Destruction of National "Identity" Register data

David Hansen made this Freedom of Information request to HM Passport Office

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was partially successful.

Dear Identity & Passport Service,

I refer to http://www.ips.gov.uk/cps/rde/xchg/ips_l... and http://www.theregister.co.uk/2010/11/08/... outlining the collapse of your attempt to turn citizens into suspects, at least until you find more politicians daft enough to try to introduce it.

Please assist me with my enquiries into this matter by providing the following information

1) How many disks from Doncaster are to be/have been destroyed?

2) How many disks from Crawley are to be/have been destroyed?

3) How many back-up tapes from Wakefield are to be/have been destroyed?

4) How many disks from London, Manchester, Liverpool, Blackburn, London City and Manchester airports are to be/have been destroyed?

5) How many disks from Croydon and those which stored data from the early interest website are to be/have been destroyed?

6) For each disk/tape identified in 1) to 5) please provide a copy of the certificate of destruction.

7) For each disk/tape identified in 1) to 5) please provide video of its destruction.

8) Please confirm that the National "Identity" Register data is not stored on any other media. We know from the Register article that some systems may have "incorrectly retained data", all by themselves it appears. It may also be that additional media have been identified since the register article in November.

9) If there are any additional media in response to 8), please provide the information in 6) and 7) for each one.

10) Please provide copies of any reports regarding the destruction, by officials who witnessed the destruction.

11) Please provide the number of records extracted for "ongoing fraud investigations".

12) In terms of the Data Protection Act please provide the purposes for which "aggregated management information that cannot be attributed to an individual" has been retained.

13) In a language which is not English, but is vaguely similar to English, sections 12 and 17-21 of the Identity Cards Act 2006 provided for you to leak information from the National "Identity" Register to Uncle Tom Cobbleigh and all. Please provide the name of every organisation to which you leaked data.

14) For each organisation identified in answer to 13) please outline the steps you have taken to ensure that the information is exterminated from that organisation. If, for example, you had leaked all the data to the Security Service then the destruction of media under your control would simply be a piece of theatre. Given the lengths the civil service went to get the National "Identity" Register set up it seems most unlikely it would allow it to be deleted on the whim of mere ministers of the crown.

It may be that at this precise moment the database has not been exterminated. However, it should have been within 20 working days of my enquiry, hence the timing of my enquiry.

If any of my enquiries have been "reported to Parliament by Ministers" then a link to the information on the Westminster web site will be all that is necessary to answer that enquiry.

Please note that "replies" which involve attachments in proprietary file formats are not acceptable. A reply which is not in plain text format will be deemed to be a refusal to answer. It may be that copies of documents and videos cannot be provided in plain text format, if that is the case please contact me to discuss a suitable format.

Yours faithfully,

David Hansen

1 Attachment

Dear Mr Hansen,

Thank you for your email of 6 February. Please find an acknowledgement
attached.

<<17629 David Hansen.doc>>

Yours sincerely,

Freedom of Information Team

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

Dear IPSFOIs,

Thank you for your acknowledgement.

It gets worse. The data was squirted even further. http://www.bbc.co.uk/news/uk-politics-11... says

"But the full database has also been stored by 3M Security Printing and Systems, in Chadderton, Greater Manchester,"

Please insert a new question 1a) into my enquiry and modify subsequent questions accordingly.

I note from the BBC article that the data did not appear all by itself on other computers but was deliberately put there by officials, so for all I know could have been burnt onto DVDs long ago.

"Instead, workers will have to "provide file locations of extracted data" so that the Home Office team can put together an "audit record of data deletion""

I am aware of http://www.independent.co.uk/news/uk/pol...

Yours sincerely,

David Hansen

1 Attachment

Dear Mr Hansen,

Thank you for your email of 6 February. Please find document attached.

<<17629 Hansen PIT.pdf>>

Yours sincerely,

Freedom of Information Team

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

David Hansen left an annotation ()

Another official too arrogant to bother to reply to FoI enquiries as requested.

For completeness the attached file contains this text

=====================================================

Headquarters
Identity and Passport Service
Parliamentary & Correspondence
Management Team
4th Floor, Peel Building, SE
2 Marsham Street

London
SW1P 4DF

Mr David Hansen
Tel (020) 7035 8889
Email: [FOI #61367 email]
Fax (0870) 336 9175

Email [Identity & Passport Service request email]
Reference: FOICR 17629/11
Web www.ips.gov.uk

Date: 8 March 2011

Dear Mr Hansen,

FREEDOM OF INFORMATION REQUEST

Thank you for your e-mail of 6 February in which you ask for information on the destruction of the National Identity Register data. Your request has been handled as a request for information under the Freedom of Information Act 2000.

We are considering your request. Although the Act carries a presumption in favour of disclosure, it provides exemptions which may be used to withhold information in specified circumstances. Some of these exemptions, referred to as ‘qualified exemptions’, are subject to a public interest test. This test is used to balance the public interest in disclosure against the public interest in favour of withholding the
information. The Act allows us to exceed the 20 working day response target where we need to consider the public interest test fully.

Your request for information is being considered under the exemption in section 24 of the Act. This is a qualified exemption and to consider the public interest test fully we need to extend the 20 working day response period. We now aim to let you have a
full response by 4 April.

Yours sincerely,

Diane Lambert
Head of Parliamentary and Correspondence Management Team
Passport Adviceline: 0300 222 0000
Email us at [Identity & Passport Service request email].
Visit our website at www.ips.gov.uk.

=====================================================

Dear IPSFOIs,

You clearly have something to hide.

Section 24 of the Act http://www.legislation.gov.uk/ukpga/2000... is about "national security".

It is clear that you regard my enquiries as being too true to be good.

If you now fail to comprehensively answer all of my enquiries then it will be crystal clear that you have been up to no good and are now trying to hide this from people like me, your employers.

Yours sincerely,

David Hansen

2 Attachments

Dear Mr Hansen,

Thank you for your email of 6 February. Please find attached documents.

<<17629 Hansen - Response.pdf>> <<RDC - NIR Destruction
CertificatesRedacted090311FOI17629.pdf>>
Yours sincerely,

Freedom of Information Team

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.

David Hansen left an annotation ()

Despite being reminded of the contents of the enquiry the Home Office remain too arrogant to respond to an enquiry in the way the enquirer asks. Here is the text of the response.

Reference : FOICR 17629/11
Date: 4 April 2011
Dear Mr Hansen

FREEDOM OF INFORMATION REQUEST

Thank you for your e-mail of 6 February in which you ask for information on the destruction of the National Identity Register data. Your request has been handled as a request for information under the Freedom of Information Act 2000. Further to our letter of 8 March, we are now in a position to reply substantively. Pease see the Identity and Passport Service (IPS) response set out in the enclosed Annex.

In keeping with the Freedom of Information Act, we assume that all information can be released to the public unless it is exempt. In line with normal practice we are therefore releasing the information which you requested via the IPS website.

If you are dissatisfied with this response you may request an independent internal review of our handling of your request by submitting a complaint within two months to the address below, quoting reference FOICR 17629/11. If you ask for an internal review, it would be helpful if you could say why you are dissatisfied with the response.

As part of any internal review the Department's handling of your information request will be reassessed by staff who were not involved in providing you with this response. If you remain dissatisfied after this internal review, you would have a right of complaint to the Information Commissioner as established by section 50 of the Freedom of Information Act.

Yours sincerely
H Reid
Parliamentary & Correspondence Management Team

ANNEX

1. How many disks from Doncaster are to be/have been destroyed?

201 hard disk drives from Doncaster have been destroyed.

2. How many disks from Crawley are to be/have been destroyed?

160 hard disk drives from Crawley have been destroyed.

3. How many back-up tapes from Wakefield are to be/have been destroyed?

The back-up tapes from Wakefield were combined with those in Doncaster for destruction purposes. A total of 240 back-up tapes from these two sites were destroyed in Doncaster.

4. How many disks from London, Manchester, Liverpool, Blackburn, London City and Manchester airports are to be/have been destroyed?

A total of 63 disks were destroyed.

5. How many disks from Croydon and those which stored data from the early interest website are to be/have been destroyed?

There were 46 disks in total destroyed comprising of 2 disks from Croydon and 44 disks in respect to the Early Interest Website.

6. For each disk/tape identified in 1) to 5) please provide a copy of the certificate of destruction.

Destruction certificates covering the disks and back up tapes destroyed as referenced in questions 1-5 are provided.

Certificate IPS/2100/5 covers the 201 disks answered in Question 1 plus 17 of the 63 disks answered in Question 4 plus the 46 disks answered in Question 5.

Certificate IPS/2100/7 covers the 160 disks answered in Question 2.

Certificates IPS/2100/2, IPS/2100/1 and IPS/2100/8 cover 46 of the 63 disks answered in Question 4. The remaining 17 disks are included as part of Certificate IPS/2100/5.

7. For each disk/tape identified in 1) to 5) please provide video of its destruction.

A video of the complete destruction process was not made. However, a short video concerning the destruction has been made available by the Home Office and is available via the link: http://www.youtube.com/ukhomeoffice

8. Please confirm that the National "Identity" Register data is not stored on any other media. We know from the Register article that some systems may have "incorrectly retained data", all by themselves it appears. It may also be that additional media have been identified since the register article in November.

The NIR was not stored on any other media.

9. If there are any additional media in response to 8), please provide the information in 6) and 7) for each one.

See response to question 8, the NIR was not stored on any other media.

10. Please provide copies of any reports regarding the destruction, by officials who witnessed the destruction.

No reports existed at the time of your request.

However, IPS are preparing a final report which will be ready for publication during Spring of this year.

11. Please provide the number of records extracted for "ongoing fraud investigations".

24 records have been extracted for ongoing fraud investigation.

12. In terms of the Data Protection Act please provide the purposes for which "aggregated management information that cannot be attributed to an individual" has been retained.

Aggregated management information that cannot be attributed to an individual" is not personal data and therefore is not covered by the Data Protection Act.

13. In a language which is not English, but is vaguely similar to English, sections 12 and 17-21 of the Identity Cards Act 2006 provided for you to leak information from the National "Identity" Register to Uncle Tom Cobbleigh and all. Please provide the name of every organisation to which you leaked data.

14) For each organisation identified in answer to 13) please outline the steps you have taken to ensure that the information is exterminated from that organisation. If, for example, you had leaked all the data to the Security Service then the destruction of media under your control would simply be a piece of theatre. Given the lengths the civil service went to get the National "Identity" Register set up it seems most unlikely it would allow it to be deleted on the whim of mere ministers of the crown.

The Identity Cards Act provided for the exchange of information with other government departments and relevant agencies in order to ensure the security and integrity of ID Cards (which have since been cancelled), to protect the rights of the legitimate card owner and to prevent their fraudulent use.

We neither confirm nor deny whether we hold the information you requested by virtue of sections 23(5) and 24(2) (Information supplied by, or relating to, bodies dealing with security matters and national security) and section 31(3) (law enforcement) of the Freedom of Information Act. These sections exempt us from our duty to say whether or not we hold the information you ask for.

In order to apply section 24(2) and Sect 31(3) a public authority is required to conduct a public interest test in order to assess the considerations in favour of confirming or denying that the authority holds the relevant information against those favouring the exclusion of the duty to comply with section 1(1)(a) of the Act. The relevant public interest tests are set out below. Section 23(5) is an absolute provision and consequently there is no further consideration required.

Public interest considerations in favour of confirming whether the information is held

Increased openness with regard to the organisations with which information could be shared would increase understanding, openness and transparency in this area. This would inform the public and lead to a deeper public knowledge in matters relating to the prevention and detection of crime and national security.

Public interest considerations in favour of maintaining the exclusion of the duty to confirm nor deny

Set against these considerations, if we were to confirm or deny whether we exchanged information for these purposes and, if so, with what organisations, this would reveal whether there were any security or law enforcement issues relating to the information gathered and held in accordance with the Identity Cards Act. This would be detrimental to the
prevention and detection of crime and in itself would be prejudicial to the law enforcement process.

It is not in the public interest to disclose the capabilities of the UK authorities and the techniques that they may or may not use to safeguard the country.

This is in line with usual practice in not commenting on the activities of the security and intelligence agencies and should not be taken as evidence that any such information does or does not exist.

Conclusion

We have determined that the balance of the public interest lies in favour of neither confirming nor denying whether we hold the information requested.
This response should not be taken as conclusive evidence that the information you have requested exists or does not exist.

If any of my enquiries have been "reported to Parliament by Ministers" then a link to the information on the Westminster website will be all that is necessary to answer that enquiry.

http://www.publications.parliament.uk/pa...

Under Col: 945

Please note that "replies" which involve attachments in proprietary file formats are not acceptable. A reply which is not in plain text format will be deemed to be a refusal to answer. It may be that copies of documents and videos cannot be provided in plain text format, if that is the case please contact me to discuss a suitable format.

IPS are acting in accordance with Home Office instructions which recommend that all electronic departmental responses are issued in the portable document format (pdf).

Dear IPSFOIs,

I note that you continue to deliberately make reading your replies difficult, by sending them as Acrobat files. You would do well to remember who your employers are. I am one of your employers.

Thank you for your reply, most of which was comprehensive. However, a few matters are still arising.

You have not provided the number of disks from the 3M printing bods in Manchester. See question 1a). It may be they were included in a total. Please clarify.

The Certificates of Destruction indicate that the media were wiped, degaussed, but not shredded. The video, which you didn't bother to link to but which is http://www.youtube.com/ukhomeoffice#p/u/... shows Mr Green apparently shredding disks.

There can only be two conclusions to this. Either the certificates are bogus, or the certificates are correct and Mr Green was indulging in the theatre of destroying some random disks for the media. Neither says much for the competence of the Home Office. Which is the correct interpretation of the evidence please?

I note that you have nefarious activities to hide and thus refused to answer 13) and 14). There is no respectable reason why you should refuse to answer these questions. There could be no harm to anyone or anything in answering the questions, so it is clear you do not wish your employers to know of your activities, which must embarrass you.

Please note that "replies" which involve attachments in proprietary file formats are not acceptable. A reply which is not in plain text format will be deemed to be a refusal to answer.

Yours sincerely,

David Hansen