Fetish club forces ID scanner climbdown
As MPs give security industry a spanking
Good news for fetishists wishing to protect their privacy on a night out in South London. Less good news for the rest of us, as Police and Government obsession with crime prevention continues to make inroads into our personal privacy and security - but some comfort, as senior politicians from all parties take up an issue first highlighted by The Register.
Last month we reported how, following an incident at South London nightclub SEOne, police requested a licensing condition be set for all future events that "all persons entering the premises must supply verifiable identification details that are passed through a digital scanning and recording system". This also applied to fetish events put on there by Torture Garden, despite the fact that these have historically been less likely to attract anti-social behaviour.
El Reg reported concerns about this latest approach to preventive policing: there was no evidence that anything about the running of the SEOne scheme was improper, but a proliferation of one-off security databases, in clubs, pubs and all High St premises where age-restricted items were sold, could pose a massive threat to privacy, as well as provide a ready source of unsecured data for criminals to take advantage of.
Ross Anderson of FIPR went so far as to describe this as the death of the right to private association. He expressed his belief that the introduction of ID Scan was not haphazard – but part of a police drive to ensure that all interactions between private individuals were recorded. He said: "The intercept modernisation programme does this for distance communication. CCTV, fingerprinting of club guests, and now this insistence on providing ID does the same for face-to-face contact."
Both the Home Office and the Met were adamantly hands-off in their response. A spokeswoman for the Met insisted that ID scanning schemes should be judged relative to their role in reducing violence, and that ID theft was a separate issue entirely.
This is not quite the view since expressed to us, off the record, by senior officers with a role in combatting ID theft: one went so far as to suggest that this initiative was not fully thought through, and there were definite risks associated with it.
The Home Office also continues to plead irresponsibility: they passed the licensing laws; but it is not their business how the laws get interpreted or what effect such interpretation has on society at large. Southwark Police may be using Home Office funds earmarked for "help with local crime and disorder issues", to pilot the wider introduction of scanners into all clubs in the area, but the Home Office still reckon that the consequences of introducing scanners are nothing to do with them.
Our last report also revealed some worrying issues around the use and registration of scanners: SEOne, following advice from the scanner manufacturer, was planning to hold on to data for three years. This is in contrast to Information Commissioner recommendation that data only be held as long as necessary.
Readers identified that SEOne was not properly registered for Data Protection – and that it had no appointed data controller. Even more worrying was a report from one reader reported whose passport was seized and scanned - at a different and unconnected central London club - without explanation or consent.
Some good news?
The good news comes from Torture Garden, where a spokesman told us: "We have now met again with SEOne and explained the Data Protection Act. They accept that they do not need to retain data for three years, and have agreed with police and local council that in respect of TG events, and in the absence of serious incident, data will only be kept for 31 days.
"They have also now accepted their obligation to register and appoint a named data controller: and are looking at the possibility of extending the 31-day policy to other events that they host."
He added: "I think this shows that there is no devious intent from the powers that be about trying to out BDSM/fetish party goers."
The real problem which government seems determined to ignore is the "big picture". If one club has ID scanning, it is, as the Home Office a matter of choice for individuals whether they visit that club or not. If all clubs in an area have scanning, then there is no choice.
All those we have spoken to outside government recognise the insidious effects of moving from occasional scanning to private scanning almost as standard. We brought the matter up with the ICO, who had previously only looked at the installation of scanners on a one-off basis.
A spokeswoman said: "A blanket approach to installing ID scanners in clubs raises serious privacy concerns. Introducing these measures where there is no history of criminal activity is disproportionate and likely to breach data protection requirements.
"We will be contacting the police authority and others involved to discuss the case for such intrusive proposals."
Tory Shadow Home Affairs Minister James Brokenshire MP concurred with these concerns. He told us: "We need to ensure that operators do keep the personal data they obtain secure and that the public are made aware of their rights over the information they supply. There are benefits for law enforcement and pub and club owners on the use of this sort of equipment, but these need to be balanced against the potential for misuse and the risk that personal data may get compromised.
"Decisions need to be risk-based and proportionate."
Lib Dem Home Affairs Spokesman Chris Huhne echoed these sentiments."We should not have to prove who we are to go about our daily business," he said. "The problems we face as a society are not going to be solved with ID scanners in every pub, club and shop in the country.
"In fact we could be taking real risks by putting vast amounts of personal information in the hands of people at best incompetent and at worst malicious."
We also spoke at length to Cross-bench peer the Earl of Errol, who has played a significant part in raising issues of surveillance in the Lords. He praised El Reg for raising the issue and said: "It is perfectly legitimate for the Government to seek to regulate access to certain commodities – alcohol, tobacco and so on: however, that does not automatically mean that wholesale ID checking and creation of individual databases is the only way to police this.
"Privacy is being eroded bit by bit, not some single killing blow, but death by a thousand cuts. Something that might be justified on a one-off basis with suitable safeguards in place becomes increasingly dangerous as that same policy is implemented a hundred times – or becomes commonplace in every licensed establishment in the country.
"I do not think that what we get up to in private is anyone else’s business: yet if we keep adding small restrictions we will wake up to find we have no privacy left.
"It is also questionable as to whether policies of mass observation serve any useful purpose, apart from making us all feel less private. It is not possible to prevent everything: the police do not have the resources to do so; and it is questionable whether we want them ever to have such powers.
"This small scale ID scanning poses horrendous risks for individual liberty and security. It is not unthinkable that a future government would wish access to all the systems it creates, thereby adding another increase to government control and intrusion into our daily lives."
Describing the Home Office’s approach to this issue as disingenuous, he finished by saying that the entire age-checking industry was a Trojan Horse for ID – and that he will now be taking the matter further with Government and Ministers. ®
Sponsored: DevOps and continuous delivery