Professor Angela Sasse, Professor Martyn Thomas and Dr Ian Forbes

27 FEBRUARY 2008

  Q440  Lord Peston: I understand your point about over gathering, but where you said "individuals' entitlements", I thought you were talking about public services and what I am entitled to because of my specific condition; about my specific condition; whether I am disabled or a single parent or this, that or the other means knowing very precisely who I am.

  Professor Thomas: No, it does not actually. It means knowing what your specific condition is.

  Q441  Lord Peston: Therefore a fortiori I would have thought your argument would be the reverse: you need to know that detail but then you need absolutely to protect it from anybody else getting near to it.

  Professor Thomas: Actually very rarely do you need to know who somebody is. If you have to have a proof of age card that shows you are entitled to buy age-protected goods, why does that need to have your name on it? There is no reason why you should communicate to somebody selling cigarettes or alcohol or letting you into a film what your name is because that is completely unnecessary.

  Q442  Lord Peston: What about my travel pass? You definitely need a proof of age to get your travel pass.

  Professor Thomas: You need a proof of age to get the travel pass. Once that has been established, it does not need to say who you are.

  Q443  Lord Peston: So everybody could use the card.

  Professor Thomas: No, you can have a photograph on it. It needs something to link it to you but it does not need to be your name.

  Q444  Lord Peston: With my photo almost anyone could get by.

  Professor Thomas: Having your name on it is not going to stop somebody else using it because your name is not tattooed on your forehead.

  Q445  Lord Peston: What I am really trying to say is that we are making a bit of a song and dance about this, when the real issue lies elsewhere. To go back to your example, you said you do not want anybody to know about your Oyster card, so you pay cash. Now that is up to you, but it does seem to me to be slightly ridiculous, if I may say so, though it is your choice.

  Professor Thomas: No, no.

  Q446  Lord Peston: You are entitled to make that choice and I am not trying to stop you. I thought we were talking about people entitled to things from the public sector where it is vital we get the right person.

  Professor Thomas: There is a fundamental point here. Most people, for most of their lives, do not need to conceal much about themselves but some people, and probably most people at some time in their lives, need to conceal something. If everybody in general gives information away, it makes it very hard for the people who have an entirely legitimate reason—they are trying to escape an abusive relationship and they do not want the details of where they are currently living to be known—and you need to give those people the freedom to behave in a way that does not immediately highlight them as somebody with a problem.

  Q447  Lord Smith of Clifton: The CRC says that the same technology is capable of affecting different individuals or different groups in very different ways and it underscores the Royal Academy of Engineering's concerns over the inequality by pointing out " ... there will be some individuals and groups who benefit and some who are harmed". Can you give some concrete examples of these differential effects? Do they raise human rights issues? How might these problems be addressed?

  Dr Forbes: There is a range of examples but not very many. One is the way that some call centres know who you are when you call and they then check you against their database, whether you are a big spending customer or not. If you are, you will get through immediately whereas everybody else gets shoved down the line and they are waiting for 15 minutes, except if you are waiting 15 minutes, you do not know that is what has happened, you do not know that is their policy and it is a clear discrimination against people on the basis of their spending power. That might be okay if you are informed, but you are not. Then, by inference, we know that discrimination occurs in very predictable ways across society within organisations. There is institutional discrimination and we are talking here about organisations which do not have to reveal what they are doing, why they are doing it, how they are doing it. They do not have to assure us that they are not being indirectly discriminatory, that is to say not meaning to discriminate against ethnic minorities or economically disadvantaged people, but that is in effect what they are doing without justification. We are talking about dealing with huge groups of people, so we could expect that some systematic disadvantage is going to be introduced just because people have not been trained to do otherwise. They are not trained to deal with data, they are not trained to deal with understanding that all organisations need to implement the social values to which we subscribe and for which there is specific law in relation to the provision of public services and private services. The predictable or usual suspects get disadvantaged here. For example, we have already had the evidence about the number of black people on the DNA database. What is that all about? That seems to me to exemplify discriminatory assumptions about a group in society; that they are more criminally active and more likely to commit crime.

  Professor Thomas: And reinforces those views.

  Dr Forbes: And reinforces those views. We know that it is in fact not the case. I guess we know since the big Sex and Race Discrimination Acts of 1975 and 1976 that unless you take active steps to reduce discriminatory behaviour it continues. In this area there are not, as far as I can see, active steps being taken by any of the organisations or required in any of the legislation to address these issues. Software programmes are being written which embed assumptions and stereotypes. The classic example of course goes way back to St George's Medical School which used to pride itself on the range and the ethnic diversity of its input until somebody looked at the programme used to select and it noticed that they offered places to the people with lower scores. If you were a woman, you got an extra 10 points. If you were from an ethnic minority you got an extra 20 points. So anybody filling out these forms was unintentionally, unknowingly, leading to a discriminatory output. Unless we know how these programmes are written and unless they are proofed in the appropriate way, then we can actually predict that they will discriminate. In my view direct action needs to be taken.

  Q448  Lord Lyell of Markyate: Why do you say that was unintentional?

  Dr Forbes: The person filling in the form gets the form, they fill in the age, the gender, the ethnic origin and behind that, the computer assigns value to it. It produces a printout, top of the list lots of white males and some white females and some very, very bright Asian candidates and they are the ones offered the places. The person doing the data entry had no idea that the programme writer put those values on at some point in the past.

  Q449  Lord Lyell of Markyate: Yes, but St George's meant it; they were intentional. That is exactly why they did it.

  Dr Forbes: Yes, the person who wrote it intended to do that and it may have been legal when it was written. This was in 1980. It may have been legal before 1976 and 1975.

  Q450  Lord Rodgers of Quarry Bank: Because the audiology technology of the House of Lords is sometimes defective I may have missed some of your replies so forgive me. Going back to the RAE report, it recommended a digital charter which would have a significant effect on the levels of trust. What effect do decreasing levels of trust have upon the democratic governability of the country? Would a digital charter add any real value to the policies, laws and other forms of protection which we already have?

  Dr Forbes: On the question of trust, this is even more complex than CCTV because it cuts in so many different directions. I do not believe there is a general decline in public trust in Government but there are specific instances in which trust goes up and down. There are so many problems here. One is that there is misplaced trust in Government to do certain things that they cannot in fact carry out. Another is a misplaced distrust which is even tougher for a Government to handle because it is doing the best it can but it does not get credit for it. There is evidence that people do not believe that big data can be secured and yet we have governments continually introducing measures to deal with big data and promising that it will be secure. That is a real problem for Government. It needs instead to be more accurate and say "We can protect this up to a point. We can put these measures in which are going to reduce the functionality in some respects or reduce the risk in other respects and we need to talk about that". A digital charter, if it were to set out some clear bases for operation, some clear guidelines which the population and the Government could talk about and agree on where they are setting the balance, would be tremendously helpful for encouraging trust in this area because the Government rely on people to give accurate information. If you are the person who says actually you are not going to give information because you do not trust this, then that can do tremendous damage to the whole exercise of gathering the data. So it is quite important that we have trust in these systems and that we have trust in the exercise itself and the purposes for which it is being developed. We see a lot of examples of CCTV being used for public benefit but we see very little data which shows how data is effective in making good government, in allocating resources effectively or efficiently. A digital charter needs to look at all those issues so that in a consultative basis it allows people to say what it is that they want from these systems, from these digital systems; what it is that they expect. We know that in terms of trust people mostly think in terms of risk; how risky it is if they give you this information. So they will trust you if they think the risk is appropriate. They do not know what the risks are most of the time; they do not know what the expectation is. It is very difficult to know, so that is why I think a charter in advance is a way of getting people to come to a settlement for the time-being, to start a process which then can be reviewed in the future and evaluated to see exactly how well we are doing here. Otherwise it is just stumbling along, we do not have any guidelines and we do not have any sense of placing ourselves. It seems to me we need these things quite urgently because of the fast proliferation of technological mechanisms and means which take data out of our control and do things with it like data-mining and cross-referencing which we do not know is happening behind the scenes but which can have a huge impact on us as citizens.

  Professor Sasse: May I add something to this which is an issue we have not raised so far and that is data quality? There is often an assumption when data is collected that it is all correct and it is all used in the right way. If you look at the reports by the Office for National Statistics, when you look at records you find that up to 40 per cent of records are either out of date or contain at least one significant false bit of information. To me that is something that should be enshrined in a digital charter, that citizens have the right to check the information Government hold about them and that it is corrected if it is not accurate. If decisions are being made about people that is one thing, but if they are made on inaccurate information that is another. We have had submissions from people who have said that their health records, for instance, incorrectly stated certain things and that they either had a very long battle to have that corrected—and that again is only something that the knowledgeable and the wealthy can afford to do—or even that they were told that there was no way that a record could be corrected if an entry was older than 90 days and therefore the best they could do was have post-its with "This patient is not an alcoholic" plastered all over the hospital to deal with the fact that the record was incorrect. That strikes me as an example of the duty of care needing to be that the records held are correct, that they can be inspected and they can be corrected.

  Q451  Baroness O'Cathain: We have the right, have we not, to ask about our credit rating?

  Professor Sasse: Yes, you have the right to see your credit record.

  Q452  Baroness O'Cathain: So really what you are saying is that it is only Government that withholds the right to see the records they hold on us. Do we have the right to see records held by anybody else on us?

  Professor Thomas: Yes, under the Data Protection Act.

  Q453  Baroness O'Cathain: But the Data Protection Act does not extend to the government information being held on us.

  Professor Thomas: It extends to a large part of Government. Unfortunately, you do not know who holds all the data so you do not know whom to ask.

  Q454  Baroness O'Cathain: I am talking about NHS data.

  Professor Thomas: Secondly, the Data Protection Act allows the organisation holding the data to charge you £10 for every database that has to be interrogated and that is just an impossible barrier to getting access to the data. You need a clear statement of who has data on you and then you should have free access to it.

  Q455  Lord Peston: I do not want to appear an anarchist, but are we not right not to trust the Government? Is that not the nature of democracy? To take the example when Viscount Bledisloe asked you about medical records, if you were to ask the public at large "Who do you trust, the Government or your doctor?" we know exactly what the answer is going to be, which is what worries one. I am a strong believer in access by the medical profession to my medical records but what I do not like is the discovery, and I am told we were doing this and I did not know, that the Government are proposing to let all sorts of other people look at my medical records. I do not want a charter, I just want that not to happen under any circumstances and that is why, having a charter, okay, is a start maybe to give you access to check the accuracy. What we want is a basic stop, stopping the Government saying "Ah, that is a good idea, let's add them and them and them and add this additional data" and so on. Is that not what we really need to do?

  Dr Forbes: One of the things that the Academy recommends is that we differentiate between the state and the Government. We allow the state to gather information about us, but we set up non-governmental authorities to hold that data so that the Government, if they want that data which is ours, has to apply and that makes it a public act, an accountable act and it is free to apply and ask for whatever it wants for whatever nefarious purpose, but then we get to know. That is the crucial thing. That is why I would use a charter: laying down these quite strict things within which everybody has to work and we understand what they are. As for trusting Government, most people are quite happy to let Government get on and do it; they do not really want to be bothered. That is a form of trust.

  Q456  Lord Peston: Yes, but it is a negative form, is it not?

  Dr Forbes: Compared with what?

  Q457  Lord Peston: Compared with asking them the straight question "Do you trust the Government?" to which the answer is going to be "No".

  Dr Forbes: With another system though; compared with what other systems, this is the one we want to trust.

  Professor Sasse: Trust is not on or off, there are degrees and in a democracy it is absolutely right that you should not trust Government blindly. However, if the trust base between citizens and Government in general is very low, it influences people's behaviour. If you look at the number of people who are actually engaged in political processes, wanting to become involved in Government, if you look at voting figures and so on, those are also things that are connected to low trust in Government and that is really not desirable.

  Q458  Lord Norton of Louth: Moving on to the RAE report's emphasis on the importance of public engagement in policy formulation, it stresses that it is very important that when discussing issues like privacy and related issues that there should be some arrangements in place that actually facilitate the involvement of citizens in policy formulation. What sort of arrangements? How feasible is it to give them that? I can see the principle but it is the operation of that principle. How does one actually achieve that?

  Professor Sasse: In my view Government has recently been very fond of just holding consultations which are effectively rubber-stamping, opinion-poll-type things. I do not have a great deal of faith in those. If you contrast them then with more detailed investigations where people actually have a chance to discuss scenarios that personally concern them and then to relate their decisions, what is reported is quite different. It needs to be a more in-depth engagement. Say, for instance, you were deciding to change the voting procedures, you cannot just ask whether you would trust the Government to put in a proper internet voting system. You would need to show people what it actually means, what it would require them to do, what somebody else can see, where it would take place. It needs to be a meaningful consultation.

  Q459  Lord Norton of Louth: I can see your point and clearly it links back to your point about trust because if people are involved in the processes, they discuss privacy, it is their input and they feel they have had some say in it, then presumably they are going to trust that mechanism more. How does one have that wider consultation? If it is consultation, it is normally the usual suspects who respond, it is not people who are generally affected by these sorts of issues. How can we actually engage people in the deliberation so they feel they are involved and actually have a meaningful input?

  Dr Forbes: This is a mass society problem and the problems that the technology brings also bring you some possibilities. I think the citizens are asked for data quite a lot and you could arrange that at certain times when a citizen is asked for data they are also asked other questions which would explicitly be about the consultation, would raise the kind of issues that people are concerned about and get their views on them, which can be very simply organised. Consultation used to be just insider groups frankly, but it is not necessarily now; in the last ten years there have been a lot of opt-in possibilities for consultation. However, there does need to be outreach work to give people the opportunity and to say you are going to collect this data but you are only going to do it if it is okay with you and these are the kinds of issues we are thinking about and these are the kinds of options that there may be and what are we missing and what do you care about? Some people do care a lot about their data and they will give you feedback and others will not and that is also data. Low voting figures can also mean that actually people think it is alright.

  Professor Thomas: There is a real problem in helping people to understand the potential for a current act to cause future damage. I do not imagine that when the Netherlands, back before the Second World War, decided to include religious persuasion in their census data, they actually imagined they were going to be invaded by the Nazis and that it would be used to round up the Jewish population. Somehow you need to help people to look ahead. It is not out of the question that a future Government would decide that it was going to introduce a taxation regime that discriminated against people who had not looked after their health in the past, for example, and it is not out of the question that they would use information from Tesco store cards in order to gather that sort of data. I do not imagine that most people signing up for a Tesco store card have in mind that that is a risk that they are exposing themselves to. They might very well decide to sign up anyway, but it does seem right that something should be done at least to raise the level of awareness about the potential when you can store such huge amounts of data and search it so very, very easily.