Richard Wilson's blog

NO2ID’s hard-hitting video on the dangers of data abuse

Many summers ago I had a temp job as a clerk at a private bank where a number of big-name celebrities held an account. The amiable chap I was working for was just a couple of years older than me, and seemed pretty comfortable in his job, though it was obvious that he found the work inordinately dull. One of the ways he liked to liven things up was to look through the personal details of the bank’s famous clients, and on occasions make prank calls to the private numbers that he’d dug out of the files.

As he was a music fan, millionaire ageing rock stars came in for particular attention. Within days of my starting he’d (amiably) shown me around Paul McCartney’s bank account and told me with pride of his habit of calling up the lead singer of Led Zeppelin, whispering “Robert Plant, ha ha ha!” and then hanging up.

A few years later, soon after the death of my sister, we got a knock on the door from the Daily Mail. We had long been ex-directory, and were being meticulously careful about our contact with the media, but the Mail had managed to track us down nonetheless. For years I was mystified about how they might have done it, and it was only when I read Nick Davies’s “Flat Earth News” that I found a plausible answer. Tabloid newspapers had long been in the habit of paying private investigators to track down people they wanted to contact, and it was an open secret that the PIs were bribing civil servants at the DVLA to hand out people’s personal details. Anyone who earned a legally-registered car could be found by the Sun or the Mail at a few hours’ notice. Maybe that was how they found us.

I was reminded of all of this yesterday when I had a fascinating chat with Phil Booth, the national co-ordinator of the NO2ID campaign. The standard reply to anyone who objects to compulsory ID cards, and the attendant mega-database that the government plans to introduce, is that only those with something to hide will have something to fear from it. But this relies on the assumption that every official with access to the database can be trusted to behave with absolute integrity at all times. No-one will ever be tempted to look up the details of their favourite (or least favourite) celebrity and make prank calls to them. No-one will ever take a bribe from a tabloid journalist, or an identity-fraudster, or a deranged ex-husband looking to settle a grudge.

According to NO2ID, the government databases that currently exist are already being used in unauthorised ways on a massive scale. A monthly audit of just one local authority database reportedly found thousands of instances of data being used in ways beyond that originally intended and authorised. Many of the infringements were no doubt minor, but the sheer volume clearly highlights the huge gap between the intended purpose of a government “power” and the practical reality of its use.

It’s this gap between intention and reality that the “nothing to hide, nothing to fear” mantra fails to address. As I argue in “Don’t Get Fooled Again”, one deeply engrained feature of the human psyche seems to be a tendency to over-estimate – sometimes catastrophically – our capacity to control what goes on in the world – and to under-estimate the potential for unintended consequences.

We assume that making something illegal – be it the use of drugs or the abuse of our personal data – is the same thing as stopping it from happening. We assume that giving the authorities unfettered power to detain, torture or even kill those suspected of engaging in some social evil – be it drugs, crime or terrorism – will a) make the problem better rather than worse b) only affect those who’ve been up to no good. Time and again we remain blind to the gap between intention and reality until thousands of innocent people have already been subjected to horrific abuses.

The phrase “nothing to hide” works so well as propaganda because – like many good propagandistic phrases – it means two entirely separate things. “Nothing to hide” is generally taken to be synonymous both with “doing nothing wrong”, and with “no secrets from anyone”. Yet there are plenty of people who have done nothing wrong but might nonetheless have very strong reasons for wanting to keep some things secret from somebody. As NO2ID points out, these include:

those fleeing domestic abuse; victims of “honour” crimes; witnesses in criminal cases; those at risk of kidnapping; undercover investigators; refugees from oppressive regimes overseas; those pursued by the press; those who may be terrorist targets.

A series of embarrassing data breaches have shown how hard the government finds it to keep our personal details secure even now. The more information is stored centrally, and the more people can access it, the more opportunity for abuse and incompetence there will be – with potentially very serious consequences for those who, quite legitimately, do have something to hide.

And neither are we bound to accept that there is anything intrinsically wrong, in and of itself, with wanting to keep things about ourselves secret. The assumption often underlying discussions about the government’s uber-database plan seems to be that the onus is on opponents to explain why we shouldn’t be required to surrender all of our personal information to the authorities, rather than on the government to explain why this move is actually necessary.

At the heart of all this is a fundamental question of principle over who “owns” our personal data, and who is best placed to keep it secure. After half an hour speaking to Phil Booth, I’m more convinced than ever that, both on the principles and the practicalities, this government is fighting a losing battle.