WRITTEN ON March 22nd, 2009 BY William Heath AND STORED IN Data nitwittery, Foundation of Trust, Transformational Government, What do we want?
JRRT today publishes the Database State report written by five FIPR authors: Ross, Ian, Terri, Philip, Angela and me (helped by many others). See BBC News item here.. See growing Google list of news links here.
As JRRT’s PR puts it (full text below)
The first ever comprehensive map of Britain’s database state today reveals how the database obsession of government has left officials struggling to control billions of records of our most personal details and almost every contact we have with the agencies set up to serve and protect us.
Database State examines every major public sector database in the UK and demonstrates how many multi-million pound IT projects either don’t work, or have such serious safety or privacy problems that they are alienating the public and harming the vulnerable groups they are meant to support. Some of the government’s flagship databases, such as the DNA database and ContactPoint, are so flawed they should be scrapped immediately.The report, published by the Joseph Rowntree Reform Trust, and written by a team of internationally renowned information policy experts, charts the sheer scale and financial cost of data collection, the methods used to maintain and secure the data, and the treatment of critical issues such as consent.
Now, Her Majesty’s Loyal Oppo has already spotted how clunky and Web 1.0 this Transformational Government agenda is. They have no civil-service mindguards to protect them from the blinding insights of the bleedin obvious. They can see how expensive the database state is, that it’s poisoned by its cross-fertilisation with the surveillance/war on terror agenda, and that no-one wanted it in the first place.
So it’s inevitable (tho not the primary intention) that this truth-unto-powerspeak drops straight into a political agenda.
Damian Green (who was arrested just as we were pulling the first draft together) says it’s really timely:
in exposing how far we have gone down the road towards a database state with no proper public debate. If most people knew how much of their private information could be shared around between different Government departments without their knowledge or permission they would be horrified. We must reverse this trend if any shred of privacy is to be maintained in Britain.
Tory shadow justice minister, Eleanor Laing adds:
This damning report documents the sea change in the relationship between the individual citizen and the state in the last decade under this government. The Government must urgently adopt a principled, proportionate, less centralised approach to collecting personal information that takes real account of our privacy and is based on the consent of individuals and families.
LibDem shadow home secretary Chris Huhne is just as blunt:
This damning report exposes how the Government’s obsession with hoarding our personal information has turned Britain into a database state. In their desperation to track our every move, ministers have created a glut of databases, many of which are quite simply illegal. The report makes it clear that ID cards should be scrapped and innocent people should be removed from the DNA database.
Well spoken Friends! But I didnt help write this to make any party political point, and I dont think the issues should be party political. Ministers like Tom Watson and Stephen Timms understand these problems as well as anyone.
The question of what’s the right role for government in an information society has as many answers as there are political philosophies. It’s the practical question of how you manage and reform the civil service through this change which has to date simply defeated everyone. There are articulate advocates of the public or consumer interest in all this (Ed Mayo, NACAB) but we’ve never had a powerful one.
When they made these deep and long-lasting decisions about how to implement an architecture for social compasion, in what spirit was it done? Partly it’s a security world quite comfortable with finding out people’s secrets and breaking the moral rules the rest of us aspire to abiding by. Partly it draws on permanent secretaries whose seniority and IT project managers whose pay packets are frankly baffling. But also it is the culture of profit-driven, hierarchical defence contractors. Love for their fellow human beings is not their raison d’etre. Being a member of Intellect is no substitute for having a proper public service vocation.
In summary, Transformational Government comes from a bad place. There may or may not be implementation problems, but that’s not the point. (Correction – there are and will be huge implementation problems. But it’s still not the point). It was never designed, in any formal sense, to help us. And the political class and the CIO community seems to be oblivious or to have overlooked the fact that much of what they are undertaking is illegal.
It’s illegal under article 8 of the European Convention on Human Rights because of the lack of any clear, foreseeable legal basis for requiring and sharing sensitive personal data. It’s disproportionate, and there is no serious attempt made to meet the stringent requirements for consent. So it’s illegal under the UK Human Rights Act. Where other legislation declares it legal the UK courts should make a declaration of incompatibility.
It’s also illegal under the main EU data protection directive 95/46/ec. The UK’s local difficulty is that as much as a third of that directive is not implemented in the UK data protection act. So things which may feel legal in data protection terms now (because we’re pretty relaxed in the UK about this) won’t once we have implemented the law as we are required to.
So what are New Labour and Whitehall going to do? Tough it out? Stave off UK implementation of European data protection rules as long as possible? Tr to change that law at source? Diss the naysayers with more carping about intellectual pygmies?
Wibbi they hear our difficult and unfamiliar words in a tender and creative spirit? Wibbi they look at how they can change what they’re doing?
VULNERABLE PEOPLE SUFFERING AS PUBLIC SECTOR LOSES CONTROL OF DATABASE STATE, REPORT REVEALS
QUARTER OF ALL DATABASES FUNDAMENTALLY FLAWED AND MUST BE SCRAPPED, SAYS LANDMARK STUDYThe first ever comprehensive map of Britain’s database state today reveals how the database obsession of government has left officials struggling to control billions of records of our most personal details and almost every contact we have with the agencies set up to serve and protect us.
Database State examines every major public sector database in the UK and demonstrates how many multi-million pound IT projects either don’t work, or have such serious safety or privacy problems that they are alienating the public and harming the vulnerable groups they are meant to support. Some of the government’s flagship databases, such as the DNA database and ContactPoint, are so flawed they should be scrapped immediately.
The report, published by the Joseph Rowntree Reform Trust, and written by a team of internationally renowned information policy experts, charts the sheer scale and financial cost of data collection, the methods used to maintain and secure the data, and the treatment of critical issues such as consent.
Database State finds:
– A quarter of all major public sector databases are fundamentally flawed and almost certainly illegal. The report says these should be scrapped or redesigned immediately;
– The database state is victimising minority groups and vulnerable people, from single mothers to young black men and schoolchildren;
– Children are amongst the ‘most at risk’ from Britain’s Database State, with three of the largest databases set up to support and protect children failing to achieve their aims;
– Data sharing is a barrier to socially responsible activities. It is deterring teenagers from accessing health advice and undermining goodwill towards law enforcement;
– Only 15% of major public sector databases are effective, proportionate and necessary;
– We spend £16 billion a year on public sector IT and a further £105bn spending is planned for the next five years – but only 30% of public-sector IT projects succeed.Database State examines each of the 46 major public sector databases which hold personal information on us all, or a significant minority of us.
It uses a ‘traffic light’ system to assess whether each system is illegal under human-rights or data-protection law; whether the collection and sharing of sensitive personal data are disproportionate, or done without our consent, or without a proper legal basis; or whether there are other major privacy or operational problems.
Database State also highlights the real plight of individuals left suffering at the hands of the database state – from the single mother terrified social services would take her child away if she talks to her GP about post-natal depression, to the 13-year-old girl left with a criminal record for life because of a playground incident.
Report co-author Professor Ross Anderson of Cambridge University said: “Britain’s database state has become a financial, ethical and administrative disaster which is penalising some of the most vulnerable members of our society. It also wastes billions of pounds a year and often damages service delivery rather than improving it.
“Too often, computerisation has been used as a substitute for public service reform rather than a means of enabling reform. Little thought is given to safety, privacy and value for money.
“There must be urgent and radical change in the public-sector database culture so that the state remains our servant, not our master, and becomes competent to deliver appropriate public services that genuinely support and protect the people who most need its help. That means we have got to develop systems that put people first.”
Database State calls for:
– 11 of the 46 systems assessed, including ContactPoint, the NHS Detailed Care Record, ONSET and the electronic Common Assessment Framework, to be scrapped or redesigned immediately
– Respect for human rights and data protection, so that sensitive information is only shared with the subject’s consent or subject to clearly-defined legal rules that are proportionate and necessary in a democratic society
– The right for citizens to access most public services anonymously
The report says the public sector must learn to build the right systems – and build them well. It recommends new measures to promote scrutiny and transparency of all IT projects; radical initiatives to select and train civil servants to handle complex systems; and changes to public-sector procurement rules to favour more medium-sized systems over the monster projects that have damaged so many government departments.
But it warns: “There is a sense in the senior civil service and among politicians that the personal data issue is now career-threatening and toxic. No-one who values their career wants to get involved with it. Like Chernobyl, some brave souls need to go in and sort it out while others plan better ways to manage things in the longer term.”
ends
Note to Editors
– Database State is published by the Joseph Rowntree Reform Trust. The research team included: Professor Ross Anderson, Professor of Security Engineering at Cambridge University; Action on Rights for Children director Terri Dowty; Angela Sasse, Professor of Human Centred Systems at University College London; Open Rights Group chair William Heath; Ian Brown of the Oxford Internet Institute and Philip Inglesant of University College London.
Database State says that, across government, there are now thousands of databases operating but not even government knows the precise number. The Serious and Organised Crime Agency alone inherited 500 databases from predecessor agencies and is now trying to rationalise them into 50 or 60 databases.
The report describes how Britain has now become the most invasive surveillance state, and the worst at protecting privacy, of any Western democracy.
As well as an overview, it provides a triage – which of these database systems should be kept, which should be killed and which should be fixed.
The Joseph Rowntree Reform Trust Ltd is a limited company that pays tax on its income and is therefore free to give grants for political purposes. Although founded by Joseph Rowntree, the Reform Trust is completely separate from the other institutions that bear his name, the Joseph Rowntree Charitable Trust and Joseph Rowntree Foundation.
– Report co-author Terri Dowty of Action on Rights for Children said: “Children have never been so weighed, measured, graded, monitored and discussed. The state hovers over them like an over-anxious parent constantly looking for problems, but this level of intrusion into children’s private and family lives simply cannot be justified on the basis of good intentions.”
– Report co-author Ian Brown of the Oxford Internet Institute said:”The UK needs information systems that support citizens and professionals on a human scale, rather than multi-billion pound centralised databases used to stigmatise and snoop.”
– Report co-author William Heath of the Open Rights Group said:”The database state was sold as ‘personalised services’. But it means mechanised discrimination and loss of dignity at huge cost.”
– Report adviser Professor Douwe Korff of London Metropolitan University said: “Many of these databases manifestly breach european data protection and human rights law. It is folly to spend millions on systems that are open to fundamental challenges in the european courts.”
For further information and interviews with authors contact Jon Flinn on 0151 709 0505 or Melissa Milner on 0207 793 4035.
Comments are closed.
