Meet the people

[Dave Birch] Preparing my notes for RUSI, I was thinking about what it would take to get the public to have confidence in a national identity management scheme, and it reminded me that I took part in a very good public debate about privacy and surveillance recently. I was on a panel that included the assistant Information Commissioner Jonathan Bamford and Tom Ilube of Garlik as well as fellow Royal Academy of Engineering Working Group member Martin Thomas. It was a little unusual (for me) in that many of the audience were genuine members of the public rather than technology or sector specialists, so I thought it might be a useful service to bring some of their questions to your attention. They were a timely reminder to me about the kind of concerns that our customers will have to address to formulate successfull consumer propositions with an identity component. For example, there were a couple of questions about vehicle tracking. I’m certainly guilty of spending most of my time thinking about personal data in too few dimensions: vehicle tracking was as much a concern the the audience as people tracking. But the subtext should be noted: many of the anecdotes were about how wrong the DVLA database is, which clearly informed opinions about the people database (aka national identity register): there’s a clear distinction, as far as I can see, between the small number of people who are against government identity management because it’s just plain wrong and the much larger number of people (I might go so far as to venture, the majority) who are against it because they think the government will lose, delete, corrupt or spy on their data if they ever get the system working in the first place.

During the drinks, I got involved in a conversation about remedies, specifically the remedy of data breach legislation. I’m not sure about this — I think it deserves more reflection. Would my identity (in the limited sense of my personal data) be safer if the House of Commons Justice Committee gets its wish and has its own version of the Dangerous Dogs Act to criminalise data breaches? That’s not clear to me at all. Has extensive data breach legislation in the U.S. reduced the number or severity of breaches? Does anyone have any statistical analysis? It’s certainly true that identity theft in the U.S. appears to be falling, but I strongly suspect that that is more to do with the public taking rudimentary precautions (like not replying to the widow of former Nigerian strongman Sani Abacha to help her move $20 million from a Swiss bank account) that breach legislation.

Note to foreign readers: the Dangerous Dogs Act was a piece of knee-jerk legislation introduced in the U.K. to stop children from being killed by dogs which has done no such thing but cost a lot of money, so here in the U.K. we have taken to call any pointless and expensive legislation introduced hurriedly in response to newspaper headlines a “dangerous dogs act”.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]