The "data rape" of the notorious London Congestion Charge system appears to be set to get even worse.
Not only are all drivers snooped on all of the time, day and night and at weekends (even when there is no Congestion Charge to pay), but the photos and number plate / time / date / ANPR checkpoint location data is handed over, in secret, in bulk, in real time, to theMetropolitan Police and to other "national security" agencies , both in the UK and in foreign countries like the USA, thanks to the Ministerial Certificates signed by the then (useless) Labour Home Secretary Jacqui Smith.
See the previous Spy Blog articles:
- More secrecy over the London Congestion Charge and Low Emission Zone CCTV and ANPR spy cameras - data on innocents handed over to USA spooks - April 2008
- Home Secretary Jacqui Smith cripples the Data Protection Act regarding the London Congestion Charge ANPR Mass Surveillance scheme October 2007
Today the Guardian / Observer reports that:
Secret move by IBM, which runs London's congestion charge, will allow access to sensitive DVLA information
Daniel Boffey, policy editor
The Observer, Sunday 18 March 2012
The government has secretly agreed that the "particularly sensitive" personal data of all 43 million drivers in the UK can be contracted offshore to India in a move that will allow the private firm running London's congestion zone to cut costs and make more money.
Unecessary risks to our "particulary sensitive" personal data is bad, but this should not to be confused with the Data Protection Act 1998 section 2 Sensitive Personal Data, none of which should be collected by the London Congestion Charge at all, but which probably is, if you are registered disabled etc.
Data from the Driver and Vehicle Licensing Agency, including addresses, dates of birth and registration plate numbers, along with credit card details, will now be accessible to staff outside the UK following a review by ministers.
Since many people pay the Congestion Charge via mobile phone, these phone numbers willalso now be at increased risk of abuse.
Which Coalition Government Minister signed off on this privacy unfriendly policy ? Was it Justine Greening, Theresa Villiers, Mike Penning (all Conservatives) or Norman Baker (Liberal Democrat) ?
Why has this unecessary risk to Londoners privacy and security not been vetoed by the Mayor of London Boris Johnson, who is supposed to be in control of Transport for London ?
The prohibition was rescinded after IBM, which runs the congestion charge zone for Transport for London (TfL), lobbied for a change. The company has been repeatedly fined since it took over the contract from Capita in 2009, making the £60m deal less profitable than it had hoped.
The Labour party supporting C(r)apita (the former boss of which Rod Aldridge "loaned" the Labour party £1 million) failed to run the scheme as budgeted for. It was meant to provide £60 million a year "profit" to be used to improve the rest of London's transport infrastructure, but it never did and Ken Livingstone simply handed them extra cash and increased the daily charge, reneging on his election promises (quelle suprise).
However the move to relax the rules around the sensitive data, which has not been publicly announced, raises concerns in the build-up to the London 2012 Olympics about the increased risk of fraud.
It is understood that a risk assessment carried out within IBM has also identified a potential threat to London's reputation should the changes lessen the ability of staff to deal with problems in the congestion zone IT systems. It also warned of the risk to the security of sensitive data.
The move also appears to contradict ministers' recent insistence that they would resist any work on government contracts going abroad.
The transition allowing staff abroad access to the data is expected to be completed by 18 May. An internal email sent by IBM's commercial manager earlier this month, and seen by the Observer, says: "Since go live, TfL has directed that we retain within the UK certain support roles with access to data that they considered particularly sensitive... TfL has recently completed a risk assessment with the DVLA and the Department for Transport and has concluded that they no longer require this additional level of control... As a result we have commenced a transition exercise to manage the changes to our support organisation over the next three months."
If some people's data is considered to be "particularly sensitive" and is not to be allowed out of the UK, then why should any of it be put at risk ?
A DVLA spokesperson said: "All IT systems must be managed to the same standard as if they were in the UK. We will ensure that all appropriate controls for data protection are in place."
The DVLA have an appalling record on data protection - they have allowed millions of driver motoring test records to be sent to the USA and they have sold vehicle keeper names and addresses for as little as £2.50 a time to private sector companies , including those run by criminals