The Internet and Privacy Debate

Full Debate: Read Full Debate

The Internet and Privacy

David Davis Excerpts
Thursday 28th October 2010

(14 years ago)

Westminster Hall
Read Full debate Read Hansard Text

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Robert Halfon Portrait Robert Halfon (Harlow) (Con)
- Hansard - - - Excerpts

I begin the debate by thanking the new Backbench Business Committee for accepting my submission and agreeing to give parliamentary time to this important subject. As with the election of Members to Select Committees, the Backbench Business Committee is a small step in redressing the balance of power, moving it from the Executive to the legislature. It is therefore appropriate that one of the early Back-Bench debates should be on the subject of civil liberties.

In recent years, we have become increasingly focused on freedom. With every terrorist atrocity, our civil liberties have been curtailed, often in a somewhat draconian manner. I therefore welcome the coalition Government’s determination to redress the balance by reviewing the anti-terrorism legislation, scrapping identity cards, abolishing the national identity register and the contact point database, and halting the next generation of biometric passports. However, I do not wish to talk about state surveillance this afternoon.

I requested this debate because of my concern—and that of many others, including hon. Members here today—about what I term the privatised surveillance society. By that, I mean the surveillance of individual citizens by advanced internet companies; ordinary people have no right of redress, and there is no possible sanction. I will set out what I perceive to be the problem, the reaction thus far of the authorities, and what steps I believe should be taken to deal with it.

My question is this: are we sleepwalking into a privatised surveillance society? How can we stop it? Before I examine the arguments, let me first declare an interest. I am no internet luddite, but rather a passionate advocate for its cause. I blog using Google and Twitter, and I am active on Facebook, where I am lucky enough to have 1,400 friends. In fact, I am an enthusiast for Google products. I run my Commons business using Google Mail; I have Google Sync on my BlackBerry, and I use a Google Android phone. I prefer Google Chrome to Microsoft Explorer. I am a huge believer in the power of the internet to do good, and to be, potentially, a force for democratic development, allowing citizen power at its best.

However, there is a great difference between advancement of the internet and the violation of people’s right to privacy. Private companies seem to have acquired the right to photograph what goes on in people’s gardens. That is a dangerous shift, because if no one has any right to privacy, we will soon be living—dare I say it?—with a privatised version of Big Brother run by some of the internet companies. That is the scenario slowly creeping up on us. I say that because many of my observations today will focus on Google’s activities, such as street-mapping, accessing people’s personal wi-fi addresses, and—as we learned from newspapers and Google’s official blog a few days ago—the harvesting of personal e-mail addresses and passwords.

I acknowledge that Google is by no means the only guilty party. As The Wall Street Journal recently highlighted in a special series, there is a problem with what is termed scraping. Scraping is the process whereby internet companies such as Facebook and MySpace pass on user names and personal information to other companies for commercial purposes, without the consent of the individuals concerned.

The issue of civil liberties and internet privacy first came to a head not long after I was elected to this House in May 2010. The newspapers revealed that Google had been mapping people’s personal wi-fi data without their permission. I found that an astonishing revelation, and subsequently tabled a number of early-day motions. I also wrote to the Information Commissioner’s Office to ask its view on the matter, but I received what I can only term a lamentable response. The clearly standard reply stated:

“The ICO has visited Google’s premises to assess samples of the “payload” data it inadvertently collected. Whilst Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgment as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion. The information we saw does not include meaningful personal details that could be linked to an identifiable person...It is unlikely that Google will have captured significant amounts of personal data.”

That raises two issues. First, did Google harvest meaningful personal data without people’s consent? Secondly, did it capture a significant amount of those personal data?

In the view of the UK Information Commissioner, who examined the Google computers, there was nothing to worry about. I have subsequently spoken to the Information Commissioner. His view is that although he would have liked to take stronger action against Google, his office was constrained by the Data Protection Act 1998. Perhaps that is true, but why was it not said at the time? There is nothing in the Information Commissioner’s first announcement about insufficient powers or the constraints of the Data Protection Act. That inertia seems all the more disappointing given that other groups were working hard to protect the British public.

Many privacy campaign groups, such as Big Brother Watch, have raised awareness of the issue in the media. Privacy International complained to the Metropolitan police in London, who opened an investigation into Google under the Regulation of Investigatory Powers Act 2000 and the Wireless Telegraphy Act 2006. Why was that left to private groups and individuals? The Information Commissioner has said that the Data Protection Act prevented further action from being taken, but what was his view of the Regulation of Investigatory Powers Act and the Wireless Telegraphy Act? Why was Google not referred to the police?

The public whitewash was all the more surprising given the actions of many other Governments around the world. In Spain, there is a formal judicial inquiry and the threat of a substantial fine. In South Korea, the police have raided Google’s headquarters. Serious investigations were undertaken in France, Germany, Italy, and Australia. Israel is considering the problem in its 32nd international conference on data protection and privacy commissioners, before Street View has even reached its shores. In Canada, the privacy commissioner has launched a legal inquiry on the basis that Google defied Canada’s privacy laws. In Greece and the Czech Republic, Street View has been banned altogether. In America, Google faces a class action lawsuit over data harvesting, as well as a large-scale investigation backed by 38 states.

Let me return to the critical questions. Did Google harvest meaningful personal data without people’s consent? Did it capture a significant amount of those personal data? A few weeks ago on 14 September, I went to visit the impressive Google headquarters in London and I asked some questions. I stress that the company has always been open to discussion, and courteous when dealing with my concerns. At that meeting, I was given the strong impression that the wi-fi details harvested were basic and did not amount to much. In other words, Google told me that the data were not meaningful, and that they were not collected in significant amounts. It was therefore strange to read what Google’s vice-president of engineering and research, Alan Eustace, wrote on the company’s blog over the weekend. He admitted that his company’s Street View cars captured

“entire e-mails and URLs...as well as passwords”

on a mass scale. He added:

“We want to delete this data as soon as possible”.

We have to take his word for it, but it is hard to do that when, contrary to what the Information Commissioner announced this year, and contrary to what Google said to me in September 2010, meaningful personal data were collected in significant amounts.

The issue is simple: either meaningful personal data were collected in significant amounts, or they were not. In July 2010, we were told that they were not; in October 2010, we were told that they were. I sincerely hope that this House, the Government, and the British public, have not been deliberately misled. I also hope that Google’s U-turn is voluntary, rather than a scenario in which it admitted the truth only because investigations by other Governments gave it no alternative.

As The Daily Telegraph stated on 23 October 2010, Google admitted that it

“downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.

Millions of internet users have potentially been affected.”

Among the information gathered were millions of e-mails, passwords, and the addresses of websites visited by private households. That is unacceptable.

The problem should have been picked up by the Information Commissioner in the first instance. Major questions need to be asked. Why did the Information Commissioner assure the public, the Government and the House that all was well? Why did it take an admission of malpractice on the company’s own blog to trigger a new inquiry by the Information Commissioner?

It is not enough to say that the whole thing was an innocent mistake, as Google has suggested. That was its line when Street View uploaded images of naked children without the consent or knowledge of those involved. It was its line when a Google engineer was able illegally to access children’s private e-mail accounts and telephone records. Google took disciplinary action only after parents complained that the engineer had illegally used Google data to harass four of their children.

I find it hard to believe that a company with the creative genius and originality of Google could map the personal wi-fi details, computer passwords and e-mail addresses of millions of people across the world and not know what it was doing. My feeling is that the data were of use to Google for commercial purposes and that that is why it was done. Of course Google denies that, but for me the question is whether the company underestimated the reaction of the public and many Governments across the world once it was revealed what Google had done.

Even if Google had not harvested oceans of data without anyone’s consent, and even if the Information Commissioner’s Office had not been so lamentable in its response, I would still have concerns about Street View. In many ways, Street View is a brilliant innovation. I am sure that many of us in this Chamber have used it from time to time as a three-dimensional “A to Z”, but street-mapping has been done without anyone’s explicit permission. Millions of houses and gardens are photographed in micro-detail and put on the web. As I mentioned, there were episodes in which Google photographed naked children and uploaded the pictures to the web. Although the pictures were subsequently removed, they should not have been there in the first place. I am sure that hon. Members will have tales to tell of e-mails sent by constituents about similar situations.

One lady from a village in Cornwall e-mailed me about today’s debate. Wanting to remain anonymous, she said:

“The camera must have been elevated to at least 10 feet high to get these shots. I live in a small hamlet, and on Street View it is possible for someone to see right into the rooms of our house. I am so angry at the infringement of our privacy but until now have had no-one to take up the cause.”

I have no problem with Google photographing me in my garden, or my house, and putting those images on the web, but the point is that I want to give Google permission to do so. I want to opt in. Some people will respond that any citizen can walk up a street, taking pictures of people’s houses. Of course that is true, but there is a difference of scale and of commercial interest. Google was not sightseeing; it was creating a product to sell advertising on a mass scale. No private citizen has the millions of pounds or dollars at their disposal to take a detailed picture of every house, street and company in Britain. That makes this case fundamentally different.

I welcome the moves by the German Government to give people a chance to opt out of Street View before the pictures are published. Nearly 250,000 Germans have opted out of Street View. That is roughly 3% of households.

David Davis Portrait Mr David Davis (Haltemprice and Howden) (Con)
- Hansard - -

What my hon. Friend has described sounds like a systematic pattern of behaviour, but it is worse than that. It is a systematic pattern of behaviour backed up, frankly, by systematic mendacity on the part of Google, which first says that it happened by accident, then says that it was a mistake and ends up saying, “Well, we will eventually get rid of the data.” Does not that argue to my hon. Friend—he does not have to answer immediately—that we have to take quite firm legal action with respect to people’s rights of privacy and their property rights regarding privacy and with respect to the penalties that ought to face a company as huge as Google, perhaps as a fraction of its turnover?

Robert Halfon Portrait Robert Halfon
- Hansard - - - Excerpts

My right hon. Friend is a great defender of civil liberties and we are lucky to have him at the debate. I agree with him absolutely. Later in my remarks, I shall be able to give a more detailed answer to what he has suggested.

As Germany’s Interior Minister said in September 2010,

“If companies do not adopt satisfactory new rules, we will create more restrictive privacy laws. However, a voluntary code of sufficient strength and scope could make special regulations unnecessary, at least in part.”

In my meeting with Google to discuss Street View, it implied that blackening out houses in a street view would make things look “unseemly”. My answer to that is, so what? If aesthetics are sacrificed in the cause of liberty, that can only be a good thing. This is an important principle. Either our home is our castle or it is not. Google’s actions indicate an all-too-frivolous view of the rights of the individual against the advancement of internet technology.

However, as I stated in my opening remarks, we should not be worried just about Google. There are also reports that BT has been, allegedly, trawling people’s Facebook accounts to check for critical comments about the company. Again, that is totally out of order. There must be a limit to what these companies do. We may accept that, in the present day, most of these internet companies have good and honourable intentions, but we are setting a precedent. If we permit this invasion of privacy today, what might it be used for tomorrow?

A case in point is scraping, which I mentioned. Thanks to The Wall Street Journal, we now learn that the internet has given rise to thousands of data brokers and middlemen. They gather information from property records, social networking sites and telephone listings and by scraping data from websites where people post information about themselves. The point is not that those data are publicly available, but that they are being aggregated on a mass scale in a way that threatens individual privacy.

If we accept that civil liberties are being violated in the way that I have described, we must also acknowledge that something must be done about it. In some ways, what is going on is much more dangerous than state surveillance, because at least the citizen knows his rights and there is some possibility of legal redress. Also, it is possible to sack a Government if we are unhappy with them. We are familiar with the idea that there is a social contract between Government and citizen, but what is the social contract between a citizen and an internet corporation?

Street View affects everyone. Its impact is not limited to Google’s customers. When it comes to internet companies, the question of citizen rights is much murkier and less defined. That grey area has allowed firms such as Google to get away with what they have done. The reality is that a lot of privacy encroachment is going on that has yet to be uncovered.

Returning to the remarks by my right hon. Friend, I believe that there needs to be a robust inquiry, with teeth, into the role of the internet and its relationship to individual liberty.

--- Later in debate ---
Julian Huppert Portrait Dr Huppert
- Hansard - - - Excerpts

Indeed. There are a number of ways to deal with genuine cyber-terror risks. Labour’s proposals certainly were excessive; it took a draconian and over-zealous approach.

I raised the matter yesterday in Prime Minister’s questions. I asked exactly what was happening about the intercept modernisation programme. He assured me that the Government were not planning a centralised database. I suggest that right hon. and hon. Members read exactly what he said. I am trying to give the Prime Minister and the Government the benefit of the doubt, but I am concerned about the careful choice of words. Does it have to be a centralised database to cause problems? Does it have to be a Government database to cause concern?

The original problem was that ISPs were storing the data. Hoping that the Prime Minister was being less than entirely clear, I asked some follow-up questions to establish what is being proposed, given the wording of the strategic defence and security review. The Government have to be better, and they can start by ruling out for good such a costly, over-broad and heavily intrusive approach. A minimal standard for data retention has to be the goal.

I understand that the Home Office is considering that data retention by ISPs should be based on an EU directive. If so, extremely stringent safeguards must be put in place. What discussions has the Minister had with the Home Office on the matter? Will he assure the House that Government intrusion into the privacy of individual internet users would happen only in the event of a serious threat to national security, that it would be regulated by the strictest possible safeguards, and that it would be subject to primary legislation so that Members of Parliament could consider what was proposed?

David Davis Portrait Mr David Davis
- Hansard - -

I am listening with fascination to the hon. Gentleman. He is exactly right in what he says; there will clearly be a need for a severe warrant in order to control what is done with privately held data by agencies of the state. However, that alone will not resolve the problem of having a big centralised database. The creation of a database can itself create a security hazard. A large quantity of data being held, even by one ISP, becomes a target for fraudsters, hackers and terrorists. Does the hon. Gentleman agree that the Government should sort out that problem as well as the others?

Julian Huppert Portrait Dr Huppert
- Hansard - - - Excerpts

The right hon. Gentleman makes an excellent point. Wherever the data are kept, we would have to be most careful about their security. Some people would be interested to see it. For example, I can imagine that a number of people would pay considerable sums to gain access to the web and e-mail records of every Member of Parliament; we saw the excitement on expenses, and I am sure that it would be similar. Data like that must be treated as a great security risk, and that risk counterbalances much of the risk from cyber-attacks about which we hear so much.

I could talk about many other matters, but a number of Government Members wish to speak; the Opposition Benches are somewhat denuded. However, I wish to tell the House that I chair a Liberal Democrat policy working group that is writing a new policy on IT and IP matters, and we would welcome submissions from Members and from people across the country. We shall also be dealing with the party’s proposals on privacy. Indeed, members of the working group could have given a rather more detailed take on many of these matters. We clearly need to avoid the kind of lazy thinking that gives blanket solutions but ignores the need for privacy and liberty, and suggests draconian solutions that cause more problems than they solve.

I hope that my comments and those of others here today will give Ministers and others food for thought and that, together, we can work towards a balanced solution that preserves people’s reasonable privacy expectations.