The Four Horsemen of our rights Apocalypse

Sam and I have been having a conversation, and this article (posted originally on was one of the results:

The worst excesses of’s mandate to collect and exploit your medical records are coming back, and the scheme’s descendants are planning to expand into new areas of your life.

Says David Cameron: “For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone. This government will conclusively turn the page on this failed approach.”

The three main protections in the health arena are medical ethics, Data Protection, and the Human Rights Act. The first two may have slowed down last time, but the committee responsible for ethics got abolished while everyone was distracted by the election. And now your rights are under greater threat.

Going far beyond health data, there are discussions within Whitehall and Westminster about ‘data sharing’, with lobbying from those who’d like to exploit the rest of data held by Government. Long-term plans to ‘share’ data for any purposes will almost certainly come back. The last attempt, the Cabinet Office Data Sharing process, ended in a “civil service success” (i.e. failure), as DWP expertly defended its desire to play whatever political games it wanted with its population-scale databases. (Though unsurprisingly, health was seen as too “toxic” to touch.)

You thought ATOS was a problem? With government data sharing, they can do much more. Automatically. Are you entirely sure that nothing in your history might be misconstrued by an underpaid contractor with targets to hit (or througherror, or just to boostprofits)?

What happens when a future Government tries to “sneak past the most data they can sell without anybody noticing”, as tried? And consider carefully what the next Government could have been, only a month ago…

Broader data sharing could recycle the original vision for ID cards and a “single source of truth” Database, with the canny marketing flourish that this time you’re free to pick your own card design, because Government will match “your” data behind the scenes anyway.

The Home Office ID scheme was an 80sdisciplinary design which made usage explicit; a ‘linked identifier’ scheme based on data matching will be disproportionate, wrong and discriminatory. And the risks just increase as the genomics and control technologies are added to the coercion and profit incentives of the last century.

When the Snooper’s Charter comes back with a vengeance, if you think you can rely on all of Government not accessing anything? “I have to say I take a different view”, says Theresa May (q78). Do you want decisions affecting you or yourfamily to be made based on events or thinking from the past?

Will any new proposals re-enact the worst of the old ID scheme, “Clause 152” and you can use any card you like, but it won’t make a difference, as they’ll ‘share’ until you match?

HRA repeal,, ‘data sharing’ and the Snoopers Charter: the four horsemen of our rights Apocalypse driven by instincts that are Secretive, Invasive and Nasty.

A canary in the coal mine for the new Government’s intended use of data is likely to be how it resolves the Universal Credit IT debacle. Old wayornew way? It’s not just about the headlines, nor a shiny new interface, but where your data will go.

Will they choose to be Secretive, Invasive and Nasty? If they do, how will you know?

Posted in choice and consent, communications data, database state, GDS, ID cards, identity, medical confidentiality, medical records, National Pupil Database, neo-feudalism, NO2ID, privacy, Transparency | Leave a comment


It’s been about a year since my last post here but I have been gainfully occupied, coordinating medConfidential along with Terri Dowty and Sam Smith.

If you want to keep up with the latest, please follow:

@EinsteinsAttic (me) or @medConfidential (the campaign) on Twitter

Or, if you’re into that sort of thing, visit our page on Facebook (ugh!)

If you don’t know what’s going on, or you’ve heard that something might be going to happen to your medical records then I strongly recommend you check out the medConfidential website and – if you have any concerns – opt out yourself and your dependents, i.e. minor children and people for whom you hold lasting power of attorney.

The scheme is currently on hold, and we (medConfidential and others) are working hard to ensure that it is fixed – or if they* won’t fix it properly that it is stopped. Beyond that, we are trying to ensure that every flow of personal data into, within and out of the NHS and the wider care system is consensual, safe and transparent.

N.B. If you opt out now, the information held in your GP medical record will not be extracted in the Autumn. If at that point or any point therafter you believe that the system is safe and that your data won’t go anywhere you don’t want it to, you can always opt back in. Just be aware that once your data has been extracted, it will never be deleted.

Meanwhile, here is a funny video that a nice man called Paul Bernal made:

(Lots of in-jokes, but all you really have to know is that the chap driving is called Tim Kelsey)

*”they” in this instance is the Government, the Department of Health and two arms-length bodies, the NHS Commissioning Board (which styles itself ‘NHS England’) and the Health and Social Care Information Centre (HSCIC).

Posted in choice and consent, database state, medical records, privacy | Leave a comment

Terri’s and my talk on the National Pupil Database at the Open Data Institute

Here is the PowerPoint presentation for the lunchtime lecture we gave at ODI on Scribd and here is the audio on SoundCloud – the sound is quite faint, so I did an amplified version which you can download here (27MB MP3 file).

Posted in choice and consent, database state, National Pupil Database, open data | Leave a comment

Response to Geoff Mulgan’s “Will open data be a damp squib?”

Geoff’s piece, Will open data be a damp squib? prompted me to comment. At length. And wander around a bit. So for what it’s worth…

An alternate view: the ‘value’ of open data is a function of its impact in people’s lives.

So transport and geographical data – ‘getting from A to B’ or ‘finding C’ – is unsurprisingly useful, and straightforward to monetise. Which possibly explains why government / Ordnance Survey / Royal Mail are so reluctant to relinquish their monopolies on some datasets.

Open data about the operation of government and/or public services may be useful – even invaluable – in terms of transparency and accountability, but its ‘entrepreneurial value’ is quite low. And institutions will tend to resist revealing the truly shameful, corrupt or embarrassing stuff, preferring – where they cannot avoid publication – to bury it in a blizzard of other data; the classic bureaucrat’s tactic. This, ungenerously, might also go some way towards explaining the ‘oversupply’ issue.

(Also, who says what is ‘open’? We don’t only want to know what the government is willing to tell us. We want to know what we want to know, which is why ‘open data’ should NEVER be allowed to replace, substitute for or weaken Freedom of Information.)

The most valuable data is data about people. People who can buy stuff, e.g. advertising; people who need stuff, e.g. service provision; people who can give you stuff, e.g. votes ≡ power. It is as it ever was; people as exploitable resource.

Everyone wants it. Companies will ‘give’ you loads of cool stuff for it – repackaged relationships (social networks), software, pizza tokens…

And the public services may hoover it up, form after form. Governments may even mandate it – which is what makes the database state especially dangerous. But just because personal data has been gathered in or by the public sector, doesn’t make it ‘public data’ any more than my name, address and date of birth ‘belongs’ to my bank.

Bottom line: personal data ≠ open data. There are laws about that.

And “anonymised” doesn’t get you off the hook, much as many in government and business would quite like it to. The shameful attempts to present “anonymisation” – in practice more often pseudonymisation or de-identification, as genuinely anonymised data tends not to be very useful – as an alternative to proper notification and informed consent are coming from a similar sort of self-serving, self-justifying, shallow-thinking place as the one that reckons ‘big data’ (i.e. pattern-driven prediction) is hard science, when it’s more like something between stats and artifact-discovery.

In reality, the ‘bigger’ data all gets – i.e. the more cross-referenceable datasets there are out there – the less anonymiseable it all is. And there’s maths about that (cf. Differential Privacy).

Taking or using something “just because it’s there” – or, to quote the Second Data Protection Principle, that has been obtained for a specified and lawful purpose – isn’t ‘openness’. It’s theft.

I repeat: personal data ≠ open data. For, in an information society, things done to my data affect me in my life as surely as if you walked up to me and punched me in my face. You might not intend to do those things – but if you suck up or process my data and you or others make decisions based on it, I’m the one who must suffer the consequences. So I get to choose.

Personal data is my data. Not anyone else’s to exploit without my consent. It’s not ‘public’, unless I freely choose it to be – and it’s definitely not ‘open’!

Returning to my original point about functional value; health data – deeply personal and virtually impossible to “anonymise” and keep useful – is amongst the highest value data of all. (The potential for fear marketing alone must be worth billions, probably trillions if you add in sequenced DNA data.) Hence the multiple ongoing attempts right now to suck up, pass around and sell or ‘give away’ – in “anonymised” form, of course – our health data.

I agree with Geoff’s point about vested interests – that where open data has succeeded it has done so because it didn’t threaten vested interests – and also with his observation that there’s not the political will to tackle the “top down systems”, i.e. the bureaucracies, which – cognisant of information as power – institutionally tend to use information technologies to embed and extend their empires.

The rhetoric is agile and citizen-centred, the reality is an all-too-familiar attempt to redefine personal data as ‘public’ or ‘open'; to “overcome the barriers to sharing”. And where government transformation – or “transformational government”, if you can remember back a few short years – isn’t about government changing itself at all. It’s about changing us.

(N.B. You will note that in this, the interests of the corporations and bureaucracies are quite closely aligned. Which makes ‘data envy’ on the part of governments all the more pernicious.)

So, if open data – i.e. information about systems and their operations – works, where’s the disintermediation in the public sector and the bureaucracies that we’ve seen in commercial supply chains? New political and bureaucratic initiatives add in yet more layers of complexity, exposing the citizen to yet more “computer says no” or “your problem doesn’t fit our solution”, paid for by paring back yet more front line staff while the back office and managerial layers metastasise and the systems integrators are laughing all the way to the (failed) bank, not even having paid their taxes…

For an example, look no further than the reengineering of the NHS: the new Commissioning Board introduces a brand new mega-bureaucracy, minimises accountability, replaces hundreds of administrative bodies with hundreds more, leaves an entire Department effectively redundant but still in place. And its first move? Abolish system-wide information governance oversight, re-write the Constitution and go for the data…

Until government proves it can properly reengineer itself, delivering genuinely citizen-oriented services without destroying the all-important human interface, it simply shouldn’t be trusted with any more of our data. Especially if it’s going to redefine what’s ours as ‘public’ or ‘open’ in the hope of a quick buck. Sorry, “stimulating economic activity”.

I understand the urgency. I’m a huge fan of entrepreneurship; I’ve been operating in that mode for the last 20 years or so. But the danger isn’t that open data is a damp squib, it’s that open data is subverted or suborned to drive the further commodification and bureaucratisation of personal data, to limit choice, control and consent*, and to make citizens less free.

*For if liberal democracy is to work we must be autonomous agents, not coerced ‘consumers’ of government or, far worse, the ‘product’ – as in “If you’re not paying for…”

Posted in choice and consent, database state, medical confidentiality, open data | Leave a comment

The ID scheme rides again… *sigh*

A copy of the comment I left on the slides to Cabinet Office / Government Digital Service’s recent ‘SPRINT 13′ conference, Workshop 2 on “Electoral Registration Transformation”:

Please provide a human-readable transcript!

The following is just gobbledegook, e.g. ‘5. Electoral Registration after 2014 Each person Choice of digital Electoral Names Citizens registers and non digital Registration Officer added to exercise individually and routes during must verify name, electoral right to voteprovide identifying transition DOB, National register, held information to (barriers to Insurance Number locally.enable verification digital channels with DWP using IER of entitlement to removed). Digital Service. register. Adoption of ID Assurance when market developed’

With regard to Slide 5: I note the (convenient?) omission of the Query engine that will effectively federate the locally-held electoral registers – conveniently cross-matched with the NINO – that makes this *whole scheme* a direct analogue of the Home Office’s ID scheme, and Treasury’s ‘Citizen Information Project’ before that.

To call this a mere ‘electoral registration transformation’ misses the point. (Deliberate myopia or paranoid political PR?) Anyone smart enough to engineer a system like this should know that – or they shouldn’t be building population-scale systems at all. And you people aren’t stupid.

The Coalition may have scrapped the Home Office ID scheme; with this programme, Cabinet Office is bringing it back.

And in the process it is perverting some of the very principles of our democratic ‘contract’. Compelling or coercing people to vote is one thing; coercing people to *register* to vote is about building a register, not about widening participation or preventing fraud. (Fraud which in large part was exacerbated by ‘innovation’ with postal votes.)

(Slideshare’s comment system doesn’t appear to respect line breaks, so I thought I’d put a more legible copy here.)

Posted in database state, GDS, ID cards | Leave a comment