Milena Popova on the government’s misunderstanding and misuse of information

I have been re-watching the West Wing recently – it is remarkably addictive. Somwhere in between mainlining up to 5 episodes a night, this quote struck me:

“It’s not just about abortion, it’s about the next 20 years. Twenties and thirties it was the role of government, fifties and sixties it was civil rights. The next two decades it’s gonna be privacy. I’m talking about the Internet. I’m talking about cell phones. I’m talking about health records and who’s gay and who’s not. And moreover, in a country born on the will to be free, what could be more fundamental than this?”

Sam Seaborn says this in the first-season episode “The Shortlist”; so if Aaron Sorkin, the creator of the show, understood this back in 1999, why is it that our politicians and leaders continue to be so woefully ill-equipped for the 21st century eleven years later?

It’s important to note that this is hardly an issue that is limited to one side of the green benches. Both the previous government and the current one have plenty of examples to demostrate that their level of understanding of technology and science is not up to scratch. Both have a record of getting carried away with the opportunities technology provides to the state without asking the right questions about the impact on the individual.

Exhibit one: medical records

The electronic patient care records system was an initiative of the previous government. And it is not all bad. I work in technology and I can see the potential benefits of medical records stored in a central database, easily accessible to authorised healthcare professionals for use in patient care. However, the way the project was exectuted betrays a shocking lack of understanding of the technology involved and its social implications at the highest level of government. For instance, while patient consent was ostensibly sought, it was a pro-forma exercise: many households who received letters telling them about the initiative and how to opt out didn’t even realise the importance of them and filed them straight in the recycling.

To this day, the guiding principles and rules for accessing and using the data aren’t particularly well publicised. Who and under what circumstance has access to a patient’s medical records? How is authorisation obtained and does it at any point expire? What rights does the patient have to view their own medical records, and to understand who has accessed them and why? Can data on the database be used for purposes other than treating the individual patient, e.g. for medical studies, and what safeguards are in place to gain patient concent for this and ensure their privacy? Once the data is in the system, who owns and controls it – the patient or the NHS? Under what circumstances can access be obtained to medical records for non-medical uses, e.g. by the police or other institutions of the state? Is the data physically held in this country, or is it transferred to countries with different and potentially weaker data protection laws? Some – though by far not all – of these questions have been addressed by the project. Others remain unanswered.

In addition to the above questions on access rights and data ownership, how is data integrity to be ensured? If the database is to hold the medical records of 60 million individuals, even at an error rate of one per cent that leaves 600,000 individuals with potentially fatal errors in their data. This is before considering malicious attacks on the database, either to obtain or alter recrods.

Exhibit two: the digital economy act

The digital economy act, particularly the large part of it which deals with online copyright infringement, is an example of the previous government succumbing to lobbying without fully understanding the technical, social and civil liberties implications of the legislation. It essentially hands over copyright policing on the internet to rights holders, at a significant cost to both internet service providers and end users. If the implementation proposal currently on the table from Ofcom goes through as is, rights holders will have an unprecedented remit to invade individuals’ privacy by scanning their network traffic for copyrighted material. Not only that, but enforcement will be in the hands of rights holders and internet service providers, who will have the power to send end users threatening letters and most likely in the future to disconnect them from the internet, with very little in the way of due process.

While this protects the vested interests of a handful of people and companies, essentially supporting a few monopolies and cartels in the content industry whose business model would be obsolete without such legislation, the wide-ranging implications of the digital economy act remain largely ignored and at best misunderstood by politicians. Handing over policing and enforcement of copyright to non-state actors is a constitutional precedent, and not in a good way. The same goes for allowing private companies to inspect individuals’ internet usage and traffic with – as per the current proposal – hardly any regulation. This doesn’t just change the relationship between the state and the individual, it brings the private sector into this relationship without any safeguards.

What is more, the digital economy act is likely to damage the real digital economy by, for instance, discouraging the provision of open WiFi access by small businesses such as pubs and coffee shops. Add to that the likelihood that it will fail to reduce online copyright infringement – the technology exists to make the act toothless, and this will just be the final push to get users to adopt it – and the picture of our barely-technology-literate political classes is complete.

Exhibit three: the census

The new Tory-Liberal government isn’t much better than its predecessor when it comes to understanding the complex interplay between the technologically possible and the constitutionally, socially and politically desirable.  Thus Francis Maude’s recent announcement that he plans to scrap the census. A cheaper, more accurate and more real-time way of achieving the same objective, he argues, is to use data already held in various government and private-sector databases to obtain a picture of who is living in the UK.

The first thing this ignores is basic technical feasibility. Realiably correlating each of the data sources the government proposes to use (e.g. NHS records, post office address lists, credit card checking registries, etc.) while ensuring data integrity is a nigh-on impossible task. It is also likely to leave us with huge gaps in our knowledge, compared to the census as it is conducted today. Especially data on diversity – be that ethnic, relgious or sexual orientation – is likely to fall through the cracks.

Next is the issue of consent to use of the data. According to the data protection act, if data is collected on an individual, they need to be informed what the data will be used for. When we give our information to various agencies we consent to it only being used for the stated purpose – not for our data to be later repurposed for a census.

Finally, there is the question of whether the proposed new approach would actually achieve the same results as the census. Let us be clear: there are improvements we can make to the way the census is conducted. The fact that it is done at a household level, completed by the head of the household, means that a number of sensitive categories are misreported. For instance, a religious father may report his atheist child as belonging to a religion; a mother unaware that her child is gay may report them as heterosexual. This, however, is nothing compared to the inaccuracies, inconsistencies and gaps the proposed new method is likely to yield. Thinking about what census data is used for – targeting policy and government spending to those who need it – a data collection method which will leave out the most vulnerable, the minorities, and the underprivileged is hardly fit for purpose.

Exhibit four: Credit tracking agencies and benefit fraud

The latest in the series of “government meets 21st century” stories is of course David Cameron’s recent announcement that he is looking to use private credit reference agencies to crack down on benefit fraud. Handing over policing of an issue to the private sector, allowing private companies to breach individuals’ right to privacy. What is even worse is that, unlike the the copyright case where the issue being policed is only of commercial interest, in the case of benefit fraud we are talking about the state creating a financial incentive for private companies to snoop on individuals. Add to that the measure being exclusively targeted at the poor, and you have suddenly created a two-tier-citizen system, where some of us have a right to privacy while others don’t.

Let’s also not forget data integrity and reliability issues. When I was a student living in halls and needed to be credit-checked to get a mobile phone contract, this was a nearly-impossible task as credit checking happens on an address level. In student accommodation, where people rarely stay for more than nine months, being tarnished by your predecessors’ credit records was unavoidable.

Not only does this latest proposal demonstrate a lack of understanding of technology, it displays a basic ignorance of the constitution, which after all is supposed to establish the boundaries between the state and the individual. Yet again we see the state outsourcing key functions to the private sector, with little regulation, perverse incentives and a remarkable nonchalance about what this means for individuals.

***

One thing politicians of all parties should begin to understand is that as Generation Y and their successors reach the voting age, they are a lot more technology-savvy than our current crop of leaders. Issues of privacy, of data use, of the boundary between the state and the individual in a networked world, will not pass this generation by. Sooner or later they will hol d their leaders to account. It is vital for the political classes to educate themselves about science and technology, to consider more than one viewpoint, regardless of the strength of lobby groups, and to ensure that they have really asked all the questions before making decisions on these issues.


Tags: , , , ,


4 Responses to “Milena Popova on the government’s misunderstanding and misuse of information”

  1. All good, but what concrete steps should we be taking to rectify these problems? Swearing off databases entirely is hardly feasible and I’d be much happier if we were keeping plenty of the stuff being scrapped but in more secure forms (Contactpoint, for example).

    Should we be forcing all government and contracted-out databases to conform to agreed standards for security, accurate records, anonymity and the like? Do we need a strong quango to oversee this? Establishing a right to know what information the government holds on you?

    Until Labour sets down ideas and lays out the boundaries on this, all we’re doing is empowering a libertarian mindset that rejects all this unthinkingly, whilst letting the private sector do whatever it can get away with.

  2. DE says:

    You cover the nuances of intended use here very well – I think I missed these points when I blogged about this, While it is usually ok to anonymize data and re-purpose it, there is certainly no case for simply switching use without permission.

    Many of us consider the census to be somewhat worthless anyway – you just add to the many cases to which it is either not completed or is knowingly inaccurate. I suspect that most valid data is taken by extrapolating detailed and focused studies on model areas, not attempting to recreate the Domesday book every decade.

    In a better-than-nothing kind of way, I would prefer that the NHS continued with a bad patient record database as opposed to have nothing at all. Having to start from scratch when a patient arrives in emergency is just plain dumb, as well as dangerous. I have no issue if it takes time to get it right.

    My posts are here and here

  3. Ben Oldfield says:

    Wrong information is much more dangerous than no information.

Leave a Reply