Wednesday 23 April 2014

You are for sale 2

That's what it said in Friday's Guardian, 18 April 2014:
The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs [HMRC] in a move branded "dangerous" by tax professionals and "borderline insane" by a senior Conservative MP.
Her Majesty's Treasury are quoted as saying:
"HMRC is committed to protecting its customers' information ..."
If they're committed to protecting their customers' information, isn't it a little odd to sell it?

Why would they want to sell it? This time the Treasury quote from an HMRC document:
"The government has decided to proceed with the proposal to remove the legal restrictions that currently limit HMRC's ability to share anonymised individual level data for the purpose of research and analysis and deliver public benefits wider than HMRC's own functions ..."
What research and analysis? What public benefits? No indication is given.

Who says this trade in our tax records is "dangerous"? Stephen Coleclough. What does he know about it? He's the President of the Chartered Institute of Taxation:
... any broadening of HMRC's powers of disclosure will inevitably lead to the identification of individuals, and a consequential breakdown in trust between HMRC and taxpayers ...
"Identification of individuals"? Surely HMRC are only talking about the "ability to share anonymised individual level data"? They are. But the Guardian quote Ross Anderson, professor of security engineering, as saying:
"Anonymisation is something about which they lied to us over medical data ..."
It's the old point, also made by Professor Martyn Thomas (para.4), that if the data really is anonymised, it's no use for research purposes and, contrarywise, if it is useful for research purposes, then it can't be anonymised. This anonymisation offered by the NHS in the case of and now by HMRC is another unicorn, like the security of the websites operated by the UK's "identity providers".

"Borderline insane", according to David Davis, but at least HMRC can't start this trade until a new law is passed. Or can they? Yes, they can. We know that, because they've already started:
HMRC has quietly launched a pilot programme that has released data about VAT registration for research purposes to three private credit ratings agencies: Experian, Equifax and Dun & Bradstreet.
Isn't that against the law? Yes. Except that HMRC found a way round it:
... the private ratings agencies, which determine credit scores for millions of people and businesses, have been contracted to act on behalf of HMRC and are "therefore treated as part of the department" ...
"Cute", you may say, "obviously HMRC have learnt a trick or two from all the tax avoiders and evaders they have to deal with".

But maybe too cute. Usually it's better to be more straightforward.

On 16 June 2014, when the New Hampshire judge sentences Mr Hieu Minh Ngo, Experian are likely to come in for a bit of criticism. The trust we can place in them as an "identity provider" in the UK and as a data broker in the US is likely to be diminished. The same must apply to HMRC if Experian are "part of the department".

By the same token, when Senator Rockefeller next convenes his Committee on Commerce, Science, & Transportation, looking into the data broker business, he may want to examine HMRC as well as Experian. At which point HMRC may wish that Experian weren't "part of the department" after all.

And then there's NHS England, of course, as noted above, with their plans.

The national director for patients and information at NHS England is Tim Kelsey. He's the one who, two months ago, had to delay the introduction of for six months to give people more time to be re-educated:
NHS England exists for patients and we are determined to listen to what they tell us. We have been told very clearly that patients need more time to learn about the benefits of sharing information and their right to object to their information being shared. That is why we are extending the public awareness campaign by an extra six months.
Earlier, the Social Research Institute of Ipsos MORI, the polling organisation, conducted an interview with Tim Kelsey, possibly in July 2012 but it's not clear, during the course of which he said:
McKinsey published a paper in May 2011, called Big Data [Big data: The next frontier for innovation, competition, and productivity] which is worth looking at.

It forecasts the potential economic value of public data in the hands of enterprise being about €250 billion per annum in Europe as a whole. The EU subsequently did its own assessment coming up with figures of around €140 billion.

We've done an extrapolation that would imply an approximate market value of about £16 billion in the UK. There are other forecasts which have suggested it may be higher.

It is a lot of money, and when you think about the net effect of, for example, improving the profitability of all SMEs [small- and medium-sized enterprises] in this country by 5%, there is real potential value in these public data assets
It's a confused mish-mash of figures but the assumption is that selling "public data assets" such as our health records would boost the economy in general and the profitability of SMEs in particular.

That assumption may be wrong.

But seemingly nothing is going to stop NHS England, HMRC and other branches of the UK government from proceeding as though it is correct, even if they have to pretend that our records will be anonymised when they know perfectly well that they won't be.

After all that hard work Ipsos MORI must be cross that the job of creating a national data strategy went to their rival polling organisation, YouGov, proprietor – Stephan Shakespeare:
Forecasting future benefits is also hard to predict. How businesses and individuals might use datasets in the future to generate new products and services and by implication impact economic growth, is equally unknown.
It's a shame Mr Shakespeare said that. It conflicts with his other claim that:
It seems a straightforward decision to invest £143m to make Trading Fund data widely available is a relatively small price to pay to leverage wider economic benefits far exceeding this by orders of magnitude.
If you can't forecast the future benefits, your claim that they will exceed any figure "by orders of magnitude" is empty. That goes for Mr Shakespeare, Mr Kelsey and HMRC equally.

They all claim that there will be research benefits as well as economic benefits if the state sells – or even gives away – our personal records.

The world already funds a lot of research. And some of it is beneficial. The argument here is that today's research doesn't get its mitts on all of our personal data – if it did, then it would be even more beneficial.

Is that true?

We laymen need a guide here.

And luckily we have Tim Harford, who "explains – and sometimes debunks – the numbers and statistics used in political debate, the news and everyday life" on BBC Radio 4's More or Less programme and who also writes for the Financial Times, see for example Big data: are we making a big mistake?:
Consultants urge the data-naive to wise up to the potential of big data. A recent report from the McKinsey Global Institute [them again] reckoned that the US healthcare system could save $300bn a year – $1,000 per American – through better integration and analysis of the data produced by everything from clinical trials to health insurance transactions to smart running shoes.
Sounds good. It obviously convinces governments. But not Tim Harford. Or David Spiegelhalter:
Unfortunately, these four articles of faith [in big data] are at best optimistic oversimplifications. At worst, according to David Spiegelhalter, Winton Professor of the Public Understanding of Risk at Cambridge university, they can be “complete bollocks. Absolute nonsense.”

... while big data promise much to scientists, entrepreneurs and governments, they are doomed to disappoint us if we ignore some very familiar statistical lessons.

“There are a lot of small data problems that occur in big data,” says Spiegelhalter. “They don’t disappear because you’ve got lots of the stuff. They get worse.”
Stephan Shakespeare suggests that if you are against releasing your personal data for research, that means you want people to die of cancer and you want children to be unhappy.

"Complete bollocks", to coin a phrase.

His blackmail attempt assumes that big data research will deliver cures for cancer and guarantees of happy children more reliably than the carefully controlled research the world already conducts. Messrs Harford and Spiegelhalter say that that assumption is false.

So does practical experience.

Professor Sir Nigel Shadbolt is the chairman of both the Open Data Institute and the Department for Business Innovation and Skills's midata programme. He set up the midata Innovation Lab to see what innovation would be inspired in practice and what economic benefits would be gained by having access to a mixture of personal data and public sector information/open data.

The results were so disappointing that the lab has never been heard from again.

We can't be sure that we'll get economic growth or fundamental research breakthroughs in return – is there any other reason for giving up our privacy?

Tim Kelsey thinks he has one.

Writing in Prospect magazine, 29 July 2009, please see Long live the database state, he had this to say:
... our public services remain unsafe and inefficient ... Overcoming this problem means taking on the powerful civil liberties lobby, which is against data sharing of almost any kind.
Many people may disagree but, in Mr Kelsey's view, public services are unsafe and inefficient. Why are they unsafe and inefficient? Again in Mr Kelsey's view, because of civil liberties – civil liberties are the enemy.

He's quite hard-nosed about this:
If the next government, of whichever party, wants a better public sector it must encourage more use of personal data; not less. What should be done? Data sharing must be made easier, first by removing the legislative obstacles to sharing government databases.
Ignoring the expert evidence of two IT professors and one President of the Chartered Institute of Taxation, he remains determined that "anonymised research data" is not an oxymoron:
The government should also pledge to publish as much new anonymised data as possible ...
He will not countenance opt-outs:
... no one who uses a public service should be allowed to opt out of sharing their records.
And if promises of privacy or confidentiality need to be broken, so be it:
Nor can people rely on their record being anonymised ...
You know where you are with Tim Kelsey.

Which is in a strange position.

Mr Kelsey flourished under the 1997-2010 Labour government. His company, Dr Foster, provided management information on NHS hospitals and in 2006 the NHS paid £12 million for a 50 percent share in Dr Foster.

Despite all the data-sharing involved in which, according to him, the NHS remains unsafe and inefficient. Not just him. We all know something of what happened at Stafford Hospital between 2005 and 2008. The problems persist. Only yesterday the Daily Telegraph told us that:
At least 1,000 hospital patients are dying needlessly each month from dehydration and poor care by doctors and nurses, according to an NHS study.
These problems aren't caused by civil liberties, they're not prevented by the armies of administrators and regulators we already have and there's no reason to believe that they would be resolved by even more Dr Foster-style data-sharing.

Mr Kelsey's enemy isn't civil liberties. It's the law. It's laws that were passed for good reasons, as David Davis reminded the Guardian, "Our forefathers put these checks and balances in place ...".

As the May 2010 general election approached, Mr Kelsey presumably thought that Labour would lose and that his luck would turn. So he left and joined – one guess – McKinsey.

But he was wrong. He can't have spotted Francis "JFDI" Maude, destined to become the Cabinet Office minister, a man who holds the wisdom of the Constitution just as much in contempt as Mr Kelsey:
"This is not a question of increasing the volume of data-sharing that takes place across government", he said, "but ensuring an appropriate framework is in place so that government can deliver more effective, joined-up and personalised public services, through effective data-linking" ...

"I want to bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone".
Massive data-sharing is exactly what the coalition government want, just like their predecessors, and by May 2011 Mr Kelsey was back in the fold, in Francis Maude's Cabinet Office, where he was appointed Executive Director of Transparency and Open Data.

And a year after that, he moved to the NHS, where he took up the cudgels for No opt-outs. No guarantee of anonymity. No upper limit on data-sharing.

Progress towards the new world was reported on by Francis Maude in the Daily Telegraph a couple of Mondays back, 14 April 2014, Britain needs to lead the digital world:
This Government is putting the digital revolution at the heart of our long-term economic plan ... We are transforming government itself, with our new digital-by-default approach. If something can be delivered online, it should ultimately be delivered only online ... why should anyone have to queue up in the Post Office to replace their passport?
"Why should anyone have to queue up in the Post Office to replace their passport?" They don't have to. Last year DMossEsq completed most of his passport renewal on-line. Just as he did 10 years before, in 2003. He didn't go anywhere near a post office. What is Mr Maude talking about? We had on-line passport renewal under the last government.
We are moving 25 of the most popular public services online ... You don't need to just take my word for it – check out what we are doing for yourself at
That's exactly what we did three weeks ago, please see Waterfall Wanderers 0 - 0 Agile Athletic. Mr Maude's Government Digital Service (GDS) has stalled. Of its 25 "exemplar" public services, one is live and 24 aren't. They seem to be stuck.


The problem is that these new digital-by-default public services need identity assurance (IDA) – service suppliers need to know who they're dealing with. And GDS can't make it work. There's no sign of IDA.

Just like ID cards and the previous government. It wasn't Mr Kelsey's "powerful civil liberties lobby" that brought down the ID cards scheme. The problem was that even with all the political support of the government and an unlimited budget, the Home Office simply couldn't make the scheme work.

GDS suffer from the same problem.

They're supposed to be the experts in designing on-line transactions and they're stuck. Meanwhile, HMRC continue to operate complex on-line transactions, as they have done for years, since long before GDS were born.

GDS were supposed to have delivered us to the market years ago, all trussed up in personal data stores, ready to sell. Not a sausage. Meanwhile, once again it's HMRC who've already got their business off the ground.


Updated 17.6.14

NHS guilty of 'unacceptable' lapses in sale of patient information to private sector

Updated 1.7.14

The midata zombie groaned the other day. The Department for Business Innovation and Skills published their Conclusions to a review of consumer access to personal data held by companies. There's good news and there's bad news.

The good news in the associated report, Review of the midata voluntary programme (p.3), is that:
... we do not think that there is a strong objective case for using our powers under the [Enterprise and Regulatory Reform] Act to require companies to release data at this time ...
No new regulations. Yet.

The bad news, also on p.3, is that:
A recent commitment from the big banks about midata should ease switching in the personal current accounts market. In the energy sector all of the large energy companies now provide access to a data file in a consistent format to their customers and the Secretary of State for Energy and Climate Change and I have recently agreed with them and third party intermediaries that they will work together towards providing third parties with automated access to consumer’s data in a safe and secure way.
The Secretary of State for Energy and Climate Change is Ed Davey, the only begetter of midata. There is no telling who "I" is, the person who agreed that "third party intermediaries" should have "automated access to consumer's data".

Who are these third parties? What data will they have automated access to? Why? What are they going to do with it? What are the supposed benefits? Did anybody ask the consumers? How would Ed Davey and "I" know if the data was accessed in a "safe and secure way"?

Updated 10 August 2016

Two years after the last time, the midata zombie groaned again the other day:
Watchdog ‘missed golden opportunity’ to shake up banking

Measures to improve competition in high street banking by making it easier for customers to compare offers online have been attacked for not going far enough.

Rejecting radical measures such as breaking up big banks or ending free in-credit banking, the Competition and Markets Authority yesterday ordered banks to share customers’ information with third parties from 2018 to make it easier for them to find better deals.

Andrew Tyrie, chairman of the Commons Treasury select committee, said: “I’m not optimistic that the CMA’s remedies will get to the heart of the problem. The CMA is relying on the rolling out of new technology to do the heavy lifting on competition. But many customers will not have the tools or skills to do this.

“Customers are also understandably wary of the data-sharing required for this to be effective” ...
Somewhere out there, there are still children who believe in the magic of open data.

No comments:

Post a Comment