Spy Blog - SpyBlog.org.uk

There is a lot to digest in the Conservative / Liberal Democrat coalition government's

Protection of Freedoms Bill

which seeks to undo some, but not all of the damage inflicted on our freedoms and liberties and on the public purse, by years of neglect, bureaucratic red tape, technological and financial incompetence and the authoritarian "Must Pretend To Be Seen To Be Doing Something To Appease The Tabloid Newspapers" legislation and schemes dreamed up by discredited previous Labour government politicians and their "revolving door" apparatchiks and bureaucrats.

Hopefully, if time and other commitments permit, Spy Blog will try to comment on most of the provisions of this Bill.

An acid test of the Labour party since its election defeat will be how it scrutinises and enhances our freedoms and liberties through its Parliamentary scrutiny of this Bill. If it cannot even identify the weaknesses in this Bill and cannot successfully press the Government for positive changes, or it simply moans about "cuts" or just parrots the authoritarian lines fed to it by the control freaks hiding in the secrecy of Whitehall, then it will continue to be an object of hatred and derision. Given the make up of the Shadow Cabinet, the prospect of anything but dismal failure by the Labour party is slim.

Spy Blog originally started out online in 1996 (under the then Tory government) campaigning for a level playing field of legally enforceable, national regulations and standards for the even then unacceptable growth in unregulated CCTV surveillance cameras intruding on personal privacy and security in public and private spaces.

Although many years too late, it is welcome to see a start in this direction with the Statutory Code of Practice / Surveillance Camera Commissioner scheme proposed in the

Protection of Freedoms Bill Part 2 Regulation of surveillance Chapter 1 Regulation of CCTV and other surveillance camera technology

CCTV is not just about cameras but about linked Databases and Software

This Bill fails to acknowledge the fact that Closed Circuit Television is no longer just about Analog CCTV surveillance cameras and VHS analog tape recordings, but it is mostly about Digital Cameras and cross referenced, cross linked Computer Databases and Telecommunications Infrastructures. They also now work in multiple parts of the electromagnetic spectrum, not just in the visible light part of it.

The Code of Practice and the Surveillance camera Commissioner should have powers and budgets to deal with complaints and abuses about these technologies, which are already available or under development today.

There is a mention of one form of Software enhancement ot CCTV surveillance, that of Automatic Number Plate recognition, but other attempts at Software enhancements such as Facial Recognition databases, Lip Reading software (which can snoop on conversations out of earshot but in sight) , Gait biometrics (how individual people walk or run) , multi-spectral e.g. thermal Infra Red imaging (e.g. snooping on private houses, from the road or from the air, which seem to be radiating "too much" heat, and then kicking the door in, searching for illegal cannabis growing hydroponics systems) are ignored.

There is no mention of the various "See through Clothes" / "See through walls" spy camera imaging systems, which must also be nationally regulated.

Statutory Code of Practice does not cover all public bodies

Although it applies to Local Authorities , Police Forces and Police Authorities, this Bill does not apply to Whitehall Central Government Departments or their Agencies .

Why not ?

Surely the Bill, which specifically mentions Automatic Number Plate Recognition (ANPR) should also apply to the Highways Agency and the profusion of cameras and public and private sector ANPR systems e.g. the thousand of TrafficMaster ANPR cameras, on Motorways and A roads, as well as those operated by Local Authorities on minor roads ?

Motorway Road Works now routinely use SPECS camera systems to enforce the 50 mph speed limit, by taking ANPR images of all vehicles entering and leaving the road works and then calculating the average speed over the measured distance. What happens to the millions of such images taken each year, logging the time and date and location of millions of innocent motorists. Surely these should not be excluded from regulation by this Bill, because they are not operated by either the Police or a Local authority but by the Highways Agency ?

Transport for London controversially hands over all of its CCTV footage, from the London Congestion Charge and London Green Emissions Zone ANPR cameras, video feeds from its Traffic Cameras and from those on the London Underground "In real time, in bulk" to the Metropolitan Police for "national security" secret data mining and trawling, not just for any specific, targeted investigation. The notorious Labour Home Secretary Jacqui Smith signed a Ministerial Certificate exempting this data from the Data Protection Act. Why does this Bill not correct that vast extension of the Database Surveillance State ?

What about the CCTV / ANPR within the National Health Service or in Schools or Universities ?

What about Private Sector properties which are actually public or semi-public spaces like shopping centres, sports arenas , cinemas or theatres etc. ?

What about Factories and Offices and other private sector workplaces ?

Why are any of these CCTV / ANPR systems exempt from this Bill ?

National Security

There is no mention of the use or abuse of CCTV and ANPR Cameras and databases by the Intelligence Agencies or the Military Armed Forces.

National Security must not be glossed over or left to an obscure section in the the as yet unwritten Code of Practice.

There should be explicit provisions in the text of the Bill for authorising the temporary use of CCTV cameras and ANPR systems for "national security" directed or intrusive surveillance.

Where there are permanent "national security" CCTV / ANPR systems e.g. at Airports or Sea Ports and Fright Container Terminals etc. , they must be regularly inspected and reported on. If they are to act as a deterrent to criminals, spies and terrorists. The Surveillance Camera Commissioner must publish annual statistics as to their effectiveness.

If this highlights potential weaknesses and failings e.g. CCTV systems which are poorly maintained due to "budget cuts", a fact which which may conceivably be "of use to a terrorist" etc., then so be it.

It should be the duty of those running such systems to ensure that there is adequate management resources and budgets to tighten up any such loophole as son as they are found. Keeping them secret from the public, but almost certainly not secret from insiders and terrorists or espionage agents, is the worst possible way of running such schemes and any managers of such schemes should be named and shamed and prosecuted for misfeasance in public office if they persist in doing so.

Any such "national security" permissions should only be temporary and should have to be re-applied for and re-authorised every 6 months, just like RIPA interception warrants.

Remember that the controversial Project Champion ANPR / CCTV system involving the planned use of hundreds of cameras to create an electronic ghetto / political activist mass surveillance monitoring scheme, in a couple of areas of Birmingham with a large Muslim minority (but also snooping on the innocent majority of people of all religions and races) . This was a "counter terrorism" funded scheme which was sneaked in as a supposed "normal policing" anti-crime measure, inflicted on the local Police and Local Authority.

These extra "national security" scrutiny provisions should also apply to any systems commandeered or volunteered for use for "national security" purposes which are not wholly owned or operated by the Police or the Intelligence Agencies e.g. by Local Authorities or by private sector security monitoring companies.

Surely the Surveillance Camera Commissioner should have to give his temporary permission for any such, hopefully more narrowly targeted schemes ?

See Through Your Childrens' Clothes Imaging Cameras

See through your clothes passive millimetre wave or Backscatter X-ray or TeraHerz or Ultra Wide Band imaging systems should also be covered by this Bill - they certainly produce CCTV style images.

The use of such "see through your children's clothes 'perv scanner'" technologies should be confined to high security areas like Prisons and not permitted as general snooping systems, especially not in secret, on the public (including children) in the street.

There should be criminal penalties for such abuse.

Aerial Reconnaissance drones

The Surveillance Camera Commissioner must also have powers to regulate to prevent the abuse of the ever cheaper Aerial Reconnaissance drones and robot devices, which are being hyped up in the run up to take a share of the massive London 2012 Olympic Games security budget.

Surveillance Camera Commissioner

The role of the Surveillance Camera Commissioner appears to be the usual "jobs for the boys" sinecure based on the failed attempts to pretend that there is proper public scrutiny of the sometimes necessary state intrusions into our privacy, thorough the RIPA Commissioners, and without even the limited power and budget of the Information Commissioner.

Even the experienced and cynical observers of the UK Surveillance Database State who are regular readers of Spy Blog have difficulty in even naming, let alone trying to contact any of these secretive UK Commissioners.

These RIPA Commissioners may well be excellent people, former High Court Judges, but their roles and powers are deliberately crippled and they do not inspire any confidence amongst the general public, most of whom have never heard of them, let alone know how to contact them, a useless waste of time, since they refuse to deal with complaints from the public.

The Surveillance Camera Commissioner should be given the budget and manpower to employ technical experts as well as administrators and lawyers. The failure to do so has crippled the effectiveness of the Information Commissioner's Office, so this should not be repeated in this new role.

The Surveillance Camera Commissioner must be given the resources to interact with the public and have the power to investigate their complaints. The failure to do this has been a major failing of the RIPA Commissioners scheme i.e. the Interception of Communications Commissioner, the Chief Surveillance Commissioner, and the Intelligence Services Commissioner .

It is unclear what overlap and rivalry there will be between the Surveillance Camera Commissioner, the Chief Surveillance Commissioner, the Intelligence Services Commissioner and the Information Commissioner.

It is extraordinary and hypocritical that whilst another section of the Protection of Freedoms Bill relaxes the control of the Secretary of State / Whitehall department over the budgets and staff approval of the Information Commissioner's Office, yet that outdated model is exactly what is being proposed for the new Surveillance Camera Commissioner, thereby fatally compromising the independence and trustworthiness of the office right from the outset.

The Protection of Freedoms Bill should explicitly include the Surveillance Camera Commissioner as a public body under the Freedom of Information Act, for precisely the same reasons as the Information Commissioner's Office is already subject to it - it meets all the criteria for inclusion in the List of Public Bodies as it will have been set up by an Act of Parliament.

It is an ongoing scandal that the RIPA Commissioners , who have also been created by an Act of Parliament are still not yet classed as Public Bodies for the purposes of the Freedom Information Act.

Why has this Protection of Freedoms Bill not corrected this bit of authoritarian Labour party / Whitehall smoke and mirrors ?

Central registration of CCTV camera systems

One of the stupidest wastes of Police resources is the never ending scramble, going door to door, to find and then "seize as evidence" any CCTV camera footage in a particular area, after a high profile assault, rape, murder, kidnapping or terrorist attack.

Such footage is less and less useful, as time passes after the incident, so any delays in finding such footage are critical.

In a country where every receive only Television set has to have an Annual Television Licence fee paid, it is very surprising to many foreign visitors, that the CCTV camera snooping systems require no such Fee and no local or national registration,

Why does this Bill not mandate the creation of such Local CCTV registers, through the simple inclusion of any CCTV camera system on the exterior of any building, as part of the Local Authority Planning process, which already covers the erection of signs, ventilation pipes and Satellite dish aerials etc. of a similar size and visual impact as CCTV "Death Star" domes ?

Why is there no mandatory (or even suggested) Data Retention period for CCTV video footage, before it is overwritten on tape or on magnetic disk ? It would be trivial to insist on this as part of the CCTV Licence Application, provided that different classes and sizes of systems were sensibly accommodated. A home security CCTV system should not be expected to hold weeks or months of images online, whilst that run by the Police in a City Centre should have the budget to do so.

The Census 2011 media hype is starting to ramp up with this Press Release:

Employees need to know their workplace postcode

where the Office for National Statistics reiterate their bureaucratic desire to snoop on your job / workplace address.

The Census 2011 Questions for England and Wales (.pdf) demand answers about "availability for work" in the past month, treating everyone as if they were all signing on to the dole at the local "Job Centre". They also ask:

33 In your main job, are (were) you:

• an employee?
  
• self-employed or freelance without employees?
  
• self-employed with employees?

34 What is (was) your full and specific job title?

35 Briefly describe what you do (did) in your main job.

36 Do (did) you supervise any employees?

• Yes
  
• No

37 At your workplace, what is (was) the main activity of your employer or business?

38 In your main job, what is (was) the name of the organisation you work (worked) for?

Write in the business name
Or tick: No organisation, for example, self- employed, freelance, or work (worked) for a private individual

[...]

40 In your main job, what is the address of your workplace?

Write in the address. If you work at or from home, on an offshore installation, or have no fixed workplace, tick one of the boxes below

• Mainly work at or from home
  
• Offshore installation
  
• No fixed place

These will not be contentious questions for many people, but for tens of thousands of people, the existence of such a National Database will represent a threat to their personal security or a threat to national security.

The Census 2011 Personal Information data is only Protectively Marked to almost the lowest category i.e. RESTRICTED, but such information like the entire listing of the Names, Date of Birth, Home Addresses, relationship details of Family Members, Job Titles, Employer's Name, Address, Postcode should be classified as SECRET or even TOP SECRET, when it applies, as it does to all UK based members of groups like:

• MI5 Security Service
• MI6 Secret Intelligence Service
• GCHQ,
• DIS Defence Intelligence Staff
• Special Forces like the SAS
• Military personnel
• Police Officers
• HMRC investigators
• Serious Organised Crime Agency officers
• Prison Officers
• Judges
• Prosecutors
• Undercover Confidential Human Intelligence Sources
• People living under Witness Protection Schemes
• Women hiding from their abusive or violent partners or stalkers
• Key personnel who have access to the controls to the Critical National Infrastructure e.g. senior staff at a nuclear power station etc.
• Pharmaceutical Research and Development scientists harassed by animal extremists.

All of these groups and others, normally attempt to keep their Home Addresses or the fact that they work for a particular organisation secret, due to real or imagined threats to their personal security.

The insistence by the ONS on a Job Titles, Employers Address, Location(s) and Post Code(s) etc. effectively tags such personnel to foreign intelligence agencies, crime gangs, terrorists and to stalkers within the bureaucracy..

e.g. Postcodes for

GCHQ at Cheltenham, Gloucestershire - GL51 0EX
MI5 the Security Service at Thames House, London - SW1P 1AE
MI6, Vauxhall Cross, London, SE1 1BD
Sizewell B Nuclear Power Station, Suffolk, IP16 4UR
Huntingdon Life Sciences research laboratories, Alconbury, Cambridgeshire - PE28 4HS

These Census 2011 Questions even fall foul of the former Labour government's controversial "thought crime" legislation e.g.

Terrorism Act 2000 section 58 Collection of information

and

Terrorism Act 2000 section 58A Eliciting, publishing or communicating information about members of armed forces etc

This applies to current and former members of the armed forces, police constable and members of the intelligence services, even ones who have been dismissed from service.

Astonishingly, Section 58A is not going to be amended or repealed as promised before the General Election, according to the Conservative / Liberal Democrat Coalition Government's Review of counter-terrorism and security powers

Section 58A is as yet untested in the Court, however section 58 has been used to send several people to prison who had only collected some personal Information about one single soldier, so it must also apply to those who seek to collect, collate and concentrate such "potential death list" data on all of the people in the UK whose occupations put them and their families at real or imagined risk of violence from foreign spies, serious organised criminal gangs or terrorists.

Both sections have a "reasonable excuse" defence, but that only comes into play after your life has been ruined by being arrested (possibly at gunpoint in a dawn raid, where there is a real risk of getting shot), photographed, fingerprinted and DNA sampled, then charged under Terrorism legislation, thereby blacklisting internationally you for the rest of your life, even if you are acquitted or the charges are dropped.

If the hundreds of thousands of people in the categories listed above are not prosecuted for refusing to fill in a Census Form, or for not filling it in as accurately or as fully as the Office for National Statistics demands, then why should any of the rest of us be forced to do so either, if we feel strongly about particularly intrusive Census Questions ?

The Census 2011 press release:

Employees need to know their workplace postcode

Businesses throughout England and Wales are being asked by the Office for National Statistics (ONS) to make sure that their employees know the postcode of their place of work so that they can record it on their 2011 Census questionnaires in March.

Knowing their workplace postcode is a key piece of information that feeds into the overall picture of life in England and Wales. Details of where people live, where they work and how they travel to their place of employment provide important statistics for transport planning and other strategic decisions.

The address and postcode of the employer is one of a number of questions contained in the census questionnaire about jobs, place of work, hours of employment and methods of travel to work. Answers to these questions help to build a profile of the economy of England and Wales and provide the foundation for other labour market and economic statistics published by ONS.

Note that the ONS makes no provision for simply filling in, say only the first 4 digits of the Post Code, which would be more than adequate for such planning purposes,.

Why should we let them be so unnecessarily intrusive ?

In the 2001 Census, nearly 8 per cent of questionnaires did not include a workplace postcode. In some parts of the country, the figure was as high as 18 per cent and large number of calls were taken by the census contact centre from people who were unsure about their work address.

8 per cent must be about 2 million questionnaires.

How many of those people were prosecuted for not filling in a "workplace postcode" ?

Possibly none of the 38 prosecutions since 2001 were only for this.

Deputy 2011 Census Director, Pete Benton, said, "While everyone is likely to know their own postcode at home, many won't know the postcode of their workplace.

"As well as asking for an employer's name, the questionnaire also asks for an address and postcode. While the internet makes it easier to look it up, not everyone has access to the web so we are asking all employers to make sure that their staff have the right information to enable them to complete this section of the questionnaire."

As well as underpinning the planning of public services, census statistics are also used extensively by the private sector. Information on such things as the skill and age profile of the workforce and where people live can help businesses to decide where to place new offices, factories and other places of work and what training they need provide for their employees.

So that would be the very definition of "excessive data collection" then: the collection of extra detailed information which is not directly relevant to an individual's daily life.

Dr Adam Marshall, Director of Policy at the British Chambers of Commerce said, "Businesses need this information to be able to make the right investment decisions. Census statistics can affect plans for business expansion and new industry, so it is worth making sure staff know their postcodes before completing these surveys.

From a purely selfish, profit centred, perspective, why should an established business make it easier for new competitors to start up, or for old ones to expand ?

All the relevant information about home addresses and work addresses is already known by the Government regarding the vast numbers of people who work in the public sector. Each Government department could collate and anonymise and transparently publish this information about itself on its own website or on a shared transport planning website.

"Having the right transport infrastructure in place is part of this overall picture and something as simple as making sure that your employees know their workplace postcode can really help this process."

Previous Census data has not succeed in producing "the right transport infrastructure", in the past, due to all of the other political and financial factors, so why should it be any different with the Census 2011 ?

There is an unacceptable cost to personal privacy and security, because the Census Questions are too detailed and too intrusive .

Remember, that for the England and Wales Census 2011, there is no longer any guarantee that your Personal Sensitive Information will not be handed over, on pain of up to 2 years in prison under the Census Act 1920, in secret, to a vast array of Government agencies and others, as a result of the wide ranging Exemptions introduced by the former Labour government's Statistics and Registration Service Act 2007 section 39. Confidentiality of personal information

Census Day is 27 March 2011 and more information is available from www.census.gov.uk
-Ends-

For further information, images and interviews:

Press Hotline: 01329 447654

Email: 2011censuspress@ons.gsi.gov.uk

Visit: www.census.gov.uk/2011press

Twitter: www.twitter.com/2011censuspress

Some University College London students and others, have been trying out their Web 2.0 skillz by producing a smartphone App and Location Based Services web map called Sukey, in support of the student / anarchist protests, which are nominally about the Conservative / Liberal Democrat coalition Government financial cutbacks, due to the appalling state of the economy, which was ruined by the incompetence of the previous Labour government.

"Sukey" is meant to be a pun on the nursery rhyme "Polly put the kettle on, Sukey take it off again"

"Kettling" is the police jargon for the controversial tactic of surrounding crowds of peaceful protesters and preventing them from dispersing and going home for several hours, even when they are fed up with the protest. Demonstrators are also photographed and video surveilled and attempts are made to gather names and addresses from those who are ignorant of their legal rights not to do so unless actually arrested.

Despite making bold claims about the "security" of Sukey e.g. "Sukey is safe" and "Your data is safe with Sukey" here is nothing about any mobile phone anonymity techniques which might pose some problems to securocrats and their automated Single Point of Contact systems for grabbing Communications Traffic Data and Subscriber Details from mobile phone network companies

There is not even any basic advice about (not) taking anything but untraceable, disposable mobile phones to a demonstration or protest.

http://sukey.org/summary

Sukey

A tool for non-violent demonstrations.

Which, if it actually works, can also be easily misused by others.

Objective

To keep peaceful protesters informed with live protest information that will assist them in avoiding injury, in keeping clear of trouble spots and in avoiding unnecessary detention.

The application suite gives maximum information to those participating in a demonstration so that they can make informed decisions, as well as to those following externally who may be concerned about friends and family.

It should make full use of the crowd in gathering information which is then analysed and handed back to the crowd.

Success Criteria

The success of the project will be measured by user feedback according to the primary and secondary success criteria listed below.

Primary

Keeping people safe on demonstrations.

Anyone can use it.

Ensuring protesters are kept informed of the official demonstration route together with en-route amenities (eg WiFi, Toilets, Tube stations, First Aid, Coffee shops, Payphones etc).

Secondary

Provide a live viewing platform for interested parties not at the demonstration.

Which will also provide a Communications Data analysis and data mining opportunity for UK police and intelligence agencies, foreign intelligence agencies and corporate spies.

Key Elements of Solution

1. How we can help you to help each other

Website

Inform and educate.

Find out what is going on as it happens.

No matter what happens, sign up to the free SMS system.

SMS text messages are never free of charge.

Who is paying for this ?

What's in it for the user?

What are you getting?

Stay informed and make the right decisions during the demonstration.

Avoid trouble spots and risking injury.

Get live demonstration news as it happens.

Allow political organisers and manipulators to track the progress of the demonstrations they have organised, remotely, at a safe distance.

Allow political organisers and manipulators to feed false information to the police etc. and to manipulate some or all of the demonstrators into creating diversions to allow either peaceful media stunts or violent attacks, unhindered by the police etc.

Allow the forces of law and order / repression, yet another intelligence source to help to track the demonstrations they are policing or repressing, remotely, at a safe distance.

Why contribute information?

Help other peaceful demonstrators.

Provide an accurate view of events as they happen.

Accurate ? Just the facts, with all of the facts, with no political bias at all ?

Even large , well funded media organisations and the police are not capable of doing that.

Show what goes on in protests.

We exist to support decisions - be a part of it.

2. Sources of information

Information sources

Information crowd sourced from demonstrators out on the street.

Text

Photos

Video

The Sukey website urges people to publish digital photos to Twitpic and / or Flickr, but
it does not provide any of the easily available automatic software tools or even any advice, about removing or anonymising some or all of the Exif meta data embedded in such images, which can and will be used to help hunt down protesters and to prove that the photographers were present at a particular location and time.

None of the #sukey tagged photos on Twitpics, for example, appear to have had their Exif metadata removed, there are a couple examples of photos published from HTC Desire HD and HTC Wildfire phones

Up to the minute information from social and traditional media.

Other Options

3. Information Presentation

Simple to use, uncluttered display

Must have a degraded version for lower spec phones

Must show freedom of movement and support fast decisions

4. Back End Data Processing

Use of Swarming Algorithms

It seems unlikely that existing Swarming Algorithms which simulate animal behaviour in unconstrained free air or water space, can be directly applicable to the behaviour of crowds of humans

Computer simulation modelling of the various permanent and temporary barriers to movement across all of the streets and protest target buildings of central London, is far harder than the existing state of the art studies and simulations of people flows in comparatively simple and well controlled sports stadia or airports or railways stations etc.

Use location data to detect freedom of movement

Presumably the mean Twitter and Google GPS data rather than GSM or 3G mobile phone cell transmitter Location Based Services data and triangulation.

Prioritisation of Messaging and Reports to and from crowd

Coalesce multiple reports of same event

Exactly the classical real time Command and Control problems faced by those who are policing such demonstrations.

There seem to be some reports that Sukey.org might be using the open source crisis mapping tool SwiftRiver to try to achieve this.

Must process footpaths and open spaces - not just roads

5. Security

User Security

No user identifiable data to be stored. Ever.

Regular User Security reviews throughout build

Encrypt locations on data requests

This is all very misleading !

This encryption of cannot do anything to hide the Communications Traffic Data cell phone Location Based Data Services and Subscriber Details ,which are controlled by the mobile phone networks and third party companies like Twitter and Google.

Such Communications Traffic Data is automatically handed over to the police and intelligence agencies, without any Court Order or Judicial Warrant of any sort, under the Regulation of Investigatory Powers Act 2000 Part 1 Chapter II Acquisition and disclosure of communications data

Neither the student protesters nor the Sukey App developers and operators have any control over this at all..

Neither do they have any control over the Google Latitude system, which they are encouraging people to sign up their smartphones to, and then to allow Sukey.org to track via Google Maps. What difference does any Sukey.org encryption make, when Google retains all your data and then sells or gives it law enforcement or intelligence agencies as requested ?

Encryption Keys to be generated either by users or automatically and undiscoverable by team.

Junk all identifiable data from Apache logs

System Security

Protected from DDOS and seizure

Hacksafe

Multiple routing options

Multiple servers/server locations

Multiple resilient, secure computers and communications infrastructure cost money.

Who is paying for this ?

Who exactly is in charge of the Sukey system ?

The "Security overview" page is partly re-assuring, but also rather worrying.

http://sukey.org/securit

Sukey is safe

At the very earliest stages of building Sukey we had a meeting where we divided the team into groups. The groups were: Data Input, Data Processing, Presentation, Security. In other words, security has been a key issue right the way through Sukey's design and build and has received as much focus as any of the more visible aspects of the project.

The team members involved on the security side are a mix of commercial information security experts and computer nerd under/post graduates who love nothing better than a complex algorithm. One of our key team members has technical commercial data security patents in his name and has provided information security consultancy to IBM, Lockheed Martin, and to the NHS.

All data received by Sukey is anonymised using secure encryption that is known to be unbreakable in less than 10 years using current computer technology. The process we use ensures that we can't decrypt any personal identifiers in the information sent to us. Even with a court order.

Attention to detail on security has been a hallmark of the project â€" both person identifiable security and the overall security and resilience of the Sukey service against infrastructure attack or failures.

Your data is safe with Sukey.

Is it really ?

The use of encryption does not automatically mean anonymity for users of or contributors to Sukey.org.

Following It would be much more reassuring if the Sukey.org people mentioned exactly which encryption algorithm they were using, instead of making speculative claims about its alleged strength. The fact that they have not done so gives rise to the suspicion that they have attempted to write their own encryption software, an approach which is fraught with danger for the users of Sukey.org.

What is wrong with using standard AES 256 encryption via a TLS session, especially for data which will be out of date in less than an hour after which it should be securely deleted from computer memory and never needs to be stored on a computer hard disk at all ?

it would be more impressive, if the Sukey.org team with their "attention to detail" had actually demonstrated their commitment to the use of strong encryption, by running a https:// session encrypted version of the Sukey.org website . However there is currently no Digital Certificate installed.

Similarly, there is no published PGP Public Encryption and / or Digital Signing Key available either, only Google gmail accounts, which are vulnerable Mutual legal Aid law enforcement requests

It looks as if the Sukey.org team need to be reminded that "Even with a court order." is irrelvant in the United Kingdom, - no court order is needed by the Police for access to Communications Data ( which must be Retained for at least a year) and none is required for Cryptographic Keys either.

The Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption etc. does not require a Poice constable to get the prior permission of any Court, before serving a Section 49 Notice on someone , forcing them to hand over their cryptographic de-cryption keys , or the de-crypted plaintext. A Court only comes into play if and when you are deemed to have refused to comply with such an order, when you are facing up to 5 years in prison or up to 10 years in prison if the magic words "national security" are mentioned.

It will be interesting to see if the Sukey.org team does actually release its software source code to the public as it has promised, whilst it works on an improved version for the next protest.

Until they do so, you should avoid using the Sukey.org App and website, from anything except an anonymous mobile phone, unless you wish to attract Police , Intelligence Agency and corporate surveillance onto yourself and your family, friends and business associates,

If Sukey is not (yet) suitable for the streets of London, then it would be positively dangerous to deploy it or anything similar, in trouble spots like Tunisia or Egypt etc.

N.B. mobile phones actually require quite a bit of effort to initially obtain and maintain in an untracked, anonymous state.

See our website http://ht4w.co.uk. Hints and Tips for Whistleblowers etc. which covers some basic mobile phone anonymity techniques, removing Exif meta data from digital images, and some other anonymity techniques.

HC Deb, 24 January 2011, c35

Members: Surveillance
Prime Minister
Written answers and statements, 24 January 2011

Jonathan Edwards (Carmarthen East and Dinefwr, Plaid Cymru)

To ask the Prime Minister whether there have been any changes to the Wilson doctrine since May 2010.

David Cameron (Prime Minister; Witney, Conservative)

No.

Technically this one word answer is a re-affirmation of the Wilson Doctrine, espoused by the then Labour Prime Minister Harold Wilson in 1966, that no Member of Parliament's telephone shall be tapped, unless there is a major national emergency, and that any changes to this policy will be reported by the Prime Minister to Parliament.

No doubt some Downing Street apparatchik thought that he was being clever by draughting this one word "No" Parliamentary Answer, but the political effect is to make David Cameron appear as arrogant and uncaring about our freedoms and liberties, as his control freak Labour predecessors Tony Blair and Gordon Brown.

Back in 1966, most people did not have direct dial international phone lines, let alone facsimile machines or mobile phones or the internet.

The Wilson Doctrine has been re--affirmed by every Prime Minister since Harold Wilson, and has been extended to cover Peers of the House of Lords as well as Members of Parliament in the House of Commons. It is also meant to cover mobile phones and computer telecommunications.

There is no reason why it could not or should not be extended to cover the elected Members of the Scottish Parliament, the Welsh Assembly, the Northern Ireland Assembly and the European Parliament.

All of these are democratically elected by the same British electorate who lend their power to the Parliament in Westminster.

The Wilson Doctrine is not meant to help financially or morally corrupt or treacherous politicians hide their crimes and scandals, but it is vital to give the right signals to the electorate, that their communications with their elected representatives will not be snooped on by the Government, especially when they are complaining about Government policies or are whistleblowing and exposing the incompetence or wrongdoings of Government bureaucrats.

Interestingly, it was left to a Welsh Nationalist MP to ask this important question about the Wilson Doctrine.

It is unsurprising that the authoritarian and incompetent Labour party. the so called Official Opposition", could not be bothered to ask any Questions about the Wilson Doctrine and the safeguarding of the communications of their constituents, presumably because of their own appalling record in creating the current, out of control, database surveillance snooper state.

Instead, there are several disgraced or disgraceful Labour figures who seem more concerned about the News of the World voice mailbox interception scandal.

Why did they not raise such anti-Rupert Murdoch claims when they were Government Ministers ?

If these Labour politicians were so inept with basic mobile phone security (i.e. changing the default voicemailbox pass code and not leaving any sensitive voicemail messages whatsoever) with their private mobile phones, then how many Government secrets have they betrayed to foreign intelligence agencies and criminal gangs etc.via their official Government issue mobile phones ?

We will have plenty of criticism of the Home Office's reluctant
Review of counter-terrorism and security powers,hopefully sometime this weekend.

Here is a copy of the

Review of counter-terrorism and security powers - findings and recommendations (PDF file - 428kb)

for those of you who do not want to give the Home Office website (and the US owned , commercial Sitestat OnClick web tracking / snooping system which they employ) your IP address and web browser details etc.

Why was the announcement of the appointment of the new Intelligence Services Commissioner, Rt. Hon. Sir Mark Waller only made 3 weeks after he took office ?

HC Deb, 20 January 2011, c53WS)

Intelligence Services Commissioner

Prime Minister

Written answers and statements, 20 January 2011

David Cameron (Prime Minister; Witney, Conservative)

In accordance with section 59 of the Regulation of Investigatory Powers Act 2000, I have agreed to appoint the right hon. Sir Mark Waller as Intelligence Services Commissioner from 1 January 2011 to 31 December 2013.

All the RIPA Commissioners are retired senior High Court Judges and they are usually appointed for 3 years at a time.

Why was this Written Ministerial Statement only published on 20th January 2011, when the appointment had already been in effect for the previous 3 weeks ?

Could the Prime Minister and his securocrat advisors really not recruit a successor to the previous Intelligence Services Commissioner before Christmas 2010 ?and announce the appointment Sir Mark Waller was to take over the role ?

What does this imply about the Rt. Hon. Sir Peter Gibson ?

He was originally appointed by Tony Blair as Intelligence Services Commissioner from 1st April 2006 to 31st March 2009. and was the re-appointed by Gordon Brown: to serve from 1st April 2009 to 31st March 2012

Why has his tenure been cut short by 15 months ?

Does this mean that he is in poor health ?

What about the Administrative Inquiry into the alleged complicity of the UK intelligence agencies with torture and "extraordinary rendition" of British nationals and residents, which Sir Peter Gibson was appointed to chair by Prime Minister David Cameron, on 6th July 2010 ?

Are there so many allegations or so much prima facie evidence of complicity in torture by the intelligence agencies, that Sir Peter Gibson can no longer fulfil both roles at the same time ?

There are only 69 days left before the mandatory United Kingdom Census on Sunday 27th March 2011

The Office for National Statistics has issued a misleading Press Release which seeks to allay the understandable public fears about what the risks are to their Sensitive Personal Data in regard to the involvement of he massive United States defence contractor Lockheed Martin.

The management executives of Lockheed Martin are obviously in no position to refuse any requests for demands for confidential UK census data data by US Government agencies, out of patriotic duty and for fear of threats to their huge multi-billion pound US Government contracts.

14 January 2011

2011 Census and Lockheed Martin UK

The Office for National Statistics (ONS) carries out the Census in England and Wales. ONS is using a number of specialist companies to provide specific services for the census. The contract for processing the census questionnaires is not with the Lockheed Martin USA.It is with Lockheed Martin UK which is a UK based subsidiary. The contract was awarded in August 2008 to Lockheed Martin UK as it offered the best value for money in an open procurement scheme, carried out under European law.

There is an exemption under European competition law for public contracts which allows Governments not to open tenders to foreign companies, for systems which have "security" implications.

The contract has created around 1,500 jobs in the UK.

The contract is for £150 million, so that is £100,000 per job created in the UK.

Surely there are much cheaper job creation schemes than that ?

Security safeguards for census data

Concerns expressed about the possibility of the US Patriot Act being used by US intelligence services have been addressed by a number of additional contractual and operational safeguards. These arrangements have been put in place to ensure that US authorities are unable to access census data.

• All data processing will be carried out in UK - no data will leave or be held at any point outside the UK;

That is hard to believe, especially for the Still Secret Online Completion Census 2011 Web Site

The current http://www.census2011.gov.uk website tries to hand over your IP address and Web Browser details etc. to the US based company Google, by sneaking in Google Analytics javascript into their home page:

<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-3503239-21"); pageTracker._trackPageview(); } catch(err) {}</script>

Is the Office for National Statistics really so technically incompetent that it cannot analyse its own webserver logfile statistics ?

• All data is the property of the ONS and only UK/EU owned companies will have any access to personal census data.

No ! It is our data as individual citizens and residents of the UK, it does not belong to the the ONS !

It is intolerable for the ONS or any other Government department to falsely claim exclusive ownership of people's names or addresses or familial relationships or religious beliefs or any of the other answers to the intrusive Census Questions.

Which part of "Only I Own My Own Name" etc. do these bureaucrats not understand ?

• The only people who have access to the full census dataset in the operational data centre will be ONS staff.

Misleading weasel words.

• What about partial census datasets rather than "the full census dataset" ?
• What about once data is copied and sent out of the "operational data centre" ?
• What about the Approved Researchers ?

• No Lockheed Martin staff (from either the US parent or UK company) will have access to any personal census data.

Surely Lockheed Martin staff will have access to the census form optical character reading software and databases ?

• ONS will control system access rights to all data systems;

So what ?

That is not in itself, any guarantee that your Sensitive Personal Data will not be copied and shared without your consent.

• Existing law already prevents the disclosure of census data - it is a criminal offence to disclose personal census data and is punishable by a fine and/or up to two years in prison.

No !!

This gives the misleading impression that somehow our Sensitive Personal Data can never be handed over individually or in bulk to anybody else apart from ONS staff.

See

Statistics and Registration Service Act 2007 section 39. Confidentiality of personal information

(1) Subject to this section, personal information held by the Board in relation to the exercise of any of its functions must not be disclosed by--

(a) any member or employee of the Board,
(b) a member of any committee of the Board, or
(c) any other person who has received it directly or indirectly from the Board.

[...]

(4) Subsection (1) does not apply to a disclosure which--

(a) is required or permitted by any enactment,
(b) is required by a Community obligation,
(c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,
(d) has already lawfully been made available to the public,
(e) is made in pursuance of an order of a court,
(f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),
(g) is made, in the interests of national security, to an Intelligence Service,
(h) is made with the consent of the person to whom it relates, or
(i) is made to an approved researcher.

There is also a "get out of jail free" provision for any ONS bureaucrats or sub-contractors under the amendments introduced by the Census Confidentiality Act 1991:

1 Unlawful disclosure of information

In section 8 of the [1920 c. 41.] Census Act 1920 (penalties), the following subsections shall be substituted for subsection (2)--

[...]

(4) It shall be a defence for a person charged with an offence under subsection (2) or (3) to prove--

(a) that at the time of the alleged offence he believed--

(i) that he was acting with lawful authority; or

[...]

i.e. this data can and will be handed over, without penalty, to:

the 56 geographical and 8 non-geographical UK Police Forces
• the three UK Intelligence Agencies (MI5, MI6 and GCHQ), the Department for Work and Pensions,
• private investigators working for the DWP hunting down "benefits cheats",
• Her Majesty's Revenue and Customs tax investigators,
• approved Insurance Industry "anti-fraud" investigators / private investigators,
• the Home Office Borders and Immigration Agency,
• the Serious Organised Crime Agency (either for domestic investigations into Serious Crimes, or for these and also for minor investigations if requested by a Foreign Law Enforcement agency under Mutual Legal Assistance treaties,
• Lawyers in civil Court Cases e.g. for Divorce or Libel or Copyright Infringement etc.,
• Local Authority Trading Standards departments,
• Local Authority Environmental Health departments
• etc. etc. etc.

N.B. none of these organisations should be allowed to have access to Census Data, if the idea of the census is to be comprehensive and inclusive of those groups in society who have every reason to fear and distrust the bureaucracy.

• All census employees and contractors working on the census sign a declaration of confidentiality to guarantee their understanding and compliance with the law.

What exactly is the text of this "declaration of confidentiality" ?

• Independent checks by an accredited UK security consultancy of both physical and electronic security are carried out for ONS.

Which "accredited UK security consultancy" has been given this contract ?

-ENDS-

For further information, images and interviews:

Press Hotline: 01329 447654

Email: 2011censuspress@ons.gsi.gov.uk

Visit: www.census.gov.uk/2011press

Twitter: www.twitter.com/2011censuspress

Will any mainstream media journalists bother to question the ONS about these issues, or will we have to do it instead ?

The phrases "the BBC learns" or "the BBC understands that" or "Whitehall sources" etc. are euphemisms for an "off the record" a "leak" / briefing by a Whitehall spin doctor, not for revelations by a worried whistleblower.

The BBC and other mainstream media should refuse to publish such anonymous briefings about changes to Government policy. There should be a named official Government spokesman and Minister who takes the credit or blame for the policy announcement. If the final details of Government policy have not yet been decided, then they should say so and invite comment and advice from the public and outside experts, who know at least as much as they do about the issues.

This particular the media spin is about the hugely controversial "Control Orders" scheme, which , like so many "security" policies introduced by the inept and authoritarian former Labour government, has been both a practical disaster and a propaganda victory for our enemies, through the destruction of our basic freedoms and fundamental human rights i.e. exactly what they are trying to achieve.

The Home Office or the Prime Minister's Office should simply announce their new proposals officially, as a public consultation, on a website, for everyone to see and comment on, before they are implemented.

Given the appalling scheme which Labour produced in secret, there is no excuse for repeating the same mess, with slightly different variations.

The BBC often claims to be independent of the British government, but that is not the impression given by this report:

11 January 2011 Last updated at 19:25

Control orders: BBC learns detail of replacement regime

The coalition plans to replace control orders with a new range of restrictions to keep terror suspects under surveillance, the BBC has learned.

One working title for the new curbs is "surveillance orders".

[...]

The BBC understands the new orders would give the security services the power to:

* ban suspects from travelling to locations such as open parks and thick walled buildings where surveillance is hard

If the BBC were actually doing a proper job of investigative journalism, instead of just parroting the Government line, they would have asked how exactly is this stupid idea is possible to enforce.

Are MI5 and the Police really going to compromise their Surveillance Sources and Methods, by revealing exactly where "surveillance is hard" for them ? Unlikely.

Does this mean that the fabled airborne Surveillance Drones are useless for enforcing such "Surveillance Orders" ?

Does "thick walled buildings" include the London Underground Tube system or concrete car parks ?

* allow suspects to use mobile phones and the internet but only if the numbers and details were given to the security services

The existing Control Orders were incapable of preventing this, so the new "Surveillance Orders" will be just as useless.

Are the Controllees really likely to be ignorant of Mobile Phone interception and location tracking ?

* ban suspects from travelling abroad

Presumably none of the existing Control Orders aimed at British citizens have yet done so, since this would be a direct challenge to our fundamental human right of freedom to travel, which would require Derogation from the European Convention on Human Rights making the United Kingdom morally equivalent to totalitarian regimes like North Korea.

Remember, these are not bail conditions, where someone can be forced to surrender their Passport, these Orders are applied to people who have not been charged or convicted of any crime. Just because they have been used sparingly so far, is no excuse for creating a legal infrastructure of repression which can easily be used against other political or religious dissidents or opponents in the future.

* ban suspects from meeting certain named individuals, but limited to people who are themselves under surveillance or suspected of involvement in terrorism

Under the planned new orders, the security services would lose the power to impose overnight curfews, force suspects to phone into a monitoring company every time they entered or left their homes and lift the ban on them using mobile phones and the internet.

They would also lose the power to force suspects to live in a particular location, known as "relocation orders", or limit the visitors to their homes

Giving secret policemen and bureaucrats the power, without arrest, charge or conviction, to force your relocation to somewhere more administratively convenient for them, is indistinguishable from the legal power to set up Concentration Camps.

Tagging

However, one detail that appears to remain unresolved is over the future of tagging.

This will no longer be used to enforce a curfew by informing the authorities whether or not a suspect is at their home.

But some in government are pushing for the security services still to have the power to tag suspects simply so they can keep tabs on them by knowing if they are no longer sleeping regularly at one particular address

Who exactly are these "some in government" ?

Have they been lobbied by the security industry companies who have or are bidding for multi-million pound contracts electronic tagging services to the criminal justice system ?

N.B. former Labour Home Secretary John Reid gets £50,000 a year from the foreign owned multinational G4S (which took over the Group 4 Security and Securicor brands in the UK) to act as a "consultant".

The BBC has also learned that the government is drawing up tough new anti-terror laws that could be rushed through Parliament after a major terrorist incident - in case the new surveillance orders proved inadequate in the face of increased threat levels.

Whitehall sources said the draft legislation would - if enacted - give the police and the security services effectively the same powers they have now under existing control orders.

The so-called Terrorism Prevention Orders would be put before Parliament if the heads of the three intelligence agencies and the home secretary agreed there was a national emergency.

No ! There are already plenty of Emergency Powers available under the Civil Contingencies Act 2004. In what way are those draconian, Henry VIII powers in any way insufficient ?

Rushing through repressive terrorism legislation after a single "major terrorist incident" is utterly wrong - look at the creepy, authoritarian, badly draughted legal mess that Labour in the UK and the Republicans in the USA made with the hodge podge the Anti-terrorism, Crime and Security Act 2001 or the PATRIOT Act.

Any such proposed legislation should be published and debated, now, so that everyone is clear on the fine details before it is ever needed.

But shadow home secretary Ed Balls said that the process had "descended into a shambles" as ministers struggled to find a way of keeping the coalition united.

"With daily leaks, briefings and counter-briefings, this is a chaotic and disorderly way in which to decide national security policy," he said.

Why didn't the BBC point out that that is exactly the modus operandi of the previous Labour government and that Ed Balls was himself a prime abuser of anonymous leaks and briefings ?

The 2011 Census is rapidly approaching on Sunday 27th March 2011 and the Government bureaucracy is preparing its media spin and propaganda campaign:

Have a look at this Census 2011 Press centre page: Local Press resources, updated 27th November 2010

[...]

Media incident guidelines

The 2011 Census press team has established a comprehensive media handling and issue tracking process. The press team will focus its resources on national and regional press, TV and radio. However, certain events and local press enquiries could mean that you want some support. Possible scenarios are:

Negative local media coverage: If you become aware of any negative local media coverage about the 2011 Census which may affect return rates or could damage the reputation of the 2011 Census and/or ONS, please contact your local census area manager or ACLM.

Difficult press enquiries: Press enquiries can be passed on to your 2011 Census area manager if:

• you do not feel confident that you have enough information to satisfy a specific journalist request/enquiry
• the journalist asks for an official ONS comment
• the journalist is looking for information outside your area
• you are unsure of the angle the journalist is taking - or suspect they may take a negative line

Other events: If ever something happens that you think could become a media issue, please call your 2011 Census area manager to talk it through.

For all emergencies requiring urgent communication with the 2011 Census press team in Titchfield, please call the 2011 Census Press Hotline:

01329 447654

2011 Census press officers are available on this number 24 hours a day. This is a press hotline and should only ever be used in an emergency.

A 24 hour a day census media spin hotline, to counter journalists who are merely "suspected" of "taking a negative line"

This is in itself, highly suspicious - what exactly are they trying to hide ?

The 2011 Census campaign includes activities to monitor and engage appropriately with social media. The viral nature of social media calls for extra care whenever your team is representing the 2011 Census in social media, Please observe our guidelines to avoid a social media crisis.

If you are at all unsure, please contact us at 2011censusLAcomms@ons.gov.uk for advice.

Will this "social media monitoring and engagement" manage to detect this blog post and its corresponding tweet ?

Response statements

Should the national press raise an issue that could cause public concern, damage the reputation or success of the 2011 Census, and require correction/clarification, we may publish an official response/position statement on the 2011 Census website, www.census.gov.uk/2011press. We will send you an email alert whenever these are published on the press centre. A detailed explanation of the background, research and consultation involved in developing the 2011 Census questions is available on the ONS website.

Are there any journalists or social media commentators who would like to test this spin system with some "Negative local media coverage" or "difficult press enquiries" or issues "which may raise public concern" ?

See our previous Spy Blog article United Kingdom (England & Wales) Census Day - Sunday 27th March 2011 - will you boycott the intrusive, snooping questions ?

Some Questions to Ask:

1. The outsourcing of the Census data processing to the United States defence contractor Lockheed Martin, whose company officers and executives have no choice under the US Patriot Act but to allow US Government agencies to snoop on our unredacted, not yet anonymised Census data . What proof is there that US employees or citizens will have no access to our Census Data ?

2. The mysterious, secret, Census 2011 Online Completion website, which will be available from March 5th 2011.
   
   
   
   • Why is there no preview URL for the public and media to check the "look and feel" and functionality ?
     
   • What strength of SSL / TLS Digital Certificate and cryptographic algorithms will be employed, if any ?
     
   • What proof is there that the data will not be shipped from the webserver to back end servers unencrypted ?
     
   • Will the web forms attempt to force you to answer every Question, even if you want to leave something blank ?
     
   • Will the website employ web bugs and foreign based Google tracking cookies (like the Census 20111 website does, for no good reason)
     
   • What Communications Data logfile tracking will there be ? This would be a bonanza for Google or other tracking cookie systems if they are in place.
     
   • What measures exactly are in place to prevent the "Census Online Completion" website from grinding to a halt, due to entirely predictable peak demand, as we have seen with previous Office of National Statistics historical census websites and with the HMRC self assessment tax return website etc. ?
     

3. What proof is there that there will not be Another Massive Data Loss Disaster involving CDs, DVDs, USB memory devices, laptop computer losses or thefts, as we have seen with HMRC and the Ministry of Defence etc. ?

4. Can census takers and the Census board be prosecuted under the Terrorism Act 2000 section 58A Eliciting, publishing or communicating information about members of armed forces etc, which applies, without any exceptions, to all current and former members of the intelligence agencies, military personnel or police constables?
   • Will the Census contain accurate lists of the names, home addresses, workplace addresses, job titles and sensitive personal data details of all the UK based employees of MI5 the Security Service, MI6 the Secret Intelligence Service, GCHQ, the Defence Intelligence Staff, members of the Special Forces (e.g. the Special Air Service (SAS) or Special Boat Squadron (SBS) or the Special Reconnaissance Regiment (SRR) ) or the Metropolitan or West Midlands or Thames Valley Police Counter-Terrorism Command, the National Extremism Tactical Coordination Unit (NETCU) etc ?

   • Will these groups of secret civil servants be prosecuted for not filling in the Census Form completely and accurately ? If not, then what legal basis is there for any exemption for these secretive people or for others like Judges, or Prison Warders or people in Witness Protection Schemes etc. ? There is none in the census legislation as it stands.
     

5. Most importantly, what about the fact that the old legal protections against the sharing of Sensitive Personal Data defined in the Data Protection Act 1998 Part 1 section 2 Sensitive personal data on religion, health , sexuality etc.collected during the Census have now been abolished. ?

6. What proof is there that our confidential sensitive personal data will not be shared with the intelligence agencies, the police, the immigration authorities, the tax authorities, foreign governments or private sector companies now that such sharing is exempt from the 2 years in prison penalty under the old Census Act 1921, by virtue of the wide ranging exemptions which were sneaked into the Statistics and Registration Service Act 2007 section 39. Confidentiality of personal information ?