Feeds

Beware Freedom of Info law 'privacy folktale' - ICO chief

Chicken Lickens in a flap as FOIA scrutinised

High performance access to file storage

Is Blighty's Freedom of Information (FOI) law working?

The civil servant leading the agency charged with enforcing it thinks so, and says a review by politicians shouldn't succumb to myths about the supposed dangers of more openness by the State.

UK Information Commissioner Christopher Graham has called for "careful analysis" and debate that arrives at an "FOI that's fit for purpose" - without succumbing to "emotion".

"Is academic research really threatened by the prospect of premature release of data sets? Are ministers living in fear?" Graham asked a government computing conference last week. "The Chicken Licken version of the FOI that the sky is falling is just that: it's a folktale – and the trouble with folktales is people start reacting to what the think is the case even when it isn't."

He didn't name names, but two particular chickens spring to mind: chiefs in Whitehall and academics such as those whose work has helped give climate research a bad name.

Graham spoke as politicians moved ahead with a post-legislative review of the FOI Act, which was passed in 2000 but only became law in 2005. The Parliamentary Justice Select Committee on Friday stopped accepting written evidence in an inquiry investigating whether the FOIA is working effectively, what its strengths and weaknesses are, and whether it is operating as intended. The committee will decide whether further scrutiny of the Act is necessary.

The FOIA was introduced by an idealistic post-Tory government and pre-Iraq War Labour Party, with Tony Blair keen to mould the UK towards a more US model of civics and government. Often in reformist British political circles, the US is seen as the model to adopt. It's up there with supreme courts and elected police chiefs and judges.

Under FOIA, you can send a Freedom of Information request to some state official or public servant and – in most circumstances – expect an answer, although your question has to be laser-focused (unlike the response).

Six years in, however, Blair has called the FOIA "dangerous" and "misguided" because governments need the guarantee of privacy to conduct their business; FOIA was "utterly undermining of sensible government", Blair said.

Given Blair led the country to war on flimsy evidence, it's understandable the former PM should feel exposed by the Act. If there is a problem with FOIA, it seems some of the people who would typically qualify for FOIA scrutiny have resorted to creative methods for getting around it. Was this what Blair meant by the undermining of "sensible government"?

Secretary of State for Education Michael Gove and his advisors are now under investigation by Graham's people for a potential breach of the FOIA for sending communications about government business using private email accounts (warning: PDF).

The story broke last year and as Labour MP Lisa Nandy has recently written here, she'd received a letter from the information commissioner stating:

"I plan to conclude a number of complaints under Section 50 of the FOI Act over the next few months – these will cover whether specific information requested is held for purposes of the Act. I am also still considering allegations about whether individuals at the department breached section 77 of the Act."

Setting the scene, the ICO in December published new guidance saying messages in private email accounts, text messages and other messaging systems can be disclosed under FOI laws if they relate to public business. "This has always been the case – the Act covers all recorded information in any form," said Graham, adding it should come as "no surprise" to public authorities.

It would seem that as the UK has followed the US in its freedom of information laws, so our politicians seem to have also followed their Washington DC colleagues in their attempts to evade the law.

Public officials elsewhere have been exploiting the vagaries of data back-up to dodge the law. The University of East Anglia's Climatic Research Unit (CRU) – Ground Zero of Climategate – has claimed it was unable to cough up information emailed to colleagues at Georgia Tech on their research under a Freedom of Information request because the emails were probably not "held", and so could not be disclosed. An FOIA tribunal in January ruled that the absence of a local copy is not a hindrance and that FOI requests extend to back-up servers, too. It ordered that the university provide a copy or mirror of the back-up server. It's the data that's important, not where it lives.

Looking to a future beyond the Justice Committee's current review, Graham spoke last week of an FOI 2.0, saying Britain's politicians should not look back at the last seven years for inspiration when re-crafting the law but look forward – at, for example, data being made available in usable and re-usable formats.

The dispute over formats and public data is not a new battle, though – it's a fight that's been waged between fans of open source and Open Office in one corner and Microsoft with its MS Office in the other for a decade. Both sides have been enlisting their proxy customers to the cause.

A sensible debate on FOIA 2.0 is needed and it would certainly be best to filter out the words of those with a vested interest who may feel threatened. However, the debate would also be better served if reviewers looked in detail at the past seven years for lessons learned on how to close down loopholes and end the culture of "we didn't know" excuses and creative interpretations.

A review could do that by making the law more explicit about what types of data and communications are allowed and subject to the law. This, coupled with ensuring individuals are held accountable through clearer best practices, regular reporting and penalties, would also help. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.