UK Identity Cards and Civil Liberties
“The introduction of identity cards in the UK infringes upon our human rights and civil liberties whilst actually doing very little to counter crime and terrorism” – Discuss
Contents –
Abstract
Introduction
Chapter One – Surveillance as a means of crime prevention & counter terrorism
1.1 Is surveillance needed for crime prevention?
1.2 Is surveillance needed for counter terrorism?
Chapter Two – Increased surveillance – the viability of data retention
2.1 Data retention and identity cards
2.2 Is data retention a positive thing?
2.3 The scope of data retention laws
Chapter Three – Has the introduction of the identity cards scheme served to breach individual human rights and civil liberties regarding privacy in the same way as other forms of surveillance?
3.1 The right to personal privacy
3.2 Are human rights and civil liberties effectively recognised domestically?
3.3 How far is the right to personal privacy recognised in law?
3.4 How does the ICA 2006 fit into understanding human rights and civil liberties?
Conclusion
Bibliography
The aim of this study is to consider whether the introduction of identity cards in the UK would indeed infringe upon our human rights and civil liberties, whilst also looking to determine whether it would actually be an effective way of combating crime and terrorism. Therefore, this paper will look to consider the enactment of the Identity Cards Act (‘ICA’) 2006 and the problems that are likely to arise from the introduction of the proposed scheme. Then, it will also be necessary to consider the background to the enactment of the ICA 2006 by putting this development into context with a consideration of Closed Circuit Television (‘CCTV’) and the development of data retention surveillance techniques used to gather information about people with the aim to prevent crime and counter terrorism.
However, this paper will also look to recognise the legal reasoning used to justify this kind of surveillance and information gathering that, although contrary to the recognition of the human rights and civil liberties of individuals, is considered necessary to guard the interest of society as a whole against the threat of terrorism and serious crime. But, at the same time, this paper will also recognise this kind of surveillance may actually be doing very little to counter terrorism and serious crime and is not only breaching people’s recognised human rights and civil liberties, but also criminalizing the population and breaking the law in the process. Then, finally, in summation it will be necessary to look to conclude with a balanced and logical overview of this discussion effectively derived from an understanding of the issues covered to present a reasoned view regarding this issue.
At the end of 2006, legislation was passed domestically in this country in relation to the introduction of identity cards throughout the UK in the form of the ICA 2006 as a means of crime prevention and counter terrorism. But, interestingly, in spite of its apparently noble intentions, the ICA 2006 is seen by many as only ‘enabling legislation’ that merely provides the legal framework around which the scheme of identity cards is to be developed and it does not purport to provide details of every aspect of the scheme’s overall operation[1]. This is because the Act itself proposed the use of biometric identity cards[2] to establish and maintain a database of information called the National Identity Register (‘NIR’) on all individuals currently residing within the UK in support of ongoing efforts to help prevent terrorism or serious crimes from occurring[3] by allowing for an easy means to ascertain and prove an individual’s identity[4]. Therefore, the enactment of this legislation meant both private and personal companies could access this register to confirm an individual’s identity or simply check the accuracy of their information.
However, this policy is not without its problems. This is because whilst sections 19 and 23 of the ICA 2006 only permit access to records without consent if it is in the interests of national security or for purposes connected with the prevention or detection of crime, the legislation allows for information to be added without the individuals’ knowledge with the aim of eventually having fifty pieces of an individual’s personal information on their card that would then be stored on the aforementioned database with the NIR[5]. But despite the fact many critics argue the NIR will allow the government to monitor and record almost every aspect of a person’s life, almost all of the information listed in Schedule 1 of the ICA 2006 as being required that includes signature, photograph from a passport, name and address (both current and previous), date of birth and national insurance number for this purpose is already in the government’s possession and everyone has the right to see what information is held about them.
Nevertheless, there is a fear that ‘hackers’ are bound to attempt to gain access to the NIR database in the same way as in the US, in April 2005, when it was reported Reed Elsevier may have accidentally released the personal information of 310,000 US citizens during 59 separate criminal incidents[6]. It is perhaps little wonder then that the scheme to be developed under the ICA 2006 has led to a great deal of criticism from various organisations. Economists, in particular, have argued that such a scheme would be excessively expensive for what they believe to be somewhat limited results in view of the fact that whilst government estimates have put the cost of the scheme’s introduction alone at around ?6 billion pounds[7], a group of analysts at the London School of Economics consider the figure to be closer to ?18 billion that must ultimately come out of the public’s pocket through taxation[8].
Therefore, whilst the use of identity cards brought about by the enactment of the ICA 2006 could be considered the latest advancement of surveillance technology with the legitimate aim of preventing crime and counter terrorism, question marks remain over whether this kind of policy is an acceptable tool in view of the need to recognise individual human rights and civil liberties[9]. But this is not the first time that the legitimacy of surveillance has been called into question, despite its aims to prevent crime and counter terrorism, so it is necessary to look to consider whether the use of this kind of surveillance technology has achieved anything in this regard.
“Every man should know that his conversations, his correspondence, and his personal life, are indeed private.” Lyndon B Johnson 1908-1973 – President of the United States of America
In spite of Lyndon B. Johnson’s view ostensibly in support of Mill[10], the use of surveillance techniques has become increasingly widespread with the passing of time because technology in this area has advanced at such a pace that even the public at large is becoming ever more aware that surveillance no longer simply refers to the work of spies in Ian Fleming novels. The word itself in French literally means ‘watching over’[11] and, in this context, refers to all forms of observation or monitoring of another for public or private purposes. Now, however, most people are aware such techniques are used by law enforcement agencies, business and even private individual so as to gain useful information in relation to the activities of suspected criminals and terrorists where a threat is perceived leading to an eventual arrest where it is warranted[12]. In particular they are usually most commonly aware of the use of CCTV cameras on buildings and in shops. But the use of identity cards is just another means of surveillance as its production and use will effectively act like a form of tracking whereby the authorities and private and public organisations will gain yet another insight into the private lives of individuals by creating a verifiable ‘document trail’ that the authorities can follow.
1.1 Is surveillance needed for crime prevention?
The UK leads the world in the concentration of public surveillance devices to people[13]. This is because, about ten years ago, the UK government used ?150 million each year to develop a Closed-Circuit Television (‘CCTV’) network around the country[14] so that the industry grew exponentially throughout the 1990’s so, by 2003, at least two and a half million cameras could be found in this country[15] that continues to increase at around 20% per year[16]. The ‘net effect’ is substantial. It is widely believed everyone in London is caught on camera at least three hundred times each day[17] and very often these cameras do not just watch and record us, but also use facial recognition software to scan subjects against a criminal database[18].
Although statistical evidence is somewhat limited in relation to the effectiveness of surveillance technology in view of the fact there is usually much more to crime prevention and counter terrorism[19], the authorities downplay this negative element and emphasise the positive where a security issue of national significance is resolved. Such a view is effectively illustrated by the fact whilst the police review of CCTV tapes played a significant role in identifying a suspected terrorist handler involved in the bombing of King’s Cross in July 2005[20], there remains a prevailing view that, if anything, crime levels have stayed the same or even increased despite the widespread installation of CCTV cameras.
National statistics have shown that, whilst around three quarters of the Home Office Crime Prevention budget has generally spent on CCTV, a comprehensive review has revealed the overall reduction in crime was only around 5% by 2002[21] and has continued to make small incremental reductions nationally ever since[22]. But as a stark mark of the success of CCTV in preventing crime, a parallel systematic review found that street lighting saw a reduction in crime of 20%, whilst CCTV cameras usefulness is then further marked against because it is understood that only around 3% of all street robberies in London are solved using CCTV footage[23].
Interestingly, however, in Portsmouth the City Council released crime statistics for the first three months of 2008 that showed that of 1384 recorded incidents this led to 346 arrests that were recorded by the network of 172 CCTV cameras in Portsmouth and marked this out as mark of their usefulness as crime solving tool[24], whilst, in Newham, police claimed an 11% drop in assaults, a 49% drop in burglary, and a 44% drop in criminal damage[25] where cameras were installed[26]. However, as well as possibly being merely an aberration in our understanding of the overall usefulness of CCTV cameras and surveillance technology as a whole, the source of the statistics is a branch of government. Therefore, unfortunately, this may mean the results have been embellished to present CCTV as being a good use of public money and, even where this is not the case, the police may have made the same number of arrests anyway so that it is somewhat surprising that the cameras have such support to enforce the law[27].
1.2 Is surveillance needed for counter terrorism?
However, since the tragic events of 9/11 in the US, such action is also justified because it is arguable this led to the establishment of a renewed approach to surveillance in the interests of national and international security across the world. Therefore, 9/11 effectively served to reveal terrorist groups had organised themselves ‘transnationally’ – making it harder to trace them using traditional surveillance techniques[28]. As a result, whereas in the past, terrorist groups could be readily categorised by reference to territory, this is no longer the case because, organised on a global scale, these loosely affiliated ‘cells’ can operate simultaneously in various States. This is because they are not unified by a single vertical command but horizontally[29] by using modern communication and transportation technology, whilst the integration of financial markets also facilitates their mobility and range of targets without claiming a particular territory as ‘home’[30].
On this basis, globally, countries realised they had a shared interest in enhancing international co-operation to fight terrorism because of the fear groups may be in possession of non-conventional weapons – such as biological, chemical and nuclear[31]. Therefore, the international community must work together because such a threat cannot be vanquished by single States alone[32], as the UN recognises certain States being unable or unwilling to prevent or stop the traffic of such weapons means “the ability of non-State actors to traffic in nuclear material and technology is aided by ineffective State control of borders and transit through weak States”[33]. Clearly, the international community must hold together to find effective solutions because, although 9/11 undoubtedly showed the world that even the leading democracy was not safe from terrorist attacks.
Whereas in the past a series of diplomatic, economic and financial measures nationally to fight terrorist structures[34], to multiply the effect of such measures, States agreed to co-operate internationally by using treaty law with around a dozen multilateral conventions on anti- and counter-terrorism[35]. Therefore, in theory, no terrorist activity would go unpunished[36]. But the UN has struggled since its inception to formulate an effective response. On the one hand, it has provided a solid international legal framework for combating terrorism via the adoption of terrorism-related treaties by the General Assembly and UN agencies. But, on the other hand, the UN has been unable to reach agreement on a definition of terrorism that outlaws all indiscriminate attacks against civilians and circumvents the need to recognise the human rights and civil liberties of the public at large, so more than twenty different parts of the UN system deal with terrorism in one form or another[37].
However, in Europe it was not until the 2004 train bombings in Madrid that the EU looked to take significant action to counter terrorism and prevent serious crime. This is because those investigating the attacks in Madrid discovered telecommunications played a significant role in planning of the attacks because they were co-ordinated by mobile phone and via the Internet. Unfortunately, however, at the time of the attacks the Spanish authorities had only limited access to help to telecommunications networks in order to further their investigations when more traditional methods of surveillance associated with the aforementioned use of CCTV were somewhat lacking[38]. This is because with the advancement of technology in this area, traditional surveillance has been made somewhat redundant by the use of Internet so that, in order to be able to effectively prevent serious crime and counter terrorism in the modern age, there is a need to utilise data retention technology.
Chapter Two – Increased surveillance – the viability of data retention
2.1 Data retention and identity cards
On this basis, the original justification for the ICA 2006 identity cards scheme was the supposed need to combat the serious problems of illegal working and identity fraud. This is because the government estimated identity fraud amounted to a ?1.3 billion annual loss to the UK economy[39], and the government’s first consultation paper in this area specifically eschewed many of the claims for identity cards that some other advocates suggest they would bring – such as combating terrorism, benefit fraud and crime more generally[40]. However, the draft legislation clearly presented the identity card as a device with which to combat terrorism, whilst the 2003 government’s white paper[41] emphasised the use of identity cards as an effective tool. According to Privacy International, government ministers in the UK have argued in broadcast interviews that, although the 2001 New York and 2004 Madrid[42] atrocities had been committed by people with valid US documents and Spanish identity cards respectively, many other terrorists use false identities and they also claimed the quality of the database underpinning the British scheme would be much higher than the Spanish.
2.2 Is data retention a positive thing?
Nevertheless, aside from the more secure nature of the identity cards scheme proposed in the UK under the ICA 2006, this kind of data retention has previously proved to be a very positive thing that has served to enhance the lives of those living within our society. As most people are aware, such technology is already being used in the form of services that text details of the closest restaurant based on a mobile phone location when your hungry, or help to pick an exit at the next roundabout when you are lost can be very useful. But any retention of collected data is also very negative because the advantages of technology come at a price, since one person’s ‘enhanced information’ can invade another’s privacy[43]. This is because an individual’s right privacy is becoming increasingly susceptible to the advancement of technology with the introduction of ‘wiretaps’, biometrics, and video surveillance cameras all each having the potential to erode privacy[44] in the same way as identification cards, whilst digital interactive television technology may even soon tell advertisers exactly which programs people view in their homes[45].
Therefore, such advancements are clearly both beneficial and frightening[46]. This is because it is commonly understood that no modern technology derived from the development of telecommunications poses a greater threat to privacy than the Internet[47] by allowing researchers to collect data much more cheaply and efficiently[48] because what once took a great many days hard labour can now be accomplished with a keystroke[49]. But it is also important to appreciate that the remit of the Data Retention Directive[50] effectively allows EU Member States to synchronise their laws so all telephony companies and ISP companies within each and every EU Member State are obliged to retain details on all electronic communications for up to two years for the purpose of investigating, detecting and prosecuting serious crimes[51].
2.3 The scope of data retention laws
The main categories of data ‘generated and processed’ to be retained under the Data Retention Directive regarding communications are the retention of data to – (a) trace and identify its source (e.g. caller); b) identify its destination (e.g. number dialled); (c) identify its date, time and duration; (d) identify its type (i.e. network or service used); (e) identify equipment (i.e. means); (f) identify that equipments location; and (g) regarding unsuccessful calls[52]. But this is somewhat controversial because ‘unsuccessful calls’ occur where a telephone call has successfully connected, but has not been answered[53]. However, whilst no data regarding the content of the communications is to be retained[54], EU Member States should also ensure data’s security is respected as a reflection of equivalent provisions for the protection of personal data in the Data Protection Directive[55]. This is because, through measures to protect data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure[56] of data is accessible by authorised personnel[57].
As part of this process, EU Member States must also have measures in place to ensure any criminal access to or transfer of data retained under the Data Retention Directive is punishable by effective penalties[58]. Therefore, the Data Retention Directive provides only data retained should be provided to the ‘competent national authorities’ in ‘specific cases’[59], but fails to recognise which authorities are likely to be competent and the reasons why such data may be accessed. This effectively means this could lead to uneven access to data across the EU because there is no definition of ‘specifically authorised personnel’ or ‘law enforcement authorities’, but Article 9 recognises each Member State must designate one or more public authorities to be responsible for monitoring the application of the Directive regarding security of stored data.
Therefore, in the UK, the Home Office has looked to publish a set of draft Regulations in the form of the Data Retention (EC Directive) Regulations (‘Regulations’)[60] to effectively implement the Data Retention Directive’s nature and scope[61]. But the Regulations only looked to address the retention of certain call data by telephony companies because EU Member States can delay the Data Retention Directive’s implementation regarding traffic data for an additional 18 months until March of 2009[62]. Nevertheless, even before they have been implemented, the UK Regulations also nothing to allay the fears raised by human rights’ advocates regarding the EU’s Data Retention Directive because the Regulations remain as unspecific and unrestrictive as the Directive. However, domestically, the authorities have “a great deal of experience with the retention of traditional communications data” because they “have been working with the industry to ensure the retention of this data since 2003, when Parliament first approved the code of practice for the voluntary retention of communications data under Part 11 of the Anti-Terrorism, Crime and Security Act 2001”[63].
Nevertheless, whilst the retention of data was voluntary under the Anti-Terrorism, Crime and Security Act (‘ATCSA’) 2001, because it was made in response to the terrorist attacks of 9/11, its voluntary code has served as the foundation for establishing a practical framework for the enforced retention of communications data so the draft regulations provide the next step towards a mandatory framework[64]. Such a view was supported by the fact that the EU set a high global standard in data privacy protection when it forged its Data Protection Directive[65], which became effective in October 1998[66], and created such a rigorous legislative approach to privacy[67]. But the ATCSA 2001 was then amended so that the purpose of such retention became “(a) for the purpose of safeguarding national security; or (b) for the purposes of prevention or detection of crime or the prosecution of offenders which may relate directly or indirectly to national security”[68] so the access would then be just for limited purposes.
Therefore, it is important to recognise that the UK’s Regulations have established provisions to continue with the policy of reimbursing public communications providers their expenditure from adjusting their business practices to comply with the Government’s requirements for the retention of communications data. But the interception of communications and the obtaining and disclosure of data relating to them is currently regulated by the Regulation of Investigatory Powers Act (‘RIPA’) 2000 because section 21 recognises communications data does not include the contents of the communications, but that, in the interests of national security, they may still obtain it. Consequently, the Data Retention Directive will effectively serve to augment RIPA 2000 that does not currently require the specific retention of data in advance, but the police are able to serve ‘section 22’ (‘S22’) telecommunication companies within the industry for access to the data that they retain.
Accordingly, whilst the RIPA 2000 will only permit the interception of communications in the UK by defined bodies in specified circumstances to protect individuals’ privacy, the longer the data retention period, the greater the period of access that will provided to the authorities in the interests of security[69]. Nevertheless, ostensibly, it is to be appreciated that the RIPA 2000 is designed “to ensure that the relevant investigatory powers are used in accordance with human rights”, since it extends the legal regulation of interceptions to cover private networks that are “attached, directly or indirectly … to a public telecommunications system”, and includes “anything comprising speech, music, sounds, visual images or data of any description”. Therefore, a criminal offence is not committed in the UK if the controller of a private network intercepts a communication in the course of its transmission, but section 1(3) provides that interceptions “without lawful authority” are still actionable under the remit provided for by the HRA 1998 that is discussed below[70].
On the basis of this understanding of data retention laws discussed in the previous chapter, it is also important to look to consider whether the scheme for identity cards proposed under the ICA 2006 based on personal data retention as a means of identification will serve to violate the recognition of individual human rights and civil liberties. This is because whilst it would clearly be hard to argue using surveillance technology to gain solid evidence for the purposes of preventing serious crime and encouraging counter terrorism is a bad thing, there is an all too prevalent need within the current climate for the striking of a balance between maintaining national security and unnecessarily invading an individual’s privacy.
In spite of their legitimate aims, the introduction of identity cards in the UK could be considered to be just the latest step in the government’s efforts to encourage crime prevention and counter terrorism at the expense of the individual rights and freedoms. This is because, in the same way as other advancements in surveillance technology, identity cards are also not without their problems. There is a prevailing feeling the use of identity cards across the nation will serve to breach individual human rights and civil liberties in the same way as many other forms of surveillance. In particular, it has been argued the use of identity cards will serve to breach individual rights to privacy because of the nature of the personal data that will be stored and retained within them and on the NIR database[71].
Therefore, although there is little doubt the use of such technology for information gathering is very advantageous to help the government, the police, and even everyday people, question marks have arisen in relation to just how far surveillance technology should be used to monitor the public. Consequently, there is an argument those who use surveillance for the purposes of information gathering should take on certain responsibilities they must then uphold in view of the implementation of the ECHR into the UK via the HRA 1998. But in some ways technological advances have arguably hindered the recognition of human rights and civil liberties as much as they have helped crime prevention and counter terrorism by allowing the authorities an unprecedented look into people’s lives.
3.1 The right to personal privacy
The right to personal privacy is an important right, however, it is all too easily taken for granted because, like freedom, no one really appreciates its value until it is threatened, as in this case with the enactment of the ICA[72], so that in the wake of technological advancement privacy has all too easily become an afterthought in social advancement[73]. This is a significant failing. The right to privacy should not merely be limited to the idea an individual may live their personal life how they choose. It is also meant to include the right to establish and develop relationships with other people for the development and fulfilment of one’s own personality[74], whilst sexual relations are the most intimate aspect of the right to a private life[75]. However, the right to a private life also covers an individual’s physical and moral integrity[76], encompassing protection against compulsory physical interventions and treatments[77]. Moreover, in spite of the