No CCTV - campaigning against camera surveillance in the uk and beyond
no cctv

Site Search:

Privacy Protected search  

Latest Reports

 
Latest Articles/News

New mass surveillance database and 1984 action day - more...

The silent increase in London's mass surveillance network, one year on... - more...

Magna Carta - our ancestors never imagined we would stop short - more...

When The Language Of Freedom dies, Freedom Dies With It - more...

Orwell's warnings as relevant as ever - more...

CCTV Looking Out For Them Not You - more...

8th June 2014 - Time For Big Brother to Retire - more...

Body cameras - The 5 Laws of FFUCams - more...

The Manufacture of ''Surveillance by Consent'' part 2 - more...

International Group condemns Facewatch - more...

Landmark CCTV case in Australia - more...

The Manufacture of ''Surveillance by Consent'' - more...

New CCTV Code Consultation - more...

Canadian Privacy Commissioner Hits Out At ANPR - more...

Government appoints CCTV yes man ... again - more...

Open letter to UK Surveillance Regulators - more...

Where to mate? 1984 please - more...

Britain under attack from 'talking' CCTV cameras - more...

Internet Eyes and media politics - more...

Back to the Future - UK CCTV debate stuck in time loop - more...

Royston's ANPR ''Ring of Steel'' - more...

Surveillance Camera Code Con - more...

No CCTV's Freedoms Bill submission - more...

CCTV / ANPR and the Manufacture of Consent - more...

Face Covering: Guest Article - more...

Mr Jolly at Parliamentary Committee - more...

Protection of whose Freedoms Bill? - more...

Exposing Naked Scanners - more...

Bad Boy of the Week - more...

BrumiLeaks, CCTV and democracy - more...

The true cost of CCTV? - more...

ICO's Surveillance Society follow up report - more...

CCTV citizen spy game launches - more...

Freedom not Fear demo in Germany - more...

Speed Cameras, ANPR and Project Columbus - more...

It's not as simple as CCTV cameras or crime - more...

Fox to review Birmingham CCTV chicken coop - more...

Rubbish CCTV - more...

CCTV in tower blocks - more...

Have your say on naked scanners - more...

The Surveillance State will not be beaten at the ballot box - more...

Pre-election warning - more...

CCTV election plege - more...

CCTV Robo-wardens - more...

Naked scanners update - more...

CCTV drones - more...

Naked scanners, naked CCTV and barefaced lies - more...

No CCTV on Red Ice Radio - more...

Scots fast becoming most surveilled in the UK - more...

Government appoints CCTV yes man - more...

BBC runs prime-time advert for CCTV game - more...

CCTV in Scotland: Broken Record - more...

Watch No CCTV's presentation - more...

ICO complaint seeks to halt CCTV game - more...

ANPR - policing by consent? - more...

Intenet Eyes - more...

Project Javelin - more...

Hounslow's ''Promise 10'' - more...

Silly Season, Schools and CCTV - more...

BBC breaches charter - more...

CCTV makes crime go up! - more...

CCTV Agenda creeps forward - more...

ANPR - the expanding network of checkpoints - more...

Proposed bill - CCTV expansion in disguise - more...

Students fight school CCTV - more...

Police's surrealist CCTV poster - more...

Victory in police surveillance case - more...

Study confirms ineffectiveness of CCTV - more...

Google Street Update - more...

Anti-CCTV advertising campaign - more...

Surveillance related consultations - more...

Councils misuse of surveillance - more...

Pub Landlord's CCTV victory - more...

Google takes curtain twitching to a new level - more...

Police admit storing images - more...

Back door CCTV expansion - more...

CCTV in pubs - more...

Modern Liberty Convention - more...

Surveillance report slams CCTV - more...

CCTV case at High Court - more...

Forest Fields Folks Against CCTV - more...

Cowley Road CCTV switched on - more...

Play the CCTV Treasure Hunt - more...

CCTV spies on diners - more...

2009: will decision makers heed CCTV warnings - more...

Beat the recession - cut CCTV - more...

London: In the Kingdom of Big Brother - more...

Update: CCTV sanity in Devon - more...

UK and Iran agree on CCTV and Human Rights - more...

Senior police officer calls for CCTV debate - more...

DPP slams surveillance state - more...

Body cams - more...

Freedom Not Fear - more...

CCTV in schools update - more...

Guilty...until we get the CCTV clock fixed - more...

NO CCTV in L'Express - more...

NO-CCTV finds the plot - more...

CameraWatch call for ''upgrades'' - more...

Blackpool CCTV review - more...

More evidence against CCTV - more...

CCTV industry calls for more cameras - more...

Security expert's CCTV warning - more...

Brown sexes up CCTV - more...

David Davis resigns - more...

China's CCTV laboratory - more...

Halt CCTV expansion - more...

UK surveillance sharing - more...

Cowley Road CCTV delays - more...

National cctv strategy starts to bite - more...

cctv in schools - more...

Police admit crime falling - so why install CCTV? - more...

CCTV sanity in Devon! - more...

cctv is a waste of money - more...

No cctv at oxford radical forum - more...

Internet Eyes, the Information Commissioners Office and media politics - 28/9/2011

"Let's bury our bad news on a busy news day" - disturbing ICO revelations on 'International Right To Know Day' - A Privacy International Report

ICO response
Freedom of Information ICO style

Privacy International has frequently criticised the UK Information Commissioner's Office (ICO) for shortcomings ranging from timidity to technical ignorance. However material just received from a Freedom of Information request to the Office reveals that the regulator has crossed a line from incompetence to possible malpractice that is serious enough to warrant a Parliamentary investigation.

The ICO has responsibility for the operation of both the UK Data Protection Act and the UK Freedom of Information Act. This dual responsibility is not unusual in the regulatory world, though the combination can lead to a conflict of interest when it comes to FOI requests about the Commissioner's Office itself.

Background

In June 2011 the ICO threw out a complaint [1] by PI and No-CCTV against a company called "Internet Eyes", which is a subscription site offering a cash bounty to anyone who scans online CCTV images and reports alleged shoplifters. We asserted that the enterprise was in breach of data protection but the ICO disagreed, deciding instead to allow the company to proceed subject to signing an undertaking of good behaviour [2].

At the time Privacy International described the decision to mandate bad information practices through an undertaking of good conduct as being the equivalent of "requiring the doctor for a prison execution chamber to sign a Health and Safety undertaking". In our view Undertakings have become an easy way out for the regulator and for transgressors. In many circumstances they are a licence to conditionally continue bad privacy practices.

The decision alarmed many rights advocates but did not come as a surprise to PI, which in almost twenty years has almost never secured a successful complaint with the ICO even when colleague commissioners across Europe had supported our position. This was the case particularly with fingerprinting of school children, Google Street View, wireless network harvesting, privacy settings on Social Networking sites, online advertising, financial privacy, data sharing, electronic visual surveillance, road & traffic surveillance and regulation of offshore Internet companies.

The decision to require an undertaking, although constituting ninety percent of all regulatory action by the ICO, is subject to no formal guidance. Senior officials at the ICO clearly recognized that the decision to issue an Undertaking was an error of judgment, but by the time they had learned of the decision the course of action could not be reversed. They instead decided to engineer aggressive media management to bury a potentially critical news story.

The ICO, which is in effect a quasi-judicial body, had in our view always exhibited a bizarre internal culture that was far removed from the consistent advocacy demonstrated by some other regulators. It has traditionally taken a pragmatic rather than a principled position on privacy issues, hence the almost complete absence of judgments in favour of stronger privacy.

Freedom of Information request

PI and No-CCTV decided to lodge a Freedom of Information (FOI) request with the ICO to discover the rationale behind its decision to refuse our complaint against Internet Eyes, requesting all memos, emails and correspondence relating to the matter. This was submitted in mid June. The ICO responded by stalling the application:

I can confirm that we do hold the information you have requested.  However we consider that the exemption at section 36(2) (b) (ii) of the Freedom of Information Act 2000 applies to this information.  This allows information to be withheld from a response to a request for information under that Act if the disclosure of the information "would, or would be likely to, inhibit ? the free and frank exchange of views for the purposes of deliberation ?"

  Thus the regulator responsible for FOI used a contentious and controversial exemption to stall a request for information about its own activities. While arguing publicly that FOI could not be exempted to save embarrassment the Commissioner's Office had used it to disguise its own embarrassment.

However on 11th August we received some material relating to our request [3]. Almost thirty percent of the correspondence was blacked out, something we'll be asking questions about in due course, but the exposed content provides a devastating insight into the attitude and modus operandi of the ICO.

In short, the ICO was deeply concerned about possible adverse press coverage from its decision and conspired to bury the story on a busy news day. This effort together with associated aspects raises a number of crucial questions about the ICO's competence and integrity.

It's understandable at some levels that on 6th June Senior Press Officer Kirsty McCaskill sent an email to Deputy Commissioner David Smith asking

Can we time the letter arriving with Privacy International with our news release going out? Want to minimise risk they'll go out and do their own statement without our side of the story being ready.

The effect of this strategy is that the complainant receives the judgment on the same day that a crafted media release is distributed by the regulator. Thus there is no opportunity for the complainant to carefully analyse responses to complex judgments in advance of media interview requests.

  There's a view that any organisation  - even a quasi-judicial organisation - has the right to ensure that its genuinely held beliefs receive a fair hearing. We accept that there's some basis for this view but we believe that it is poor practice for a regulator to play media politics.

Spinning the story

However the next day David Smith was again approached in the following terms:

it has occurred to us that the ICO may not wish this release to stand out from the crowd - maybe it world (sic) be better to send the letter today and publish Wednesday or Thursday this week to 'bury' it amongst others?

Some readers may recall a memorable firestorm just after 11th September 2001 concerning Jo Moore, disgraced former Special Adviser to Stephen Byers, then Minister for Transport and Local Government. A leak revealed that on the day of the terrorist attacks Moore had circulated an email suggesting:

It's now a very good day to get out anything we want to bury. Councillors' expenses?

Kirsty McCaskill again wrote to Diane Slater and David Smith:

Yes, we would ideally not want this to attract much publicity but as Privacy International is the complainant this is no easy task. No doubt they will issue their own response proactively as soon as they receive our letter. We will do our best to draft a news release asap this week and will co-ordinate timings so that the letter hits Privacy International at the same time as sending out our news release. Will do our best to try to pick a day when it looks like a busy news day out there but - as you'll appreciate - this is difficult to predict.

Again, the clear message is "let's bury the story".

We might have expected that such behaviour would spark the ire of senior management, along with some form of disciplinary action. However the ICO's Head of Strategic Liaison, Jonathan Bamford responded to ICO staff with the following advice:

On a general point of caution I think it is possible that we will get FOIA requests for our deliberations on this issue? I think we should all bear that in mind when deciding on the language we use in our email traffic?

  We would have very much liked to see the correspondence that directly relates to the ICO's "investigation" of Internet Eyes, but that correspondence has been withheld.

Cultural dysfunction

PI has condemned the ICO on countless occasions such as:
https://www.privacyinternational.org/blog/uk-information-commissioners-office-case-justifiable-assisted-suicide
http://www.infosecurity-magazine.com/view/1482/privacy-international-slams-ico-ruling-on-google-street-view/
http://www.itpro.co.uk/630649/privacy-groups-lambast-ico-after-bt-decision
https://www.privacyinternational.org/article/civil-liberties-groups-say-uk-information-commissioner's-office-not-fit-purpose
and https://www.privacyinternational.org/article/pi-calls-review-uk-privacy-regulator-following-series-failed-judgements

What these statements demonstrate is a fundamental tension between the regulator and advocates and a belief that the ICO has failed to advocate for rights and is therefore not fit for purpose.

However the latest disclosures take this tension to a new level. Until now we had understood the ICO to be a fundamentally misguided organisation with a dysfunctional culture. What we now realise is that at least part of the culture is malicious and behaves no better than what you might find in a combative corporate press office. Again, it is crucial to recall that the ICO is a quasi judicial body.

One of the key issues identified by the disclosure is a claimed chaotic and misguided culture within the ICO's organisation. We do not argue that the entire office is hostile to privacy rights, but the prevalence of a culture of negotiation has paralysed an institution and created a culture that is not only in confusion, but also which is in conflict. The ICO enjoys a reputation as "guardian" of rights, and never seeks correction when media describes it in those terms. However when deliberating on issues the Office reverts to a pragmatic framework with an overriding imperative of protecting economic interests.

We are conscious of the complexity of these issues and that in the regulatory context the malaise extends far beyond the ICO. In April 2009 PI issued a statement [4] condemning the ICO's failure of process.

  Privacy International believes that alongside the problem of rampant pragmatism within the ICO, the Office lacks appropriate technological awareness. We believe the Office urgently needs to establish a Technical Advisory Board to help it understand the true scale of threats from new technologies? Of equal urgency is the matter of process. If the ICO is to determine public interest and pragmatic reasoning it should publish guidelines to these determinations. It must also demonstrate a greater regard to openness in its dealings with government and commercial organisations.

The statement continued:

While it is true that Privacy International often brings difficult and complex cases to the ICO, it is equally true that the tone of the responses is increasingly defensive and political in nature. We fear that the Commissioner is content to uphold fringe cases of occasional security abuses while allowing new technologies and technologies to cut a vast swathe through privacy.

Some key questions

The information reviewed here raises a number of troubling questions that we feel must be resolved openly and speedily. Among these are:

  1. To what extent are the processes within the regulator's office driven by a preoccupation with perception management and is this priority appropriate for a quasi-judicial body?
  2. To what extent is specific enforcement action on complaints pre-determined and what is the basis for this pre-determination?
  3. What is the precise role and mandate of the regulator's press office and is it appropriate for press management to be conducted by an external party outside the culture of the regulator?
  4. Precisely how does the regulator determine the efficacy, appropriateness and outcome of measures such as Undertakings and Enforcement Notices?
  5. Who - if anyone - within the regulator's office is responsible for monitoring the overall ethical conduct and procedure of a complaint?
  6. Should a regulator conduct investigations in the "public interest" in secret?
  7. How sustainable is it for a regulator to decide issues outside a clearly stated framework of reasoning?
  8. To what extent should a regulator consider its own media management as being more important than deliberating the virtue and relevance of the information itself?
  9. Is it appropriate for the regulator responsible for Freedom of Information to use contentious exemptions in the law to obfuscate its own processes?
  10. To what extent does the regulator rely on technical expertise in its deliberations and does it have appropriate technical resources at its disposal?

Getting it right for the future

Successive Commissioners have told us that civil society has the "luxury" of freedom to act and speak however we choose without legislative restriction. They argue that they must retain an impartiality and detachment that prevents them for taking an advocacy position on issues. This is not our reading of the Data Protection Act, nor is it an interpretation made by many regulators.

However if we are to accept that the ICO must maintain judicial standards of behaviour then the machinations underlined by the latest disclosure are completely unacceptable.

Endnotes:

For more background on the Internet Eyes game see:


Posted in Anti-CCTV general - 28/9/2011

email:   rss feed