Online right to work checks – that's a press release, by the Home Office, 14 December 2018: "Employers will be able to rely on an online Right to Work Checking Service to demonstrate compliance with illegal working legislation".
Pretty good, you may say, well done the Home Office, very 21st century, faced with a prospective recruit how does an employer establish their right to work in the UK? Answer, on-line.
Modern. Quick. Efficient. Definitive.
Or is it?
Cast your mind back. Cast it back before yesterday. And even before 14 December 2018. Cast it back exactly 12 years, all the way back to 14 December 2006, when the Home Office published their first so-called Strategic Action Plan for the National Identity Scheme.
Turn to Annex 1 on p.25 and you'll see that the Home Office planned strategically for the Immigration and Nationality Directorate to have an "enhanced employee checking service available for employers" six months later, in June 2007.
In the event it took 12 years. Not six months. 12 years.
It's 11 years since DMossEsq wrote about this matter, Not working in the UK. "Why hasn't this strategic action been performed by IPS [the Identity and Passport Service as was, now Her Majesty's Passport Office]?", he asked in January 2008, and "Is there perhaps a problem with the biometrics?".
The Home Office have given us no reason in the interim to believe that the biometrics their employee checking service depends on are reliable ...
... but rely on them they do, as they told us in last month's press release: "The online Right to Work Checking Service can be used by non-EEA nationals who hold biometric residence permits or biometric residence cards ...".
Even after 12 years that little matter remains outstanding, we're not quite there yet, there's an on-line service but we can't be sure that it identifies prospective employees reliably.
And the service isn't universal.
It doesn't handle any non-EEA nationals who don't have these cards, it doesn't handle all EEA nationals and UK nationals without a passport can supposedly demonstrate their right to work by producing "short birth or adoption certificates, which they can get for free, instead of the long versions".
Surely GOV.UK Verify (RIP) could help to assure employers that the person in front of them is who the birth certificate or plastic card says they are and has the right to work in the UK?
Online right to work checks – that's a press release, by the Home Office, 14 December 2018: "Employers will be able to rely on an online Right to Work Checking Service to demonstrate compliance with illegal working legislation".
Pretty good, you may say, well done the Home Office, very 21st century, faced with a prospective recruit how does an employer establish their right to work in the UK? Answer, on-line.
Lacerda, head of linguistics at Stockholm University, told the Guardian that VRA "does nothing. That is the short answer. There's no scientific basis for this method. From the output it generates this analysis is closer to astrology than science. There was very good work done by the DWP [the Department for Work and Pensions] in the UK showing it did not work ...".
So what?
Here in the UK you get a 25 percent discount on your Council Tax if you live on your own. Some people lie. DWP don't think VRA will identify them. Neither do Messrs Eriksson and Lacerda. Nor, it can safely be asserted, do DMossEsq's millions of readers.
But according to the Guardian article at least 24 local authorities in the UK do believe in magic. Redcar, for example, Middlesbrough, West Dorset and Wycombe among them. "South Oxfordshire ... says that [their VRA] system helped reduce the number of people claiming the single person discount by 3% ...".
Their system is supplied by one of the UK's big government contractors, Capita, who say that: "The technology was never used in isolation. It is only used in cases which are deemed 'high risk', when earlier stages of the review have indicated that more than one person may be living at the property".
The Local Government Association say that: "No one is going to be prosecuted for benefit fraud on the result of voice analysis tests alone".
If VRA doesn't identify suspected fraudsters in the first place and it doesn't provide sufficient evidence to prosecute them, then its contribution to South Oxfordshire's 3 percent reduction is, as Lacerda says, to use the technical term, "nothing". Or as False Economy, a trade union-funded campaign group, put it: "Capita is a firm with a long rap sheet of expensive failure. Neither they nor their technological snake oil should be trusted".
Mass consumer biometrics is a stage prop in the security theatre that the authorities produce and VRA performs, by analogy, in anti-fraud theatre. It may look modern. Technology may impress some people. The authorities may seem to be "doing something". But they're not. Apart from wasting our money.
Lacerda, head of linguistics at Stockholm University, told the Guardian that VRA "does nothing. That is the short answer. There's no scientific basis for this method. From the output it generates this analysis is closer to astrology than science. There was very good work done by the DWP [the Department for Work and Pensions] in the UK showing it did not work ...".
You could have announced the end of the world yesterday. No-one would have noticed.
In fact, Sir David Attenborough did. "I think that we've stopped evolving", he told the Radio Times. And all anyone wanted to know is how easily they can photograph themselves with the iPhone 5C.
No matter how trivial the detail, media coverage was breathlessly serious.
Except, perhaps, for Murad Ahmed in the Times. For him, maybe there is some sign of a sense of humour. Maybe there is hope:
At events held at the company’s headquarters in Cupertino, California, and Berlin yesterday, analysts said the new fingerprint technology was the most eye-catching advance.
Which brings us to biometrics.
Suppose the fingerprint recognition in the iPhone 5S doesn't work. Suppose that 20 percent of 5S owners queue up outside Phones4U, complaining that they've bought a product that won't let them use it – the computer says I'm not me and it won't let me unlock the home screen – and they all want their contracts cancelled and their money back.
Suppose someone finds a way to steal your fingerprints from the iPhone 5S and use them to authenticate their own purchases, fraudulently. It's not as though you can just go out and get a new set of fingerprints ...
That's not a disaster for Apple alone.
What will the news footage of those queues do for US-VISIT, the US border control system that relies on fingerprint recognition? What will it do for Aadhaar, the Indian identity management scheme that ditto? What will it do for Safran's share price? What will it do for payments systems which rely on fingerprint recognition to authenticate transactions?
Sweaty fingers and scared eyes. It's in their DNA. That's the evolutionary response that will be shared by all the owners with a horse in the Apple Stakes.
If the fingerprint technology is up to the job and can authenticate you as the legitimate user of this iPhone 5S, then it can also allow you to open the front door to your house. As the Wall Street Journal said in Apple's Latest iPhone Puts Focus Back on Fingerprint Security. Last word to them:
"If I go jogging with my iPhone and I come back to my house and my thumb is all sweaty and I can't get in my apartment door, that would kind of suck".
You could have announced the end of the world yesterday. No-one would have noticed.
In fact, Sir David Attenborough did. "I think that we've stopped evolving", he told the Radio Times. And all anyone wanted to know is how easily they can photograph themselves with the iPhone 5C.
In the opening paragraph of the section entitled Ownership (pp.28-33) Shakespeare says: "I think the time is now right to reflect on how the current models of ownership apply in the current context" (p.28).
We know from an earlier post the current result of his current reflections – please see Shakespeare's take on property. He wants to give all public sector information (PSI) to "businesses, especially SMEs". For free. Without charge.
What we're looking for in this section of his review is the reason for Shakespeare's recommended largesse. We're dealing with ownership here. Property law. And we're entitled to some more or less scholarly argument.
----- o O o -----
Shakespeare begins by discussing the data managed by Companies House, the Land Registry, the Met Office and Ordnance Survey. These four together are apparently known as the "Public Data Group" or "PDG" for short.
Take Companies House as an example.
As everyone knows but Shakespeare doesn't mention, at the moment:
You pay to set up a new company or you buy an existing company off the shelf.
You pay to run the company.
You pay to prepare the accounts, following the rules laid down by Companies House, HMRC, the Companies Act and any number of national and international accountancy standards organisations including the OECD.
You may pay to have the accounts audited. The auditors are highly trained, regulated by several accountants' institutes and they pay for hugely expensive professional indemnity cover.
Or, if you are conversant with section 477 of the Companies Act 2006 and it applies, you pay to hold a general meeting of the members of the company and you try to agree with them to dispense with the audit.
You learn how to use iXBRL and you submit your accounts to HMRC and pay your corporation tax, if any, being wary of the GAAR, and you submit them to Companies House and you pay the Companies House fee for making an annual return.
You can be fined for making a late return, you can be forced to re-submit your accounts if you make a mistake, you can be fined or banned from being a director if you misbehave and your auditors can be fined or struck off if they misbehave.
By the time your company accounts poke their head through the mist and into the public gaze – anyone can see them if they only pay Companies House £1 for the privilege – they contain a lot of personal information and a lot of people have made a lot of effort and taken a lot of risks and paid a lot of money to get them there. There are a lot of barriers to entry.
Once they are public sector information on the Companies House website, who do the accounts belong to?
Companies House? HMRC? The company? The members/shareholders? The auditors? The accounting institutes? The professional indemnity insurers?
Shakespeare doesn't tell us. We learn nothing from him about ownership.
He makes vague allusions to them belonging to "citizens".
What he is clear about is that this data should belong to "businesses, especially SMEs" who know nothing about the company, have taken no risk, have made no effort and will make no payment for the data even if they could afford to because that would constitute a barrier to entry.
Why does he want to give them the data?
Because, according to Shakespeare, some good may come of it. What good?
Suppose that the PDG charged nothing for public sector information (PSI), Shakespeare says. Then:
As government would no longer need to purchase the PSI itself, the direct loss to the Exchequer on an annual basis is in the order of £143 million ... It seems a straightforward decision to invest £143m to make Trading Fund data widely available is a relatively small price to pay to leverage wider economic benefits far exceeding this by orders of magnitude. (p.30)
He wants to deprive the Exchequer of £143 million p.a. and expropriate the citizens' data in order to "leverage wider economic benefits far exceeding this by orders of magnitude". What "wider economic benefits"? No idea. How many "orders of magnitude"? No idea. When? No idea.
And yet he calls it a "straightforward decision". It's not a decision at all, is it. It's a straightforward hunch. A mere guess. An unsupported hypothesis. Feckless optimism.
The reforms that I have suggested should not result in an unjustifiably high cost to Government but putting a price on that is for Government to do. (p.30)
That may be how they do things at YouGov, Shakespeare's company.
Someone proposes an investment, Shakespeare asks the finance director if YouGov can afford it, the finance director says, "yes, we should be able to" and that's considered an adequate answer. Governments can't be quite so cavalier. They're dealing with public money.
And what's all this about "putting a price on that is for Government to do"? Isn't it for Shakespeare to do? Isn't that why he's been asked to perform his review? If he can't "put a price on that", how can he make his case? He can't.
He even tells us why he can't do his review job:
Forecasting future benefits is also hard to predict. How businesses and individuals might use datasets in the future to generate new products and services and by implication impact economic growth, is equally unknown. (p.30)
It's too difficult to do his job of forecasting. The uses to which "businesses, especially SMEs" might put public sector information are necessarily unknown. What "new products and services"? No idea. How will they "impact economic growth"? No idea.
But in that case, what justification is there for Shakespeare stating that the impact will exceed £143 million "by orders of magnitude"? None. 143 million times, none.
Shakespeare wants to change the "funding model" of the Public Data Group.
Why?
The data revolution is moving rapidly, and faster than government structures are reacting to that change. (p.29)
What data revolution? He doesn't tell us. Apart from Shakespeare, who says that "government structures are reacting to that change" too slowly? Why is it the right reaction to abandon agreed custom and give public sector information away for free?
The questions go on and on and never once does Shakespeare have an answer.
My conclusion is that to quantify the costs and benefits precisely from outside Government is difficult due to the many complexities, however, I think there is sufficient evidence to support the theory that the benefits far outweigh the costs to releasing, firstly data from the Trading Funds and secondly, PSI across the public sector.
The Shakespeare review provides "sufficient evidence" because Shakespeare thinks it provides sufficient evidence. This is the world of make-believe, not the world of public administration.
You may or may not agree. Tell us what you think. Please complete the poll at the top right of this web page. (Poll now closed. Results here.)
----- o O o -----
Shakespeare defines "public sector information"/"open data"/"big data" on p.8. We know what he's talking about:
PSI covers the wide range of information that public sector bodies collect, produce, reproduce and disseminate in many areas of activity while accomplishing their public tasks.
On p.31 he starts talking about something quite different – private sector data:
Almost all of my review is focused on increasing the availability of PSI, but there are also opportunities from opening up private sector data.
Then he stops again:
It also opened up discussions on who actually owns the data but I won’t go into that further now.
"I won't go into that now"? What's going on? If he doesn't want to go into the matter, why does he raise it in the first place? If he wants to talk about "who actually owns the data", what better place than the section on ownership in his review?
The answer is that he's warning everyone that his plans do not stop at public sector information. He wants his National Data Strategy to include private sector information as well. Including your personal data. He says:
There have been real transformational benefits from initiatives such as Midata where consumers now have access to their own information collected on them by retailers and others. That is a huge step in really empowering consumers to take decisions based on data that they themselves have generated. I'm sure that Tesco didn't design their loyalty card scheme with open data in mind but this has been a truly groundbreaking step in access to private sector collected information.
We know that that's false.
Long before midata was thought of by the Department for Business Innovation and Skills (BIS) or, possibly, the Government Digital Service (GDS), banks gave us bank statements, telephone companies gave us itemised bills, retailers gave us invoices, etc ...
Like Shakespeare and his PSI, midata promises great benefits without ever being able to explain what they are – it's the South Sea Bubble all over again.
The PSI people have an unfounded belief that they know how to grow the economy. And the midata people have a megalomaniac belief in addition that they know how to run your life better than you do.
You have been warned. By Shakespeare. The revolution is coming.
----- o O o -----
Innocent people get badly hurt in revolutions. It is conventional to apologise for that. Some contrition is normally expressed for all the eggs that had to be broken to make the omelette.
But not old Shakespeare:
Those currently deterred by charges would benefit from reforms and conversely, organisations who are at an advantage in using their own proprietary information for commercial advantage, might find their competitive advantage diluted if more PSI is released. But in dynamic markets this happens all the time and is a stimulus for innovation and so business should embrace the change. (p.31)
Embrace the change.
His message to the 40,000+ public servants who will be laid off if GDS ever manage to get digital-by-default up and running? Embrace the change.
British steel plants shut down? Embrace the change.
Coal mines shut down? Embrace the change.
Upper Clyde shipbuilding shut down? Embrace the change.
CELIA ... not a word? ROSALIND Not one to throw at a dog. CELIA No, thy words are too precious to be cast away upon curs; throw some of them at me; come, lame me with reasons ...
Come, Stephan, lame the lot of us with some reasons to believe that it's worth giving PSI away for free.
Updated 18.12.15
It's 2½ years since the post above was written. What progress? How goes the revolution? What changes are there to embrace? Where is Professor Sir Nigel Shadbolt's explosion of innovation? Thanks to Stephan Shakespeare, is it Christmas for the UK economy every day?
Let's take a look at Companies House, one of the four members of the Public Data Group, please see above.
And let's take a look specifically at the Find company information facility on the Companies House website.
Companies House have decided to stop charging anyone to see the returns filed by companies. It should be quick and easy to make that change, shouldn't it. You just cut out the charging processes in the computer system. But that's not how Companies House have tackled the job.
No, too quick and easy, instead they have created a new test/beta website, on which you can see these returns for nothing, unlike their current/old/live website, where you have to pay £1 to see each return.
Why did they do that? Why did they choose the harder option? This way, they have to maintain two websites instead of one. The new website lags behind the old one, it's still trying to catch up with the facilities already available in the old one. What's the point?
The answer seems to be, on inspection, that the new website includes facilities to investigate people. You can investigate companies on the new website, just as you can on the old one, but now it's much easier to see, for example, what other companies Stephan Shakespeare is a director of:
Stephan SHAKESPEARE - Personal Appointments (free information from Companies House) page #1 of 5
What innovative ideas have resulted from this revolutionary progress? None, so far as is known. Benefit to the economy? Ditto. "It's early days", you may say. But if not now, then when do we see the benefits? Never?
The effect of Companies House introducing their new website is slightly intrusive. Their response is to remove the day of the month from Mr Shakespeare's birthday which is given in the example above as April 1957.
"Well done, Companies House", you may say, "how courteous and sensitive". Your admiration is misplaced. Take a look at the YouGov annual return to 31 July 2014, for example, which you can do quickly and for free, and there's his full birthday. And several other peoples'.
The new website is more intrusive but at least the data is free. Except that it's not. Obviously taxpayers are having to pay Companies House to create this new website as well as maintain the old one. But that's not all. Here's a page from the YouGov filing history on the new website:
YOUGOV PLC - Filing history (free information from Companies House)
Companies House want you to pay £3 for that resolution to remove pre-emption rights. And you have to ring them for the privilege. Whereas, oddly enough, you can get it for £1 without making a telephone call, digital by default, from the old website:
"Forecasting future benefits is also hard to predict", as Mr Shakespeare so rightly says.
Updated 22.1.16
Companies House understand that they have made a mistake by publishing so much personal information for free on their proposed new website. That's why Our register: advice on protecting your personal information appeared on their blog yesterday. Anyone reading it will realise that it doesn't correct the mistake.
The following comment has been submitted. Let's see if it is published and if it elicits any sense from Companies House:
David Moss
Your comment is awaiting moderation.
Suppressing the day of the date of birth of any specified officer of a company on the new appointments query is the flimsiest of fig leaves – the full birthday is readily available for free in the annual return.
How does that fig leaf protect anyone's personal information? It doesn't.
The home addresses of the officers of a company may be hidden in future, but earlier returns are still there on the web, often complete with home addresses.
There was some protection for personal information when people had to pay £1 for each document and when it took some time to download and read them. That protection has been weakened considerably now that the results are available instantly and for free.
The reason for this change seems to be that making everything open and removing any barriers to entry will promote innovation and expand the economy. There is no sign of any such innovation.
As a matter of interest, are you the Ian Gronland at 97 Andersons, Stanford-Le-Hope, Essex, United Kingdom, SS17 7JD or the one at 23 Highfield Gardens, Grays, Essex, RM16 2NT or the one at 9 Riverview Flats, London Road, Purfleet, Essex, RM19 1SL?
The comment immediately above hasn't been published on the Companies House website and there has been no response.
You may think that it shouldn't be published. It includes the postal addresses of one, two or three Ian Gronlands. Those should not be published free for all to see without the owners' permission.
But that isn't an argument Companies House can use. They are the ones publishing the Ian Gronland addresses and the addresses of hundreds of thousands of other directors and company secretaries. If it's wrong to publish the DMossEsq comment, it's wrong pari passu to publish the free-for-all-to-see beta version of the Companies House website without Gronland permission.
You may alternatively think that the DMossEsq comment hasn't been published because, in the event, there has been no avalanche of innovation inspired by the new Companies House website.
If opening up all this personal information hasn't allowed the UK to "leverage wider economic benefits far exceeding [£143 million] by orders of magnitude" as promised by Shakespeare, please see above, then creating this new Companies House website is a waste of time and money.
Updated 27.1.16
The eccentrics at Companies House
consider that fines
don't deter inconsiderate parking
Companies House have now published the comment above and responded as follows:
Esme Turner
Companies House does not consider that information is more readily available as the result of the removal of the £1 fee to access it. We do not consider that a fee of £1 would deter anyone who wants to access a piece of information. The decision to redact day of birth information from our data systems and to alter the design of forms so that for filings made after 10 October 2015 is deemed to be a proportional response to the threat of identity fraud. Given that this information is already in the public domain, even the removal of it from Companies House systems would not prevent third parties from using it.
We have not published the final sentence of your comment. Companies House does not confirm the addresses of our staff and we will not publish blog posts that may contain this information.
They don't answer all the questions raised and the answers they do provide raise more questions. A further comment has been submitted:
David Moss
Your comment is awaiting moderation.
Thank you for your 25.1.16 response.
Companies House consider that removing the fee doesn't make personal information more readily available and that paying the fee wouldn't deter "anyone" from accessing the personal information recorded by Companies House. This is an eccentric position to adopt. Most people accept that penalties deter inconsiderate parking, for example. Companies House may care to consider the tweet sent to them last June by a blogger/journalist who claims to have scored a success using the new website and says explicitly "if I'd had to pay £1/document, I wouldn't have found the info".
It's not just removal of the fee that increases "the threat of identity fraud" which you mention but also the speed and convenience with which personal information can be collected on the new website. Users no longer have to select documents laboriously, as we did on the old website, log in, enter our payment details, wait for the documents to be marshalled, read them, go back and start again, ... Those disincentives have been removed and, instead, bingo, there it all quickly is, all the personal information you could want and more.
Companies House clearly recognise that they have put people's personal information at risk. Why else publish your blog post, 'Our register: advice on protecting your personal information'? Three people have submitted comments on your blog post airing their qualms. Omitting the day of people's birthdays from some documents but not others is only a "proportional" response if Companies House is once again being eccentric.
The claim that personal information is available elsewhere does not justify Companies House's making it available so conveniently. Some people are unrealistic, for example. Should Companies House follow their example?
Why are Companies House seeking to change the status quo with the new website they're testing? You don't unfortunately answer that question in your response. Many people have advanced the hypothesis that making information available to everyone will inspire innovation and cause the UK economy to expand.
Here it is being tested by Companies House. The hypothesis, that is. Has it worked? Has it inspired a lot of innovation? Has it caused the economy to expand? If not yet, then when? So far, in this case at least, it looks as though the hypothesis is wrong. In which case, why proceed as though it is right? Is it time to abandon the new test Companies House website?
Did Companies House perform a privacy impact assessment before spending time and money on a new website? If so, what were the findings? And if not, in view of the concerns expressed by commentators and by Companies House themselves, isn't it about time to assess the privacy impact?
As noted above, Shakespeare wants to make all the data stored by Companies House, the Land Registry, the Met Office and Ordnance Survey freely available to anyone who wants it. The effect would be, he says, for innovation to be inspired and for the UK economy to expand by "orders of magnitude".
Also noted above, Shakespeare offers not a single cogent reason to believe him.
Companies House have nevertheless wasted their time and our money on developing a new website which makes it quick and free to gather reams of personal information about the directors and shareholders of limited companies.
No explosion of innovation has been detected since Companies House started giving away millions of people's personal information for free. The economy has not noticeably expanded as a result.
Where there should be a coherent argument, there's just a hole.
Far away from Companies House, the Land Registry and the others, the Government Digital Service are promoting their new identity assurance scheme, GOV.UK Verify (RIP). That scheme relies on appointed "identity providers" verifying who we are and issuing us with an identity so that we can access public services on-line.
How do the "identity providers" do that? How do they satisfy themselves on-line that we are who we say we are?
1.3 How does Morpho collect your personal data ... Personal data that Morpho may check, include: - Your Credit Record History - Your Electoral Roll History - Your financial court orders records (CCJ, IVA, DRO, Bankruptcy) - Your record in the Land Registry ... - Your Directors Register record
We might in certain circumstances verify if you are active on social networks.
Morpho may collect personal data about you because Morpho is required or authorised by law to collect it.
Does that fill the hole?
In the absence of any other, is that perhaps the explanation for Shakespeare's and Companies House's delinquency?
In the opening paragraph of the section entitled Ownership (pp.28-33) Shakespeare says: "I think the time is now right to reflect on how the current models of ownership apply in the current context" (p.28).
We know from an earlier post the current result of his current reflections – please see Shakespeare's take on property. He wants to give all public sector information (PSI) to "businesses, especially SMEs". For free. Without charge.
What we're looking for in this section of his review is the reason for Shakespeare's recommended largesse. We're dealing with ownership here. Property law. And we're entitled to some more or less scholarly argument.
We've only just got to the Introduction (pp.19-20).
"The review", he tells us there, ...
... will consider the current and anticipated future needs for Government given the current policy objectives across departments and wider public sector bodies as well as the opportunities and challenges presented by rapidly developing technology in the area.
That's false.
Nowhere in its 71 pages does the review tell us what the opportunities are, as noted, and nowhere do we discover what this "rapidly developing technology" is.
It's been a busy old time for Shakespeare. He's been talking to the citizens and to the experts:
There have been breakfast seminars, larger events with big businesses, SMEs [small and medium-sized enterprises] and start-ups. I have also interviewed individual experts, activists and practitioners.
All those full English breakfasts. Also small and medium-sized English breakfasts. And more – tireless pollster that he is, Shakespeare, the founder of YouGov, tells us that ...
... my own evidence has come from the two waves of surveys, each with simple, defined multi-option questions, with every question accompanied by an open comment box. The first wave was exploratory, helping to develop ideas; the second wave, confirmatory, seeking support for my broad recommendations ...
What do these two-wave surveys reveal?
We find out in the Evidence section of his review (pp.21-7):
70% ... of total respondents think that we should make public all that we can about our health care system ...
Too bad on the other 30%, you may say, the majority has spoken and the majority wants everyone's medical records to be made available for research.
Not so fast.
Your confidence may be partially deflated when you learn that Shakespeare's surveys were conducted on two groups of people. In one of them, 18% of respondents said they were "highly informed" on data issues and in the other group that figure was 4%. The survey finding above could legitimately be re-stated as follows:
Between 82% and 96% of people asked said they didn't know what they were talking about but nevertheless 70% of them think that we should make public all that we can about our health care system so we should.
And that, citizens, is Shakespeare's contribution to the review of PSI, public sector information.
We've only just got to the Introduction (pp.19-20).
"The review", he tells us there, ...
... will consider the current and anticipated future needs for Government given the current policy objectives across departments and wider public sector bodies as well as the opportunities and challenges presented by rapidly developing technology in the area.
UID’s performance suggests that accurate, biometric-based, identification is quite feasible for large countries, including the US. (p.8)
... restated a page later as ...
UID shows that countries with large populations can implement inclusive, precise, high-quality identity systems by using existing technology. (p.9)
In his 12 May 2013 blog post Biometrics: will the Center for Global Development reconsider? DMossEsq suggested that this conclusion of G&C's needs to be qualified in at least six ways and should read "the US could safely deploy an identity management scheme based on biometrics":
"subject to an annual audit"
"apart from the possibility of cyberattack"
"and as long as we've got our maths right"
"and as long as you realise that it's not identity that's being managed"
"and as long as you're relaxed about the fact that anyone could have any number of entries on the population register"
"and the fact that the discipline of biometrics is out of statistical control"
On 21 May 2013, Alan Gelb posted a comment, which includes this:
... we hold to our conclusion that the data released provides a very significant benchmark on the capabilities of biometric systems in developing country conditions and one that should be studied carefully by other countries.
Some evidence of reconsideration But that wasn't their conclusion.
Their conclusion was that the usefulness of biometrics to the US and other countries has already been "shown" or demonstrated or established by Aadhaar.
They're not holding to that.
Now, it transpires, the evidence of Aadhaar is insufficient. Something more is needed – careful study – before the usefulness of today's biometrics to the US is established. We cannot yet say, pace G&C's earlier report, that its usefulness has been demonstrated.
What was G&C's original conclusion based on if not careful study?
Audit In his comment, Mr Gelb ignores the point about the need for an audit of the biometrics performance figures published by UIDAI, the Unique Identification Authority of India.
A striking omission, G&C are endorsing India's investment in biometrics and recommending the same for the US without first getting an independent expert audit of the performance figures. That would be imprudent behaviour for a responsible investment manager.
G&C are convinced that Aadhaar will be beneficial to the millions of Indians whose prospects of escaping poverty are limited for lack of an official identity. Why are they convinced? Is it any more than a hunch or a hope?
They're not convinced because of any government programmes which depend on Aadhaar – as Mr Gelb says:
It is far too early to assess the UID program record in delivering more effective and inclusive services.
Their conviction relies exclusively on the enrolment of people into UIDAI's population register, where they are identified by their biometrics:
... we see the data that it [UIDAI] has released on inclusion and accuracy as a very significant benchmark for biometric systems in developing countries, and a major advance on the use of laboratory data. These appear to be the most extensive field data released so far.
Without an audit, how do G&C know that India's excluded millions really are being granted an identity? Has a benchmark been established? The US doesn't have the same social exclusion problem as India according to G&C so why the interest in using biometrics to identify all Americans?
The Indians and the Americans and everyone else would be well-advised to insist on an audit before any more of their money is invested in biometrics.
Statistical control G&C cite a paper by three world-class experts, Messrs Wayman, Possolo and Mansfield (WP&M), which argues that the study of biometrics is out of statistical control – biometrics isn't a scientific discipline.
Their case rests on audits of biometrics systems that the three of them have conducted.
You can examine all the test results you like, WP&M say, but those results will tell you nothing about how biometrics systems will perform in the field, in operational use.
They discuss the implications for US homeland security. The National Institute of Standards and Technology (NIST) has a duty under the USA PATRIOT Act to audit biometrics systems and to certify them. The best NIST can manage is to say that the results of the tests they performed are the results of the tests they performed. They can't predict how the systems will perform in the field. No benefits to homeland security can be assured.
The same audit report on Aadhaar's performance figures would dissipate the will to invest in biometrics, whether in India, the US or anywhere else.
G&C rest their pro-investment case on the Aadhaar figures for False Positive Identification Rate (FPIR) and False Negative Identification Rate (FNIR). It is on the basis of two statistics that they recommend investment in biometrics, a technology which WP&M say is out of statistical control.
Look again at the back end of the quotation above:
... we see the data that [UIDAI] has released [as] ... a major advance on the use of laboratory data. These appear to be the most extensive field data released so far.
That is simply false.
You can't measure FNIR in the field. For the reason noted in the DMossEsq blog post – impostors don't come back and tell you that they fooled the system.
So where does UIDAI's figure of 0.0352% for FNIR come from?
False accept (FNIR): To compute FNIR, 31,399 known duplicates were used as probe against gallery of 8.4 crore (84M). The biometric system correctly caught 31,388 duplicates (in other words, it did not catch 11 duplicates). The computed FNIR rate is 0.0352%. Assuming current 0.5% rate of duplicate submissions continues, there would only be a very small number of duplicate Aadhaars issued when the entire country of 120 crores is enrolled.
UIDAI's figure of 0.057% for FPIR is also the result of a laboratory test (p.18).
What Mr Gelb calls "field data" three times in his comment is, in each case, laboratory data – data which WP&M say tells us nothing about how Aadhaar will work in the field.
It's not just WP&M who cast doubt on these statistics. So do G&C themselves, when they note that UIDAI have to "relax" the FNIR to keep the FPIR down to manageable proportions, to avoid "drowning in a sea of false positives". With their butcher's thumb on the scales, UIDAI can make the meat weigh whatever they want. Or, dropping the butcher analogy, by varying the matching threshold, UIDAI can choose whatever FPIR they like.
Whatever these FPIR and FNIR statistics are, one thing is clear – they're not a benchmark. UIDAI have chosen 0.057% for the FPIR and they're sticking to it. It doesn't matter how well Aadhaar performs or how badly, the FPIR will always be 0.057%.
To correct the record, we do not assert that the number of bilateral comparisons is the square of the population, n. It is 0.5*n*(n-1) which rises (as we note) with the square of n.
He is saying that the number of matches rises with 0.5*n*(n-1) and that it rises with n². Since 0.5*n*(n-1) is not equal to n² that must be false.
He also says:
...since no identification system will cover 100% of population, we rounded n off to 1 billion for India.
Why 1 billion? Why not 0.8 billion? Or π/5 billion?
Mr Gelb's aim is to prove that the number of false positives generated by Aadhaar is and will remain manageable. There's no need to do any maths to prove that – not when you know that UIDAI have already decided that the FPIR is and always will be 0.057% and therefore is and always will be manageable. It's a management decision and not a scientific observation.
Multiple identities G&C acknowledge that there is a trade-off between FPIR and FNIR.
In his comment, Mr Gelb says that:
If we accept the field estimate of 0.057% false positive rate against a data base of 84 million, the rate for a 1:1 comparison would have to be very small, in the range of 7 in one trillion.
Hard to understand, it looks as though he is saying that there will be only 7 false positives for every trillion matches. That can't be what he means but, roll with it for the moment, if he is saying that false positives will be at any sort of rock bottom level like 7 per trillion, then he must accept that false negatives will be sky high. That's what the trade-off means.
It means that Aadhaar's population register will be crammed full of people with multiple identities.
If any government programmes do start to rely on Aadhaar, then some individuals will be entitled to multiple votes, multiple food rations, multiple fuel allowances, multiple temporary jobs and multiple bank accounts. And if the banks start to rely on biometrics alone to authorise payments, then some individuals will be entitled to multiple benefit payments.
Cyberattack That means fraud. Large-scale multiple identities in Aadhaar means large-scale fraud. If Mr Gelb is right about the statistics, then Aadhaar is a machine to automate corruption.
The Indian media openly acknowledge the high incidence of corruption in India's current food security and other welfare programmes. Not just the Indian press. The Economist, too. In a staggeringly awful article they wrote:
Armed with the system [Aadhaar], India will be able to rethink the nature of its welfare state, cutting back on benefits in kind and market-distorting subsidies, and turning to cash transfers paid directly into the bank accounts of the neediest. Hundreds of millions of the poor must open bank accounts, which is all to the good, because it will bind them into the modern economy. Care must be taken so mothers rather than feckless fathers control funds for their children ...
Mr Nilekani [UIDAI chairman] harnessed the genius of Indians abroad, including a man who helped the New York Stock Exchange crunch its numbers and one of the brains behind WebMD, an American health IT firm ...
India plainly needs better data-protection laws, but even if the existing rules remained unchanged, the threat to liberty would be dwarfed by the gains to welfare: to people who live ten to a room, concerns about privacy sound outlandish.
Some of the resistance is principled, but much comes from the people who do well out of today’s filthy system. Indian politics hinge on patronage—the doling out of opportunities to rob one’s countrymen. [Aadhaar] would make this harder. That is why it faces such fierce opposition, and why it could transform India.
Indian fathers are feckless? Emigré Indians are clever and the stay-at-home ones are dim? Poor people don't need privacy the way Economist journalists, for example, do? "Today's filthy system"? This is the case for Aadhaar put by someone who despises India.
Along with the Economist's contempt for the Indians goes a crippling naïvety. Why would Aadhaar make corruption harder? Aadhaar could simply automate corruption. It could increase the incidence of corruption, not reduce it.
At the limit, with their butcher's thumb on the scales, UIDAI – or whoever controls Aadhaar, perhaps a cyberattacker – could choose whatever party they like to be the winner of a general election. Please see for example this cautionary tale in the Washington Post – Hacker infiltration ends D.C. online voting trial.
Investment It is wrong to insist on 100% accuracy, Mr Gelb says:
On multiple identities, no system will be able to guarantee 100 percent accuracy. Certainly not the systems in place in the rich countries where identity theft is hardly unknown! The question is not “whether it works or not” but the precision of one system versus another and relative cost-effectiveness. For some applications, such as access to a health insurance program, one might accept a modest level of duplicate or false identities. For others ...
The question is not whether it works or not ...
This looks like a call to be pragmatic.
This is the case you make for investment when you have had to abandon all the unconvincing statistics and unfulfilled promises that bedevil the biometrics industry.
Risk There is no need whatever for G&C to take the risk of endorsing biometrics. So why take it?
Their report is published by the Center for Global Development (CGD). What are G&C committing CGD to?
Publishing the bald assertoric statement "UID shows that countries with large populations can implement inclusive, precise, high-quality identity systems by using existing technology" opens CGD to the risk that biometrics salesmen will plant stories in the press with lurid headlines like:
"The time has come for the US to do its duty and deploy biometrics for all", biometrics experts Gelb and Clark, of the internationally respected Capitol Hill Center for Global Development
To be clear, that headline is invented to make a point.
The research underpinning the paper was performed by Alan Gelb and Julia Clark at the Center for Global Development. According to Gelb and Clark, civil registration systems are often absent or cover only a fraction of the population. In contrast, people in rich countries are almost all well identified from birth. This “identity gap” is increasingly recognized as not only a symptom of underdevelopment but as a factor that makes development more difficult and less inclusive.
That article appeared on the Planet Biometrics website on 15 February 2013 and, to be clear again, it concerns an earlier report by G&C, not the one being discussed here.
Planet Biometrics is a marketing organisation for the biometrics industry. CGD is already being co-opted, thanks to G&C's product endorsements, into the worldwide (planetary?) promotion of the biometrics industry.
John H. Gass hadn’t had a traffic ticket in years, so the Natick resident was surprised this spring when he received a letter from the Massachusetts Registry of Motor Vehicles informing him to cease driving because his license had been revoked ...
It turned out Gass was flagged because he looks like another driver, not because his image was being used to create a fake identity. His driving privileges were returned but, he alleges in a lawsuit, only after 10 days of bureaucratic wrangling to prove he is who he says he is ...
At least 34 states are using such systems. They help authorities verify a person’s claimed identity and track down people who have multiple licenses under different aliases, such as underage people wanting to buy alcohol, people with previous license suspensions, and people with criminal records trying to evade the law. Lisa Cradit, a spokeswoman for L-1 Identity Solutions, the largest developer of the software, said it can reduce fraud by 80 percent.
With CGD's name associated with biometrics, next time the headline could read:
Caught in Center for Global Development biometrics dragnet
You may say that that won't happen. G&C/CGD endorse composite fingerprint/iris scan biometrics, not face recognition. They're quite different propositions.
Two problems with that.
Firstly, to the mainstream media and the general public, not to mention legislators and public administrators, a biometric is a biometric is a biometric – the distinction won't come across.
Second, US-VISIT uses face recognition and fingerprints, not iris scans. How long before you see the headline:
"India has better security systems than Uncle Sam", Center for Global Development. Napolitano erupts
No doubt CGD has enough staff to defend its reputation if and when the tulipmania passes and the world falls out of love with biometrics. But why get involved in the first place?
----------
Updated: 5 June 2013, 19:02 Remember what Mr Gelb said, quite rightly:
It is far too early to assess the UID program record in delivering more effective and inclusive services.
That hasn't stopped the IT magazine ComputerWorld going for broke in the product endorsement stakes:
Computerworld Honors 2013: ID program empowers citizens in India Government program, the 21st Century Achievement Award winner for economic development, uses biometrics to assign unique identity numbers, allowing residents of India to participate more fully in society.
ComputerWorld have jumped the gun. UIDAI are getting an award for doing something they haven't done yet. Aadhaar hasn't empowered the citizens of India. UIDAI promise that it will, one day, in the future. Even they don't claim that it already has. What possessed ComputerWorld?
UID’s performance suggests that accurate, biometric-based, identification is quite feasible for large countries, including the US. (p.8)
... restated a page later as ...
UID shows that countries with large populations can implement inclusive, precise, high-quality identity systems by using existing technology. (p.9)
In his 12 May 2013 blog post Biometrics: will the Center for Global Development reconsider? DMossEsq suggested that this conclusion of G&C's needs to be qualified in at least six ways and should read "the US could safely deploy an identity management scheme based on biometrics":
"subject to an annual audit"
"apart from the possibility of cyberattack"
"and as long as we've got our maths right"
"and as long as you realise that it's not identity that's being managed"
"and as long as you're relaxed about the fact that anyone could have any number of entries on the population register"
"and the fact that the discipline of biometrics is out of statistical control"
On 21 May 2013, Alan Gelb posted a comment, which includes this:
... we hold to our conclusion that the data released provides a very significant benchmark on the capabilities of biometric systems in developing country conditions and one that should be studied carefully by other countries.
Some evidence of reconsideration
But that wasn't their conclusion.
We agree with a number of points raised by David Moss. One is the importance of releasing field performance data; other programs should be held to this standard. We recognize that biometrics is not a panacea. Our previous working paper that reviewed some 160 cases noted several problematic examples, particularly in the area of elections. It is far too early to assess the UID program record in delivering more effective and inclusive services. Where we differ from Moss is that we see the data that it has released on inclusion and accuracy as a very significant benchmark for biometric systems in developing countries, and a major advance on the use of laboratory data. These appear to be the most extensive field data released so far.
The UID data are of interest for other countries; the hypothetical example of Ughana illustrates what such a system should be able to achieve for a “typical” country with about 30 million people. It is easy to scale the results for country size. We estimated that for a country as large as India there would be somewhat over 3 million false positives during enrolment, a large number for manual follow-up but probably doable. For a small country like Haiti the number would only be around 300.
On multiple identities, no system will be able to guarantee 100 percent accuracy. Certainly not the systems in place in the rich countries where identity theft is hardly unknown! The question is not “whether it works or not” but the precision of one system versus another and relative cost-effectiveness. For some applications, such as access to a health insurance program, one might accept a modest level of duplicate or false identities. For others, such as access to a nuclear facility, we want to minimize them – just as we would want very high standards for aeroplane safety, to take the example cited by Moss. These might involve different biometrics and also passwords or other identifiers; the most demanding applications can apply whatever other additional checks they choose outside the scope of national identification. For a national ID system the reported rate of 0.035 percent for UID seems low enough to discourage most deliberate efforts to acquire multiple identities.
Any identification system will have to cope with people who are unable to enroll using biometrics and with identification and authentication errors. The UID data offer useful pointers to likely numbers.
UID does not, therefore, provide answers to every question -- it is far too early for that and we do not claim that it does. It remains to be seen how the program is or is not picked up by various applications and how it negotiates the political winds that arise with any system of identification. But we hold to our conclusion that the data released provides a very significant benchmark on the capabilities of biometric systems in developing country conditions and one that should be studied carefully by other countries.
To correct the record, we do not assert that the number of bilateral comparisons is the square of the population, n. It is 0.5*n*(n-1) which rises (as we note) with the square of n. As n becomes large, it approaches 0.5*n*n; since no identification system will cover 100% of population, we rounded n off to 1 billion for India. If we accept the field estimate of 0.057% false positive rate against a data base of 84 million, the rate for a 1:1 comparison would have to be very small, in the range of 7 in one trillion. The implied precision can only be possible with the combined use of multiple biometrics, which is another of the lessons from the UID exercise.
Alan Gelb, Senior Fellow, Center for Global Development
We agree with a number of points raised by David Moss. One is the importance of releasing field performance data; other programs should be held to this standard. We recognize that biometrics is not a panacea. Our previous working paper that reviewed some 160 cases noted several problematic examples, particularly in the area of elections. It is far too early to assess the UID program record in delivering more effective and inclusive services. Where we differ from Moss is that we see the data that it has released on inclusion and accuracy as a very significant benchmark for biometric systems in developing countries, and a major advance on the use of laboratory data. These appear to be the most extensive field data released so far.
The UID data are of interest for other countries; the hypothetical example of Ughana illustrates what such a system should be able to achieve for a “typical” country with about 30 million people. It is easy to scale the results for country size. We estimated that for a country as large as India there would be somewhat over 3 million false positives during enrolment, a large number for manual follow-up but probably doable. For a small country like Haiti the number would only be around 300.
On multiple identities, no system will be able to guarantee 100 percent accuracy. Certainly not the systems in place in the rich countries where identity theft is hardly unknown! The question is not “whether it works or not” but the precision of one system versus another and relative cost-effectiveness. For some applications, such as access to a health insurance program, one might accept a modest level of duplicate or false identities. For others, such as access to a nuclear facility, we want to minimize them – just as we would want very high standards for aeroplane safety, to take the example cited by Moss. These might involve different biometrics and also passwords or other identifiers; the most demanding applications can apply whatever other additional checks they choose outside the scope of national identification. For a national ID system the reported rate of 0.035 percent for UID seems low enough to discourage most deliberate efforts to acquire multiple identities.
Any identification system will have to cope with people who are unable to enroll using biometrics and with identification and authentication errors. The UID data offer useful pointers to likely numbers.
UID does not, therefore, provide answers to every question -- it is far too early for that and we do not claim that it does. It remains to be seen how the program is or is not picked up by various applications and how it negotiates the political winds that arise with any system of identification. But we hold to our conclusion that the data released provides a very significant benchmark on the capabilities of biometric systems in developing country conditions and one that should be studied carefully by other countries.
To correct the record, we do not assert that the number of bilateral comparisons is the square of the population, n. It is 0.5*n*(n-1) which rises (as we note) with the square of n. As n becomes large, it approaches 0.5*n*n; since no identification system will cover 100% of population, we rounded n off to 1 billion for India. If we accept the field estimate of 0.057% false positive rate against a data base of 84 million, the rate for a 1:1 comparison would have to be very small, in the range of 7 in one trillion. The implied precision can only be possible with the combined use of multiple biometrics, which is another of the lessons from the UID exercise.
Alan Gelb,
Senior Fellow,
Center for Global Development
Consider the role of government: it exists to decide the rules by which people can act, and to administer them: how much, by what method, and from whom to take resources; and how to re-allocate them.
Bit more to it than that, surely, but let's see where this bleak definition takes him.
Shakespeare wants the government to adopt a strategy for public sector information (PSI):
The strategy should explicitly embrace the idea that all PSI is derived from and paid for by the citizen and should therefore be considered as being owned by the citizen. It is the therefore the duty of government to make PSI as open as possible to create the maximum value to the nation. (p.11)
We already know that Shakespeare doesn't believe it when he says that PSI is owned by "the citizen". The citizen's property is to be expropriated and given to "businesses, especially SMEs". The citizen doesn't reap the benefit of their intellectual property. Businesses do, especially SMEs.
More or less reluctantly, the idea is forced on him, it's the government's "duty", no less. It's the government's duty to collect PSI and give it to businesses. And it's the duty of citizens to provide this data (p.14):
We should have a clear pragmatic policy on privacy and confidentiality that increases protections for citizens while also increasing the availability of data to external users. We can do this by using the developing ‘sandbox’ technologies, or ‘safe havens’ ... that allow work on data without allowing it to be taken from a secure area.
"Data should never be (and currently is never) released with personal identifiers", but you never know with Shakespeare, there might be another duty along any minute.
A duty which requires, for example, the identity to be revealed of all women who have had more than one abortion. For insurance purposes, perhaps, increased risk of cancer – one way and another, for the greater good of society.
There are all sorts of "protections" available, as Shakespeare says, like anonymisation and pseudonymisation and encryption but, with the best will in the world, they don't always work, you can't trust them. That shouldn't stop Shakespeare's plan to increase "the availability of [personal] data to external users", he says.
"A National Data Strategy for publishing PSI should include a twin-track policy for data release, which recognises that the perfect should not be the enemy of the good", we see on p.11, followed by "public sector bodies should commit to publishing all their datasets (in anonymised form) as quickly as possible without using quality concerns as an obstacle" on p.12. So when it comes to publishing your medical data, and when all the "protections" have unfortunately failed, just remember (p.15):
We currently have an unrealistic degree of expectation of any data controller to perfectly protect all our data - an attitude that inhibits innovation. Following 'best practice' guidelines should be enough, so long as we are willing to prosecute those who misuse personal data. otherwise we will miss out on the enormous benefits of PSI. [What enormous benefits of PSI? He never tells us.]
Fat lot of use it is to you if the miscreant is prosecuted after the event. It's too late by then. Your privacy has been irreversibly ruptured. Too bad. You had an "unrealistic degree of expectation". That's your problem. The National Data Strategy must proceed.
Suppose the security breach is achieved by someone abroad. Someone beyond the jurisdiction of English law. Then the miscreant can't even be prosecuted. Still the National Data Strategy must proceed. Prosecution is as irrelevant to Shakespeare's purposes as his claim that all PSI belongs to citizens.
He's not entirely ruthless, old Shakespeare. He does grant that ...
We should encourage continuing vigorous debate to achieve the right balance between the benefits and risks of open data (including whether citizens might in certain cases be enabled to opt out of open data).
... but only in brackets and only for some citizens (unspecified) in some cases (unspecified) where they may be able to opt out but, by default, everyone is opted in, it's our duty and any socially irresponsible person trying to opt out will be accused of standing in the way of Shakespeare and finding the cure for cancer. (Shouldn't that be "cures" plural and "cancers" plural? Ed)
That's personal data taken care of. No outstanding problems there. What about university research data? Back to p.9, where Shakespeare says that data scientists must ...
... recognise in all we do that PSI, and the raw data that creates it, was derived from citizens, by their own authority, was paid for by them, and is therefore owned by them ... This should be obvious, but the fact that it needs to be constantly reaffirmed is illustrated by the way that even today, access to academic research that has been paid for by the public is deliberately denied to the public, and to many researchers ... aided by university lethargy ... thereby obstructing scientific progress.
We can't have that. We can't have scientific progress being obstructed.
But it's going to be tricky.
Nigel Shadbolt is a professor at Southampton University. He has started several companies to put his research findings to work including one called Garlik, which he sold to Experian. He is paid a salary by citizens, the university is funded by citizens, you'd think that would be enough but, no, he earns more money by writing and by acting as the consultant to a TV series.
"This should be obvious", the company sale proceeds, the royalties and the fees all properly belong to citizens. The tricky bit, when Shakespeare dutifully asks for our money back, is that as the chairman and co-founder of the Open Data Institute, Nigel Shadbolt is the leading character in Shakespeare's dramatis personae.
A few questions there for the National Data Strategy but let's move on. What about data that belongs to private sector companies, rather than mere individuals or state-funded universities? Shakespeare wants that data as well, to feed to his apps.
This is all to do with evidence-based policy (p.17):
Each government department and wider public sector body should review whether the PSI that they currently hold is being used to maximum effect in developing, evaluating and adapting policy. It should explain what data it used to support any new policy and above all what data will be collected (and published) for continuous measure of its effectiveness.
Government has a duty to act responsibly with public funds, in a businesslike and rational way, and openly. No-one would disagree. The government and the civil service don't always achieve these aims. Come to that, neither does Shakespeare. Never one to let the perfect drive out the good, he's devised his National Data Strategy/Policy and now, back to front, he wants someone to go out and find the evidence to support it (p.16):
Recommendation 7 We should look at new ways to gather evidence of the economic and social value of opening up PSI and government data ...
Never mind Shakespeare, back to private sector companies and their data (p.17):
Where there is a clear public interest in wide access to privately generated data, then there is a strong argument for transparency (for example in publishing all trials of new medicines) ...
A company working with government should be willing to share information about activity in public-private partnerships, as information about activity in public-private partnerships held by private companies is not currently subject to the Freedom of Information Act. This could be greatly enhanced without the need for legislation by creating a field in procurement forms asking for the company’s open data policy regarding the sought contract.
No "need for legislation"? Just a new "field in procurement forms"? Here, Shakespeare's musings come up against a tough and unrelenting reality. He'll find the opposition from private sector companies a lot harder than anything he evidently expects from individuals and universities.
Take an example.
The UK government has a number of policies which depend for their success on mass consumer biometrics being reliable. The government's own trials proved that they're not reliable but they proceed anyway, despite the evidence and despite the admonitions of the House of Commons Science and Technology Committee. Hopelessly un-Shakespearean.
Among others, there is the government's Immigration and Asylum Biometric System (IABS). That was pursued on the basis of a successful trial of biometrics conducted on behalf of the government by IBM.
Could the public see the IBM trial report, please, asked Citizen Moss? No, said the Home Office, and the Information Commissioner's Office (ICO) agreed, citing several exemptions to disclosure under the Freedom of Information Act.
Citizen Moss appealed against the ICO's Decision, it's all set out here, and two years later the Information Tribunal did its duty and upheld the Decision – the IBM trial report should not be published.
IBM said the report belonged to them and not to the Home Office and if it had to be disclosed then they might never be able to work for the Home Office again. The Home Office agreed that the report belonged to IBM even though the Home Office had provided the test data (five million pairs of fingerprints) and specified the acceptance tests and awarded IBM a £265 million contract. They also agreed that they wouldn't be able to do their job if IBM and other private contractors refused to help them. It is their duty, therefore, to withhold the report.
That's the law, Citizen Moss was refused permission to appeal, it's not in Shakespeare's gift to change the law and IBM, or whoever, will not be fooled by Shakespeare's schoolboy ruse of "creating a field in procurement forms". They may simply point out that either he means it when he says that "businesses, especially SMEs" can enjoy the benefits of their intellectual property or he doesn't. Either way, they have duties to their shareholders and to the biometrics companies who participated in the trial.
According to the acknowledgements in Shakespeare's report (p.3), he polled, among others. Dixit Shah and Craig Summers of IBM UK. What did they tell him? Was he listening?
