Monday, 20 August 2012

midata, the loneliest initiative in Whitehall – 3

The prospectus for midata, the new stock being touted around the market by the department of Business Innovation and Skills (BIS), offers consumers not just access to their transaction data but also control of it. Due diligence reveals that this is just hot air. Control of your data is not on the menu. This sort of deception annoys subscribers. No reputable stockbroker would back the issue and no stock exchange would list it.

There's not much more than that to say – BIS is trying to float a wrong 'un – but for train-spotters, chapter and verse are quoted below:

On 3 November 2011 the Department of Business Innovation and Skills (BIS) issued a press release about midata:
The Government today announced a ground-breaking partnership with 26 major organisations that will see them working together to deliver a new era of consumer empowerment ...

Today’s announcement marks the first time globally there has been such a Government-backed initiative to empower individuals with so much control over the use of their own data ...
Heady stuff. midata was going to empower us. What does "empower" mean?

Control. We were going to get unprecedented control over our data.

But what does that mean?

Take an example. When you book a flight, for example, the travel agent/website passes on your data to the airline. Your name and address, starting point and destination, dates and times, credit card number, expiry date and security number, your passport number, your date of birth and so on. Obviously. They have to.

• ALON, the Airline Liaison Officer Network, operated by UKBA, Airline Liaison Officers' "main tasks include the provision of comprehensive training for airline staff on the United Kingdom's passport and visa requirements as well as basic techniques of passenger profiling and forgery awareness"
• ATC, the Authority To Carry scheme operated by UKBA, based on API/PNR and watchlists, airlines and other carriers can have their authority to carry refused
• BERR, the Department of Business, Enterprise and Regulatory Reform, previously the DTI, Department of Trade and Industry
• BIODEV, an EU project to study the use of biometrics in visa applications
• Business Express, a registered traveller scheme like IRIS and miSense Plus
• CTA, the Common Travel Area = the UK + the Channel Islands + the Isle of Man + the Republic of Ireland
• DCMS, the Department of Culture, Media and Sport
• DCSF, the Department of Children, Schools and Families
• DfT, the Department for Transport
• DIUS, the Department of Innovation, Universities and Skills
• Eurodac, the "European fingerprint database designed solely to identify asylum seekers"
• FCO, the Foreign and Commonwealth Office
• Frontex, an intelligence driven "EU agency [which] complements and provides particular added value to the national border management systems of the Member States"
• HMRC, Her Majesty's Revenue and Customs
• IATA, the International Air Transport Association = 265 airlines
• Interpol, "the world’s largest international police organization, with 187 member countries"
• IPS, the Identity and Passport Service, an executive agency of the Home Office
• IRIS, the Iris Recognition Immigration System, a registered traveller scheme like Business Express and miSense Plus
• J-BOC, the Joint e-Borders Operations Centre, part of UKBA
• members of the travel, tourism and hospitality sectors
• miSense Plus, a registered traveller scheme like Business Express and IRIS
• NDFU, the National Document Fraud Unit, part of UKBA
• other organisations, professional, educational and NGOs with an interest in migration and border and visa issues
• overseas law enforcement and security agencies
• Project Semaphore, the database system operated under contract by IBM to collect and disseminate advance passenger information and passenger name records (API/PNR), this is presumably the database that will now be sited in Wythenshawe, as Jacqui Smith inadvertently told everyone, and used by J-BOC
• Registered Traveller Schemes, including Business Express, miSense Plus and IRIS, any accelerated entry scheme, often biometrics-based
• Sea Carrier Liaison, an equivalent to ALON, being considered, may never exist
• SISII, the Schengen Information System II, "a database containing alerts on stolen objects and persons who are wanted for extradition, who are missing or who are subject to an entry ban for a particular country", the UK failed to connect to SIS for several years and may similarly fail with SISII
• SOCA, the Serious Organised Crime Agency
• SPT, Simplifying Passenger Travel, "a joint initiative amongst a number of key parties involved in the passenger's journey: passengers, airlines, airports, control authorities, and technological suppliers"
• the EU
• the Four Countries Group = UK + US + Canada + Australia
• the Islamabad Consular Immigration Link Team
• the police
• the Risk Assessment Unit (RAU) in Accra, RAUs process 90% of visa applications at FCO overseas posts on behalf of UKVisas
• the Sponsored Family Visitor scheme, one of four categories of visa, the other three being tourist, business and student
• the Welcome to Britain Group, brings together "representatives from transport, travel, hospitality, border processes and public diplomacy organisations" under the aegis of VisitBritain
• UKBA, the UK Border Agency, previously the Immigration and Nationality Directorate (IND), = Home Office + FCO + HMRC
• UKTI, UK Trade and Investment, part of BERR, "can help you rise to the exciting opportunities and challenges that globalisation offers"
• UKvisas, previously a joint venture between the Home Office and the Foreign and Commonwealth Office, now part of UKBA
• VisitBritain, "Britain's national tourism agency"
But it doesn't stop there. Your data goes further. We live in a big and complicated world and if you care to read the joint Home Office and FCO paper on eBorders, you'll find that your travel data is passed on to all or some of the hundreds of organisations listed alongside.

If you had control over your personal data, you'd be able to delete it from ALON's database. If ATC had made a mistake in recording your personal data, you'd be able to correct it. You could say which individuals at BERR could see your personal data and which individuals couldn't. At BIODEV, you could say that you only want people to see if you're over 21, yes or no, not your actual birthday.

That sort of control would be revolutionary – as things stand, you have no control whatsoever over your personal data once you've handed it over. It would take a worldwide change of the law to give you control. That would be a revolution. Without that revolution, you can't properly be said to have control. Was midata intended to be a revolution?

Several of us asked Ed Davey, the minister responsible for midata at the time. There was no answer.

That was back in 2011. Now roll forward to the joint BIS/Behavioural Insights Team document, midata 2012 review and consultation.

Norman Lamb has replaced Ed Davey as the minister responsible for midata, and in his Foreword he says (p.8):
A key project in the [consumer empowerment/economic growth] strategy is ‘midata’ which aims to give consumers more control and access to their personal data.
There it is again. "Control". And this time there's an explanation (p.23):
The programme defined the initial vision and principles and adopted “TACT” (Transparency, Access, Control and Transfer) as key stages in the sharing of data ...
where "control" is defined as:
Providers give consumers the ability to correct, update, change settings, preferences, permissions etc.
Those quotations seem to suggest that a revolution is on offer.

Against that, the midata consultation issued by BIS (pp.10-19) makes no reference to consumers being able to correct or delete the data held on them by suppliers and there is no hint that the laws concerning access to that data by consumers are about to be changed in the UK or anywhere else. Despite all the talk, control does not seem really to be on offer, midata is arguably a false prospectus.

At the midata open forum held on 9 August 2012, Kirstin Green seemed to confirm that point – access is on offer but not control. If anyone is going to the 23 August 2012 open forum, or the newly arranged forums on 4 and 6 September 2012, perhaps they could check this point with her. You can invite yourself. As BIS say, "... please email midata@bis.gsi.gov.uk to attend").

No comments:

Post a comment