I have been rewatching the West Wing recently – it is remarkably addictive. Somewhere in between mainlining up to 5 episodes a night, this quote struck me:
“It’s not just about abortion, it’s about the next 20 years. Twenties and thirties it was the role of government, fifties and sixties it was civil rights. The next two decades it’s gonna be privacy. I’m talking about the Internet. I’m talking about cell phones. I’m talking about health records and who’s gay and who’s not. And moreover, in a country born on the will to be free, what could be more fundamental than this?”
Sam Seaborn says this in the first-season episode “The Shortlist”; so if Aaron Sorkin, the creator of the show, understood this back in 1999, why is it that our politicians and leaders continue to be so woefully ill-equipped for the 21st century eleven years later?
It’s important to note that this is hardly an issue that is limited to one side of the green benches. Both the previous government and the current one have plenty of examples to demonstrate that their level of understanding of technology and science is not up to scratch. Both have a record of getting carried away with the opportunities technology provides to the state without asking the right questions about the impact on the individual.
Exhibit one: Medical records
The electronic patient care records system was an initiative of the previous government. Don’t get me wrong, I work in technology, and I can definitely see the potential benefits of medical records stored in a central database, easily accessible to authorised healthcare professionals for use in patient care. However, the way the project was executed betrays a shocking lack of understanding of the technology involved and its social implications at the highest level of government. For instance, while patient consent was ostensibly sought, this was a pro-forma exercise: many households who received letters telling them about the initiative and how to opt out didn’t even realise the importance of them and filed them straight in the recycling.
To this day, the guiding principles and rules for accessing and using the data aren’t particularly well publicised. Who and under what circumstance has access to a patient’s medical records? How is authorisation obtained and does it at any point expire? What rights does the patient have to view their own medical records, and to understand who has accessed them and why? Can data on the database be used for purposes other than treating the individual patient, e.g. for medical studies, and what safeguards are in place to gain patient consent for this and ensure their privacy? Once the data is in the system, who owns and controls it – the patient or the NHS? Under what circumstances can access be obtained to medical records for non-medical uses, e.g. by the police or other institutions of the state? Is the data physically held in this country, or is it transferred to countries with different and potentially weaker data protection laws? Some – though by far not all – of these questions have been addressed by the project. Others remain unanswered.
In addition to the above questions on access rights and data ownership, how is data integrity to be ensured? If the database is to hold the medical records of 60 million individuals, even at an error rate of one per cent that leaves 600,000 individuals with potentially fatal errors in their data. This is before considering malicious attacks on the database, either to obtain or alter records.
Exhibit two: The Digital Economy Act
The Digital Economy Act, particularly the large part of it which deals with online copyright infringement, is an example where the previous government succumbed to lobbying without fully understanding the technical, social and civil liberties implications of the legislation. It essentially hands over copyright policing on the internet to rights holders, at a very significant cost to both internet service providers and end users. If the implementation proposal currently on the table from Ofcom goes through as is, rights holders will have an unprecedented remit to invade individuals’ privacy by scanning their network traffic for copyrighted material. Not only that, but enforcement will be in the hands of rights holders and internet service providers, who will have the power to send end users threatening letters and most likely in the future to disconnect them from the internet, with very little in the way of due process.
While this protects the vested interests of a handful of people and companies, essentially supporting a few monopolies and cartels in the content industry whose business model would be obsolete without such legislation, the wide-ranging implications of the Digital Economy Act remain largely ignored and at best misunderstood by politicians. Handing over policing and enforcement of copyright to non-state actors is a constitutional precedent, and not in a good way. The same goes for allowing private companies to inspect individuals’ internet usage and traffic with – as per the current proposal – hardly any regulation. This doesn’t just change the relationship between the state and the individual, it brings in the private sector into this relationship without any safeguards.
Additionally to all this, the Digital Economy Act is highly likely to damage the real digital economy by, for instance, discouraging the provision of open WiFi access by small businesses such as pubs and coffee shops. Add to that the fact that it’s highly unlikely to achieve its goal to reduce online copyright infringement – the technology to make the Act toothless exists, and this will just be the final push to get users to adopt it – and the picture of our barely-technology-literate political classes is complete.
Exhibit three: The census
One of the early indications that the new coalition government isn’t much better than their predecessors when it comes to understanding the complex interplay between the realm of the technologically possible and the realm of the constitutionally, socially and politically desirable is Francis Maude’s recent announcement that he is looking to scrap the census. A cheaper, more accurate and more real-time way of achieving the same objective, he argues, is to use data already held in various government and private-sector databases to obtain a picture of who is living in the UK.
The first thing this ignores is basic technical feasibility. Reliably correlating each of the data sources the government proposes to use (e.g. NHS records, post office address lists, credit card checking registries, etc.) whilst ensuring data integrity is a nigh-on impossible task. It is also highly likely to leave us with huge gaps in our knowledge, compared to the census as it is conducted today. Especially data on diversity, be that ethnic, religious or sexual orientation, is likely to fall through the cracks.
Next is the issue of consent to use of the data. According to the Data Protection Act, if data is collected on an individual, they need to be informed what the data will be used for. When we give our information to various agencies we consent to it only being used for the stated purpose – not for our data to be later repurposed for a census.
Finally, there is the question of whether the proposed new approach would actually achieve the same results as the census. Don’t get me wrong – there are improvements we can make to the way the census is conducted. The fact that it is done at a household level, completed by the head of the household, means that a number of sensitive categories are misreported. For instance, a religious father may report his atheist child as belonging to a religion; a mother unaware that her child is gay may report them as heterosexual. This, however, is nothing compared to the inaccuracies, inconsistencies and gaps the proposed new method is likely to give us. Thinking about what census data is used for – targeting policy and government spending to those who need it – a data collection method which will leave out the most vulnerable, the minorities, and the underprivileged is hardly fit for purpose.
Exhibit four: Credit tracking agencies and benefit fraud
The latest in the series of “government meets 21st century” stories is of course David Cameron’s announcement last week that he is looking to use private credit reference agencies to crack down on benefit fraud. Handing over policing of an issue to the private sector, allowing private companies to breach individuals’ right to privacy: if you’ve been paying attention this should sound familiar by now. What is even worse is that, unlike the the copyright case where the issue being policed is only of commercial interest, in the case of benefit fraud we are talking about the state creating a financial incentive for private companies to snoop on individuals. Add to that the fact that this measure is exclusively targeted at the poor, and you have suddenly created a two-tier-citizen system, where some of us have a right to privacy while others don’t.
Let’s also not forget data integrity and reliability issues. When I was a student living in halls and needed to be credit-checked to get a mobile phone contract, this was a nearly-impossible task as credit checking happens on an address level. In student accommodation, where people rarely stay for more than nine months, being tarnished by your predecessors’ credit records was unavoidable.
Not only does this latest proposal demonstrate a lack of understanding of technology, it displays a basic ignorance of the constitution, which after all is supposed to establish the boundaries between the state and the individual. Yet again we see the state outsourcing key functions to the private sector, with little regulation, perverse incentives and a remarkable nonchalance about what this means for individuals.
***
One thing politicians of all parties should begin to understand is that as Generation Y and their successors reach the voting age, they are a lot more technology-savvy than our current crop of leaders. Issues of privacy, of data use, of the boundary between the state and the individual in a networked world, will not pass this generation by, and sooner or later they will hold their leaders to account. It is vitally important for the political classes to educate themselves about science and technology, to consider more than one viewpoint, regardless of the strength of the lobby groups, and to ensure that they have really asked all the questions before making decisions on these issues.