Ooh, I didnt mean to. What I meant to do was write up a summary of a conversation which raised two options:
1. do we seek to prove upfront these services are done in a way which will be OK?
2. Or do we just go ahead and sort out the trust after?

I’d prefer to see the first. What’s actually happening is the second. Sorry if I was ambiguous.

> How can we guarantee with 100% certainty that all future UK governments will be as benign as the present one?

Well, of course we cant. And the present one is only relatively benign. I dont call fibbing and spin benign at all.

William, you state that fears around what you describe as “well-intentioned” systems are groundless.

A view perhaps not shared by Microsoft’s Identity Architect, Kim Cameron, at least in respect of the school biometrics debate.

On his identityblog he states: “It drives me nuts that people can just open their mouths and say anything they want about biometrics… without any regard for the facts. There should really be fines for this type of thing – rather like we have for people who pretend they’re a brain surgeon and then cut peoples’ heads open.”

The fact is that a conventional biometric template, as stored on an insecure bog standard school PC, is a person’s lifelong biometric identity. If this is compromised, citizens will face untold difficulties when joined-up e-government becomes a total reality. Nobody in Whitehall seems to have thought this through; trivial use of biometrics could undermine the billions currently being invested in secure systems, for example. Moreover, regrettably it appears that it nobody is willing to engage in a
sensible dialogue with stakeholders on the issues.

Kim Cameron reports that “since early 2005, more than 150 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.”

I wouldn’t take a medicine that hadn’t been properly and adequately trialled, nor would
I consider buying a car that wasn’t guaranteed not to explode in normal traffic conditions. Likewise, shouldn’t I be offered the same guarantees if I am asked to entrust my identity to a third party. Why should government I.T. projects be exempt from these basic common sense requirements?

Just as in the early days of bank cashpoint machines, government will, initially at least,
insist that the systems puts in place are 100% trusted, incapable of error. The burden of
proof to the contrary will rest on the citizen. Without checks and balances, people may
find themselves inadvertently disenfranchised from society.

It is my view that we must indeed prove e-enabled services are worthy of trust before we adopt them. Particularly if there is to be an element of compulsion in respect of citizen participation. With the proposal that electronic patient records should be made available across the EU, I would want assurances that measures were put in place to prevent a doctor in a poorer member state supplementing his or her £100 a month salary by selling my confidential medical records to insurance companies.

Then there is the big picture. Whilst I have no doubt that a ‘debt account’ verified by a
biometric, would assist and streamline government revenue collection, such a system is wide open to abuse.

Criminal gangs, some with inside help, will devote considerable resources to stealing an innocent person’s identity, for use in their next bank robbery. It will be hard for a victim of such an ID theft to mount a defence, since for the whole project to function effectively, trust in the validity of the data must be absolute.

Worse still, although we currently doubt the possibility of it ever happening in Britain,
a future totalitarian government could hijack all the benign systems we are putting in place today to create a nightmare Orwellian state ruling via “cradle to grave” surveillance.

Am I being irrational or alarmist? That’s what many who sounded warnings in 1930s Germany were told. Until it was too late.

How can we guarantee with 100% certainty that all future UK governments will be as benign as the present one?

For me, the fundamental dependency for trust relationships is accountability. The Health service is so systematised and referral-based (with little or no continuity of care) that nobody has any useful accountability, other than in the case of major error (and then you are often too dead to care

The problem here is about structure and scale. Rather than use technology to create mega-data and connected systems, I would rather technology is used to help a GP get to know me and stick around so that they can treat me in the future – i.e. technology should support small-scale relationships, rather than just enable system-wide features.

For intimate things like health, we will never trust a machine or a machine-like system – we tend to trust people or small groups (e.g., personally I trust my GP receptionist more than my GP because she has been there longer and knows more about my family).

I guess what I am trying to say is that trust varies with size and scope of domain. It can be chain-linked (as in LinkedIn or club membership) but it cannot be systematised at the scale of CfH.

Current cultural developments in technology talk about intelligence at the edge of the network, not the centre. We no longer need centralisation for interoperability. Perhaps we should hold our own health records, for example, with GPs holding a backup. Perhaps data should be federated but owned by those closest to it, rather than centralised with unclear ownership.

Not sure if this makes sense, but I can fill in over lunch some time soon

‘Trustworthy’ systems are neutral in that trust depends on the controlling organisation (eg some people may mis-trust government however trustworthy the systems are). But of course ‘non-trustworthy’ systems can also undermine trust in an organisation…

I particularly like the note about the reversal of trust between open societies and trusted systems.

As for the commenter’s evidence-based government: it’s going to be really interesting to see what the govt does with the Gower report, which *did* consider the evidence (particularly the economic review it commissioned) and came to conclusions opposed to those we might expect the govt to welcome.

wg

Kind regards…