Everybody’s equal in the database state

It was Tony Blair who announced the Data Sharing Review on 25th October 2007 — in his speech on liberty — setting out the government’s belief that ‘a great prize of the information age is that by sharing information across the public sector...we can now deliver personalised services for millions of people.’  He made it sound like a home shopping service but the reality was far more personal and a lot less convenient.

The review’s remit was to focus on the government’s vision of transformational government — the database state — but only a couple of weeks previously, two data discs containing the entire child benefit database went missing. When the story broke, there was a public outcry.   Suddenly the ‘great prize’ started looking more like a poisoned chalice.  The review could hardly ignore the fiasco.   Data security now leapt to the top of the agenda. So during the consultation the prime minister requested that the review’s scope be widened to include the private sector’s handling of data as well. Richard Thomas duly complied and even though there had been little private sector consultation, it was now informally included. After all, why not tarnish them with the brush instead? 

The following year the review was published.  It talked of setting limits to the extent and purposes for which government should use personal information about citizens; of the risks that incompetent or excessive data handling could have on society and individuals. It said it understood people’s fears; they had read Orwell too, you know.  

Unfortunately the state’s use of data was never really part of the review’s agenda:  their task was not to look at ’specific projects’ or ‘make recommendations about individual data-sharing schemes’, but to review the general principles governing the use and sharing of personal data.

But the public had expected it to do just that. That was part of its remit, surely.  Indeed in a more recent independent report, Database State, carried out by the Joseph Rowntree Trust which was published in 2009, 46 government databases were identified, of which at least 12 were said to contravene the Human Rights Act and Data Protection laws, while the majority of the others were in dire need of redesign. Their verdict was damning. But the review made no such recommendations, except for one notable exception — recommendation 19:

‘The Government should remove the provision allowing the sale of the edited electoral register. The edited register would therefore no longer serve any purpose and so should be abolished...’  Data Sharing Review 2008

Hang on though, that sounds pretty ‘specific about an individual data-sharing scheme’, doesn’t it? And why the edited register?  There had been no public outcry about it — unlike some of the government databases. It didn’t make sense.

There were some other notable recommendations: Richard Thomas, the then Information Commissioner and one of the co-authors, recommended that his own office receive an increased budget, which may or may not have seemed sensible given that data now plays such a key role in society but it was not a recommendation he should have made in ‘his personal capacity’ – it sends a poor message in relation to the review’s independence. It did not look any better when he and his co-author, Mark Walport, recommended giving greater access to personal data for research. After all Mark Walport was a director of the Wellcome Trust — a leading medical research organisation. And independence was essential especially when it was proposing to fast-track legislation to enable the Secretary of State to increase rather than decrease the government’s level of data sharing.   

But where were the limits being set on the government’s use of data? It certainly needed them. Why was the edited register the only database in the frame? Surely an ‘independent’ review should have treated all data providers equally? Unfortunately it seems that when it came to handling personal data, some were more equal than others.

Given all this, it’s no surprise that it was the principal database used by the private sector which was offered up for sacrifice. Ironically the edited register breaches neither the Human Rights Act nor data protection laws; it is a consented database and more importantly ensures the public’s right to access public data — which is a human right.  

So was the edited register being made the scapegoat to divert attention away from the government’s own data activities? Whatever the truth; it reeks of double standards. Potentially the public and commercial sector could be denied access to a legal, consented national database. Perhaps the review thought that by making the private sector the fall guy the public’s fears about the state’s own data aspirations would be assuaged.

After all, data was a sensitive subject for the last government. The IT fiascos came thick and fast in recent years: lost child benefit data; failed IT systems; projects years behind schedule; intrusions into privacy. And then there were the costs, which were mounting almost as fast as the public’s distrust.  

In her acclaimed book, The Silent State — which should be required reading for any aspiring civil servant — Heather Brooke points out that £16bn a year was being spent on IT projects but only 30 per cent of them ever succeeded. Most IT projects were unworkable, too expensive and unethical. While CCTV took up 70 per cent of home office crime prevention funds  — a Lords report estimated it to be in excess of £500 million — there is no evidence to suggest it has resulted in more arrests. Then there is the much maligned DNA database — the largest in the world — which has between 500,000 and a million innocent people listed on it as well as 39,000 children. Yet it has accounted for only 0.39 per cent of crime detection.

So if the new government wants to cut back on public spending perhaps they should look here — they could save billions.  What’s more, the public are understandably fearful that — in the state’s hands — their personal data could be abused.  For some this has already been the case. Perhaps then we should be thankful that there have been so many failures.

Now it is the MoJ which is considering the future of the edited register. Since the basis for its consultation relied on the same discredited evidence that influenced the review’s recommendation — provided by the Association of Electoral Administrators, which has its own agenda for abolition — it is little wonder that many believe there was no justification for it. What’s more, those private sector companies which were given the opportunity to respond to the review are still understandably aggrieved that during the many meetings they attended there was no mention of the edited register. That recommendation seems to have been slipped in at the last minute, giving them no opportunity to respond. Rumour has it that even the ICO was in the dark until the Review was actually published. Indeed they have confirmed to us that their own policy has never been to seek the Edited Register’s abolition. After all it is consented.

At the same time the MoJ has been developing their own data project, the Co-ordinated Online Record of Electors (CORE), which would see an electronic version of the full electoral register made available to authorised users only.  Given the rather wide-ranging uses that could be made of such data — with some councils making the Full Register freely available on their council’s Intranet — the MoJ needs to tread carefully with relation to the issue of data sharing and the safeguards that would need to be in place to ensure it is not also abused. Indeed Database State considers this database to pose a real threat.  In its traffic light rating system, where Red denotes an illegal database, and green denotes an acceptable one, they had this to say about CORE: ‘Given the past abuses and potential for future harm, we rate it as privacy impact, amber.’

While the Joseph Rowntree report was suspicious of CORE, the edited register received no such criticism. It seems to be a model example: regulated, accountable, transparent and consented.  Yet it’s the one database under threat — and rather than costing billions, it actually helps generate billions for UK plc. With all that at stake it is widely anticipated that abolition could not only result in a judicial review but might well lead to a judicial review of all the government super-databases.

But there is another consequence of abolition: democratic integrity.  Since the full electoral register can only be publicly inspected in hard copy under supervision at council offices, access is limited at best. So the edited register, which is available online, serves as the only truly accessible means for the electorate to ensure the democratic integrity of the electoral roll. The recent increases in electoral fraud could not so easily be identified if the public and the media didn’t have access to it. Without that level of scrutiny, the public will no longer be in control of their democracy.

As Heather Brooke points out: ‘Information is the lifeblood of power. He who controls it controls the agenda and thus other people.’

Perhaps this was the real story behind the proposed abolition: a state that was determined to control personal data so it could track our every move from the cradle to the grave. One can only hope that the new government does indeed protect civil liberties and rein in the state’s overarching data ambitions. Scrapping the National Identity Card scheme is a start but more needs to be done and more importantly as the only publicly accessible database the edited register must be retained. After all, in the Information Age, taking away public access to public data is akin to building a Berlin Wall.  

Alexander Howard is a researcher at Parliamentary Brief.