function creep
Function creep is "the way in which information that has been collected for one limited purpose, is gradually allowed to be used for other purposes which people may not approve of." It is one of the principal dangers of all the central databases that governments - and particularly the Dutch government - are currently creating.
The latest example is a database that will store fingerprints of all citizens. Recently approved by the Dutch Senate, it was passed off as the implementation of a European directive for including fingerprints in passports, though storing this information in a central database is actually a Dutch extension. Similar proposals were voted down in other EU countries like Germany, for obvious privacy concerns.
Other databases in the Netherlands containing personal information include:
- Medical dossier (this one has an opt-out)
- Children's dossier
- Mobile phones and internet
- Public transportation
- Car traffic
In all cases the information is collected for one stated function, usually health or safety (e.g. catching terrorists), and all other uses are ostensibly restricted. In the case of the fingerprints database, it can be used for criminal investigations only in very specific instances.
However, after a while the database becomes a given and using the information for other purposes becomes more and more tempting. The argument then becomes: if we have all this information, why not use it? In fact, with the notoriously short memory of politics, the question might even be reversed into: why did we gather all this information in the first place, if not to use it?
By that time, there will be such a wealth of data to mine that cross-referencing between databases will become the next temptation. And once that becomes accepted, we'll all be suspect until proven innocent...
For a UK example of this phenomenon, see 'Function creep: surveillance in London'.
Raphaël Mazoyer (URL) - 26-06-’09 18:02
In Holland, the XS4ALL-sponsored group Bits of Freedom is very active in this area: http://www.bof.nl/ In the UK, it's No2id: http://www.no2id.net/ In France, IRIS covers this area: http://www.iris.sgdg.org/
Those groups work on several levels: first, increasing public understanding of the issue, because it's a complex topic, the understanding of which is hampered by people's easy reaction of "I have nothing to hide." The answer to that is: "Yes, we know." --> http://www.loesje.org/
But they also work on a legislative level, to have courts review the constitutionality of silly surveillance laws voted by incompetent and security-obsessed members of parliament.
Finally, there's the taxpayer angle: feature creep is awfully expensive, and we're pouring hundreds of millions of euros of public money in IT projects that are risky and shaky in so many ways, it'd be a miracle if they were successful, purely from a technical and project management standpoint.