The focus of my review is to identify any ways in which this IP system may be inhibiting innovation and economic growth, perhaps by making it harder for young internet companies to develop new products and services in the software sector or in creative industries. If we can find the choke points, we can then think about how to ease them.

As the review goes on, I will be blogging here to talk about our work. I’d like to share questions with you as they arise and to invite discussion.

Can’t say fairer than that. He starts out asking us all what we’d like to see the review achieve (see my tuppenceworth below). Idealgov has always focussed more on public-service efficacy and ID-nitwittery side but government’s role in copyright is also far from ideal. So leave him a comment!

I’d like to see a strong case made for shorter copyright term, defence of fair use and format-shifting. Kick software patents into the long grass. Highlight the value of open data and the remix culture. Use language in a balanced and measured way, avoiding terms such as “theft” or “piracy” unless they’re really appopriate. Point out that p2p and filesharing are valuable new ways to share content legally. Try to find a way forward which does not increase surveillance or criminalise a vast proportion of (especially young) people. Takes Gowers’ review on board.

But you’ll of course reach your own conclusions based on the evidence you gather.

What I’d like to see in the process is a rational and evidence-based approach. Full engagement with public interest or consumers and with artists as well as lobbyists working for old media (try to discount the weight you give submissions in proportion to the lobbying budget behind it). Listen carefully to what the hardcore reformers are saying – Stallman, Lessig, anti-Acta activists, the Pirate Party, FSF, ORG, OKF. They’re often far more rational and always a great deal more fun than BPI, RIAA, FAST and other apologists for Das Kapital.

The litmus test is: are these views motivated by a sense of right and wrong, a true love of culture, a real understanding of the nature of the emerging information age? Or is what I’m hearing just a predictable blend of fear, greed and bullsh*t?

Ignore Feargal Sharkey. But summon Lily Allen as en expert witness, just for the fun in seeing what she says next, and so you can put her face on the cover of your report. Good luck! Doing this blog is a very encouraging start btw.

“The inquiry will examine the Government’s overall strategy for information technology (IT) including how it identifies business needs, the effectiveness of governance arrangements, and procurement policy and practice.”

Chaired by the thoughtful Bernard Jenkin (who has a discerning taste in rock music), the committee is advised by Jerry Fishenden of CTPR which should keep things honest and lively. Experts are invited to submit evidence to pasc [at] parliament.uk by 21 Jan. Do share any evidence here. Excellent homework for the holiday period…

Mydex: A Manifesto for UK Public Services

One area government IT has made progress is with public data, with the “power of information” policy and the data.gov.uk portal, which recognises the value of ‘unlocking’ data held by the Government for reuse by added value service providers.

Next we need a comparably radical rethink on personal data. This starts with a return to the role of personal identifiers and intermediaries set out by UK officials a decade ago, and as recently adopted by the Obama Administration. This means:

• assume that access to on-line public services will be through a market or ecosystem of accredited third-party identifiers (issued for example by a range of existing online services, credit bureaux, or banks
• drop the false notion that it’s generally essential to know who people are
• challenge the assumption that personal data is “owned” by service-providing departments to be shared at their convenience
• instead, recognise that the individual is not only the rightful owner, but also the only technically feasible point of integration of exponentially growing volumes of personal data, and therefore the only possible place where “personalisation” can happen
• recognise furthermore that structured, scalable personal data managed by individuals is set to become the source of immense new economic value, and that the individual is a rightful
beneficiary.

This change in mindset includes a specific challenge to secret parts of government entrusted with keeping Britain safe. A safe society isn’t the outcome of dysfunctional public services designed to aid surveillance.

Britain has a far better chance of being secure with public services designed to work for individuals and front-line public servants, which respect human rights and dignity. When the data are cleaner, the relatively small number of exceptions stand out more clearly.

On-line identifiers need to work under the user’s control, with minimal disclosure and revealing information only to justified parties. They need to be consistent and convenient (see Kim Cameron’s “Laws of Identity”).

In the short term the UK can copy the US administration: announce that future access to online services will be via third-party identifiers, and then provide for the emergence of a “trust framework” so a range of identifiers are accredited for suitable purposes. Many services can be accessed anonymously, and for many more all that is needed is a consistent user experience. It’s not always necessary to identify people to check their entitlement.

But sometimes individuals will need to invoke stronger identification credentials online: for “Know Your Customer” processes or to meet the most stringent visa requirements for example.

Government IT therefore needs to anticipate a world where individuals are equipped with

• highly evolved personal data stores
• the ability online to invoke strong authentication or verification
(e.g. proof of qualifications, licences, credit, nationality or identity)
• selective disclosure, i.e. the ability to share the minimum necessary in a particular circumstance.

This doesn’t require major new procurement. It means:

• review each main service function to take into account the role
of user-driven records for health, education, welfare, transport, or
other areas such as the Census or the London Olympics
• quickly participate in at least two live prototypes of user-driven
services across multiple organisations supported by independent
online verification services
• where there is benefit, re-engineer the public services (health,
education etc) users can drive new services.

Just as the existing “Power of Information” has created new APIs to allow structured public data out of government systems to create new value, so this “empowered citizen/customers” agenda will see new APIs that allow structured personal data in. This means public services can be driven and personalised by users, and new service packages created for them by third parties.

This “empowered citizen/customers” agenda might even reveal a revised role for the National ID Register as a voluntary service offering online verification as part of a trust framework, for the most demanding cases.

Happily, the urge to save money will usher in the right identity policy and in turn protect our privacy.

The area to focus on is data logistics. When Alan Mitchell and I browsed through hundreds of complaints about public services recently we observed that very few are about privacy and none at all about problems with identity. But the vast majority point to poor information logistics. The key person – official, professional, or the unhappy individual – just didn’t have the right information at the right time.

This causes irritation, frustration, offence, and vast expense. It’s extremely annoying for individuals not to be able to get hold of information they need, to have the wrong information, or to have to give the same information over and over again. It’s unjust, time-consuming and possibly worse to get the wrong treatment or service because the service cant get the information or has the wrong information.

It’s unnecessarily expensive for public services to attempt to maintain hundreds of different records about the same person (but neither feasible nor desirable to amalgamate them into panoptical mega-records). If you provide services on the back of incomplete and inaccurate data there’s every chance the service will be poor and unnecessarily expensive.

And it’s hard to plan and prioritise if you’re not in touch with your customers and people try as far as possible to withhold data from you. If we built churches using the last census there would be a few Jedi cathedrals lying empty.

If we can fix this (and we think it can be done) then people can get better, more responsive service, restored individual responsibility with a path to empowered self-service. HM Treasury also gets a triple dose of cost savings.

It means restoring control over personal data to the individual and building trust on the side of the individual.

User-controlled digital identifiers within an identity assurance framework are prerequisite, and that is just what Cabinet Office is now quietly proposing. Better privacy is a by-product (and a legal requirement, let’s not forget). But the compelling reason to pursue better data logistics with user-driven services is saving money.

Oh look – it’s just happened. President Obama has launched a “Blue button” service which lets US veterans download their health record. Here’s a sample of what the record looks like. And there’s a “developer challenge” to get hackers to do cool things for the people who have just got their data back.

Simple. Cool. How long until it happens here? Let’s set a date. Who’s health is it anyway? Who’s data is it anyway?

That’s not to say the underlying problems ContactPoint was meant to help with – caused by poorly co-ordinated and overstretched childrens’ services – have gone away; they haven’t.

The question of how technology best supports front line professionals, without disproportionate and unwarranted intrusion remains unanswered. It’s part of the scope of the Munro review, which provides first feeback in September, and a final report in April 2011. I suspect we’re in good hands here. I’d hazard a guess that Dr Munro will focus relentlessly on the crucial matter of protection of the relatively small number of children at real risk, and not attempt to boil the ocean of the welfare, diet, propensity to obesity and general wellbeing and conformance to social norms of every child. And I also bet that the role she recommends for ICT in helping child-protection professionals will be conformant to data protection and human rights law in a way that ContactPoint was not.

The Databankendämmerung must spread, just as we must escape the limitations of the Accentureweltanschauung. There are other ill-advised and intrusive central databases on which we should call time: eCaf; NHS SCR; the NHS Detailed Care Record; NHS Secondary Uses Service; long term comms data retention generally and the Intercept Modernisation Programme in particular. Kind friends won’t let me forget that I’ve promised to do a special celebration to mark the end of the Benighted ID Scheme and its lavish quantities of nugatory PA consulting.

The LibDems always opposed the “Database State”. The Tories were quick to spot that the last administration had taken a wrong turn and were politically vulnerable. But when Labour Ministers stopped listening exclusively to Cheltenham and Whitehall and resumed listening to the outside world (about eight weeks before the last election) they too quickly came to their senses as well.

It’s best not to see this in political terms, because really it’s a question of information logistics. Remember Troubleshooter? If John Harvey-Jones could revisit us and contemplate the dozens, hundreds of databases which public and private organisations run each trying to scrape, grab and update their versions of us, and then looked at the average householder spending a week and a half updating the different customer service systems of every entity we ever have to deal with (through episodes from moving house to losing a wallet) recording and sharing the same data over and over again, filling out endless forms with different callcentres and web sites and usernames and passwords, ….he would just laugh his vast laugh, wouldn’t he? And as he laughed he’d start to calculate the waste and loss of value, and huge tears would roll down his generous cheeks.

The Database State is an issue of civil liberties, justice and equality, of course. But there more than that: it’s been clear for a good year that the country heading for bankruptcy. It has been clear for a decade we need radical reform of public services. It has been clear ever since people started chipping in their ideas to IdealGov that the role of technology in this radical reform is about user participation, about quick wins and creating a foundation of trust.

The radical money-saving reforms have to be based on accurate personal data. They have to be built with tech systems that work. They have to draw on people’s supportive, active participation.

Some databases are valid and unobjectionable of course: DVLA, TV licensing, the electoral roll. Many public-sector databases can be fixed. The point about the Databankendämmerung isn’t that all databases are evil. It’s that the state can’t fix society’s complex human problems with giant databases.

Weirdly enough, however, the opposite will turn out to be true. Even the worthwhile databases are still plagued with errors, omissions and duplications, They need our help. Databases can’t fix society. But, given the tools, society can start to fix the databases. That’s a much more promising way forward.

The idea is we can all do it en masse at various celebratory events.

Choreography is by Aliya Saleem, filming, editing and captions by Richard (shortly to be Lord) Allan, music borrowed on a wave of goodwill from the Pet Shop Boys. The whole thing, triggered by a comment in Parliament by David Blunkett, is a tribute to the relentless hard work of many activists especially Phil and Guy at No2ID, Simon and Gus at PI, the JRRT, everyone at FIPR, ORG and beyond and to many of our more enlightened politicians and journalists.

We will take steps to open up government procurement and reduce costs; and we will publish government ICT contracts online.
We will create a level playing field for opensource software and will enable large ICT projects to be split into smaller components.
We will require full, online disclosure of all central government spending and contracts over £25,000.
We will create a new ‘right to data’ so that government-held datasets can be requested and used by the public, and then published on a regular basis.
We will require all councils to publish meeting minutes and local service and performance data.
We will require all councils to publish items of spending above £500, and to publish contracts and tender documents in full.
We will ensure that all data published by public bodies is published in an open and standardised format, so that it can be used easily and with minimal cost by third parties.

It’s an important read with some enlightened ideas in a realistic tone which acknowledges the real diffrences on important topics such as Trident.

It closes with the sobering reminder:

The deficit reduction programme takesprecedence over any of the other measures in this agreement, and the speed of implementation of any measures that have a cost to the public finances will depend on decisions to be made in the Comprehensive Spending Review.

Cheers Edgar.

Jerry and I had a second meeting (we can’t really say where or with whom) at which it was Jim who led in setting out the case for personal control over personal data. There’s growing interest in the “framework of trust” idea for on-line identity. Now adopted by the Obama administration it was, after all, originally UK policy a decade ago. Technically it still is.

So the good news is: the UK had a good policy; it’s is still in place (including some legal underpinning), just unimplemented; the US has led decisively down this route which creates a market and gives confidence for UK government; there’s a new climate of listening and political realism, and we have the courteous and mutually respectful dialogue #CMRD. The bad news? The UK lost a decade. *sigh*

Reasons For Not Introducing Fingerprinting To [xyz] School

Privacy is a fundamental human right which underpins our dignity. One important concept of privacy concerns information privacy, the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. It is also known as “data protection”.

George Orwell’s 1984 paints a bleak view of a future where information privacy is not respected. Although fingerprinting in the [xyz] cafeteria may not compare with 1984, the principle remains the same. There are legitimate uses for biometric testing such as tracking criminals, preventing terrorism and (arguably) border control, but its use for a marginal increase in efficiency in the cafeteria is disproportionate.

By capturing biometric data in exchange for lunch, we are unnecessarily exposing our [children] to several direct and indirect risks, for example:

Loss of Respect for Personal Information. Fingerprinting at school conditions children to embrace the idea of Big Brother-style biometric tracking. The patterns of activity we develop during early years clearly set the tone for how we behave in later life.

Identity Theft. Encouraging our children to give out their thumbprints on a daily basis leads them to think this is a natural activity. Who else will they give their biometrics to, without consulting their parents and asking questions like “why, and what will it be used for?

Criminalisation. If a child has never touched a fingerprint scanner, there is zero probability of being incorrectly investigated for a crime. Once a child has touched a scanner they will be at the mercy of the matching algorithm for the rest of their lives. In 2008, Jim Knight, then minister for schools and learning, said that the police could help themselves to the children’s fingerprints if they are trying to solve a crime – regardless of whether they have ever previously been in trouble with the law. The abuse of biometric information turns us from a nation of free citizens into a nation of suspects.

UK law states that privacy invasion must be proportional to the threat. [IS THIS TRUE?] Access to lunch does not warrant capture of biometric data. The alternative to fingerprinting is the use of swipe cards, a proven and uncontroversial technology. Swipe cards share all of the efficiency benefits of fingerprinting except that boys may lose them. Boys are used to carrying, losing and replacing Oyster cards. If TFL is able to handle the odd missing card, why can’t [xyz]? Substantial efficiency gains are achieved whichever system we adopt. Only one of them de-humanises our children and degrades their human rights. As leaders of an outstanding school we should not trivialize the capture of personal information, we should not unnecessarily impose a fingerprinting system upon our [children].

Opposition from Politicians and Business

“Are you not concerned about the impression children are going to get of what it is to live in a free country and what it is to be British if, in order to get the right school meals, they have fingerprints taken? It seems to me completely astonishing.” Baroness Carnegy, Conservative, 19th March 2007, speaking in the House of Lords

“The practice of fingerprinting in schools has been banned in China as being too intrusive and an infringement of children’s rights? Here, it is widespread. We have even had a head teacher tricking three year-olds into giving their fingerprints by playing a spy game. Will the Government ban schools from carrying out this practice, unless parents specifically opt into the system following full and independent information about the so-called benefits of the system and the dangers of identity fraud?” Baroness Walmsley, Liberal Democrat, 19th March 2007, speaking in the House of Lords

“People have to be stark, raving mad to use conventional biometrics to improve the efficiency of a children’s lunch line.”
Kim Cameron (chief architect for identity at Microsoft), 5th April 2007

Further Reading

http://www.identityblog.com/?p=734
http://www.archrights.org.uk/issues/fingerprints/fingerprinting.htm
http://www.privacyinternational.org
http://www.leavethemkidsalone.com
http://www.no2id.net
http://www.publications.parliament.uk/pa/ld200607/ldhansrd/text/70319-0002.htm#0703193000008
http://www.identityblog.com/?p=725