Opinion: Judith Ratcliffe

In spring 2023, those of you who used to fill in “on paper” self assessment tax returns received letters from HM Revenue & Customs, saying: “If you normally receive a paper return, you won’t receive one this year, or in future, as you can file online instead”.

But it’s not just HMRC doing it. A number of other Government departments and their processors also appear to force people to put their most sensitive data online. For example, United Kingdom Security Vetting has, previously, refused to action counter terrorist check forms that weren’t submitted online, despite having a paper route available.

Forcing people online appears to break overarching privacy rights, from the European Convention on Human Rights as incorporated into the Human Rights Act 1998. These are the right to personal autonomy which is part of the article 8 right to respect for a person’s private life. In my understanding, this means you choose how you live your life, without interference by the Government unless it is strictly necessary and there is a specific law in place which sets out the exact measures to be taken to restrict your rights and under what circumstances those measures will be carried out, and which must be proportionate to meet the aims of a democratic society. These are three very high bars and I would argue that forcing everyone to do their taxes online, whether they like it or not, fails on all three of those bars.

First of all, it cannot be strictly necessary, because clearly a paper route has been available. Secondly, there is no law requiring that people only do their taxes or counter terrorist checks online, and even if there were, such interference with the right to personal autonomy would, in my understanding, have to be for a set period of time and/or only for specific circumstances.

But the third bar here is perhaps the most important. It is, in my view, disproportionate to meet the aims of a democratic society and, in fact, fundamentally against the public interest, to force everyone to do their taxes, counter terrorist checks, and/ or other interactions with the Government online.

Why is this? Let me explain. It opens the door to you easily having your identity stolen, your money stolen, and even your tax records interfered with and changed by hackers and other cybercriminals. This can be done through a number of ways – malware, their own app or website being taken over, man-in-the-middle attacks, sniffing, DNS cache poisoning, keystroke logging, spoofing websites, phishing or even just hacking into your wifi, or attacking your password multiple times until it breaks. Arguably forcing people to do their taxes and/or counter terrorist checks online may be considered to facilitate fraud.

Communications that would ordinarily happen through the post, are received and sent by email. Emails are known to be easily interceptable and, famously, even the director of the CIA has had his emails hacked.

It should be remembered that Government departments are often a primary target. Added insecurities come from things like the demand, with counter terrorist checks, for date of birth to be at the top of every email – for “verification” purposes. This, arguably, breaks data protection rules around confidentiality and excessive data collection, and breaks the UK Government’s own service manual guidance for planning and writing text messages and emails: “avoid making requests for personal information, like a user’s date of birth”.

It can be harder to check what organisations are doing/have done with your data through online services and harder to hold them to account, complain, and get problems quickly resolved. A lack of physical paper trail can leave you without evidence. Teams can be difficult to reach by telephone, and “support” services often can’t help (in my experience) with problems other than perhaps lost passwords/software issues. They demand more personal data and cause risks of further harm and inappropriate overexposure of your data, to fix a problem that their organisation arguably caused.

Automated responses and “ticketing” systems in offshore countries can make matters worse.

What can we do about it? Sign my petition, which asks the UK Government to grant every UK citizen the right to keep every interaction with Government (national and local) offline (on paper and over the counter).

I’m not saying that everyone must do things offline. Accessibility issues necessitate online activities, for some, but those who do things online should be doing it freely, without being forced, pressured or tricked into it, and they should be told about all of the risks and issues first, so they can make informed decisions.