I 
Ars Technica
The British government is developing a proposal to centralize the data-retention practices of UK communications firms. Under current law, communications providers are required to retain certain kinds of data about their customers for a year, and to make that data available in response to government subpoenas. Under the new proposal, these records would have to be automatically submitted to a centralized government database. The government believes this will facilitate law enforcement access to the information, although a court order would still be required to access it.
The proposal is being drafted by the British Home Office, which performs many of the same functions as the American Department of Homeland Security. Like DHS, the Home Office has pushed aggressively for expanded surveillance capabilities. The Home Office claims that new legislation is needed to cope with changes in the way Britons communicate. The government points to the increased use of e-mail, instant messaging, and other communications technologies, which it claims are hampering its ability to conduct lawful surveillance. It also argues that the legislation is required to comply with the EU's 2006 data retention directive.
The data retention directive has been criticized by civil liberties groups, and the UK proposal has also received harsh reviews from privacy experts. "The fight against terrorism doesn't require a centralised database," Chris Mayers, chief security architect at Citrix Systems, told the BBC. "Such a database would face threats from both outside and inside. The more people who have access to it the more risks there would be."
When data retention is distributed among several private parties, it has some natural resiliency against security breaches. Any given breach will only expose the information of a subset of UK citizens, and will give only a partial picture of those citizens' activities. In contrast, a comprehensive national database would be a treasure trove of information for criminal activities, serving as a kind of "one stop shopping" for identity fraud.
Shadow Home Secretary David Davis (the opposition party's spokesman on Home Office decisions) pointed to the government's poor track record of securing government databases. Last year, the government lost two computer discs containing government records on 25 million people. And in January the Ministry of Defense admitted it had lost control of a laptop containing unencrypted records on 600,000 prospective military recruits. A centralized government database would only heighten the dangers of such breaches, because a single breach could expose more data belonging to more Britons.
Governments have been pushing for stronger surveillance policies on both sides of the pond, but those efforts have been more successful on the British side. Here in the states, the FBI has long been pushing for mandatory data retention laws with little effect. In contrast, the British government already has mandatory data retention rules and is now pushing to expand and centralize those requirements. The British also have a far more extensive network of closed-circuit TV cameras watching their every move in major cities. But as we noted last week, the evidence that these kinds of "security" measures actually increase public safety is hard to find.
One of the strongest critics of the expansion of surveillance in the UK has been Information Commissioner Richard Thomas. The Information Commissioner's Office is an independent government agency that serves as a watchdog for consumer privacy. In 2006, the ICO released a report (PDF) called "The Surveillance Society" that detailed the expansion of government surveillance in Great Britain. Thomas warned that Britain was "waking up to a surveillance society that is already all around us," and argued that while surveillance has its benefits, "unseen, uncontrolled or excessive surveillance can foster a climate of suspicion and undermine trust." Thomas has called the latest data retention policy "a step too far," and says that "we have real doubts that such a measure can be justified, or is proportionate or desirable."
Unfortunately, thus far the British government seems to be largely ignoring Thomas' warnings, pressing on with expanded government surveillance of private citizens. It may take a massive breach of the government's new centralized database, or a scandal involving misuse of the data, before policymakers take Thomas' warnings seriously.
So is this the same central database the ID cards have? I ask because I know the the ID card database (with contains your
tax records, health records and other government-owned personal info) is given out to private companies, (apparently
44,000 of them) and just want to know if this will be also.
