Saturday Hassan and Human Rights

The case of Saturday Hassan, widely reported in the Daily Telegraph, Daily Main and on BBC Radio 4 Today on 21 December 2012, highlights the confusion that still exists about the interaction between the Data Protection Act 1998, the Freedom of Information Act 2000 and, indirectly, the Human Rights Act 1998.

Saturday Hussan is serving a life sentence for the murder of Darren Deslandes – he was shot dead on New Year’s Eve 2009. Darren’s parents, Wintworth and Lurline Deslandes, want the Home Office to disclose Hussan’s immigration status, so that it can be confirmed that if he is an illegal immigrant or foreign national, he will be deported when he is finally released from jail. It is reported that the Home Office have refused the request, on the grounds of the protection of Hussan’s right to privacy (under Article 8 of the European Convention of Human Rights, incorporated into UK law by the Human Rights Act 1998).

This is an inadequate reason, without further explanation from the Home Office. It may also be wrong at law, but the relevant law is complex. I set out below one way in which the information could be lawfully disclosed, but there are others that would need careful analysis of all the relevant facts.

There are various offences related to immigration under, for example, the Immigration Act 1971. It can therefore be legitimately argued that information concerning Hussan’s immigration status is sensitive personal data under the Data Protection Act 1998, for which higher level of safeguards apply. However, sensitive personal data can be processed for a number of lawful reasons, including for the administration of justice or for the exercise of any functions of a Minister of the Crown or government department. Its disclosure, if for these purposes, would therefore not be a breach of the data protection principles, and so would be permitted under the Freedom of Information Act 2000.

What is covered by the “administration of justice” purposes in the Data Protection Act 1998 has not been judicially determined, but in other cases that have reached the European Court of Human Rights (ECHR) in Strasburg, it has been made clear that the ECHR would consider whether any interference to a citizen’s Article 8 right to privacy was justified. In the terms set out in S and Marper v The United Kingdom [2008] ECHR 30562/04 (a case involving retention of DNA records by the police), the ECHR said:

An interference will be considered “necessary in a democratic society” for a legitimate aim if it answers a “pressing social need” and, in particular, if it is proportionate to the legitimate aim pursued and if the reasons adduced by the national authorities to justify it are “relevant and sufficient”. While it is for the national authorities to make the initial assessment in all these respects, the final evaluation of whether the interference is necessary remains subject to review by the Court for conformity with the requirements of the Convention (see Coster v. the United Kingdom [GC], no. 24876/94, § 104, 18 January 2001, with further references). (paragraph 101)

It is therefore arguable that the Home Office could decide that the Deslandes and other similar indirect victims of crime do have a pressing social need to know whether they are safe from the perpetrator of the relevant crime reappearing on their doorstep. It certainly is not as simple as saying Hussan’s right to privacy trumps every other consideration.

Is UK data security mission impossible?

A story in The Sunday Times that an agent of the Serious Organised Crime Agency had a memory stick containing details of all undercover agents being run in Columbia had parallels with the sub-plot in Mission Impossible concerning the ‘Non-official Cover (NOC)’ list.  Unlike Ethan Hunt, our Agent T appears not to have ensured that the “list” would not get out in the open, as she left it on a transit bus in Bogata Airport.

The implication of the article was that an unencrypted memory stick was being carried rather casually by a new agent. Was there a rather sexist tone to all the details that the agent was female and the stick was left in a handbag?

A bit more disclosure online and in the papers today reveals that this may all have occurred in April 2006. The apparently relaxed reaction of SOCA (Agent T not, it appears, dismissed) seems to suggest that there is more to the story; at least we hope so.

However, this is yet again another timely reminder that there are two aspects to information security: organisational AND technical security. If the facts on this potential leak as reported are true, then was the agent really “a bit daft and scatterbrained”? What encryption techniques were used to safeguard the memory stick?

We only have to pray that this was not another data security screw-up.

Public not convinced on data retention

Readers of the Metro may have already seen that a survey by PoliticsHome.com has found that there was little public support for the retention of communications data by communications providers.

In the current data protection environment, we are not surprised.

Nothing gets in the way of "National Security"

Some of our team, as members of the Society of Computers and Law, argued in the SCL’s response to the Home Office consultation on the Data Retention Regulations that the Home Office had not made out a coherent case for the introduction of a 12 month data retention period for all communications data.  Why 12 months, when the Data Retention Directive allowed for anything up to 24 months, for example?

We had a number of other issues, including about the continuing problems concerning access to any retained data, but none of them were addressed by the Home Office.  Liberty had similar concerns. 

It’s all too late now.  In the current climate, anything done in the name of “national security” goes through.  The final regulations were made on 2 April and come into force on 6 April.