An even bigger database – a single source of truth

Posted in database state, surveillance society by ukliberty on November 28, 2007

The Telegraph (punchier article at the Guardian, hat-tip Ideal Gov):

It is not just ID cards that will be jeopardised by the loss of 25 million people’s bank details. What has not so far been noticed is that Mr Brown’s entire strategy for improving the public services is based on the Government getting more power over personal data.

Um.. yes it has been noticed. The Government’s broad plan was called Transformational Government (406 Kb PDF) in 2005, and various people (eg William Heath at Ideal Government) have been writing about various aspects of it (and earlier proposals) for years.

What the Telegraph journalist may mean is that ‘proper’ journalists in the mainstream media haven’t noticed, and therefore their readers haven’t noticed. Well, you ‘proper’ journalists should do a better job then, because this goes back a number of years, certainly before Gordon Brown became Prime Minister.

One of the first things the Prime Minister did on arriving at Number 10 was to appoint Sir David Varney as his “adviser on public service transformation”. Based at the Cabinet Office, the former O2 boss is the hidden power behind the throne. …

The Varney Review (792 Kb PDF) can be found on the Treasury website and in fact that too was written before Brown became PM.

Ironically, Sir David was the previous head of HM Revenue and Customs who resigned eight months ago over billions of pounds worth of fraud and errors in the tax credit system. That is a side issue.

Um, no it isn’t!

More relevant are his proposals for the public services, which involve radically altering the relationship between the citizen and the state.

Sir David’s aim, set out in a report he wrote for Mr Brown at the end of last year, is to create a giant centralised government database containing information about everybody in the country. It would establish what he calls a “single source of truth”

Now that’s irony.

about each individual – “made more robust through the introduction of identity cards” – which could be accessed by any department that wanted to verify who somebody was. It could also be used to target services more efficiently at individuals.

That’s all great on the face of it, but suppose a mistake is made in your data? You might be prevented from accessing public services or getting a job. Or suppose you work for a company opposed by animal rights activists, and someone gives them your details. Not at all far-fetched – these things happen (follow the links) and undoubtedly more frequently than they are reported.

How would we challenge errors or abuses? What remedies would be available to us? Why is this never discussed?

The plan is central to the Prime Minister’s stated intention of creating a more personalised system. “A joined-up identity management regime is the foundation of service transformation,” Sir David writes. “It is important that the advantages of sharing identity information – making life easier for the citizen and helping Government give individuals a personalised service – are robustly communicated.” He even speculates that there could be some “standardisation” between systems in the public and private sectors.

The thinking is entirely logical – it is, Sir David argues, ludicrous that somebody has to contact 44 bits of the state when a relative dies.

A number of commenters on the Telegraph article have questioned this claim, as do I. I think this is based on a claim made by John Hutton, which I commented on in January this year:

For example, one family had had to contact the government 44 times to confirm various details after a relative died in a road accident, he said.

This is undoubtedly the most extreme example they could come up with – i.e. an outlier – with no detail on what happened and why. You know, perhaps the family had to ask the same person more than once to complete a task, and the one giant database article claims that sometimes “services may assume there is a legal barrier when there is none”. How many times did this occur to the bereaved?

What seems most important is the average, not extreme examples, although I’m sure this was bothersome and distressing for the family concerned and I have every sympathy for them. It is certainly not a time when you want to be contacting strangers.

It is dishonest to present such numbers as if they are the norm, and not openly discuss alternative means of solving such problems. We should ask first why did that one family have to contact the government 44 times?

Back to the Telegraph:

Members of the iPod generation want to be able to download public services at their own convenience, just as they personalise their music collection. And if Tesco can send special offers to particular customers, using the information gained through its Clubcard, then the Government should also be able offer relevant services to its citizens.

Of course, the Tesco Clubcard is voluntary, and it is also voluntary to shop at Tesco. We will not have a choice with Government services. I am fed up with politicians and journalists comparing the public and private sectors in such a way. It is quite simply dishonest and wrong.

It will, however, be far more difficult to persuade the voters that the state can be trusted to create a “single source of truth” about them when it has just left so many people potentially open to identity fraud.

The parents whose information has been lost may not be happy to hear that their medical history, benefits statements, education details, criminal record, tax information and driving licence facts could all potentially be accessed through a central computer.

Sir David admits that there are “particular challenges around ownership of information” in his proposals for reform. After last week’s events, that could turn out to be the understatement of the century.

Two such challenges being incompetence or abuse.

Look, what no-one in power is discussing is what they will do when (not if) the data is abused or if a mistake is made and how to mitigate those risks. They cannot even openly countenance such risks because then a larger proportion of the public will question, fear and oppose their plans. Again, more dishonesty, which will lead to more problems.

Now, do not be persuaded to think of me or those of similar minds as some sort of Luddite – there are contexts where identity cards and other databases are appropriate. There are also contexts where there are just as effective and less intrusive alternatives.

Bruce Schneier’s five steps are extremely helpful when considering any proposal:

1. What problem does it solve?
2. How well does it solve the problem?
3. What new problems does it add?
4. What are the economic and social costs?
5. Given the above, is it worth the costs?

The next time a politician proposes any sort of technological wonder solution, ask yourself those questions, and ask yourself if he even appeared to openly discuss them, or rather whether it was more as if he was selling snake-oil.

1 comment