by Jamie Grace wrote this article.
The e-governance initiatives that Anderson et al deplored in their Database State report are not, as I’ve argued previously here in Panopticonic, malicious works of a totalitarian state – they are about deploying information in a timely and accurate manner, about citizens in need of healthcare or social care. The true risk to information security and privacy comes from individuals working to intrude illegitimately into these databases and caches of personal data. I term these individuals, rather abstractly, ‘malicious agents.’
E-governance in the UK has been shown by the authors of Database State to be managed ineptly, particularly in terms of cost:
Nick Davies – creator of Flatearthnews – highlights the damage a
particularly mercenary individual might do to privacy and sensitive
data security – ‘blagging’ (essentially, brazenly stealing) items of
sensitive personal information about notable members of the public from
unwary public-sector organisations and their employees. This personal
data can be sold to unscrupulous journalists for a profit. Even more
maliciously, the information could be used to blackmail or extort –
rather than simply expose or inform.
Andrew Pickering – writing a paper for the think-tank Knowledge Politics –
notes that it is (in my words) the malicious agent or auteur that
threatens the efficacy and security of e-governance initiatives, both
politically and in an immediate manner:
We need to protect the people from government, but to some extent
the government also needs protecting from the people. Greater public
input at all levels carries with it the potential for demagoguery and
grandstanding, to the detriment of normal civic participation. For
example, various groups might try to hijack online public consultations
for their own ends. This is catalysed by the Internet in particular,
with its premium on anonymity tending to foster abuse, falsehoods and
malicious activities.
Public-sector organisations, and the UK government, know exactly
where they stand in relation to the law that regulates the minimum
level of security needed to ensure public safety in accessing or
engaging with public e-governance. The seventh data-protection
principle – found in the UK’s Data Protection Act 1998 (c.29) – states
that:
Appropriate technical and organisational measures shall be taken
against unauthorised or unlawful processing of personal data and
against accidental loss or destruction of, or damage to, personal data.
‘Malicious agents’ – that is, ostensibly ‘bad’ people – will always
threaten to undo these ‘appropriate technical and organisational
measures’ – so how to reconcile the need to e-governance with the risks
that ‘malicious agents’ represent?
Mary Goulden, again writing for Knowledge Politics, advocates the
use of a guiding principle in deploying e-governance – that of
‘localism’. If e-governance is limited to a local level – that is, if
there are no ‘super-databases’, only regional ones – individuals acting
as malicious agents cannot undermines e-governance on such a huge
scale, or pose quite such a massive risk to personal data security.
Great article, Jamie.
We will take your cautions to heart.