Comment: Juggling issues of access

7 Sep 2005

Since the early days of e-government there has been much talk about joined-up government. I think it was Tony Blair who first used this term. The concept is simple and those of us who touted it as the great solution for transforming government knew that the technology was there to make it happen. After all, that’s what internet technologies are all about — making it possible for people and organisations to connect up to each other and remove a lot of the unnecessary noise from public administration.

There have been others, of course, who took an opposing view, seeing this new drive to connect and share information as a danger to citizens. Some even argued that the inability of organisations in the past to share information about their clients was itself a safeguard of civil rights. That’s why we have rules about data protection.

But as we all know, where there are rules there are always those who find a challenge (and sometimes a lucrative business) in discovering loopholes or ways around rules for those who don’t appreciate the underlying value or ethic and stand to gain a lot if the rules aren’t applied to them. So some people employ experts to advise them on how to minimise their liabilities and don’t see anything wrong because they are not actually breaking the rules. No mention of ethics or moral responsibilities.

But there is another school of thought that takes the view that the state, through its many arms and branches, is fundamentally about serving the same citizen and that people should behave themselves when it comes to claiming their rights. Good behaviour means not playing agencies off each other or not misrepresenting our circumstances to different agencies. So it seems to the people in this latter school that sharing information is just fine and those who have nothing to hide shouldn’t have any difficulty.

The problem with this is that there seems to be no shortage of people who are quick to hype up the Big Brother scare and get people all worked up about prying eyes. The challenge in this area is for public administrations to build a level of trust that gives sufficient comfort to citizens who have information that can and should be shared. I have argued consistently that to keep talking about identity management is to continue to reinforce the notion that the state is primarily in the business of keeping tabs on people, whereas the main issue is identity and privacy protection. I have done this because, more than ever before, the issue of privacy and privacy protection is the one that will determine whether or not we can use technology in transacting business. And the big idea behind e-government is to get more people to go online, to reduce costs and to improve the responsiveness of service deliverers.

Some work is going on in the area of data and identity privacy and we may soon see a solution that will greatly improve the level of trust. Part of the problem in the past was that privacy protection was seen as a nice-to-have option and tended to be a side issue. Indeed, the focus on data protection rules and regulations tended to shift the emphasis to compliance for compliance’s sake rather than because there was a sound and reasonable principle involved — another case of a value being clouded by rules. Privacy, however, is now being regarded as a much more central issue because success or failure of the internet experiment will ultimately depend on the degree to which people can trust the channels of access.

Anyone who is familiar with the original concept of the Public Services Broker (PSB) will remember that it incorporated a data vault — a place where people’s personal information could be stored for use in getting services. The vault was based on a principle of privacy and data protection where the people themselves own their data and it is in the control of the user or citizen rather than the agency that looks at it in the transaction of a service. While the concept was set out in the original PSB document, it wasn’t developed further — primarily because there’s still relatively little joining up going on.

However, with the PSB now coming on stream it raises the prospect of growing volumes of inter-agency traffic as joining up emerges in the service delivery area. This has brought the issue of information sharing to the surface and, more specifically, the principles that should apply to the use and treatment of personal information. The main problem with personal information is that it can get into the wrong hands if it’s not treated carefully.

While governments need to verify identities for a lot of the interactions that take place, many officials don’t need to know the identity of the citizen to process their transaction.

The solution to this may well be in the concept of digital credentials, a concept being developed by a company called Credentica in Canada. Basically, digital credentials use encryption and keys to ensure individual data items are given on a need-to-know basis (selective disclosure) and are always under the control of the owner (or subject). They also ensure the subjects themselves can’t lend their credentials to others, nor can they conceal information that agencies are entitled to share to protect against fraud.

Of course, words such as encryption and keys bring me back a few years to when everyone everywhere was talking about PKI — and when it had to be re-explained every time it was brought up (public key infrastructure). But this concept is easy to understand and is well explained on a number of internet sites. It looks interesting and may well be the answer to the PSB’s vault. So we’ll see how it travels over the next while.

By Colm Butler, director of information society policy, Department of the Taoiseach