data privacy visualised (6 years on….)

It’s over 6 years since I blogged about how the principles of Creative Commons might be applied to privacy and data protection, particularly to help simplify users’ understanding of what would be done with their data.

I included this mock-up of how this might look when citizens are submitting their data into the custody of an organisation, echoing the look and feel of Creative Commons licensing:

So, what progress in the meantime?

In terms of the thinking around how we treat personal data, I think there has been good if slow progress. The recent work on the draft identity assurance principles shows a growing maturity in learning the lessons of the past – and what makes for well designed, or badly designed, information systems.

But I’m not sure there’s been enough progress both in terms of being explicit with citizens and businesses what permissions they’re granting to third parties – nor in terms of making very clear to users in those organisations what rights they have to the personal data entrusted to them.

Alongside the visualisation of the rights associated with data, we need the underlying rights enforced computationally. Ultimately too we need to realise that ensuring the right data is available to the right people at the right time can be done in a secure and trusted fashion – and does not require the potentially dangerous legalistic approach of enforced “data sharing” (with all the security and privacy problems that produces), but rather the better design of our information systems. Achieving this much needed re-design I suspect still remains the most significant challenge.

more detail on the draft principles for the UK identity assurance scheme

In my recent post draft principles for the UK identity assurance programme I said if people were interested, I could post more detail of the thoughts that underpin them. It’s clear from comments on this site and elsewhere that additional detail would be useful, so I’m providing it below.

I preface this with the same important caveat as before – that this is still work in progress and the principles have yet to be formally reviewed, finalised and – most importantly – adopted as an integral part of the programme.

Ref	The Identity Assurance Principle	Rationale / Commentary	Legal Commentary
1	The User Control Principle [Identity assurance activities can only take place if I consent or approve them] An Identity Assurance Provider or Service Provider must ensure any collection, use or disclosure of IA data in, or from, an Identity Assurance Service is approved by each particular Service-User who is connected with the IA data. END PRINCIPLE	Identity Assurance Providers or Service Providers cannot use or disclose IA data without the Service-User’s knowledge and agreement (i.e. consent). Service-Users must be able to control / choose whether or not to use or disclose their IA data. Any exemption from the User Control Principle should be specified via the Exceptional Circumstances Principle.)The Data Minimisation Principle also applies to any collection, use and disclosure	The requirement that processing is either legitimised by consent of the data subject is “necessary for a contract with the data subject …” (sched 2, paras 1 and 2 of the DPA) or unless exceptional circumstances apply.Consent takes the meaning in the Data Protection Directive (or any successor regulation). Also covers some “fair processing” requirements
2	The Transparency Principle [Identity assurance can only take place in ways I understand and when I am fully informed] Each Identity Assurance Provider or Service Provider must be able to justify to Service-Users why their IA data are processed. Each Service-User, prior to using an Identity Assurance Provider or a Service Provider for the first time, must be provided with a clear description about the processing of IA data in advance of any processing. The information provided includes a clear explanation of why any specific information has to be provided by the Service-User (e.g. in order that a particular level of identity assurance can be obtained) and identifies any obligation on the part of the Service-User (e.g. in relation to the User’s role in securing his / her own identity information). Any subsequent and significant change to the processing arrangements that have been previously described to a Service-User needs the prior consent or approval of that Service-User before it comes into effect. END PRINCIPLE	Organisations should engender trust by being open about all aspects of the processing of IA data(Processing means “collecting, using, disclosing, retaining, transmitting, copying, comparing, corroborating, aggregating, accessing” and anything else).Such information does not need to be provided at every transaction, if the Service-User has been previously informed. Where changes occur, any Provider would have to anticipate the fact that consent or approval might not be forthcoming. Any exemption from the Transparency Principle should be specified via the Exceptional Circumstances Principle	First data protection principle requirement that the processing of personal data is fair
3	The Multiplicity Principle [I can use and choose as many different identifiers or identity providers as I want to] A Service-User is free to use any number of identifiers that each uniquely identifies the individual or business concerned. A Service-User can use any of his identities established with an Identity Assurance Provider with any Service Provider. A Service-User can choose any number of Identity Assurance Providers or Service Providers in order to meet his or her diverse needs. A Service-User shall not be obliged to use any Identity Assurance Provider or Service Provider not chosen by that Service-User; however, a Service Provider can require the Service-User to provide a specific level of Identity Assurance, appropriate to the Service-User’s request to a Service Provider. A Service-User can terminate, suspend or change Identity Assurance Providers or Service Providers at any time A Service Provider does not know the identity of the Identity Assurance Provider used by a Service-User to verify an identity in relation to a specific service. END PRINCIPLE	These first three need no explanation.Where Service Providers are a monopoly or near monopoly, they should not be able to require a particular Identity Assurance Provider to be used. However, a Service Provider must be able to insist on a particular (and not unreasonable) level of identity assurance before delivering a service. Any exemption from the Multiplicity Principle should be specified via the use of the Exceptional Circumstances Principle.It should not be possible to link a Service-User’s activities in different contexts.
4	The Data Minimisation Principle [My request or transaction only uses the minimum data that is necessary to meet my needs] IA data processed by an Identity Assurance Provider or a Service Provider to facilitate a request of a Service-User must be the minimum necessary in order to fulfil that request in secure and auditable manner. END PRINCIPLE Note: it is useful to remind the reader that this Principle has a wide reach because of the definitions of IA data and Processing  “IA data includes “Personal data”, “Audit data,  “Attribute data, “Identity data”, “Relationship data”; “Transactional data” and other “General data”  “Processing” in the context of IA data means “collecting, using, disclosing, retaining, transmitting, copying, comparing, corroborating, aggregating, accessing”…  etc).	So for the absence of doubt, any aggregation, correlation or corroboration of IA data from diverse Identity Assurance Providers or Service Providers are subject to all the Identity Assurance Principles.All IA data processed has to be the minimum necessary in the context of service delivery or identity verificationNote that a Service User can, for his own convenience, request a Provider to hold information beyond the minimum necessary. Subject to any audit or legal requirement, the Minimisation Principle requires any aggregation, correlation or corroboration to be of a transient nature. Any decision that requires a risk  assessment of the Service-User will need the correlation of data from possibly a number of sources will also be subject to the Data Minimisation Principle Note that the User Control or Transparency Principle should ensure the Service-User can provide informed consent / approval There should be no centralisation of IA data Any exemption from the Data Minimisation Principle should be specified via the Exceptional Circumstances Principle	Third and Fifth Data Protection Principles (“Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed” and “kept no longer than is necessary”).Also Privacy by Design objectives likely to appear in a future data protection regulation
5	The Data Quality Principle [I choose when to update my records] Service-Users should be able to update their own personal data, at a time at their choosing, free of charge, and in a simple and easy manner. Identity Assurance Providers and Service Providers must take account of the appropriate level of identity assurance required before allowing any updating of personal data. END PRINCIPLE	Unnecessary retention and excessive data collection would breach of the Data Minimisation Principle. If a Service User fails to keep his information up to date, then his transactions could fail; this we believe is the incentive for Users to keep information up to date. The Identity Assurance / Service Provider has to be able to decide the level of identity assurance before accepting a change to a Service User’s data. Any exemption from the Data Quality Principle should be specified via the Exceptional Circumstances Principle	Accuracy requirements of DPA (4th Principle)
6	The Service-User Access and Portability Principle  [I have to be provided with copies of all of my data on request; I can move/remove my data whenever I want] Each Identity Assurance Provider or Service Provider must allow, promptly, on request and free of charge, each Service-User access to any IA data that relates to that Service-User. It shall be unlawful to make it a condition of doing anything in relation to a Service-User to request or require that Service-User to request IA data. The Service-User shall have the right to require an Identity Assurance Provider to transmit his personal data, to a second Identity Assurance Provider in a standard electronic format, free of charge and without impediment or delay. The Service-User’s right to data portability shall also apply between Service Providers. END PRINCIPLE	For the absence of doubt, such access includes access to logs of Service-User activity, disclosure logs of any Service-User data, and any audit data relating to that Service-User’s activity but excludes any anonymised data that can no longer be linked or associated with a particular Service-User.The prohibition is needed as there is a practice in the UK of requiring data subjects to use their subject access rights to criminal records and medical records and show the product of their access request to an employer or insurer. The prohibition stops unscrupulous use of the access right. The text is based on the prohibition in the ID Card Act 2005. This is the right to data portability. Any exemption from the Service-User Access and Portability Principle should be specified via the Exceptional Circumstances Principle	Subject access under the DPA Privacy by Design should include a user access functionalityStopping Enforced Subject Access (Data Portability is envisaged in the Data Protection Regulation)
7	The Governance/ Certification Principle [I can trust the Scheme because all the participants have to be accredited]As a baseline control, all Identity Assurance Providers and Service Providers shall be certified. There shall be a certification procedure subject to an effective independent audit regime which ensures that all relevant, recognised identity assurance and technical standards, data protection or other legal requirements are maintained by Identity Assurance Providers and Service Providers. In the context of personal data, certification procedures include the use of Privacy Impact Assessments and Privacy by Design concepts. All Identity Assurance Providers and Service Providers shall take all reasonable steps to ensure that a Third Party cannot capture IA data that confirms (or infers) the existence of relationship between any Participant. Certification can be revoked if there is significant non-compliance with any Identity Assurance Principle. The architecture of an Identity Assurance Service must be based on open standards. END PRINCIPLE	This Principle mandates the use of all relevant standards as the baseline for all information assurance / security / integrity controls used.The “reasonable steps” tries to ensure that web-based services cannot capture details of a relationship between Service Users and any Identity Assurance Provider or Service Provider used by them even though the Service-User might have unwittingly allowed it. (Note: this is why relationship data includes in its definition relevant cookies and programs that collect such data). Any exemption can be specified via use of the Exceptional Circumstances Principle	The Accountability Principle expected in the forthcoming data protection regulation; also obligations in the Seventh Data Protection Principle and HMG Security Framework or ISO27000 Privacy Impact Assessments and Privacy by Design concepts are part of the Data Protection Regulation currently under discussion.Consideration needs to be given as to whether it should be made unlawful for such details to be captured (even overriding any User’s explicit consent). We are very concerned that many Users do not know what permissions they have given nor do they read privacy policies of organisations based outside the EEA. There is a need to take away the defence of a Third Party that it has the permission of the User to capture details from an Identity Assurance Service
8	The Problem Resolution Principle [If there is a problem I know there is an independent arbiter who can find a solution] A Service-User, who after a reasonable time, cannot or is unable to resolve a complaint or problem directly with a Identity Assurance Provider or Service Provider can call upon an independent Identity Ombudsman to seek independent resolution of the issue. As part of the certification process, Identity Assurance Providers and Services Providers are obliged: (a) to co-operate with the Identity Ombudsman and accept his impartial determination and (b) to ensure that contractual arrangements (i) reinforce the application of the Identity Assurance Principles, and (ii) contain a reference to the Identity Ombudsman as a mechanism for problem resolution. The Identity Ombudsman can resolve the same or similar complaints affecting a group of Service-Users. The Identity Ombudsman can co-operate with other Regulators in order to resolve problems and can raise relevant issues of importance concerning an Identity Assurance Service. An adjudication / recommendation of the Identity Ombudsman shall be published There can be more than one Identity Ombudsman. The Identity Ombudsman can recommend changes to standards or certification procedures or that an Identity Assurance Provider or Service Provider should lose their certification END PRINCIPLE	The central problem is that many different Regulators (e.g. Information Commissioner; FSA, OFCOM) could be involved and that an individual has to be able to complain to a central point of contact in order to resolve an issue.Without an Ombudsman / Advocate, there is a risk that the Service User will be passed from pillar to post. One assumes, however, that a Service-User will resolve a complaint in the usual way. However, it is possible that complaints will not be resolved satisfactorily. We expect that any determination made by an Identity Ombudsman can be appealed to the Courts by any party to the dispute.Any exemption from the Problem Resolution Principle can be specified via use of the Exceptional Circumstances Principle (but we can’t see the need of any exemption as explained as follows). Take an extreme example, and suppose there was an exemption needed for say “national security”, then the Regulator who has the responsibility for the national security function could be designated as the “ombudsman” for that purpose. This would maintain the integrity of this Principle and the secrecy required of the national security function.
9	The Exceptional Circumstances Principle [Any exception has to be approved by Parliament and is subject to independent scrutiny]Any exemption from the application of any of the above Principles to IA data shall only be lawful if it is specified in the statutory framework established by the general legislation needed to legitimise all Identity Assurance Services. Any exemption from the application of any of the above Principles that relates to the processing of personal data must also be necessary and justifiable in terms of one of the criteria in Article 8(2) of the European Convention of Human Rights: namely in the interests of national security; public safety or the economic well-being of the country; for the prevention of disorder or crime; for the protection of health or morals, or for the protection of the rights and freedoms of others. Any subsequent processing of personal data by any Third Party who has obtained such data in exceptional circumstances (as identified by Article 8(2) above) must be the minimum necessary to achieve that (or another) exceptional circumstance. Any exceptional circumstance involving the processing of personal data must be subject to a Privacy Impact Assessment by all relevant “data controllers” (where “data controller” takes its meaning from the Data Protection Act). Any exemption from the application of any of the above Principles in relation to IA data shall remain subject to The Problem Resolution Principle. END PRINCIPLE	There are a myriad of data sharing laws each with different standards and rules.To engender trust in the identity assurance and to improve Parliamentary scrutiny, it is proposed that ONLY statutory gateways created by the legislation needed to establish the programme are valid. There might be a phasing in period. The special interests indentified in  Article 8(2) are expressly put into this Principle. However, the linkage to individual human rights means that the link can only relate to personal data (i.e. an identifiable living individual). This is why we need the definition of “personal data”. This allows for limited onward data sharing, so long as it is consistent with Article 8 of the HRA. There is a real issue as to whether the current level of privacy protection is adequate for some public bodies (e.g. is the protection in RIPA adequate? is the Regulatory regime for the Security Service, GCHQ or the Police OK?). This construction avoids the opening up what would be an everlasting debate; however, the last paragraph of this Principle is the necessary “quid pro quo” for this position. (See comments at the bottom of Principle 8 re Governance on national security)	It is expected that any exemption will be limited, and expressed in terms of particular subsets of IA data  (e.g. “personal data”, “audit data”, “relationship data”)  necessary for the application of any exemption

draft principles for the UK identity assurance programme

The snappily named “Identity Assurance Programme Privacy and Consumer Group” has been busy for some time now, debating and distilling a set of privacy-based principles to underpin the new UK Government identity assurance programme.

As Chair of the group, I thought it’d be a good time to share what this work has accomplished so far. With the important caveat that this is still work in progress and the principles have yet to be formally reviewed, finalised and – most importantly – adopted as an integral part of the programme. But great work has already been done.

So this is where we are right now in terms of a high level summary. I’d welcome all feedback on how these principles are shaping up – particularly anything missed or anything that could be improved.

THE IDENTITY ASSURANCE PRINCIPLE	SUMMARY OF THE CONTROL AFFORDED TO AN INDIVIDUAL
1. The User Control Principle	Identity assurance activities can only take place if I consent or approve them
2. The Transparency Principle	Identity assurance can only take place in ways I understand and when I am fully informed
3. The Multiplicity Principle	I can use and choose as many different identifiers or identity providers as I want to
4. The Data Minimisation Principle	My request or transaction only uses the minimum data that is necessary to meet my needs
5. The Data Quality Principle	I choose when to update my records
6. The Service-User Access and Portability Principle	I have to be provided with copies of all of my data on request; I can move/remove my data whenever I want
7. The Governance/Certification Principle	I can trust the Scheme because all the participants have to be accredited
8. The Problem Resolution Principle	If there is a problem I know there is an independent arbiter who can find a solution
9. The Exceptional Circumstances Principle	Any exception has to be approved by Parliament and is subject to independent scrutiny

The above summary is intentionally designed to have clarity and to be easy to understand. Underpinning it is more precise detail of what these mean and how they are to be observed and implemented. I’d like to acknowledge the commitment, contributions and smart thinking and debate of the Privacy group, as well as the great support we get from the team in the Government Digital Service – it’s a real privilege Chairing, which isn’t something that I can often say about such roles.

I’m happy to share the full details of current thinking behind these principles here as well – but that will make for a long blog . So I’ll leave that for a future post if people would like to get into a much more detailed discussion….

whilst not blogging …

… I have remained busy writing elsewhere, including the following:

• “Platform alteration“, CIO March 2012
• “G-Cloud is open for business“, CIO February 2012
• “Digital defaulters value focus over process“, CIO, January 2012
• “Free and radical“, CIO, December 2011
• “CIOs’ central role in central government“, CIO, November 2011
• “Putting I before T“, CIO, November 2011
• “Commons sense at last“, CIO, October 2011
• “One site to rule them all“, Holyrood, September 2011

But that’s no excuse: I’m intending to get back to blogging more frequently soon. Honest.

the disruptive cloud

The recent announcement that Amazon has created a secure web space for the US government is hardly going to make anyone fall off their chair in surprise. Ensuring that cloud services can be used by governments has been the direction of travel for some time, with many potential vendors keen to ensure that government-specific security demands are catered for by commodity goods and services. The news is likely to provide fresh impetus to the plans to ensure that cloud services can be taken advantage of by the UK government – aka the G-Cloud programme.

During the recent House of Commons Public Administration Select Committee inquiry into Government IT, the Cloud Industry Forum set out three benefits that users could take from cloud computing:

• Financial: there are no upfront infrastructure costs and it operates on as “pay as you go” basis so the user only pays for what they use;
• Managerial: it is easier to increase or decrease resources depending on the need, with reduced IT management overheads as you no longer need to run your own data centre; and
• Productivity: files can be accessed anywhere, and increased resilience (as you do not rely on a single data system) means less downtime due to technical faults. (1)

We’ve seen over many years now UK universities taking advantage of cloud services, moving from in-house email systems to hosted cloud email services provided by third parties such as Google and Microsoft. Doing so has freed them from the need to expend precious resources running commodity IT services in-house as they have recognised and adopted the reality of IT as a utility. Elsewhere in the public sector Westminster City Council has recognised the value of shared commodity services across traditional stovepipe boundaries.

In the private sector, we’ve also seen established brownfield enterprises such as the Telegraph Group and Jaguar Land Rover move large chunks of their operations into the cloud, reportedly with success. Seeing large existing enterprises, not just new start-ups, make successful use of cloud computing provides encouraging evidence that governments’ ambitions can also be realised.

Another aspect of the interest in cloud computing is its potential to inject a major disruption into the supply chain that currently operates around IT goods and services in government. Informal examples quoted in private suggest a significant improvement in services over the current, intermediated  systems integrator model, and a dramatic reduction in costs per user, where cloud computing has been adopted.

Some figures I have been quoted in confidence indicate a drop in costs of over £5,000 per user. Scale even a pessimistic half of that type of saving across government, and you begin to understand just how disruptive this model could be.

The UK’s G-Cloud programme has matured since its original inception. Today, the programme is largely about ensuring open and consistent interoperability standards; the smart re-use of public sector assets and the ability to handle its occasional peaks in demand much more cost-effectively than at present; ensuring appropriate levels of security and privacy; and developing clear SLAs around key issues such as service quality and availability. The programme will help enable the development of a competitive marketplace in trusted, secure and resilient services from shared utility platforms, enabling government to gain significant economies of scale and to run their services at maximum cost efficiency. (2)

Precisely which information and services can be migrated to the cloud will depend on a robust review of security requirements, with current thinking suggesting that information rated at IL3 or above will be retained with the government network, and that at IL 2 or below transferred to the cloud. (3)

The challenge to the existing IT supply chain can be seen in the way that some have aimed to muddle the idea of cloud computing with the issue of data centre rationalisation. They are very different things. Driving cost and inefficiency out of existing IT operations is of course also required, reflected in Francis Maude’s evidence to PASC which stated the need for

“consolidating and reducing our data centre estate, which is massive and massively underused. The first thing you should do is be saying across Government you may not just have your own silo data centre; we are going to crunch down what the estate looks like and ensure that it is much more intensively used.”

Driving out duplication, inefficiencies and waste, and taking advantage of virtualisation through a rationalisation of what already exists, will provide further savings from existing operations. During his evidence, Andy Burton (Chair of the Cloud Industry Forum), reported that most government data centres are:

using 20% of the capability and you have this replicated multiple times because you always build software solutions that scale to your peak demands; you are building capacity for your income tax returns on 31 January or whatever it is, but on the other 364 days of the year, it is running at a lower level. (4)

Cloud computing on its own is of course no more a magic answer than any other IT model or technology. It’s just another tool in the effective CIO’s kitbag. I anticipate seeing a much wider programme of IT reform in the UK government, turning the recent ICT strategy into a robust and measurable delivery plan, of which cloud is but a single element alongside other important initiatives such as data centre rationalisation and consolidation.

Throughout this all, of course we must also keep the main objective in mind: the delivery of better public services.

---

(1) Written evidence to the PASC inquiry. Submission 24 para 2.3

(2) Written evidence to the PASC inquiry. Submission 56

(3) Written evidence to the PASC inquiry. Submission 56

(4) Oral evidence to the PASC inquiry. Q 227

cyberspace and the riots

A variety of media, politicians and commentators have rushed to blame social media such as Twitter and Facebook for helping fuel the recent riots in London and elsewhere, with calls to “switch them off” when they appear to be assisting with the planning of violence, disorder and criminality.

Yet such a response runs the risk of leaving the police and other intelligence agencies running blind. After all, what better policing tool could there be than one that tells you who is planning what and where they intend to go and what they intend to do? The Onion‘s spoof claim that the CIA run’s Facebook remains a telling insight into the rich intelligence information that social media can provide. If the right intelligence systems had been in place during the development of the riots, the police would have been able to map in real time who was planning to move where, when, and what activities they were proposing to engage in.

However, the long-established assumption that we are innocent until proven guilty is potentially undermined by such invasive uses of technology. So where should the lines be drawn between maintaining our freedoms in cyberspace, and providing the police and other agencies with the access they need to identify and prosecute criminal behaviour?

I’m not sure we’re going to have a rational answer to such a question until the realities of what modern technology now makes possible are much better and more widely understood. We need an informed public debate about modern technologies and the role they can play in either protecting, or eroding, our traditional freedoms.

Even the well-intentioned act of gathering citizens’ personal information into ever larger state-run IT systems in order to deliver better public services can result in technology delivering the very opposite outcome. Thereby undermining the UK’s historic civil liberties and ultimately placing both citizens and the state at greater risk. In the recent News of the World ”phone hacking” case, for example, it is alleged that corrupt police provided information from their internal computer systems to help facilitate the acts of unlawful access to people’s voicemails. Systems put in for one reason – to protect the public – have ended up being used for the very opposite purpose.

However, instead of smartly targeting resources, the UK has historically attempted to subject the entire population to the routine interception and surveillance of their electronic communications. Even now there are siren voices, such as a former Home Secretary, saying that national identity cards would have helped police with the recent riots. It is hard to see how pieces of plastic in our pocket telling us who we are could have made any difference.

We need to adopt a much more intelligent approach, to move away from the naive and misguided attempt to place the entire UK population inside a digital panopticon towards the smart use of targeted intelligence systems. We need to replace the failed ideology of mass surveillance, from widespread use of CCTV to the routine interception of our electronic communications and misguided initiatives such as identity cards. These initiatives have squandered precious resources that should have been used to build twenty-first century intelligence systems, operating under Parliamentary and judicial oversight, that align to and strengthen our historic civil liberties.

The more that governments seek to routinely intercept and monitor digital communications, and acquire more and more information about their citizens, the more those they are actually interested in – terrorists, for example – are likely to find effective means of counteracting or entirely bypassing such mass surveillance regimes.

The disruption of the Revolutionary Armed Forces of Colombia, or FARC, guerrilla group, illustrates how such groups find ways of bypassing interception and surveillance regimes. In the case of FARC, it was discovered that they had curtailed their use of mobile phones and other electronic forms of communication – on the basis they were likely to be intercepted – and instead relied on the use of couriers moving USB memory sticks from one camp to another. Another example is provided by the recent Russian spy ring case which involved the use of ad-hoc wireless networks between agents and their handlers.

The irony is that in such circumstances government surveillance regimes end up squandering limited resources pointlessly monitoring the innocent mass of the population, whilst those in whom law enforcement and intelligence agencies actually have an interest will find increasingly effective ways of communicating in ways that are far less prone to routine interception. Carefully targeted surveillance and interception, alongside better investment in human intelligence, remains a more effective tool of investigation than mass digital surveillance.

The recently established Commission on the Bill of Rights will presumably have a key role in exploring how our traditional civil liberties and human rights, enjoyed in the UK since at least Magna Carta, are being treated in the digital domain. The real test will be whether we see an outcome that provides us with the equivalent of a Bill of (Digital) Rights, including the presumption of innocence in cyberspace, as in the “real” world, until proven guilty.

Now seems to me the perfect opportunity to achieve the best of all worlds: the extension of the protection of our traditional civil liberties and freedoms into cyberspace; and an improved capability within the police and intelligence services to use targeted techniques and technologies to detect and effectively prosecute criminality.

These are not mutually incompatible outcomes. Indeed, I think one without the other is unsustainable: treating us all as if in cyberspace we are guilty until proven innocent merely sets the mainstream of public opinion against government. Sir David Omand (the first holder of the post of UK Security and Intelligence Coordinator) was always careful to acknowledge the key role the public needs to play:

“The primary duty of government is still public protection, but in a world of multiple threats and risks the public have to be trusted to be players.”

He further clarified that the state should adopt an approach that involved “… using only the minimum intrusion necessary into the private affairs of others.” There is a clear need for the UK not to rush to short-sighted solutions, such as “switching off social media”, but to introduce a much more effective governance model for technology policy that ensures it aligns with both public policy and the rule of law. Trying to rush legislation into place that yet again fails to adequately understood technology will continue to hinder rather than help, and further weaken our national security rather than offering us better protection.

The simple truth is that it is possible to both defend our freedoms and have more effective policing and intelligence systems. The UK’s national technology policy urgently needs to align our civil liberties and the law, and to better focus limited resources where they can have most impact.

The real question now is whether politicians of all parties will rise to the challenge, and help turn the destructiveness of the riots into a positive force for change.

bridging the faultline

There has long been a recognition at a political level of the important role that IT could play in helping rethink and improve our public services, as the recent House of Commons PASC report on Government IT makes clear.

Yet despite the vision that has existed since at least 1996, with the idea of Government Direct (PDF) and its “Electronic Delivery of Government Services“, for some reason a faultline has existed between political aspiration (across all parties) and its delivery on the ground. The current NHS problems with its ambitious e-records programme is an obvious topical example.

I recently referenced (in a presentation at a LSE/Design Council event on designing online social security for the future) the briefing note on “Electronic Government” (PDF) put out by the Parliamentary Office of Science and Technology (POST) back in 1998. It’s worth reading. Although dated in sections, much of it could be republished today and would still seem ambitiously forward-looking.

Consider some of these illustrative extracts for example:

governments have the opportunity to harness ICT to:

• improve the efficiency and effectiveness of the ‘executive functions’ of government including the delivery of public services;
• enable governments to be more transparent to citizens and businesses giving access to more of the information generated by government;
• facilitate fundamental changes in the relationships between the citizen and the state, and between nation states, with implications for the democratic process and structures of government.

And:

Currently, Government uses ICT in many ways, ranging from traditional centralised ‘mainframe’ computers (each running a specific task such as payroll, client records), to the latest applications of  intranets and external links to the Internet and World Wide Web. Some Departments have created their own unified electronic systems for internal communications, and semi-automated routines such as ministerial correspondence. Data matching is being pioneered to help in tackling benefit fraud. ICT also has potential to support the policy-making process, by sorting, analysing and summarising large amounts of information and presenting the results in an understandable form

And:

… outside the areas where Government wishes to disseminate information free, pricing policies for its data are a source of contention, where the pressures for more open government and maximising financial returns for Agencies conflict. Such tensions … are relevant to consultation on … Crown Copyright.

And:

… several key problems [need] to be overcome, including the need to uniquely identify individuals who use electronic links to Government

And:

ICTs offer the possibility of improving government activities by re-engineering them along wholly different lines – just as ATMs and telephone banking have changed the ways in which banks and their customers interact. Possibilities considered in the full report are to re-organise along process lines (receipt of revenue, etc.) or repackaging government services in relation to a citizen’s life events. Taking such analyses to their logical conclusion could lead to Government being organised as:

• A set of small ‘policy’ Departments providing policy-related services to Ministers and senior officials.
• A set of Agencies to deliver process-based services to the citizen and business
• A technology-based interface between the citizen/business and the Agencies.

An alternative would be to see government as a means of adding value to services for the citizen, and to reorganise from the viewpoint of this ‘citizen’s supply chain’. This could involve moving away from the traditional measurement of inputs such as departmental budgets to measure outcomes, for example by tracking individuals’ progress through school, continuing education and into employment; or by measuring patient’s health outcome rather than procedures carried out

The report came to  some interesting (and somewhat eerily prescient conclusions) namely:

The full report concludes that in the main areas of ‘electronic government’, there are different possible speeds of progress:

• The slowest would be to carry on with ‘business as usual’ and allow Departments and Agencies to adopt ICT to meet their own needs, responding to their various external and internal pressures. Such a policy would, however, risk entrenching existing inefficiencies into new ICT-based systems.
• The ‘middle way’ is for Government to seek better co-ordination and use of resources between Departments and Agencies through joint implementation of ICT projects such as ‘one stop shops’ for small businesses, and other measures. This is broadly the current approach, with CITU [the Cabinet Office's Central IT Unit] acting as a central think-tank/enabler to facilitate effective uptake of ICTs
• The most radical approach would be to ‘re-engineer’ Government Departments and Agencies as described above. Illustrative scenarios derived from these models are developed in the full report, where integrating the currently separate key services could lead to local access akin to a ‘Government General Practitioner’ (GGP)

Unfortunately, the model that has largely predominated is the first of those listed above.

If bridging the gap between aspiration and reality were easy, presumably it would have been done long ago? After all reports over many, many years from the National Audit Office and Public Accounts Committee have set out clear recommendations on what should be done, together with the clear analysis and prescriptions in the new Public Administration Select Committee report.

Bridging the historic faultline requires the implementation of key recommendations drawn from various reports. Which in turn requires a number of simultaneous initiatives on the ground orchestrated by an experienced and capable team. Simultaneous, rapid progress could be achieved across the key areas identified by PASC, including the implementation of systematic measurement and benchmarking; greater transparency; the development of a concise, core information architecture; market innovation, including the use of smaller contracts and the disaggregation and re-competition of existing contracts; a significant rise in direct use and engagement with SMEs; an outcome-focus that avoids over-specification and instead adopts rapid prototyping and systems iteration; the leveraging of agile practices; a revamp of identity, security and privacy (including the whole area of information assurance); increased user engagement in service (re)design; improving ICT acquisition skills and acting as an ‘intelligent customer’; a stronger role for Senior Responsible Officers; the use of open standards; and a forward looking programme of education and training in the art of the possible for all senior movers and shakers in the civil service.

Sounds a lot? Maybe. But each of these changes is both manageable and achievable. And taken together they would provide a fast, effective way of transforming the current landscape and bridging that traditional and long-standing divide between aspiration and delivery. There are, of course, already encouraging signs of change, ranging from the early work on renegotiating contracts to the focus on open standards and SMEs to skunkworks, dotgovlabs, data.gov.uk, LinkedGov and the recent Alphagov prototyping.

Over coming months, with further changes planned around Whitehall and in the official government response to the PASC report, we will begin to see the extent to which the faultline is likely to be bridged through increased practical, meaningful action on the ground.

Given the extent of cross-party political support for improving the role of IT in our public services, and an enthusiasm for positive change that spans many civil servants and suppliers, right now I’m cautiously optimistic. Although, to put that into perspective, I’ve been optimistic since at least 1996…. and sometimes I wonder whether I should have called this blog Old Technology Observations from a UK perspective, OTOUK, rather than NTOUK …..!