Prevalence of Trans* folk as high as 1%

Some rather dry but nevertheless interesting statistics for you: According to the Equality and Human Rights Commission (EHRC), as many as 1% of people may have gender “issues” of some description or another.

The evidence comes in the form of a “technical note” on conducting surveys from the EHRC. (PDF Link) When asking just over 10,000 people various questions about their gender, 0.4% did not identify as binary (I.e. neither male nor female) and 1% had had thoughts about (Or taken actions towards) gender reassignment.

Of course, this new evidence hasn’t stopped the Daily Mail having a pop at previous, lower estimates, labelling them “preposterous” purely because relatively few people actually get as far as dealing with the NHS (…perhaps because it’s so difficult to do, and the likes of the Mail create a negative social stigma around it…) or getting a GRC (…because they’re really not as much help as they should be, thanks to the Equality Act!)

But I am inclined to agree with the Daily Mail (I know, sorry, it happens occasionally) about excessive collection of data. It’s rarely statistically significant for Trans folk unless you’re dealing with a sizeable number of people and can be intrusive. (Data that one person in a group of 100 is Trans is enough to out someone)

Oh, and of course if you collect data, you can accidentally leak it. (It’s not clear in that case if information on gender reassignment was also leaked)

Comparative costs of CCDP requests

There was some mention of costs in the recent Communications Data Bill committee hearings and I also ran across an interesting Freedom of Information request on the costs of the current system, so I thought I’d take a look at them side by side. Which system gives better value for money, the existing Data Retention or the proposed Communications Data Bill?

Cost-per-request under the Data Retention Directive

There are three pieces of useful information here. Firstly is the evidence of Charles Farr, Director General of the Office for Security and Counter-Terrorism. From his answer to Question 6 in oral evidence to the Communications Data Bill Committee: “As you know, we have put, based on our survey of the relevant organisations, a figure of 25% of data that organisations would like to get access to but cannot.” (In other words, 75% of the data is available)

Secondly is Question 10 from Michael Ellis MP: “in 2010 there were over half a million requests for communications data: 552,550.” In combination with the above 75%, that gives around 414,400 successful requests in 2010.

And finally, we have a Freedom of Information response to Caspar Bowden from which we have the yearly cost of running the Data Retention programme. Taking an average for 2009-10 and 2010-11 (Presumably Fiscal years) we find an average for 2010 of £13.15 million.

That’s quite a simple calculation to do: Each successful data request has a data retention cost of £31.76.

Cost-per-request under the Communications Data Bill

Again, Charles Farr has given us some useful information here. In response to question 9, he believes they will “improve our coverage to a figure of what we think should be in the region of 85%, as opposed to 75%, which is where we are now”.

I’ll be generous here and assume they actually get an immediate 10% increase, although even Mr. Farr admit that’s not likely and they won’t see the 85% figure until 2018. That means an extra 55,255 requests for data would be successful based on their figures.

As for the cost, Dr Julian Hupperts Question 73 states “The Home Office estimate is that the cost of this Bill as it currently is would be £1.8 billion over the next 10 years.”

So that’s £180 million a year for 55,255 more successful requests – or £3258 per request, over 100 times more expensive than under the current data retention regime.

So this additional cost is all the “black boxes” snooping on people, right?

Not according to Richard Alcock, Director of the Communications Capabilities Development Programme. From question 73: “The majority of the costs are around data retention. Over 50% are associated with working with communications service providers in the UK, to establish data retention stores.” It would seem that despite their claims that the new bill is mostly about improving data retention, their idea of data retention is significant more expensive (And thus much more extensive?) than the current system.

This discrepancy presumably explains why, despite complaints that much of the existing problem is that the Data Retention Directive is “ambiguous” and does not go far enough

But what about the benefits? There is a claim (Question 76) that this will have a benefit of £600 million per year. When asked to justify this by Dr Julian Huppert MP, Charles Farr included the phrase “We then attached a monetary value to lives saved”. In other words, it’s not a saving, just an analysis of the benefits. We do not have the raw numbers as the Home Office have not released them, so we can not assess if that “value” of lives saved is actually better spent not snooping on people, but in hospitals.

If we assuming the Home Office are being honest in response to Freedom of Information requests, it may simply be that the £1.6 billion figure is made up. (This would not be the first time we have caught someone making up such figures) When I requested a breakdown of the costs of the proposed system, they claimed it would take in excess of 100 hours to compile the information. Which rather sounds like “We do not have this”.

Credulous Cameron and the Lie Detectors

No, not the title of a new kids novel, it’s news that sex offenders face mandatory lie detector tests.

It seems Cameron is “impressed” enough (According to the Guardian) with lie detectors to want to use them on sex offenders. Lie detectors that are otherwise inadmissible in court.

Fail a lie detector test? Bad luck. “Any offenders found to have broken their licence as a result of a lie detector test would be sent back to prison“.

Lie detectors only work when people think they work. There is no fundamental difference between this approach and putting someone in a room with a “psychic mind reader”. I doubt we would stand for that, and there is no reason we should put up with it just because it looks a little bit like science.

(An alternate title for this blog post was going to be Cargo Cult Cameron. Not sure which I prefer…)

What we’ve learnt about CCDP plans

Featured on Liberal Democrat VoiceYesterday, the first set of evidence into the Home Office’s controversial interception plans was heard in front of the special committee established to look at the draft bill and you can watch the Video on Parliament’s web site. (More is scheduled for this afternoon).

We learnt a few things about what’s being planned as a result of the evidence given, which was predominantly given by Charles Farr, ex-MI6 man and Director of the Office for Security & Counter-Terrorism.

Firstly, the existing Regulation of Investigatory Powers Act and Data Retention Directive are allowing police and security services to get access to around 75% of the data they are after. It’s envisaged that the wide-scale interception of communications data would increase that to 85% – so by only 10%, which seems a huge cost in both monetary and civil liberties terms for a relatively small increase. The existing shortfall was attributed in part to “ambiguities” in the EU Data Retention Directive as it’s implemented in the UK.

Secondly, when asked about their ability to break cryptography they Home Office mandarins ducked the question, instead saying that their preferred method was to “co-operate” with (I.e. coerce) service providers. This would be the likes of Google, Facebook and Twitter, both UK-based and foreign, so that they stored the communications data themselves.

They were quite clear on this point when asked about “black boxes” too and not just crypto – even though interception is the very first clause in the draft bill, they claim the main thrust is retaining data at the service provider.

A big hole in their argument as a result is that they have not made clear why altering the existing Data Retention Directive to allow this isn’t enough. There is a big difference in liberal terms between being asked to retain data you already have and actually listening in to obtain data.

The issue that remains is foreign non-cooperative service providers who cannot be coerced and the Home Office seems to imagine only intercepting communications as it enters and leaves the UK, and not widespread interception within the UK. This approach will cut the number of boxes they need. They may not even need to talk to big household-name service providers to do this, instead targeting the lesser-known (To the public) fibre providers who offer the bits of glass that go under the oceans, seas and English Channel.

This has the side effect of also intercepting private (Non-internet) traffic and communications transiting the UK from, say, the US to Germany. I’m sure this point hasn’t been lost on those pushing for it.

In terms of capability, the spooks believe it will be nearly impossible to remain anonymous with the volume of data they are able to collect, something that has sinister overtones for anyone with a genuine need to speak out against the establishment or against the police. You don’t even need to look as far as China to see this in action, as it would be the police justifying the use of interception and there is far from universal trust of the police to regulate themselves in this country.

On the topic of the police self-justifying their use of powers, requiring warrants to obtain data for lesser needs (e.g. Harassment and Non-payment of fines) was discussed and the Home Office did not seem to have a good reason why this shouldn’t be the case. Their argument in favour of allowing minor offences to be included is that they might escalate into more serious offences, and that’s OK because they don’t (ab)use these powers much. (Yet…)

Finally, they were asked by one MP if they could rule out “fishing” expeditions where they would obtain the data from hundreds of users but they were not able to do this. The example given was if they know a suspect was at a certain place, they might pull the communications data for everyone in that area at that time.

For those interested in this, there is also an ongoing consultation where you can submit evidence direct to the committee.