HC Deb 27 July 1971 vol 822 cc487-502

6.25 a.m.

Mr. Leslie Huckfield (Nuneaton)

I am very grateful for the opportunity to raise what I consider to be a very important subject, though I must show some sympathy for the hon. and learned Gentleman the Under-Secretary of State for the Home Department who is to reply, as I think that I can speak with the advantage of having had some 3½ hours sleep, a shower and two cups of tea. If he can somehow summon up the lucidity which I know he normally shows in this Chamber, I shall be very grateful.

I want to stress from the very outset of my remarks that I am not anti-computer. I recognise that the computer is here to stay, and that it would be foolish to talk of banning a whole generation of computer technology. As with the wheel, the steam turbine and the jet engine it would be impossible to get rid of a generation of technology. My aim in everything I have tried to do in the House relevant to the computer has been to try to adapt it to society and to avoid society having to adapt to it. In essence, I want the computer to be our servant, not our master.

As the Minister knows, I have been responsible for the introduction of the Control of Personal Information Bill, which deals with many of the points I want to raise now. It is a Bill which essentially sets up a tribunal to control the operation of data banks, license their operation and establishes an independent inspectorate. I should like to deal with some of the main features later.

As the hon. and learned Gentleman knows, there are many manual filing systems already existing, and most of them have some of the dangers to which I want to refer. It is because of that that my Bill deals with those also. But the main contribution that the computer makes is that all the old human inertial factors, all the old human errors, and all the old difficulties of getting together complex manual filing systems can be obviated by the computer——

Mr. Deputy Speaker

I am sorry to interrupt the hon. Member, but he has just let fall something that might put him outside the rules of order if he is not careful. He must not discuss a Bill which he proposes to bring in.

Mr. Huckfield

I am grateful to you, Mr. Deputy Speaker, for that reminder. I do not want here to re-introduce the Bill, but I am sure that you will understand that it is very germane to my arguments, although I do not intend to advance those arguments in the context of that Bill now.

The main contribution of the computer to all of us is that it makes the storage, the retrieval and the collection of its information much easier. Its unique contribution to the technological revolution is that it facilitates the collection centrally of large masses of data which previously might have been stored all over the country in filing cabinets or in manual filing systems. The Minister knows of many of his own Government's Departments where such centralised collection is facilitated. He also knows that the development of peripherals and computer software with multi-access systems, and time sharing, and the transmission of data developments which have taken place, have certainly increased the number of access points to the centralised collection. So it is not just by centralised collection that the computer can make a significant contribution, but also in the dissemination of that information, particularly through remote access terminals.

As I am sure the Minister knows, we have at the moment no legal framework for the development of all these networks. I am aware that we have a certain minimal number of examples of case law, but as yet there is no overall, comprehensive legal framework into which the computer should fit. In essence, the problems are with us now, but we do not have the legal tools to deal with them.

Perhaps I may make some reference to the report of the Civil Service Department entitled "Computers in Central Government 10 Years Ahead." It states that on 30th June, 1969, there were already 182 computers in use, and 34 more on order. The Defence Department, the Department of Health and Social Security and the Department of Trade and Industry are particularly heavy computer users, and especially in some of the Civil Service pay, adminisstration and maintenance systems there are also now quite extensive computer facilities. These figures have already been outdated and up-dated in evidence given to the Select Committee on Science and Technology, Sub-Committee A.

It is interesting to note in that Report, particularly at page 23 onwards, the kind of developments envisaged. We already have the Department of Health and Social Security networks at Newcastle and Reading, and the one at Reading will even deal with individual case work. We have the computer of the Department of Employment at Runcorn, and we shall have the Home Office systems, with the national police computer linked with the central vehicle licensing computer at Swansea. The Lord Chancellor's Department will have a system centred on Kidbrooke, and the Inland Revenue has one P.A.Y.E. centre operating and will have others shortly. The Chancellor of the Exchequer told me in reply to a Question yesterday that we shall have computers in the administration of value added tax. In many modern tax applications the collection of taxes and the administration of our taxation system is possible only if computers are used.

One of my main concerns about the use of computers in the centralised collection of data is that once we start to integrate the data from various sources certain safeguards must apply. The hon. and learned Gentleman will tell me that there are inter-departmental working parties, and that it is only the public sector that will have the information. But on page 44 of the Report to which I have just referred, in paragraph 182(b) and (c), we find references to links with the private sector as well. What is meant by the statement in paragraph 182(b) that … the development of links between DHSS, the London Clearing Banks and PGO will be made easier because, fortuitously, all three will be operating with ICL System 4 computers"? Does that meant that there will be some kind of inter-locking between the D.H.S.S., private bank accounts and the Giro? This kind of thing should be explained in more detail.

Following the recommendations of the Seebohm Committee, and the formation of directorates of social services on the local level, the way is opened up, with the administration of larger Government and local authority social networks, for integration of local and central government social services. We already have proposals of the London Boroughs Association, centred at Haringey, for doing this, very much along the lines of the centralised systems already operated in Alameda County, San Francisco. We have large examples of payment and personal details, not only at local but national level, already kept in the Government's own Departments, for the administration of pay and personnel.

There are many references in the Report to integration. If one keynote emerges it is that of the facilities which now exist for integration, and the desirability of integrating the computer systems, particularly for economies of scale. It is very definitely stated that much of the planning, programming and budgeting work of the Government will need integration.

We have in the current developments all the hallmarks of the kind of haphazard development in the United States, again without any comprehensive legal framework. It is because we have a system developing haphazardly, without any legal framework, a system which I believe does not have the necessary safeguards, that I am particularly worried. I hope, for instance, that the national police computer never acquires some of the overtones of the F.B.I. and Defence Department computers under J. Edgar Hoover, and that many of the safeguards the Americans are now discussing, far too late, will be discussed before the national police computer, with its 700 or 800 terminals, becomes fully operational. The integration of this computer system with the central vehicle licensing computer, which will store not only names and addresses but the ages and sex of vehicle owners, represents a very comprehensive collection of information.

I am aware that many of these systems are still under discussion. The Minister for Transport Industries would not lay claim to the successful working yet of the central vehicle licensing computer at Swansea. The Minister will no doubt tell me that his Department is still studying what can be done with the national police computer, but it is because many of these systems are only now being discussed that we must work now towards legal frameworks.

Another example of a local authority computer project in which two or three Government Departments will have some kind of sponsoring responsibility is the system now being discussed by seven local authorities under the local authorities' computer committee—LAMSAC—under the auspices of the National Computing Centre for the computerised filing of educational and performance data on 600,000 school children. I have raised this subject before in the House, and I was gratified that the Under-Secretary for Trade and Industry shared my concern about some of the problems which could arise.

The power and possibilities of all these computer systems and the potential of computer developments are increasing, not in arithmetical, but in geometrical progression. We are at about the end of a long period of expansion of the computer industry, and the industry must sort itself out and regroup and rationalise to take stock of the rapid developments. Because the state of the computer art is fast developing, we must have a legislative framework now.

I suppose one of the difficulties to which the Minister will refer is that there is a very high personnel mobility in the industry. There is no appropriately recognised career structure in the industry. It is a very young industry in which data processing managers, programmers and even punch key operators change their jobs with amazing frequency. Because of all these fast developments, I was most concerned to see in the Report only one paragraph on page 60, tucked away in an appendix, on file security. This is a lengthy Report and the presence in it of one meagre paragraph on file security highlights the importance of the matter, and the lack of attention given to it.

As Professor Alan Westin has categorised these developments in information, we are moving from the functional data bank procedures to the jurisdictional data bank procedures. Because data banks are being built up which will be capable of making value judgments and decisions on the agglomeration of information processed, we must treat these developments with great care and have safeguards built into them. A mere collection of names and addresses, a mere collection of names and ages or a mere collection of names and examination performance may not enable us to make accurate value judgments on individuals, but once we start to accumulate masses of information from various sources we start to move towards Alan Westin's jurisdictional category of data banks.

All this is highlighted because there have been developments pari passu in the private sector and there have been some alarming examples in the United States, particularly in the credit bureau sector. Worrying links have been developing in the United States between Government systems and private systems. We have credit registers being operated by the United Association for the Protection of Trade, British Data Services and Tracing Services Limited.

I pay tribute to the Daily Mirror which this morning carries a fine article on some of the risks in the private sector in the collection and dissemination of information by private sources. I realise that I am supposed to be talking about computers in Government Departments, but one of the dangers is the temptation to integrate certain parts of the private and public sectors for the benefit of economies of scale. The Daily Mirror has set a fine example in highlighting some of the problems which already exist in the private sector where, in the main, computers are not yet being used.

We have also seen in The Guardian newspaper some horrifying examples of what is happening. There have been accusations about leaks of information from Government Departments—information which in most cases had to be given on a compulsory basis. All this proves conclusively that this information is not as confidential as one may have thought.

Only yesterday The Guardian contained another story about the lengths to which private snoopers and information-gatherers go. I am glad that the Daily Mirror, The Guardian and other newspapers have now latched on to and published the risks involved in the collection and dissemination of this information. We all remember the big exposé in the Birmingham Post at the beginning of last year about the practices to which data systems in the Department of Health and Social Security and even the police lend themselves. I am aware that these services are not yet fully computerised, but they already involve some of the same kind of risks.

On top of all this, we have the peripheral risks involved in telephone tapping, eavesdropping and all the kind of prying which can occur in computer systems. Once people learn how a computer works, there are many ways in which they can get their hands on information to which they have no right of access.

In the United States as a result of the faults thrown up in the systems there people have already reached the stage of tending not to trust the Government as much as they did. I would hate this country to reach that stage in relation to our Government in the matter of private and individual information.

There is a well known saying that an Englishman's home is his castle. Data bank information must have a moat and portcullis as well. In view of the increasing amounts of information which Government departments are able to store on computers, it is essential that people who surrender information feel that it is being treated confidentially.

Until the Government have proved that they can handle this information on a qualified and confidential basis, individuals should perhaps be more suspicious about who is collecting the information and who is to disseminate it.

There was a very good example of this in the recent Census where information was collected for dissemination. Such information was demanded on pain of a £50 fine for non-compliance. The Census contained some very personal information which had to be surrendered. This matter was never adequately explained by the Registrar General's Department. We were told that the work was to be put under supervision or was to be discussed with representatives of the British Computer Society, a body for which I have a great regard. But when I learnt that the B.C.S. was being drawn into the picture only half way through, which probably meant that many of the risks had already been run, I was disappointed. Instead of the B.C.S. acting as some kind of census watchdog, it seems that we were "sold a pup" without teeth or gums.

Furthermore, there are all the dangers of the reaction which society can develop to the collection and dissemination of this information. Instead of personal anonymity and "personality" behaviour, everything begins to become "behaviour for the record". We begin to move towards the veritable "goldfish bowl society", to the state where technical developments mean that previously personal behaviour and private anonymity become public events, recorded, with information collected and stored. It is then that some of the essential ingredients of the quality of life in this country begin to be put at risk.

I do not want to anticipate what the hon. and learned Gentleman will say, but I venture to suggest that he will refer to the Younger Committee. I have testified before that Committee. I am grateful for the courteous way in which I was treated, and I was impressed by the Committee's understanding of the problems.

The Younger Committee's terms of reference include only the private sector. However, it will have to make reference to the public sector, and I suspect that the hon. and learned Gentleman will tell us that there are already interdepartmental working parties on the subject. The trouble is that, by the time that these reports are published, they will be out of date. The state of the computer art is developing too rapidly for them not to be.

It is difficult to understand why the terms of reference of the Committee cannot be widened so as to include the Government sector. Associations ranging from the National Council for Civil Liberties, which has performed a very useful service in drawing public attention to the abuses contained in the systems, to the National Union of Teachers have drawn attention to these abuses.

It would be a fine gesture to extend the terms of reference of the Younger Committee. As the Minister knows, the Conservative lawyers' association is about to issue some kind of report detailing its concern about data banks and credit control. I have no wish to demean the hon. and learned Gentleman's party in this respect, because there have been one or two notable contributions in pamphlet form from it. Great concern was expressed by right hon. and hon. Gentlemen opposite when they were in opposition. Much concern has focussed on the fact that the Younger Committee is considering only the private sector.

I hope that the hon. and learned Gentleman will indicate to us the Government's thinking on these matters, especialy about possible legislation. I know that I cannot make specific reference to my Control of Personal Information Bill. But when I testified in Washington before the United States Senate Sub-Committee on Constitutional Rights, I was encouraged to find that some of their legislative proposals were similar to my own.

Again without discussing the main proposals of my Bill, it is most important not only that the systems have some kind of independent control, but that individuals have the right to see the information on them that these computer systems already have stored. Every individual should have the right to see a print-out and to challenge the information. The right of verification is very important. I appreciate that there are certain difficulties with police and medical data. But I hope that the Minister will be able to tell me something about the proposals for seeing the print-outs and about verification and challenging of information which ought to be an essential feature of the many systems which the Government have in mind.

I hope, too, that he will be able to tell me about the need for access control and audit trails. I know that various Government departments have large numbers of computer programmers on their staff. A feature of both the last Government and this Government is that they have been reluctant to hand out some of the software development contracts to private industry. They have preferred to keep it in their own hands. There may be a reason for it, but I doubt whether this is the best way of protecting the British computer industry. Because both the Labour and Conservative Governments chose to keep a lot of this software development in their own hands, large numbers of computer personnel on the staff of various Government Departments ought to be subjected to the access control and audit trail procedures.

The hon. Gentleman will tell me I hope about the procedures which the Government may introduce for up-dating the information and setting time limits on its collection. Are we to have any scrambler systems? Are we to have call-back procedures? What kind of visual checks are we to have? I hope that the Minister will tell me that at last Government Departments are coming round to some kind of code of personnel computer practice.

At this juncture I should like to pay tribute to the fine example set by the British Computer Society, under its current president, Alex d'Agapeyell, in creating a code of personnel practice for the industry. It is a fine example of something which is long overdue. I hope that the kind of example set by the B.C.S. will be taken up and promulgated by the various Departments. It is essential in the transfer of personnel from one department to another, and, indeed, from the public to the private sector, that we have some kind of code of practice. This applies particularly to Government departments where this information has to be surrendered on a highly compulsory basis.

What studies has the Department made on the collection of information as some kind of property right? This is one of the theories which has been advanced by some eminent lawyers who have suggested that it might be better if the situation were dealt with legally by considering information to have some kind of property right.

Does the Minister consider that there should be some kind of categorisation of the sensitivity of the information by this House or by another place? After all, some kind of judgment has to be made by this House and by the country as a whole on the sensitivity of this information.

I am aware that I have ranged over a wide topic at a highly unusual hour. I apologise to the Minister for raising so many subjects. I am sure that he will not be able to reply to all of them, but I hope that he will.

We have now reached an important point on the frontiers of the data bank society. I want to return to my original point. I am not afraid of the computer, because, by itself, it is just an idiot calculating machine. It has to be told what to do, it has to be told to forget, and it has to be told to remember. It is the people who work and handle the computer, the industry and the computer's users about whom I am worried.

We are already getting a reaction against the computer. Many industries and individuals who have now had their first bite at the computer are pretty sore about it. They have spent a lot of money on it and is has not lived up to the claims made for it.

I hope that we shall not get an overall public reaction against the computer. People already know that the computer can give them gas bills for £1 million when they have in fact only one gas cooker. I do not want people to get into the habit of knowing, recognising, and having to accept that the computer has all their individual personal details stored away on it.

The situation is particularly acute in Britain, because many of the processes of integration which have happened in the United States will not have to happen here, because we start with nationally integrated systems. It is precisely because in so many Government Departments the systems will be initially centralised and integrated that my concern is so much the greater.

I pay tribute to the work the newspapers have done in drawing attention to this very important subject. There is an article in the Daily Mirror this morning. There have been the Guardian articles. "Action Line" of the Daily Express has drawn attention to problems. There is a great awareness in the Press and increasingly amongst the public at large of some of the risks which exist in the private sector. Those risks are just as endemic and just as large in the public sector. It is in the public sector that I believe that the Government should be setting an example.

I realise that I have set the hon. and learned Gentleman a mammoth task. I regard this as no reflection on him, because I know that he, too, is very interested in this subject. If he could provide me with a small crumb of comfort that at least his Department, and he himself, is aware of some of these problems, and if he could give me some encouragement and some grain of hope that many of these proposals are not merely being considered by interdepartmental working parties but will be actively put into practice this year or next year, I shall feel that my rising at such an unearthly hour has not been in vain.

6.57 a.m.

The Under-Secretary of State for the Home Department (Mr. Mark Carlisle)

The hon. Member for Nuneaton (Mr. Leslie Huckfield) and I have two things certainly in common—we have both had three and a half hours sleep and we have both had two cups of coffee before entering the Chamber. The hon. Gentleman has the complete advantage over me in that it appears that he has already read this morning's Daily Mirror.

I am aware, of course, of the hon. Gentleman's continuing intereset in this subject, of the fact that he has, as he said, introduced during the last Session a Bill to deal with the question of privacy and computers, and of the fact that he has built up a great deal of expertise and knowledge in this subject. I listened with interest to the hon. Gentleman's speech. To a degree, I am bound to disappoint him, because there is little that I can say in reply which he does not know already.

The hon. Gentleman ended by asking me a series of rather detailed questions as to what we foresaw as the future with regard to safeguarding the information on computers. As recently as 11th March of this year, the hon. Gentleman put a similar Question to my right hon. Friend the Home Secretary. My right hon Friend replied in these terms: The Government are making a comprehensive survey of the categories of personnel information held or likely to be held in the computer systems of Departments, and of the rules governing its use … I cannot anticipate the findings of this survey."—[OFFICIAL REPORT, 11th March, 1971; Vol. 812, c. 148.] Therefore, on the detailed questions, all that I can say is that, without in any way being able to anticipate the findings of that survey, I am sure that everything that the hon. Gentleman has said on this and other occasions will be closely borne in mind and that the Home Department is well aware of the problems the hon. Gentleman mentioned.

The hon. Gentleman is right not to attempt to argue against computers as such. We all accept that computers are here to stay. They are already widely used in industry, in local authorities and in government. The hon. Gentleman referred to his experience in America. I was also in America last year and saw the F.B.I. computer. No one could doubt the advantages of the amazing speed with which details could be produced in helping the police in the fight against crime as clearly something which is going to be used by the police throughout the world. But while one accepts that, I can assure the hon. Gentleman that we are fully aware of the public concern about their use in storing information about individuals. This concern relates to three matters: concern as to the accuracy of the information which is stored; concern as to the security of that information; and also the feeling that the ability to amass a vast amount of personal details and to have it in such a form which is easily transferrable is in many ways looked upon by some at least as some form of threat to individual liberty.

We are fully aware of these concerns and I would not in any way wish to underestimate the very real problems which could arise in a situation in which aggregated personal details could be passed with ease from one Government Department to another. It is easy to stress the possible mis-use and abuse of computers and the information they store without taking full recognition of the advantages that accrue on the other side. I am referring not only to the advantages, clear as they are, on economic grounds, nor to the advantages which accrue from the efficiency and speed which computers provide. I refer also to the advantage there can be in the security of the information itself. Almost anyone can read a manual record where information is now normally kept in which the individual is easily identifiable. But only those with special skills can read computer language, and even then the information they obtain is meaningless unless they know the code which identifies the individual.

Therefore one can build into the system safeguards which make the security of information held in computers in many ways greater than information now kept by conventional methods if the computers are properly used. I stress the words "properly used" because the Government fully appreciate that if improperly used computer records may facilitate the transfer of records which should not be used for any purpose other than that for which they are first obtained.

It is because the Government recognise this danger that it has put in hand an investigation into the establishment and use of computerised data banks by Government Departments which have been mentioned on previous occasions. On 18th February last year, in reply to a Question from the hon. Lady the Member for Wood Green (Mrs. Joyce Butler), the Prime Minister said that: An Interdepartmental group under the leadership of the Home Office is making a comprehensive survey of the categories of personal information held or likely to be held in the computer system of Government departments and of the rules governing its storage and use. The comprehensive survey has been made of the categories of personal information held in the computer systems of Government Departments and the uses to which this information is put are now being examined in detail. The information obtained should enable the Government to consider what action should be taken to safeguard personal details, in the light of recommendations to be made by the Younger Committee on Privacy in the private sector, which is likely to report next year. This is not merely a paper exercise. We propose to put into practice the results of that inquiry.

The hon. Member asked me yet again why the Younger Committee's terms of reference were limited to the private sector. This matter was also raised with the previous Government just before the General Election. Both Governments have thought it right to limit the terms of the Younger Committee, which has an enormous remit. The Home Secretary said that there is the substantial difference between the use of computers in the private sector and those in Government, where there is an existing democratic control.

Until the inter-departmental survey has been completed and the Younger Committee has reported, the Government cannot reach any conclusion about the most effective methods of safeguarding the privacy of information held. But the whole purpose of the inquiry is to find the necessary safeguards and the most effective measures.

The hon. Gentleman rightly stressed that, in the end, the computer is only a device, and that a great deal depends, as in all storage of information, on the integrity of the individuals who are responsible for its use, with the grave and greater danger here of the easy accessibility of a vast amount of information in a short time. But Government Departments have always paid a great deal of attention to the safeguarding of information about individuals. Administrative regulations and statutes like the Official Secrets Acts apply to information held by computers as much as by other means. Of course, in the end, the safety and security of any form of information must come down to the integrity of the individual, to whom the same regulations apply as to other members of the Civil Service.

Computers are purely mechanical devices, which cannot do anything that a human being cannot do, given the time and effort. They just do it much more thoroughly and quickly. The ability to amass such a large amount of information at one point prompts the fear that a wider variety of information becomes subject to the risk of falling into unauthorised hands, because files can be searched so quickly, even at a distance, by the use of remote terminals.

I fully understand and appreciate the concern which the hon. Gentleman expresses, and I have great respect for the tremendous amount of work which he has done in this subject, but I assure him that Government offices are extraordinarily careful about the need to safeguard personal information. This care is reflected not only in the rules to which civil servants are subject but in the security system which must protect such information.

The computer, as a complex mechanical device, lends itself admirably to coding information in a number of ways which would make information stored in it unintelligible to anyone who did not possess the key to the code. The hon. Gentleman knows far more than I do about the security systems which can be applied to information held on computers. I know that he has talked to many people in this field, but I have talked to one or two of the companies involved, and I am sure that he will agree that they always say that, given the money, one can easily build in the necessary safeguards and security system.

I am conscious that I have really said nothing today which the hon. Gentleman was not aware of before, and my answer has largely been to the effect that all these matters are under review at this time. But I understand the concern, and the Government recognise it very well. That is why the review into their own procedure is being conducted. The main safeguard for the present is the discretion of the civil servant involved in handling sensitive information, or information which, if linked with other information, then becomes sensitive.

For the future, we are awaiting the outcome of that review, and we are awaiting the outcome of the Younger Committee on Privacy in the private sector. I am confident that we can deal with the problems raised by the computerisation of personal information well before they grow too large for us to handle. The hon. Gentleman said that it would be no good if the Government's inter-departmental review and the report of the Younger Committee on privacy arrived too late to be of any effect. He suggested that the report of the Younger Committee might be out of date by the time it was published. Incidentally, as I understand it, the clear intention is to publish that report. I say that off my own bat at the moment, but I have always understood that to be so.

Mr. Leslie Huckfield

Can the hon. and learned Gentleman say whether any kind of results from the inter-Departmental working party will be published?

Mr. Carlisle

At this moment I cannot say. But I take note of what the hon. Gentleman says, and, knowing his interest, I shall write to him with any information I have about that.

I do not believe that these reports will come too late to be of use. We are all aware of the advantages of computers. We are all aware of the dangers to which they can give rise. But I believe that the advantages for society as a whole outweigh the dangers.