Governing people is difficult. Too difficult.
Whitehall have given up.
midata is part of their alternative plan.
Governing personal data stores will be much easier.
--- o O o ---
Why is billmonitor called "billmonitor"?
billmonitor, if you remember, is a service which advises consumers what the best mobile phone tariff is for them to be on. The company behind this service is a keen supporter of midata, the Department for Business Innovation and Skills initiative, and is "Part of the government Midata board". midata is dedicated to getting the best deal for consumers, whether we're talking about mobile phone contracts or choosing the right gas and electricity suppliers or any other decision including health, education and employment decisions.
It all seems to make sense.
Until you notice that billmonitor has been in business for seven years or so and seems to have survived and maybe even thrived for all that time without needing midata.
Let's leave that for the moment, and try another question.
BIS are currently conducting a consultation on midata. They're interested in our answers to 22 questions. Questions 7, 8 and 9 are as follows:
Third parties? Secondary users? What on earth are they talking about?
Question 7: Should a consumer be able to require the business to supply the data in electronic format directly to a specified third party?
Question 8: Should a third party who is duly authorised by the consumer be able to seek the consumer’s data in electronic format directly from the supplier?
Question 9: What, if any, requirements should be placed on the secondary users of such data, albeit under the direction of consumers e.g. switching and advice sites?
And another thing. Who do you think wrote the following?
Answer – Iain Lobban, the Director of GCHQ, in the Foreword to 10 steps to cyber security, one of the documents referred to in yesterday's 5 September 2012 press release issued by BIS, Business leaders urged to step up response to cyber threats, in which Vince Cable, Secretary of State at BIS, announces a new initiative to get business leaders to take the threat of cyber attacks seriously.
Every day, all around the world, thousands of IT systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives, but most commonly they are attacked to steal money or commercial secrets. Are you confident that your cyber security governance regime minimises the risks of this happening to your business? My experience suggests that in practice, few companies have got this right.
Few companies have got cyber security right, according to GCHQ, and yet there's the same Secretary of State, Vince Cable, promoting midata and urging us all to store our personal data on the web. It seems confused. Schizophrenic even. What's going on?
Last question. Professor Shadbolt was on You and Yours yesterday, the BBC Radio 4 consumer affairs programme (16'21" to 22'35"), chatting amiably about midata, the benefits of which would be legion but he couldn't name any. He's an intelligent man. What's he doing giving such a vapid interview?
billmonitor is called "billmonitor" because it monitors your bills. You don't just hand over your last few months' mobile phone bills, once-off, billmonitor recommends that you switch from tariff X to tariff Y and that's the end of the relationship. No, you hand over your mobile phone no., your user ID and your password, and billmonitor logs on to your phone company and sits there monitoring your phone usage until Doomsday, occasionally issuing recommendations to switch from this contract to that.
billmonitor is one of these "third parties" referred to in the BIS consultation whom you authorise to access data from your suppliers. And when billmonitor processes your mobile phone consumption data they become, in the terminology of BIS's consultation, "secondary users" of the data.
You the consumer have to be very trusting to give a stranger, billmonitor, access to your phone account. Particularly in light of GCHQ's claim that most companies have faulty cyber security, including perhaps billmonitor and all the telcos they are logged in to.
BIS want us all to take that risk. For midata. There must be something in midata that BIS prize so highly, they are even prepared to recommend that we run the associated risks of cyber-crime, the financial risks and the loss of privacy.
Whatever that something is, that BIS prize so highly, it's too embarrassing for Professor Shadbolt to tell us what it is.
So it's a good job that William Heath now has told us.
William Heath, remember, is the Mydex and Ctrl-Shift man, and a few hours ago he published To understand BIS’ midata proposal it helps to understand Mydex on the Mydex blog:
The Mydex "briefing note" referred to above, Making midata work for you, explains the benefits of a Mydex PDS (personal data store). Among others:
The Government’s midata consultation to give consumers a statutory right to their data in electronic format affects every individual, and every major company holding customer data in the UK. But it cannot be properly understood in isolation of wider imminent changes in how personal data is managed, shared, controlled and valued.
Mydex is all about that bigger picture. So we’ve drafted a briefing note particularly for organisations responding to the midata consultation.
We support midata. It will empower individuals and at last give real teeth to the good intentions behind the Data Protection Act subject access request. It goes hand in hand with the new UK and US approaches to ID assurance [emphasis added], which we also support. We think midata needs to apply also to other UK public services including health, education and job-seeking.
billmonitor just collects data from your suppliers. Mydex goes one step further – after collecting the data, Mydex distributes updates from one supplier to all the other suppliers who might need to know what's changed.
Digital by default. If the individual agrees, organisations can establish live, permanent links to key fields (such as home address and contact details) in the individual’s data store, receiving live status updates ...
Empowering. Mydex has a distributed cloudbased [oh good] hyper-secure [see GCHQ above] architecture ...
Having once given your permission, you're no longer involved. You're no longer needed. "Empowered" by midata, in "control" of your data, you've become digital by default.
Which is lucky, because the government wants all public services to become digital by default, too.
And with the identity assurance provided by Mydex, they can. If everyone has a PDS and if the PDS is a requirement of every transaction, then Government can at last be transformed.
As the BBC tell us, a few clauses in the Enterprise and Regulatory Reform Bill so worthy and dull that it won't be scrutinised by many people will arm BIS with order-making powers. Thereafter, statutory instruments can be quietly laid down, unscrutinised by anyone, and midata will have all the powers of identity assurance that the Government Digital Service could wish for.
Governing people is difficult. Too difficult. Whitehall have given up. midata is part of their alternative plan. That's what the bashful Professor Shadbolt didn't want to say. Governing PDSs will be much easier.