Feeds

Ministers spending billions on unlawful databases

Rowntree Trust unwraps everyday 'Transformational Government'

Top three mobile application threats

A report on the Database State (pdf) claims that 40 out of 46 key government databases are not fit for purpose, and 11 of those are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned".

The report comes as the government prepares to sneak legislation on data-sharing back into parliament despite an apparent U-turn on the idea earlier this month.

The report, published by the Joseph Rowntree Reform Trust today, looks at the true effects of "Transformational Government", and asks whether an approach designed to make public services better or cheaper – or both – is succeeding in its aims.

Amongst the report’s key findings are:

  • A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law
  • Fewer than 15 per cent of the public databases assessed in this report are effective, proportionate or necessary, and again, most lack a proper legal basis for any privacy intrusions
  • Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally not centralised as in Britain
  • Many of the benefits claimed for data sharing are illusory, whilst little account is taken of the serious harm that this approach can inflict on vulnerable individuals
  • The current spend on IT within the UK public sector is over £16bn a year on IT, with (approximately) £100bn planned for the next five years: yet only about 30 per cent of government IT projects succeed.

So much for the big picture. The report uses a traffic light system to categorise systems as red (serious failings, in need of substantial redesign), amber (significant, worrying problems: may be unlawful) and green (basically sound).

The 11 red-lighted systems include many that will be familiar to El Reg’s readers. They are:

  • The National DNA Database
  • The National Identity Register (which is where id details are going to go)
  • ContactPoint (a national index of all children in England
  • The NHS Detailed Care Record (centralised GP and hospital records)
  • Secondary Uses Service (summaries of hospital and other treatment)
  • The electronic Common Assessment Framework (assessment of a child’s welfare needs)
  • ONSET (a Home Office system seeking to predict future offenders)
  • The DWP’s cross-departmental data sharing programme
  • The Audit Commission’s National Fraud Initiative (immune from breaches of confidentiality under the Serious and Organised Crime Act 2007)
  • The communications database (all UK communications traffic)
  • The Prüm Framework (data sharing for law enforcement within the EU)

The only systems that receive a green light are: IDENT1 (the National Fingerprint Database); The Vehicle and Operator Services Agency (VOSA) base; Driving Standards agency base (of recent test passes); The TV Licensing Database; The Land and Property Gazetteers base (a local set of bases carrying details on residential and commercial property; The Council Tax base.

One significant omission from the report is the proposed Vetting Database, due to go live this year, and likely to hold vetting details of everyone who wishes to apply for what will be known as a "regulated" job: between 11 million and 14 million individuals, eventually.

One of the key problems identified by this report is the extent to which government departments have identified what they see as the potential benefits of data-sharing, and simply pushed ahead with implementing the systems architecture to meet this objective, before the legal framework was in place. Many of the problems with lawfulness stem from the fact that data-sharing – or processing - of some form appears to be going on despite existing Data Protection strictures against it.

It is for this reason that the government introduced the now infamous clause 152 into the Coroners and Justice Bill, currently before Parliament. Although that clause has been temporarily withdrawn, this report highlights several dozen reasons why it is inevitable that it will be back.

Because of a strict interpretation of the law, government Ministers are presently deploying billions of pounds of taxpayer dosh – and are quite possibly doing so illegally.

The trouble is that those who should be taking action are now increasingly looking the other way. The report says: "There is a sense in the senior civil service and among politicians that the personal data issue is now career-threatening and toxic.

"Like Chernobyl, some brave souls need to go in and sort it out."

The report was compiled by a distinguished panel of experts, including Ross Anderson, who chairs the Foundation for Information Policy Research; Ian Brown, a senior research fellow at the Oxford Internet Institute; Terri Dowty, Director of Action on Rights for Children; and William Heath, who chairs the Open Rights Group and founded the public sector IT research business Kable. ®

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.