Wednesday, 16 September 2009

Fisking Dominic Grieve

Over at the future-prediciting ConHome, Dominic Grieve will apparently say later today how he intends to reverse state surveillance:

1. Scrapping the National Identity Register and ContactPoint database.

Well, that's off to a good start. But what about all the other snooping databases, Dominic?

2. Establishing clear principles for the use and retention of DNA on the National DNA Database, including ending the permanent or prolonged retention of innocent people's DNA.

Well, there are already clear principles here, they're just shit principles. But getting rid of innocent people's DNA is another good step forward.

3. Restricting and restraining local council access to personal communications data.

It sounds good, but how much restraining are they actually going to do? I would be happier if he said: "councils can go fuck themselves and get a court order if they want to spy on someone". This sounds like bullet point fodder, words that say nothing but sound vaguely good.

4. Reviewing protection of personal privacy from the surveillance state as part of a British Bill of Rights.

Ugh. This is a horribly statist thing to say: "the state will give you these rights and freedoms". What I'd far rather the "British Bill of Rights" said was "the state is entitled to manage those things enshrined by law, you can do whatever you like outside that. And equally, outside that, the state can go fuck itself." Which is, in effect, the bill of rights you have today.

5. Strengthening the audit powers and independence of the Information Commissioner.

Sounds nice, but really, so fucking what? He's done absolutely nothing so far, and we're practically living under the Stasi already. Increasing his audit powers is going to mean more jobs for the Information Commissioner. W00t. Just what we fucking need, more state. Yay. Go Dominic!


6. Requiring Privacy Impact Assessments on any proposals for new legislation or other measures that involve data collection or sharing at the earliest opportunity. Require government to consult the Information Commissioner on the PIA and publish his findings.

Or in other words, "more paper shuffling jobs for the state's boys". It's clear from this kind of crap that Grieve has no minarchist tendencies whatsoever.

7. Immediately submitting the Home Office's plans for the retention of, and access to, communications data to the Information Commissioner for pre-legislative scrutiny.

Woo. Well, given that the useless cunt is just another government-appointed stooge dependent on having at least some surveillance to justify his job, I can see this is going to be really, really useful.


8. Requiring new powers of data-sharing to be introduced into law by primary legislation, not by order.

Really? Why not just fucking make it illegal, Dominic? We got as far as 1997 without needing widespread data-sharing at all. But since Labour have created a bunch of made-up threats we now have state-created excuses for state sharing of data. How fucking convenient!

You don't need to share data with fucking councils, or the National Potato Board or OffFuck. So just don't fucking do it.


9. Appointing a Minister and senior civil servant (at Director General level) in each Government ministry with responsibility for departmental operational data security.

Ahhh, I love the smell of jobs for the boys in the morning. Tell me, Dominic, WHAT THE FUCKING FUCK DO YOU THINK THIS IS GOING TO ACHIEVE?

It just means you're going to have someone to sack or someone who is Teflonned enough to avoid it. It's not going to do a single fucking thing to actually improve security.

Here's how to actually prevent data loss by incompetent civil servants (and MPs!) -- you'll like this, Dominic, because it's a) cheap; b) easy to fucking do and c) absolutely foolproof:


10. Tasking the Information Commissioner to publish guidelines on best practice in data security in the public sector.

Ooh, "guidelines on best practice", that will make it all better. Listen, fuck features, I've actually done a bit of data security consulting in my life and "guidelines on best practice" don't mean fucking shit if you allow people to take the data out of the building. In fact, they don't mean fucking shit ever.

Proper security is bloody fucking difficult. It's a pain in the arse for every fucker concerned. The best security also means they worse usability. The best usability means the worst security. The easiest way to make sure that you have good data security is to drastically reduce the amount of sensitive data that you hold. Since no fucker has made the case for the reams of data that you do want to hold, just stop trying to keep it.

Some fucking "best practice guidelines" will be as much fucking use as Airmiles.

11. Tasking the Information Commissioner to carry out a consultation with the private sector, with a view to establishing guidance on data security, including examining the viability of introducing an industry-wide kite mark system of best practice.

A kite mark? You fucking idiot! You fucking, fucking imbecile! The fucking "industry" doesn't need a fucking kite mark, you fucking spazmong! We already have fucking Sox compliance, HIPAA compliance, any fucking number of PCI requirements along with whatever industry regulatory requirements there may be (and some of these are frighteningly onerous.)

So the absolute last fucking thing "industry" needs is another pile of of fucking requirements from a bunch of interfering fuckwits who really do need to "remove the beam from their own eye", as it were.

And there we have it: the Tories are going to reverse the surveillance state by doing a couple of half-hearted twiddlings around the edges, creating a whole bunch more "jobs for the boys" and having the sheer fucking gall to hector the private sector into doing more to protect our data.

Colour me unimpressed

Update: Carswell is also unconvinced.


Nick said...

MR Clown Big Brother, no strike that, Big Gordon is watching you.

TheFatBigot said...

There is no need for a regulator at all on issues of surveillance. The law should be clear and infringement subject to criminal penalties with a right for any individual affected adversely to claim compensation either through the courts or through an ombudsman scheme.

Involving a regulator is just a recipe for buck-passing. When something bad happens the politicians say it's the regulator's fault and the regulator produces reams to paper to show all proper boxes have been ticked. Result: nobody is held accountable.

Either a particular example of surveillance is allowed by law or it is not; define the law clearly and there is no scope for confusion.

More importantly, if the legitimate scope of official snooping has to be defined in primary legislation, it is easier to avoid creeping extensions by stealth.

John Steed said...

Isn't Babylon going to get seriously fined by the E.U over non compliance in the Marper ruling?