The Sunday Times, Uncategorized

January 22nd, 2006

Byte by byte, our identity is being stolen

Years ago sophisticated travellers in far-flung places used to smile indulgently at simple tribal people afraid of having their photograph taken. It seemed that in their ignorant way the tribal folk feared that their identity itself was being given for ever into the power of the photographer and his strange machine, to make whatever spells he liked. As it turns out, they were right and are having the last indulgent smile, if not exactly the last laugh, on us.

Our identity — or rather countless aspects of it — is being taken from us in countless new ways by information snapshots. It is complex and frightening. What is deceptive is that each individual loss seems quite trivial; it seems a small matter to hand over elaborate details to a bank, an insurance company, a mortgage company, a credit card company. But every time we make a trivial transaction, we make many of these details available to countless others, both legally and before long illegally.

It makes me feel faintly anxious when an unknown voice in a cinema booking office, on hearing my postcode, gives my exact address. What else does she know? What else could she know if she made the effort? Or if she were dishonest? It is alarming. The ether, or the virtual ether, is heaving with private details about all of us, like the accumulating rubbish in space. All that is as nothing, however, compared with the efforts of the state to steal our identities. What’s worse is that the rate of theft — for it really is a kind of theft — seems to be increasing fast.

On Friday it emerged that 24,000 young people aged between 10 and 18 have their DNA profiles stored on a nationwide database, even though they have never been cautioned, charged or convicted of an offence. Their genetic identities have been stored by the state for absolutely no reason.

This came out because a diligent MP took the trouble to find out for a constituent why a boy who was wrongly arrested in a case — please note — of mistaken identity, had his DNA profile taken and stored by the police. It seems that of the 3m DNA profiles now held by the national database, nearly 140,000 are from people who have never been charged or cautioned. Why? Worse still, this is perfectly legal. Why? Yesterday it was reported that records of all criminal convictions, and of all cautions, will remain on police files for 100 years, from April onwards. Chief constables have suddenly overturned the principle that offences can be “spent”. This puts paid to the chance of living down youthful indiscretions and turning over a new leaf.

Our medical records are to be made widely available on the new National Health Service computer system, under the Care Record Development Board, for all kinds of NHS employees to obtain, not to mention snoops and hackers. Last week the British Medical Association’s family doctors’ committee, to its great credit, decided that patients should be asked to consent, formally, to having their records entered on the new database.

Earlier the government was offering NHS patients the choice of opting out of this, but the GPs voted to require explicit consent, meaning explicit agreement to opt in. It seems extraordinary that there was ever any assumption that this extremely important matter need not necessarily be taken to parliament, and that we might just as well give way passively to the erratic powers of IT. But such is the temper of the times.

Our masters (and mistresses) seem determined to know more and more about us, right across the oceans and the ether. In this country we are still being threatened with ID cards, which might hold all sorts of information on those dark and shiny strips.

In the US the Department of Justice is even now trying to force Google, the internet search engine, to hand over records of what people have been looking for when they visit the site. Specifically they asked for a list of terms entered during a single week, and 1m randomly selected web addresses. Google is valiantly resisting this extreme invasion of privacy but Microsoft and Yahoo! have already complied. Good for Google one must say; but it is unlikely that even Google will be able to resist the Goliath of the US Justice Department.

Those who have nothing to hide, people always say, have nothing to fear from releasing all these personal details (voluntarily or otherwise). That is a terrible mistake. It is to misunderstand the importance of privacy in human affairs and it’s to ignore the constant threat of hackers.

It is also to underestimate the importance of error in human affairs, most particularly in computer use. One of the worst things about all these databases is the mistakes they make and then disseminate far and wide. Credit checking agencies, for instance, regularly make bad mistakes, as people with good credit who get wrongly listed as bad debtors will tell you. It is very hard to discover such mistakes or to reverse them.

IT is one of the most powerful tools and at the same time one of the most serious problems for public services today. The police and the Crown Prosecution Service, for instance, have had serious problems with IT interface and as for the NHS computer system, one can only call it an expensive disaster. The much vaunted electronic booking system is a year behind schedule and the entire £6.2 billion NHS computer system is in danger of collapsing, according to a recent leak from a civil servant. Would you seriously trust such a system with details about a mental illness or an abortion? It now emerges that there is a great deal of identity fraud surrounding the tax credit system; one would have to be daft to file tax returns online.

Perhaps I seem unduly cynical about police information systems, but there is always human error. In the trial of the Notting Hill rapist, for instance, it emerged that the rapist had originally been ignored as a suspect because a Home Office computer inaccurately reported that on the date of one of the offences he was still in jail. More recently we have the disgraceful confusion over lists of sex offenders.

I hardly know which is worse — a state that is good at getting and guarding our personal records, or one which is pretty bad. But either way, the time has come to think carefully and publicly about how we want to use technology to stop the recording eye of Big Brother stealing our identities.