ntouk.com - Jerry Fishenden's technology policy blog

Over on Idealgovernment, Sir Bonar is on a roll, continuing his crusade to nationalise and take into custody all of our personal information (presumably on the basis he can build a 'one-stop shop', able to lose all of our personal information much more efficiently, at the press of a single button). I'll be interested to see his reaction to today's launch of the Information Commissioner's new report on "Privacy by Design".

Sir Bonar and others of like mind illustrate a growing problem: the gap between technology and policy. One consequence of this is the association of technology with increasingly negative headlines (surveillance and the compilation of centralised databases amongst the most obvious). A better understanding of technology would instead underpin the liberating and inspiring force for good that it can be, with the potential to enrich, improve and empower our lives rather than to progressively undermine them.

I've been adopting a somewhat different approach to Sir Bonar, quietly talking to a wide range of policymakers and civil servants about the rationale behind recent data aggregation and compilation proposals. It's instructive to understand where current Whitehall thinking is headed and indeed how and why some of the current thinking has evolved in the first place. Unless we understand the problem and its root causes, it's going to be hard to fix.

Sir David Omand (the first holder of the post of UK Security and Intelligence Coordinator) is on record as setting out what I suspect reflects a more widely held view, namely:

"[There could be] ... direct consequences for public safety if doubts are not allayed about the use of modern IT and data-processing by the intelligence agencies in their counter-terrorist campaigns. The proposals recently before the European Parliament for the retention of communications data are a case in point. But all our experience of fighting terrorism in the past shows that where pre-emptive intelligence is available, effective action to protect the public can be taken with minimum disruption to the community and without having to contemplate serious distortion of the rule of law, in effect allowing in respect of state coercion the bludgeon to be exchanged for the rapier."

For the UK to achieve anything approaching the government desire for "resilience" (defined by Sir David as "a society that would be able to absorb sudden shocks and yet bounce back quickly into its normal shape") it will require the active support and participation of the British public. Yet proposed schemes, such as identity cards and the Communications Data Bill that effectively use technology to place all of us under continuous surveillance, risk provoking and alienating the British public rather than gathering their support. Both policy and technology have been publicly damaged by such proposals. The outcomes threaten to produce the very opposite of that which was originally intended. As the old saying goes, if the only tool you have is a hammer, every problem looks like a nail.

Sir David was always careful to acknowledge the key role the public needs to play:

"The primary duty of government is still public protection, but in a world of multiple threats and risks the public have to be trusted to be players."

Indeed. Although this language does still seem rooted in a model of provider or State centric thinking rather than the citizen focused approach most politicians now seek to adopt. And it also seems at odds with the variety of current proposals that are alienating large sections of the very same public whose support is required. It's therefore instructive that Sir David goes on to set out some principles on which he believes policy in this area should be based:

"I would suggest six guidelines to govern both the purposes of the potential intelligence requirements and types of target for which government should acquire such capabilities, jus ad intelligentiam, and the limitations society should place on the methods to be employed as these capabilities are unleashed, jus in intelligentia:

1. There must be sufficient sustainable cause

2. There must be integrity of motive

3. The methods to be used must be proportionate

4. There must be right authority

5. There must be reasonable prospect of success

6. Recourse to secret intelligence must be a last resort

Sir David goes on to clarify that point 3 above should involve "... using only the minimum intrusion necessary into the private affairs of others." And on point 4 comments that "[RIPA] carefully calibrates both those who may request intrusive operations and the level of seniority of those approving them."

There is a close interplay here of technology and policy. What is clear from my discussions over the last few years is the lack of understanding at senior levels of many important technology issues and how they impact policy, for good or ill. This is perhaps not surprising. A thorough understanding of technology and technology policy is still not properly represented in the curriculum for senior public administration and not a requirement for promotion to a senior grade. That is something that could and should be fixed. We would not regard it as acceptable if someone illiterate succeeded to the highest office, given how much they need to rely on that competence to master their brief. Yet technology is the new literacy and the failure to recognise this reality is, I believe, one of the root causes of the problems we are now seeing. And I detect little resistance to such an idea. Indeed, in many senior areas the feedback I have been given is that it would be positively welcomed as there is a growing acknowledgment of the problem.

With the proposed delay to the draft Communications Data Bill and signs of a moderate degree of re-thinking around ID Cards there now exists an opportunity to consider Sir David's ideas more fully and assess how well some current proposals stand up against them. At both the policy and technology levels. And, where current thinking fails to meet such principles as these, then we should look for policy and technology to be modified accordingly. Alongside that, the time has come to ensure the introduction of systematic rigour in the training of our most senior policymakers and public administrators in the understanding of technology and technology policy. And to find a better way of technologists and policymakers having informed discussions before policies are launched, rather than trying to fix them in flight.

Otherwise, we seem condemned forever to relive the narrow and damaging horizons of the likes of Sir Bonar. Which would be bad news indeed for policymakers, technologists and citizens alike.

Technorati tags: identity ID Cards privacy security data breaches technology policy information leaks Communications Data Bill privacy by design