The politicians and the database

First published by Linux User & Developer.

If there’s one thing that governments love almost as much as your money, it’s your data. Who’s doing what, where, and to whom is an ongoing preoccupation of all administrations, regardless of their political leanings, and policy makers everywhere are continually finding new and exciting ways to use and abuse your data.

Here in the UK, database-based IT projects have blossomed, gathering between them an alarming amount of information, including:

  • your personal details (National Identity Register)
  • your phone call and internet access data (communications traffic data, held under the EU’s new Data Retention Directive)
  • details of every car journey you ever make (National Vehicle Tracking Database)
  • personal details for every child (the Children’s Act database, the Information-Sharing and Assessment system)
  • and if you’re unlucky enough to get arrested by the police, your DNA (National DNA Database)

Welcome to the database state.

The government has come to believe that crime can be prevented by building large databases: if you know who’s doing what, you can stop them doing anything bad. The thinking behind the National Vehicle Tracking Database, for example, is that people who commit traffic offences, such as speeding or driving without an MOT, are more likely to commit other more serious crimes. By tracking all motorists, the logic goes, the police will be able to spot the crime lords and arrest them.

Exactly the same reasoning underpins the Data Retention Directive. The retention of communications traffic data is supposed to expose criminals and terrorists, but these are the very people whose data are least likely to be recorded. They will instead be using black market SIM cards, ISPs outside of the European Union, encrypted communications and other work-arounds, and data retention will do nothing more than force telcos and ISPs to keep a lot of useless data on innocent people.

The belief that more data means more criminals arrested and more crime prevented is misguided at best, dangerous at worst. America’s US Visit programme, which photographs and fingerprints every foreign national entering the country, cost $15 billion, but caught only 1000 people, mainly for minor criminal offences and immigration infractions. That’s $15 million per arrest. Despite the colossal amounts of data gathered and stored, the US Visit programme has achieved no significant results. Had the Department of Homeland Security instead spent $15 billion on staff and training, perhaps they might have done rather better.

Now let’s examine the UK’s database for children, the Information-Sharing and Assessment (ISA) system. According to the NSPCC, an average of 80 children are murdered each year and nearly 33,000 are on child protection registers, out of 11.7 million children in the UK. The ISA will hold records on every child and will allow a variety of agencies, including schools, doctors, social services, the police, and probation services, to access a child’s file and add their suspicions (regardless of whether they have evidence).

Ostensibly, this is to lower the number of children who are abused or murdered, but spotting genuine problems requires a real human being to assess the situation and then intervene. The ISA is just a bigger haystack within which to lose your needle, and, worse, it diverts resources and attention from what is desperately needed—more social workers with better training. Planning huge national databases in order to track or locate a very small number of targets, be they children at real risk or terrorists threatening national security, is disproportionate and unrealistic. And using mass surveillance exacerbates mistrust of the government and creates a culture of non-co-operation with the authorities which could, ultimately, put more lives at risk.

Furthermore, gathering large amounts of data is inherently dangerous. Whatever information governments find interesting will also draw the attention of criminals. Databases can be hard to keep secure, and it’s not necessarily hackers that we should be worried about, but unauthorised access by employees of the agencies that use these databases. Equally, the more data you have, the more difficult it is to maintain accuracy. In 2000, an audit of the Police National Computer found that 86% of records contained errors, 85% of those errors were serious, and some were libellous.

Databases are not a panacea. Data-mining is complicated, and the more data you are mining, the more false positives your software will throw up. If you act upon a false positive for a motoring offence, it’s an inconvenience for the motorist, but for an alleged case of child abuse, it can rip the family apart and ruin the child’s life.

Technology can be a very powerful tool, but what it can’t do is replace real human beings or traditional investigative work. Designed badly or used poorly, databases are the technological equivalent of fools gold. The government must learn what databases can realistically achieve, how that can be done, and where the boundaries between fantasy and reality lie.