The child benefit data cock-up highlights all sorts of public data issues, most of which are missed totally by both participants and observers. Data literacy in Britain is non-existent. Here are a few points that have come to mind over the last couple of days of coverage (please add your own in the comments if you feel like it).
1. Ministers and spokesmen know hardly anything about data. For instance, some of them have obviously been briefed to say that the information in the planned central ID database will be safer because it’s ‘got biometrics’. No one has explained to them that biometric data captured from you and me has nothing to do with access to that data by civil servants: they’ll just use the password on the Post-It note like they always did.
2. No one has bothered to explain to managers and legislators that an individual’s identity could be easily and securely verified without a big, central database. A ‘zero-data’ ID scheme is technically feasible and (literally) infinitely more secure than the big database model (no data to lose, you see). Governments have no interest in such a scheme because it would represent a diminution of their status and influence and that’s anathema. Consequently it doesn’t even come up in the debate.
3. Hysteria about the lost data is practically universal. On the TV last night a ‘computer security expert’ told the world the data would be of use to paedophiles. Paedophiles, you see, will now be able to confirm that there are children all over Britain.
4. The leap from ‘two obscure-looking CDs gone missing in internal post’ to ‘massive fraud and ID crime inevitable’ has been well-and-truly made. The more serious point – that legislators universally (handful of exceptions) want more data held centrally and accessible by more agencies and groups – has been ignored.
5. The inescapable logic of deep reform for government data policy was seen to go ‘whoosh’ right over the heads of media and pols alike. Ignorance and political contingency leave them arguing only for ‘more security’ or ‘better protocols’ and not for ‘less invasive policies’ or ‘a reassessment of data ownership’.
6. Web 2.0 insights into data capture, storage and management have clearly made no impact on these data dinosaurs at all. OpenID, Attention Trust, Vidoop and the generalised 2.0 attitude that user data belongs to the user haven’t made it onto the news agenda at all. Good data and security practice exists right now in dozens of geek-run web 2.0 businesses. Will they be consulted? Fat chance.
Update: it turns out the answer to my question (‘why does the National Audit Office need my National Insurance number?’ below) is ‘they don’t’.
I feel like a bit of a jerk climbing onto the lost Child Benefit data bandwagon but I do want to ask a little question: one I haven’t seen answered anywhere else yet.
Why, I wonder, does the National Audit Office need my National Insurance number? I think this is more important than the loss of the data itself, which can be put down to human error (and is actually quite funny). The fact that anyone felt it appropriate (or necessary) to send my NI number (plus all that other personal data) to a government department that doesn’t actually need it is telling. It’s slapdash really. And it’s another nail in the coffin of the ID card, of course.
While we’re at it, allow me to remind you that the whole ID card edifice is based on the same kind of casual attitude to personal data. A perfectly serviceable ID card scheme – one that allows anyone to prove they are who they’re going around saying they are – could be built on a database containing no personal data at all (ask me how).
The fact that this hasn’t occurred to anyone in Government is dispiriting. The relevant civil servants and consultants haven’t seen fit to present such a ‘zero data’ ID scheme to Ministers because there’ll all working on the same ‘we might as well have it’ attitude to our data. Governments everywhere (name an exception) seem to instinctively desire inappropriate access to information about their citizens. And it’s this attitude, of course, that produced the latest cock-up.
I admire Liam Byrne’s effort to position ID cards as a great national institution. Really. Eight-out-of-ten for effort. My position on ID cards is similar in that I agree we should aim to position Britain as a pioneer and an innovator with regard to ID.
Where we disagree is on whether we should be doing it at all. I think Britain could successfully carve out a niche as ‘the country that doesn’t have ID cards’, the country that secures its institutions and keeps its people safe without unwieldy, top-heavy and intrusive ID schemes, the country that builds respect for individual liberty into its governance framework.
The problem here is that it’s very difficult for politicians to justify not doing anything. The government’s growing ID card bureaucracy has its own momentum now. No amount of cogent argument or passionate rebuttal is going to derail ID cards now. The IT Services industry is ramping up to meet the demand, the security lobby has invested millions in its justifications and the politicians are getting their speeches ready for the launch ceremony.
Game over, I guess…
I might carry an ID card. I might carry one that said something like: “the bearer has proven, to the satisfaction of somebody accountable, that he is the person he says he is”. I might even carry one that contained some kind of biometric fingerprint so that nobody else could use it and pretend to be me. What I won’t carry (up to a point, I suppose – I’m not going to prison or anything) is an ID card backed by a big ugly database bulging with superfluous information about me (and everyone else, of course…).
I’m sure I’m not the first to point out that a useful ID card scheme doesn’t actually need a database – just a simple way of ensuring that card numbers are unique. Governments, though, don’t seem to be able to resist the idea of building proper databases, full of information.
These politicians, who – don’t forget – belong to a generation that never encountered a computer at school or even at work, apparently retain intact their 1960s spy thriller vision of spinning tapes, chattering teletypes and infallible electronic brains, sifting and matching data to magically pinpoint wrongdoing on any continent. They just can’t stand the idea of an empty database. I say ‘governments’ because I don’t believe for a minute that Cameron’s Tories would be able to resist the allure of hoarding your personal data for more than one-tenth of a parliamentary term either.
What I’d like to see (fat chance) is a government with the courage to say: “hey. Why don’t we try not warehousing personal data? Why don’t we see if we can acquire some competitive advantage from being the developed economy that decides not to waste billions accumulating and analysing this dumb data? Hey. Crazy thought: why don’t we try actually listening to the swarm of super-intelligent geeks who keep telling us we could do without ID cards?”
As a first step we could push through a genuinely voluntary ID card scheme that stores nothing centrally. It will work: it will prevent identity theft and provide a convenient, personal ID for your next trip to Threshers or the library and it will minimise the risk of yet another giant multi-billion pound public computing cock-up. Like I said, fat chance.
Spot-on opener for the new series of Jonathan Freedland’s The Long View on Radio 4. The programme’s about the last time we tried ID cards in the UK and the court case that brought it all to an end in 1950. I could say something glib: ‘important lesson’, ‘timely reminder’, ‘tinker with an Englishman’s rights at your peril…’ something like that… but you should probably just listen to it (I’ve got an MP3 if you find the programme’s been overwritten by next week’s).