trying to look both ways at the same time has come to the fore.

But, as Iain says, this is not to underestimate Nick Clegg. Although I make no prognosis of potential coalition deals (above my pay grade) it is undoubtedly correct that Clegg has more potential appeal to Conservative rather than Labour waverers. For the Tories that is both a problem and a risk that needs to be addressed. But, for me, the real question has to be what sort of room for manoeuvre does Clegg actually have, given that the narrowness of the outcome shows that Huhne has a viable power-base - and therefore influence over both policy and tactics/strategy - within the party as a whole? Will he find himself somewhat hog-tied by the noises off that, in all likelihood, will emanate from the Huhne camp in the coming weeks and months?

WOMEN'S PENSIONS

There was a very interesting exchange as first business in the House of Lords earlier today - so interesting that I reproduce it in full:

Baroness Hollis of Heigham asked Her Majesty’s Government:
When they will report on their commitment, made during the passage of the Pensions Act 2007 through Parliament, to help women to buy back additional national insurance years.
The Parliamentary Under-Secretary of State, Department for Work and Pensions (Lord McKenzie of Luton): My Lords, the Government committed to look at a range of options to help individuals who have gaps in their national insurance contribution records to purchase additional voluntary contributions. This work is now complete. The options were analysed in terms of fairness, affordability and simplicity. The Government have concluded that none of the options considered passes these assessment criteria and none is particularly well targeted, and therefore have decided to make no changes to the current rules to allow individuals to buy additional national insurance contributions. (So, as per standard NuLabour practice, the commitment we made wasn't the one anybody else thought it was and, even if it was, we're not going to honour it anyway - so there!)
Baroness Hollis of Heigham: My Lords, I am profoundly dismayed by that Answer. In my view, it will not do. (And I'm mightily pissed off that the Government of which I was once a (reasonably) prominent member is behaving in such a shabby way.) Does my noble friend accept that there are coming before the Commons, and therefore to your Lordships’ House in due course, the National Insurance Contributions Bill and the personal accounts Pensions Bill and that, if this House agrees, we will continue to fight to ensure that women who have been carers do not find themselves penalised by going into retirement with an incomplete, poor pension? (And there will be blood on the Government carpet once we've cobbled together a cross-party alliance to defeat them on the issue.)
Lord McKenzie of Luton: My Lords, I well understand the disappointment of my noble friend and others in the House, particularly as she has campaigned so effectively on this issue, but the position is as I have outlined. We should not lose sight of what has happened under this Government in improvements to pensions, particularly for women. For example, the reduction in the number of qualifying years needed for a full basic state pension is 30—a key measure—and, for the first time, paid and credited contributions for caring will be recognised equally for basic state pension and state second pension. (We've done our bit and thrown money at just about everything under the sun; the only trouble is we're beginning to run out of the stuff so we can't afford to pay for this. And frankly we've made such a mess of the economy that it's all going belly up in the next few months.) Those are important developments, but I am well aware that this debate is quite likely to continue with those two pieces of legislation. (And I'm not looking forward to it.)
Lord Fowler: My Lords, does the Minister not remember that when the proposal of the noble Baroness, Lady Hollis, was put to this House it was agreed to by a margin of 179 votes to 86? Surely it is a sensible measure; it gives flexibility and it particularly helps women in retirement. Frankly, the sooner it is done, the better. (The Conservatives will stand four square behind any proposals Baroness Holls may bring forward.)
Lord McKenzie of Luton: My Lords, I am not sure that we on this side should take any lessons from the pensions record of the Conservatives. (I'm getting a bit tetchy so better use this default response; and if things continue to be a bit tricky, I'll have to resort to giving ourselves a glowing report on our record in Government too.) The challenge for the measures was to reach those people whom my noble friend most wanted to reach but not to have to bear the cost of the others. That has been the difficulty. For example, if this is a policy commitment that the Opposition want to take on, let me explain that the option of an extra nine years pre-2010 and six years post-2010 would cost in cash terms a bit short of £5 billion to 2050—net present value, in prices terms, £1.3 billion. (As I've said, we've made such a mess of the economy - and got all our spending priorities wrong - so we can't afford it.) That is the analysis and that is the issue before us.
Lord Davies of Coity: My Lords, is my noble friend aware that, when I became general-secretary of my trade union in 1986, I inherited a situation in which part-time women workers were ineligible for the pension scheme? I not only provided for them to become members of the scheme but I backdated the years of service to ensure that they paid money for those years that they had already completed. (Gizzajob!) I hope that the Government do the same with the national insurance contributions.
Lord McKenzie of Luton: My Lords, pensioners have been well served by this Government. Let us look at the facts of what has happened since 1997. (Phew, a soft ball that I can bat back by bleating about our record.) Currently, only around 35 per cent of women reaching state pension age are entitled to a full basic state pension. When the 2010 changes come in, that figure will be three-quarters and, in 2025, 90 per cent, which will be equality with men. Because of the changes that we have made to the state second pension, 2.1 million carers, more than 90 per cent of them women, and 6.1 million low earners, almost 60 per cent of them women, are included in the scheme, which did not provide for them before.
Lord Oakeshott of Seagrove Bay: My Lords, does the Minister accept that, today of all days, when the Government have finally run up the white flag after their appalling treatment of the 125,000 robbed pensioners, this is the last day to try to defend the indefensible on this issue? I give notice that, along with the noble Baroness, Lady Hollis, we on these Benches will be fighting as hard as we can during consideration of the upcoming Pensions Bill to ensure that people get justice. (Can we join in - in a squeaky voice - and clobber the Government too with our tickling sticks?) Does the Minister not accept that what is happening here is a Labour Government spending billions to help rich people by giving them top-rate tax relief and preventing poor women, with broken work records, from saving for a modest pension?
Lord McKenzie of Luton: My Lords, it must be easy being a Liberal Democrat: you are responsible for nothing and it does not matter what spending commitments you make, as we see far too often. (I'm definitely getting very tetchy now especially as those fluffy LibDems are having a go at me too. Leave me alone. I didn't make the mess we're in and, anyway, this lark of 'defending the indefensible' is above my pay grade. Just leave me alone.) If one looks at who would not benefit from the proposals, one sees that it would be the poorest women, because the poorest women headed for pension credit would lose pound for pound if they were asked to cough up for additional class 3 contributions. The proposals would not help those women who could not get beyond 60 per cent of their spouse’s pension; they would simply be paying in money to no avail. It is not right to characterise it as the noble Lord has done.
Baroness Greengross: My Lords—
Baroness O'Cathain: My Lords—
Baroness Dean of Thornton-le-Fylde: My Lords—

(Can we all join in giving Lord Mackenzie a hard time?)
Noble Lords: The Cross Benches. (See ... self-regulation works!?!)
Baroness Greengross: My Lords, the Government are developing a strategy for carers across the board and I am pleased to be part of that work, but surely it is beyond belief that a group of carers and people who have had caring responsibilities are going to be discriminated against in recouping the pensions that they could have been entitled to if they not taken on that role. (I'm signing up to supporting Baroness Hollis.) Will the Government please reconsider, because this is extremely unfortunate?
Lord McKenzie of Luton: My Lords, I stress again that the challenge has been to reach the very people whom the noble Baroness describes. (They won't notice notice if I repeat the same old garbage; even if they do, time is nearly up so, if I can pad it out just a little bit more ....) That is not possible without great intricacies and complications, which is one of the criteria that we set our face against when we discuss these things in this House. The reality is that the role of carers going forward is significantly improved for the reasons that we gave when we debated the Pensions Bill earlier this year. (Thank God that's over!)

I add only one thought. It is passing strange that, following hard on the heels of trying to make friends of their enemies by enlisting GOATs (for the uninitiated, Government Of All the Talents), the Great Bottler's government cavalierly makes enemies of its erstwhile friends. After all Baroness Hollis was not only a fairly senior Minister for Bliar - though not with an especially Bliar-ite reputation, just solid Labour - but she is also one of the most knowledgeable people on the subject of pensions in Parliament.

The words "trolley, "falling", "wheels" and "off" all come to mind.

WILL GOVERNMENT LISTEN?

Ever reliable, William Heath at Ideal Government gives the Government - and any party (!?!) aspiring to be the next Government (that discounts the LibDems then!) - some sensible and timely advice. His third (stop hiding behind "security through obscurity" and be much more open and transparent) and fourth (implement Privacy Impact Assessments across the whole of Government and its agencies) point are especially important.

Will they listen? Will they heck! But they better - because, if they don't, the current 'disconnect' between the electorate and the political process is going to get a helluva lot worse before it gets better!

MAJOR'S INTERVENTION

I confess that I have a great deal of respect and admiration for John Major. I honestly believe him to be one of that increasingly rare breed in modern politics: a genuinely decent, honest and sincere man. He may have been grey and (not to put too fine a point on it) unspectacular - who can ever forget his 'Spitting Image' puppet - during his period in office but he did entrench the reforms of the Thatcher years without many of which (like it or not) the UK would still be the 'basket case' of Europe (if not the world) and, with that 'legacy', I suspect that, down the line, history will be kinder to his Prime Ministership than the intense criticism it received at the time - and still receives. Remember too that, if he had not won the 1992 election, we would have ended up with the axis of the dread Kinnockios ... and that really doesn't bear thinking about. So, when he does the rounds of the TV studios to opine about sleaze, I actually sit up and take notice. After all, he does know a thing or two about the subject matter!

Of course, his intervention has provoked an entirely predictable rant from the left-wing/New Labour blogosphere (e.g. "Pot, Kettle, Black, Mr Major?" from Kerron Cross). I have no difficulty in them saying that Major's period in office was tainted by various scandals of one sort or another (as Kerron points out, "cash for questions", Edwina Currie, &c). But, in turn, Major is quite right to point out that, while "lots of people misbehaved" on his watch, they did so on an individual rather than a collective party and/or government basis. The difficulties that New Labour - and the Great Bottler - are now facing over sleaze are very much worse because - call it ignorance, incompetence, arrogance (maybe downright criminality) whatever you like - they appear to have infected the machinery of the party at every level - from the Cabinet (Harman, Hain, &c) all the way down to the grass roots and individual donors (i.e. Donorgate). As John Major says, they are mired in sleaze at a systemic/institutional level. And the 'evidence' (in fact, taken over the last 10 years, the list is as long as your arm - the Ecclestone Affair, Mandelson, Blunkett, cash-for-peerages, donorgate, &c, &c) is there for all to see. It's just that it's taken rather a long time for the mud to stick - no doubt partly because of Bliar's undoubted skill as an actor/politician and partly because of a compliant media. So, paradoxically, for the likes of Kerron Cross to be slagging Major off in this way is in fact they themselves indulging in a healthy dose of the pot calling the kettle black!?!

You have to remember too that NuLabour's 1997 Manifesto - yes, I'm that much of an anorak that I looked it up! - contained these pearls of wisdom, most of them from Bliar's foreword:

• "The Conservatives' broken promises taint all politics. That is why we have made it our guiding rule not to promise what we cannot deliver; and to deliver what we promise. What follows is not the politics of a 100 days that dazzles for a time, then fizzles out. It is not the politics of a revolution, but of a fresh start ...";
• "We are a broad-based movement for progress and justice. New Labour is the political arm of none other than the British people as a whole.";
• "Our mission in politics is to rebuild this bond of trust between government and the people. That is the only way democracy can flourish.";
• "We will clean up politics, decentralise political power throughout the United Kingdom and put the funding of political parties on a proper and accountable basis.";
• "There is unquestionably a national crisis of confidence in our political system, to which Labour will respond in a measured and sensible way.";
• "This is the purpose of the bond of trust I set out at the end of this introduction, in which ten specific commitments are put before you. Hold us to them. They are our covenant with you."

This was all of a piece with trying to paint NuLabour as "whiter than white" in contrast with the image/perception of the Conservatives being "sleazy"/"untrustworthy"/"corrupt"/"failing"?&c. And it was a line that was always going to come back to haunt them (a la Viscount Falkland's "power corrupts" dictum); what goes around, comes around. Little wonder that this tripe now sounds so hollow and empty!

Bliar knows this - now that he's moved on to bigger and better things. His acknowledgement that he over-played the sleaze card in opposition is as much (in its own way) an admission of this as it is an attempt to distance himself (in advance) from NuLabour's current woes. You've got to hand it to him. He is nothing if not shrewd - but always aimed at protecting his own back. So, officially, the NuLabour Party itself really has no option - and this speaks volumes about the pile of manure they are up to the pretty little necks in - other than to keep shtum on Major's intervention.

Of course, that won't stop them from trying to spin the narrative over the next few days, even weeks, but I'm uncertain that's going to help them much. The situation (as it did with the Tories in the '90s) has passed the point where the facts of the matter are relevant; regardless of them the perception of sleaze is now firmly entrenched in the public consciousness. So the stark realities they have to face up to is that Major has got it absolutely spot on and they're just going to have to live with the principle of the biter bit.

FREEDOM OF SPEECH

News from the US - where else?!? And definitely a new slant on the word "pottymouth"!

Whatever else one can say about it, at least it's a victory for freedom of speech over political correctness and petty-minded bureaucracy. Pennsylvania can be thankful that District Judge Terrence Gallagher has a fair sprinkling of common sense.

GUILTY UNTIL PROVED INNOCENT

Dizzy has picked up on a truly chilling statistic here. Half a million innocent - innocent, mark you!! - individuals on the UK DNA database? Is that 'proportionate' or what?!?

Of course (although those utter fools who claim they're 'governing' us haven't really got their heads rounds this yet), being on the database is only part of the problem. Then there are all the horrors of who has access and for what purpose (e.g. via the terms of the Prum Treaty - see previous post here).

DUTCH MEDICAL DATABASE LEAKY AS A SIEVE

You will have noticed that I'm not shy in coming forward to slate the UK Government for its abject failure to secure our data and/or protect our privacy. Nevertheless it is important to remember that this is, in fact, a pan-European - if not global - problem (albeit the UK under the tutelage of Bliar and his henchmen has been one of the prime movers to get us into the sorry and parlous state we're now in). So this piece of news from Holland has the dubious benefit of reassuring us that (from the scandalous HMRC fiasco down) we are not alone in having profoundly flawed, if not wholly destitute, government administration systems for our data.

Needless to say I draw no comfort from the fact that we're not the only ones who are having our data strewn all over the place. But it is an indication of the scale of the problem we now face.

ANOTHER STATEMENT OF THE BLEEDING OBVIOUS

Kablenet reports here on recent proceedings of the Public Accounts Committee. It seems that, in giving her evidence, Alexis Cleveland, director general for Transformational Government, (there's some good commentary on this ogre-ish invention of the Bliar/Great Bottler axis here(from Blairwatch) and here and here (from Ideal Government)) concedes that sharing of information/data within Government increases the risk of the security of that data being compromised. I should co-co!!!

What rankles with me is that, despite a bunch of people telling these closeted dip-sticks for the past ten years or so that this is as sure as eggs is eggs, it is only now, after the HMRC cock-up, that they are even beginning to accept this stark reality. More closing the stable door after the horse has bolted! More "you really couldn't make it up"! Honestly, I don't know whether to laugh or cry at the lunacy of it all.

TEBBIT HUMOUR/"SMART METERS"

There was an amusing little exchange between Norman Tebbit and Jeff Rooker - for me two of the place's star performers - in the House of Lords earlier this week:

"Lord Tebbit: My Lords, is it not clear that the Government and Ministers in particular—with the honourable exception of the noble Lord—are doing all they can to save electricity? They seem to be working in the dark all the time.
Noble Lords: Oh!
Lord Rooker: My Lords, no, I am not going to answer that."

I'm not surprised Jeff Rooker didn't want to answer it.!!!

On a more serious note, Jeff Rooker also mentioned "smart meters" during the exchanges: "At present, they are mainly available only for electricity, but apparently displays for gas and water are being developed. They are small, portable, hand-held devices, which can be used in the business or at home, allowing one to read the meter. More important, they can transmit to the energy company the amount of energy used, so estimated bills are not required." (my emphasis). What I'm wondering is whether the category of data that can be transmitted is regulated in any way. If it is not, it is yet another example of how potentially leaky our data security has become.

UNDERSTATEMENT OF THE YEAR? (CENTURY EVEN?)

So the Great Bottler's (ever-so-gentle) grilling by the Liaison Committee throws up this pearl of wisdom from him: "We've got a long way to go" [to develop a coherent Government IT strategy] (reports here and here; interesting to note that the BBC headline uses an 'edited' version of the phrase, "way to go" rather than "a long way to go"!?!). Talk about stating the bleeding obvious.

One other thing is nagging me about the Government's current focus on data security and trying to do something about it. It is all so much closing the stable door after the horse has bolted. And what really worries me is that I'm wholly unconvinced that the Government (or even Parliament) have the wit/capacity/expertise/inclination to (mixing my metaphors) put the genie back in the bottle. There is a very real and chilling prospect that, as of the current situation, we will just have to live with the simple fact that any rights we may once have had to privacy and the security of our data have been irretrievably compromised by the utter incompetence and complacency of those whom were charged with protecting them!!! Scary stuff!

PRIVACY IMPACT ASSESSMENTS

Once again those splendid chaps over at Ideal Government bring us welcome news, this time about the launch of Privacy Impact Assessments by the Information Commissioner (relevant press release available here). As William Heath suggests, ID cards/ContactPoint/eCAF/Connecting for Health/ eBorders/Scottish bus pass scheme for the elderly/&c would almost certainly have fallen foul of the criteria for assessment. And wouldn't we be in a much better situation if PIAs had been prepared for all these things (and more) so that the necessary and appropriate adjustments/amendments to secure our data and protect our privacy could have been made?

What I'm less certain about is what level of compulsion, if any, the ICO can impose so far as the preparation of PIAs is concerned. So let us hope that some bright spark(s) in Parliament and/or Government (I don't hold out much hope that the latter will) manages to get their head round this and has a go at legislating to make it a statutory duty for Government in all its incarnations to prepare PIAs. Were this to happen it might - just might - limit the almost unrestrained opportunities that our lords and masters have of making a complete and utter horlicks of all their IT schemes and creating hugely expensive 'white elephant' projects all over the place.

"WEB PAGES LOST IN THE POST?" OR STOLEN?

As an addendum to Dizzy's post here about his infuriation with mis-addressed html links/dead addresses/&c in Hansard's reports, I offer you this from John Lettice at The Register. As he says, the Government using URLs "that it hasn't even bothered to buy is possibly a new low" even for them.

DATA-SHARING CONSULTATION/REVIEW

Kablenet reports that a new consultation has been launched to investigate data-sharing within the public sector. What makes it (possibly) a little bit more interesting is that "In particular, the consultation will seek real life examples of data sharing, and views on current data protection legislation and safeguards". So anyone affected by the HMRC fiasco - or any other of the Government data breaches that seen to be coming out of the woodwork with alarming regularity at the moment - can presumably pitch in their two pen'worth.

Having said that, I am a little surprised. It would seem that this is part of a wider review of "the use and sharing of personal information" announced by the Great Bottler back in October - i.e. prior to the HMRC mess. Now, call me a cynic (which I am) but such reviews are only really ever organised when their instigator is pretty certain of the conclusions that they will come to and that therefore they will be supportive of the desired/intended policy direction. Currently we have to assume that policy in this area is pretty settled - ID cards, serial weakening of the checks and balances on data sharing within government that have existed up to now (as with, for example the Serious Crime Bill of the last session), the whole Transformational Government agenda, &c. So, what is the point of the review. Is it to achieve post-event endorsement of the already established policy direction? Or is this a coded signal that ID cards really will be for the chop down the line? You choose.

As an aside, I can't help thinking that so many reviews are tumbling from the Great Bottler's fertile/fevered imagination at the moment that it's almost an echo of Bliar's first term in office. If you recall, he - ably assisted by his partner in crime (can't resist that one!), the Chancellor - set up review after review, task force after task force, to investigate just about everything under the sun. It may have created a bunch of cosy sinecures for the supporters but it got bugger all done governmentally or legislatively. In fact I vaguely remember it being said of NuLabour (if a little quietly) that they had been a superb opposition but they didn't have a clue what to do with power once they'd got hold of it - and, if you ask me, they still don't, other than to be comprehensively incompetent dip-sticks. Be that as it may, now that his back is (increasingly) up against the wall, are these the burgeoning signs that the Great Bottler is lapsing back into that mind-set? Could it be that, having finally got hold of the top job that he has craved for so long, he really doesn't have a clue what to do with it? It looks like it to me.

PLOD AT THE DOOR OF No.10 ... AGAIN?

Now here's a thing!

As we know Richard Thomas, the Information Commissioner, has indicated that he is in favour of amendment of the Data Protection Act. Specifically, he is calling for a new criminal offence although quite what form this should take is perhaps less clear. But let us assume that it is wrapped around the phraseology "knowingly or recklessly failing to comply with the data protection principles". That would just about cover all the appropriate bases. And, let us assume that Parliament in its wisdom does in fact put this on the statute book.

Well, we also now know that the Great Bottler, when he was still Chancellor, was alerted to the fact that "data protection procedures governing the child benefit database" were as leaky as a sieve back in 2004 (reports here and here). And yet (so it seems) he chose to do bugger all about it. I know we're talking hypotheticals here but I reckon that sort of behaviour is a pretty good fit with "knowingly or recklessly failing to comply with the data protection principles". In other words, given a law change, the Great Bottler - and, presumably, the current incumbent, Darling - would be in the frame for a visit from Plod, presumably under caution!

You've got to reckon that Nu-Labour, following the indignity of Bliar being the first serving PM to be interviewed under caution over cash-for-peerages, are dead keen not to put themselves in a position where that could happen again - in fact, it'd be worse because I reckon Plod would be interested in the actions of both of the holders of the two highest offices in the land (the PM and the Chancellor of the Exchequer). And so it seems. Certainly it's what I read in to the sub-text of this written answer to Baroness Noakes last week.

But, in reality, this may offer them scant comfort. Those excellent fellows over at Privacy International appear to be seriously contemplating an action against the UK Government even as the law currently stands. Quite right too. Needless to say, their chances of prosecuting such a case would improve immeasurably if you, dear reader, felt inclined to offer your support. So, should you feel disposed so to do, please feel free to contact Simon Davies at simon@privacy.org. I'm sure that for a whole bunch of us there would be no better Xmas present than the prospect of the Great Bottler and his sidkick, Darling, having a little visit from the boys in blue!!!

PNR (PASSENGER NAME RECORD) DATA/THE PRUM TREATY

(I apologise. I'm so incensed by this subject that I've (possibly) got a bit carried away and this post has ended being rather longer than I intended. It's still worth reading though, trust me.)

I've said previously that I would post something about PNR data and, as it happens, a decent/appropriate 'hook' has arrived in the shape of a truly chilling and scandalous debate in the House of Lords this past Thursday. It was a 'doubled-up' debate on two Reports - one on PNR data and the other on the Prum Treaty, a subject I was not particularly familiar with but which looks, at first blush, as if it could be even worse than PNR data - from the European Union Home Affairs Committe and I invite you, dear reader, to digest it at your leisure - and the original Report(s) (PNR data here and the Prum Treaty here) together with the Government's Responses (here and here respectively).

Given the importance of the subject matter, it was disappointing (to say the least) that there were so few speakers - and that tells its own story about the quality of scrutiny to which the current government is subjected - although, to be charitable, it could be that the business managers deliberately scheduled the debate for late on a Thursday when the vast majority of the old duffers have already quit the asylum for the week-end. Mind you, the membership of the Upper House (with one or two notable exceptions) isn't exactly renowned for its grasp of matters technological and that may have had something to do with it too. In these circumstances, those who did participate (Lords Wright of Richmond, Jopling, Harrison, and Marlesford, and Baronesses Ludford, Harris of Richmond, and Neville-Jones) deserve an especial honourable mention in despatches, not least because, to a man, they gave The Admiral (Lord West of Spithead and the Minister with the dubious honour of responding to the debate) a right royal mauling and roasting (albeit in a very lordly way). I almost (but not quite) feel sorry for the old sea dog having drawn the short straw on this one - surely not what he expected when he decided to draw the Government's shilling.

Now many people will imagine that PNR data is just one of those rather arcane and esoteric things that governments do - the standard "nothing to hide, nothing to fear" argument. But anyone who's travelled to the US and experienced the US-VISIT data collection programme first hand will know that the variety and extent of information required (including credit card details,&c) is profoundly intrusive, if you will an extensive 'electronic footprint' of the indivual concerned. Speaking for myself, I'm not at all sanguine about governments compiling such extensive information about me, partly because of their staggering incompetence in administering and securing that data (viz: the HMRC debacle) and partly because, in fact, I have a prior and enforceable right to privacy, a right which is constantly being salami-sliced by government, the very institution that should have, as one of its primary responsibilities, the duty of protecting it!

Manifestly use of PNR data is a circumstance where the right to privacy is being serially compromised and emasculated. I won't regale you, dear reader, with a full history of the whole sorry saga. By all means, read the debate and the Reports(s) for that sort of detail and draw your own conclusions about how we've arrived at the ordure we're now in and who/what is to blame for getting us there. (Wendy Grossman has a v.useful analysis of the whole shambles here.) It is enough to say that those ham-fisted EU negotiators have managed to botch the agreement with the US so that we now have fewer data protection safeguards than previously. Incidentally, Lord Wright of Richmond was explicit about this; in the debate he says:

"the worst possible conclusion would be an agreement that again was accompanied by a letter allowing the United States to disregard its provisions almost at will. Yet this is precisely what emerged in July from the negotiations."

QED.

In addition - and this is one of the things about all this that really makes my blood boil - the agreement is almost certainly of questionable legality. I'll give just two examples. First, as I understand it, UK data protection law (derived from an EU directive and so the same provisions should apply at the pan-European level) requires that processing of data must be limited to the purpose for which it was originally collected. The singular purpose of the US-VISIT programme at its inception was as a counter-terrorism measure - and, in fact, there are exemptions (what a surprise!) on the face of the DPA allowing processing for the purposes of national security, &c. So far so good. But, over the years, that hoary old chestnut 'function creep' has sidled on to the scene. So the new agreement with the US seems to allow processing for general crime, 'communicable diseases', &c purposes, that is to say a whole bunch of things way beyond what was originally intended by the programme itself and way beyond what appears to be sanctioned by EU-wide data protection law. Secondly, there is a general presumption in law that our data will not be sent to third party countries where the data protection regime is weaker or inferior to the standards established in the EU - although again I think there may be an exemption for national security. The US is such a place and it follows therefore that there should be a presumption against the transfer of data there for general processing purposes. But this is precisely what the new agreement allows for. Needless to say there are other areas where the agreement may well breach the spirit, if not the letter of the DPA. Little wonder therefore that the European Data Protection Supervisor and national data protection authorities have been so lukewarm about the subject. As Lord Wright of Richmond puts it:

"Our views were and are shared by the equivalent committee of the European Parliament, by the European data protection supervisor and his deputy, who gave us written and oral evidence, and by the working party of national data protection supervisors, which, of course, includes among its members this country’s Information Commissioner, Mr Richard Thomas."

To cap it all, our lords and masters (throughout the EU) appear to imagine that a letter - a mere letter, for crying out loud!!! - from the US Department of Homeland Security (presumably this one) is an adequate legal foundation for the whole agreement. No legally enforceable treaty, no memoranda of understanding or what-have-you. No, just a letter! So, if we, the citizens of the EU, fall foul of the programme for any reason, we are expected to rely on the reassurances contained in this letter (and I wouldn't mind betting it's not worth the paper it's printed on) as our means of legal redress. And the Admiral's take on all this? Well, when asked during the debate by Baroness Ludford whether this letter was "legally binding" his reply was: " ... perhaps I may get back in writing to the noble Baroness on that specific point. I am not clear on it myself." WTF?!!? He's a Minister of the Crown, for heaven's sake. He should know the answer to such a basic question. And, if he doesn't, what on earth is our Government up to entering into an agreement with a foreign power when it's not even certain of its legal efficacy? You couldn't make it up!

Of course what makes all of this so much worse is that the whole sorry mess has been stitched up behind closed doors. Both the EU/US agreement on PNR data and the Prum Treaty were achieved (Lord Wright of Richmond again):

" ... with no consultation, no explanatory memorandum, no impact assessment, no overall evaluation of the operation of the treaty, no estimate of the cost to member states and minimal involvement of the European Parliament and national parliaments."

No, the power-crazed gauleiters within both the Commission and the governments of the Member States have just decided that the agreement, with all its manifest failings and flaws, is good for us so we have to like it or lump it. As Baroness Ludford puts it:

"Governments, Ministers and national officials are giving themselves arrogant licence to do what they like and then try to pull the wool over our eyes."

Now, even those who view the collection of all this information with equanimity should be able to concede that this is unacceptable. It is just so profoundly undemocratic.

But (and I find this almost impossible to credit) it gets worse. Not content with comprehensively screwing up the agreement with the US, in their arrogance our lords and masters have concluded that they would like their own VISIT-type programme to play with. According to this article from John Lettice in The Register, a Framework Decision has already been made (on 6th November) with the intention of implementing an EU-wide version of the US-VISIT programme, possibly even extending to internal flights (something that was first mooted by the UK Presidency of the EU in the wake of the London bombings back in 2005; i.e. the UK Government's fingerprints are all over this shoddy state of affairs). (Of course this could explain why the bungled EU negotiations with the US were so inadequate and pusillanimous!) Nor is this idiocy confined to the EU. Those excellent chaps over at Privacy International have been up in arms about the fact that the Japanese Government is pulling the same trick.

Now, don't get me wrong. I fully recognise that there is a legitimate argument in favour of harnessing the power of IT (and especially databases) for the purposes of the greater good - specifically in this instance countering terrorism. I can even recognise that the requirements of national security might necessitate witholding organisational details of any programme set up for such a purpose. But others have said this before me - and far more eloquently. The whole point about fighting 'The War on Terror' (their words, not mine) is to protect our rights and liberties. But the palaver surrounding PNR data is a classic example of those rights and liberties being ridden roughshod over, if not trampled underfoot. The fundamental point is that the underlying policy that gives effect to PNR data programmes has to be subject to public consent. It has to be open to scrutiny and fully transparent and accountable. If it is not, it is utterly draconian and, in terms, permits 'the terrorist' to claim some form of victory. Bluntly, why should we expose ourselves to what amounts to unacceptable risk and inconvenience (in respect of the data about ourselves) without some say, however small, in the matter?

It is not as if the utility of PNR data is a given. As Privacy International point out in their letter to the Japanese Government, belated and limited scrutiny of the US-VISIT programme has revealed that, amongst other things:

• "expenditures continue on projects that 'are not well-defined, planned, or justified on the basis of costs, benefits, and risks';


• "'management controls to identify and evaluate computer and operational problems were insufficient and inconsistently administered';


• "'contracts have not been effectively managed and overseen';


• "security 'weaknesses collectively increase the risk that unauthorized individuals could read, copy, delete, add, and modify sensitive information, including personally identifiable information'; and


• According to the chairman of the U.S. Senate Homeland Security Committee, Senator Joseph Lieberman, the U.S. government 'is spending $1.7 billion of taxpayer money on a program to detect potential terrorists crossing our borders yet it isn't taking the most basic precautions to keep them from hacking into and changing or deleting sensitive information.'"

Nor in fact is the output of PNR data programmes especially useful. As John Lettice points out - and I've no reason to doubt the figures - "out of 63 million visitors [subject to the US-VISIT programme] the DHS detected a whole 1,200 criminals and immigration violators. It is also thought that one person was detained in connection with terrorism, but it's not known what crime, if any, might have been involved, and what happened." In other words, so far as the primary purpose of the policy (i.e. countering terrorism) is concerned there is a 1 in 63 million chance that the system will throw up what might just, conceivably, be a positive and/or useful result. (As an aside, there is a read-across here to the UK Government's plans for ID cards as the total registrable population will be round about this sort of number. And, as I've blogged previously in the context of the IPS database, this raises the spectre of any PNR database - mark you, it would be pan-European rather than just being confined to the UK- being used as a substitute for the National Identity Register should ID cards be scrapped.) Now, I ask you, dear reader, whether you can discern any sort of proportionality in this sort of outcome?

All in all this sorry mess confirms for me beyond peradventure that I am right to be profoundly distrustful of letting the Government manage or administer my personal information in any way whatsoever. And I can't help feeling that it serves as a stark metaphor for so much that is wrong with the political process in our modern age. If governments are going to be so contemptuous and disdainful of its citizens and their legitimate rights as this sordid saga suggests, is it any wonder that they feel provoked to return the favour? Against the background of this sort of behaviour, purportedly acting in our 'democratic' interest, I say enough is enough and a plague on all your houses!!!

Footnote: A few days prior to the debate, the Admiral, in a written answer, referred to "travel document information" and "other passenger information" (with the acronyms "TDI" and "OPI" respectively) in the context of the UK's e-borders scheme. Now I've no idea whether these are an enitirely ne invention, equivalent to PNR data, or whatever. But it does seem like a classic way of muddying the waters by giving and old (but discredited) 'friend' a new nickname!

YAWN - LIB/DEM LEADERSHIP RACE - YAWN

So Vince (Vincent Price) Cable tells us the outcome of the Huhne/Clegg love-in - like me, aren't you just gagging to know the result? (I jest!!!) - is "very close".

Translation: "It's all been such a frightful, tedious palaver. Can't we just call it an unedifying 'bore draw' so that we can all get a life and leave the politics to those big boys in the Labour and Conservative parties?"

THE CROSBY REPORT

Those estimable fellows over at Ideal Government have recently posted this little gem.

Now, call me a hopeless cynic but I reckon the answer from Andy Burnham means that:

1. The Report has in fact been read by Ministers - and the Great Bottler himself in particular - and so, to all intents and purposes is ready for public consumption. But they are resisting publication because ...


2. It is a savage indictment of the architecture that the Government are currently proposing for their ID card scheme.

i.e. William Heath's take on it is absolutely spot on.

But, as I posted earlier, I am less certain that his 'seasoned Whitehall-watcher' has necessarily got it right in supposing that the Report is destined for some hinterland of long grass deep in the bowels of the Treasury. Rather I think that the Great Bottler reckons the Report may yet prove to be a potential ace up his sleeve.

Whatever else he may be he is a mightily shrewd politician - after all he commissioned the Crosby Forum in the first place when still Chancellor and you don't go to that trouble unless you're 90% confident that it will say what you want. Even then he will have actively considered the electoral downside of running with the ID cards project. His plan therefore was to make sure he had a get-out in place just in case the whole ID cards palaver went belly-up. Of course he can't have reckoned that, on the margins of the HMRC fiasco, it would do so quite so spectacularly. So at the moment his hands are tied because - call it control-freakery, hubris, pride, whatever you will - he can't take the risk of being controlled by events.

Nevertheless, timing is all. So, down the line when his political weather is a little bit sunnier and (always assuming if) he has regained some measure of control, he may well pull the proverbial rabbit of the Crosby Report out of the hat to justify scrapping ID cards, particularly if the prevailing winds tell him that to do so would be politically/electorally advantageous.

We shall see but, if nothing else, it's good to see David Davis sniffing around the issue - at least someone in Parliament is!

"DANCING ON THE EDGE OF DOOM"

The BBC reports on the Millennium Dome's insolvency here. This doesn't really tell us anything we didn't already suspect - or know. But the comment of Mike O'Connor, the head of the Millennium Commission at the time - "We always felt like we were dancing on the edge of doom" - seems weirdly appropriate to the parlous times that the Government currently finds itself in.

With the Great Bottler presiding over disaster after disaster (N.Rock, datagate, donorgate, &c) - most, if not all, of their own making - and white elephant after white elephant (ID cards, the NHS super-computer, ContactPoint, &c) leeching funds from the public purse, Ministers (and the Great Bottler himself) could perhaps be forgiven for approaching their cornflakes every morning with a certain unease. As I say, they must feel, in their heart of hearts, some semblance of this sentiment, that politically/electorally/financially/&c their administration really is "dancing on the edge of doom".

Update: Are you thinking what I'm thinking? Guido seems to be with his post today, "Government of All the Clowns". He quotes left-winger, John McDonnell MP:

• “I think we’re in a mess. I think people are demoralised. I think Labour party members can’t understand how we’ve got in this mess. I think Gordon has shown, to be frank with you, ineptitude on a number of issues and so have some of the people around him.."

If that's not a "dancing on the edge of doom" sentiment, I'm not sure what is!

DATA SECURITY: GOVT'S TRACK RECORD

Further to my previous post, I've been doing a little research. It would seem that (some of) the various legislative changes to the data protection/security regime that Richard Thomas is currently calling for have in fact already been before Parliament.

Back in March of this year in the House of Lords various amendments were debated in the context of the Serious Crime Bill aiming to strengthen the hand of the ICO vis a vis data protection/security. In fact, on 30th April and again on 9th May Baroness Anelay (now Opposition Chief Whip in the Lords but Home Office spokesman at the time) moved specific amendments (relevant debates available here and here) to ensure that the information commissioner would have the right to carry out assessments of data processing on his own volition. And, on 18th and 25th June respectively, Baroness Noakes (Opposition Treasury spokesman) and Earl Northesk initiated debates (here and here) on a similar provision on the face of the Statistics and Registration Service Bill.

In both cases, the Government rejected the amendments pretty much out-of-hand, although (it being the House of Lords) with some small measure of elegance. No surprise there then! Now, I'm not saying that, had they been accepted, the HMRC fiasco wouldn't have happened - though it might have made it less likely. Rather it is illustrative of the culture of complacency and indifference with which government thinking about and policy development of the needs of data security and protection is infected.

In passing I can't resist a barbed dig at the Lib Dems about this. Rationally this whole issue should be their natural territory but, in parliamentary and legislative terms, they give the impression of being completely unsighted about it. Instead - and happily - the Conservatives are making all the running on it with the 'yellow perils' being merely followers. It does beg the question as to what the Lib Dems are actually for if they can't be bothered to prosecute those matters that should be dearest to their hearts and underlying political philosophy. So, reckoning that the Conservatives in the House of Lords have a bee in their collective bonnets about this, is there a realistic prospect that they might introduce a PMB in the near future?

ONGOING DATAGATE FALL-OUT

As The Register' John Oates reports, Richard Thomas was giving evidence to the Justice Committee in the Commons yesterday. He specifically calls attention to this comment from the ICO's head honcho: "... several [Government] departments have come to see us on a confessional basis, ..."

Chilling stuff and - as if we didn't already know - indicative of wholesale systemic failure of data security arrangements and protocols not just at HMRC but across the whole panoply of Government. And which departments (I reckon the DWP is a likely candidate) have been donning their hair-shirts and pleading mea culpa? Perhaps more importantly, shouldn't these departments be making these confessions to us directly - more than likely it's our data at risk - rather than skulking off to the ICO with their tails between their legs perhaps in the hope that their laxity and incompetence will get conveniently swept under a carpet?

A further article from The Register (John Oates again) reports that Richard Thomas also insisted that his "his budget was insufficient and his powers too weak". In fact I was appalled to read that, whereas the ICO gets a total of £10m annually (essentially from registration fees), the Health & Safety Executive gets £890m - bet that makes Dizzy Thinks utterly apoplectic, given his loathing of the HSE - and the Food Standards Agency £143m. I reckon this arrangement says a huge amount about where Government places data security as a priority within the scheme of things. Additionally Richard Thomas sums up government IT policy pretty well if clouded a bit with the art of understatement: "There is excessive faith in technology perhaps without addressing the risks that go with collecting that information." And just for good measure he was decidedly lukewarm about ID cards as well. All in all, it looks as if he's gearing up a little to exert the indpendence of his office somewhat more forcefully than he perhaps has done so in the last five years.

In that vein and on a (slightly) happier note, he also recommends some eminently sensible things that the Government could be getting on with in the wake of 'datagate', specifically the creation of a new criminal offence and a statutory right of inspection of any given organisation's data security practices. Quite rightly he defines the current position in law, where he can only act with the consent or at the invitation of the relevant organisation, as "bizarre". So, will the Government bring forward appropriate legislation as a matter of urgency? Well, I'm not holding my breath! Or will the Opposition Parties get their collective acts together and try and run something as a Private Members' Bill? At the very least that would put pressure on the Government. Well, as usual we'll just have to wait and see.

PASSPORT/ID CARD SAGA

I thought I'd share with you a (perhaps not so) small tale of trouble and strife that has come to my attention.

I have an expatriate septugenarian friend, living in the US, who, because she is efficiency-minded, decided to attempt to renew her passport over this past summer - not urgently as it still has a year or so to run. Before the introduction of all this biometric malarkey, she would have applied by post to (I think) the consulate in Atlanta and the whole matter would have been turned round quickly and conveniently. Now, as the IPS web-page says: "Please note that we do not accept applications by post or e-mail if you live abroad." Manifestly those routes are closed to her. So she elected to try and get in touch with somone to ask how best to proceed. Six or so fruitless weeks later, having telephoned a bunch of automated call centres trying to get hold of a human being to talk to, she finally and frustratedly, chose to call the FCO in Whitehall directly only to get on the end of the line with some clueless girl whose only response to all of her questions was: "Ooooh ... um ... I dunno." She did finally extract a phone number from this dimwit of a girl, purportedly of the relevant section of the Embassy in Washington but when she rang it - yes, you've guessed it! - it was just another automated call centre. The upshot is that, despite being a UK citizen and a current UK passport holder, the only way she can renew is to go to the expense and inconvenience (considerable if one bears in mind all the additional accomodation costs, &c) of flying to either Washington or UK. And she is minded, almost in a fit of pique, not to bother.

A few points arise from this wretched saga. First, to state the bleeding obvious, it is ludicrous - even offensive - that a wholly legitimate citizen of the UK (with an equally legitimate expectation of all the rights that such a status confers) should be subjected to such inconvenience in this way. And no doubt there are a bunch of other people in a similar predicament. Such shabby and cavalier treatment would shame a banana republic.

Then one has to bear in mind that, for the purposes of the Identity Cards Act, a passport is a "designated" document (the 'compulsion by stealth' argument), the intention being that the data garnered for the purpose of issuing it will subsequently be used to seed the National Identity Register. One assumes therefore that the underlying motivation for all the palaver it is proposed my friend subjects herself to is to facilitate the collection of her relevant biometric identifiers and for a face-to-face interview to be conducted as a means of confirming various elements of her biographical details, all of which will be transferred (eventually) to the NIR. Now, if the ID cards project is scrapped - for whatever reason and/or whether by the Great Bottler or an incoming Conservative administration - the chilling fact is that all this data will continue to exist, albeit within the IPS database. In other words, the mere fact of scrapping ID cards doesn't in fact kill off the project for the vast majority of us (i.e. the 80% or so of the UK population who feel the need of a passport). It is conceivable that the electronic footprints of ourselves allowed for by the NIR would be less extensive under an IPS system but they would be there nonetheless. And then we have to add PNR data into the mix. There may not yet be specific statutory provision for 'linking' this to the IPS database, but we have to reckon that our lords and masters have doing so firmly in their minds. And such augmentation/consolidation of data would deliver biographical templates of us that would be pretty much equivalent to (perhaps even better on the basis of the information that could be inferred by any half-way decent AI-programme) those envisaged by the NIR.

There is too the specific provision on the face of the Identity Cards Act that only those resident in the UK for longer than three months need consider registering. The point here is that anyone applying for a passport out-of-country, although they have no statutory obligation whatsoever to buy into the NIR or ID cards all the time that they remain abroad, are in fact compelled so to do if they want to have a passport. In effect, the arrangements are such that the Government is circumventing the strict letter of the law.

As I say, I just thought I'd share this with you. And I'd welcome any thoughts anyone may have as to how my friend might be able to resolve her problem.

POTS & KETTLES

Despite my best efforts, I can't rid my mind of 'donorgate'!!!

So, here's a thought - perhaps sometimes we can be too insular. Can you imagine the next time that Mugabe or the Burmese regime or anyone of that ilk offends against our sense of decency or commits some sort of atrocity? The young whippersnapper, Milliband, will call the relevant cronies into the FCO and say: "Well, look here chaps. We can't have this going on, ya know. It's just not cricket... you know, it's so corrupt." Said cronies begin giggling behind their hands. The short-trousered one, by now looking a bit pasty and red-faced, might feel inclined to add: "And...errrm...we just don't do that sort of thing over here, don't you know." And said cronies start rolling about on the floor!

QED really.

DONORGATE

With all the brouhaha about the above - and with so many others far more eloquent and effective than me on the case - I've little enough to add. (In fact, I'm so cheesed off and appalled by the whole sordid mess that I think I'm going to try and do something a little more useful than letting my blood boil about it for the rest of the week-end!!!)

But, like others (not least this from Burning Our Money), it is worth emphasising the point as vehemently as possible that there is categorically no justification for the Great Bottler using his party's mendacity/incompetence (see Matthew Parris' article here for 'guidance') as an 'excuse' to wish upon us (the innocent and long-suffering public) state funding of political parties. It is unlike him but Guido puts it rather more gently: "There is no real need for new laws or reviews, there is a need for politicians to simply not break the existing laws." And this, of course, is the real point - if this miserable shower can't comply with the laws that they themselves have introduced, then they should face the full consequences of having broken that law.