Surveillance society must be managed

The mismanagement of CCTV, identity cards, traceable mobile phones, health and social security databases, store loyalty cards and other data retention technologies could hurt privacy and cost lives, according to a new report from the Royal Academy of Engineering.

Surveillance and collection of personal data used to make lives safer and more convenient must be engineered and monitored to prevent misuse by governments, companies and even individuals, according to the academy's Dilemmas of Privacy and Surveillance report.

"Technologies for collecting, storing, transmitting and processing data are developing rapidly with many potential benefits, from making paying bills more convenient to providing better healthcare," said Professor Nigel Gilbert, chairman of the academy working group which produced the report.

"However, these techniques could make a significant impact on our privacy. Their development must be monitored and managed so that the effects are properly understood and controlled."

With more databases holding detailed personal information - consider the national ID card registry - security is a top concern. Terrorists or criminals could hack or sabotage a health care or social security system, but even simple human error could lead to personal data being stolen or destroyed.

Engineers have a key role in the future of data protection, but the report said government and companies must lessen the risks by encrypting databases, keeping the minimum amount of data for a minimum amount of time, and by talking with people regularly to check for errors in the system.

"Engineers' knowledge and experience can help to 'design in privacy' into new IT developments," said Gilbert.

"But first, the government and corporations must recognise that they put at risk the trust of citizens and customers if they do not treat privacy issues seriously."

Gilbert added: "It should be possible to sign up for a loyalty card without having to register it to a particular individual - consumers should be able to decide what information is collected about them.

"We have supermarkets collecting data on our shopping habits and also offering life insurance services. What will they be able to do in 20 years' time, knowing how many donuts we have bought?"