Database state


David Howarth MP
House of Commons

Dear Mr Howarth,

Please do what you can to prevent, delay, or ameliorate the government’s plan to snoop on the UK’s Internet traffic and store our e-mails, web browsing history, and other details of our personal communications.

First, the plan involves a massive invasion of privacy. I do not want civil servants reading my private e-mails to my family. I do not want the government spying on my instructions to my bank or on my business transactions. I do not want the police to know which web sites I read. Article 8 of the European Convention on Human Rights guarantees that “Everyone has the right to respect for his private and family life, his home and his correspondence”. The government signed this convention: now it needs to show that it can obey its own laws.

Second, I do not trust the government to look after this data. The civil service cannot look after the data it already collects. The loss in 2007 by HMRC of two CDs containing “the personal details of all families in the UK with a child under 16” is just one of the many cases that have been reported. There is also a strong likelihood of deliberate unauthorized access to the data, whether for entertainment, as with the NSA employees who recorded “conversations of military officers in Iraq who were talking with their spouses or girlfriends” for the amusement of their colleagues, or for profit, as with the civil servants at the National DNA Database who took copies of confidential information in their care for commercial exploitation. The safest way to avoid these kinds of abuses is not to collect this kind of private data in the first place.

Third, whatever safeguards may be proposed, I do not trust future governments not to expand the set of uses for this kind of data. When this database is running, it will be extremely tempting to use it for all sorts of fishing expeditions. A search through the communications of opposition MPs or other opponents of government policy will find things that can be used to blackmail, embarrass or discredit them. It will be easy to make lists of people who have visited (or appear to have visited) terrorist recruitment or child pornography websites. These kind of database trawls are likely to lead to harassment of innocent people and miscarriages of justice, as with past database trawls like Operation Ore. The safest way to prevent these abuses is not to collect the data, except where necessary, and then only through conventional surveillance operations, with the safeguard of a court-granted warrant.

Fourth, the whole project is likely to be a waste of money. The U.S. has been running a similar “Total Information Awareness” project for some years, and the recent National Research Council report “Protecting Individual Privacy in the Struggle Against Terrorists” concluded that the project has been largely ineffective at detecting and apprehending terrorists.

I hope this plan can be prevented, but if it cannot, then perhaps it can be ameliorated. The U.S. report referred to above has many recommendations for projects of this type, including:

  1. encryption of all traffic and stored data;
  2. individually logged audit records of all queries made against the database (so that abuses can at least be identified and punished after the fact);
  3. anonymization of identifying data during the analysis phase, to be unblinded only if the analysis turns up something that needs further investigation, and then only with a warrant;
  4. restrictions on the purpose to which data can be put, so that data collected for the purpose of national security cannot be used for criminal prosecution;
  5. retention of data for no longer than it is needed;
  6. independent audit of the collection, use, and destruction of data;
  7. regular independent assessment of the effectiveness of the project;
  8. compensation for people harmed by misuse of data or through the use of incorrect or poor quality data.

I don’t expect a reply from you, but I do hope that you can do something to preserve a little bit of privacy for your constituents.

Yours sincerely,

Gareth Rees