Good morning. Thank you for the opportunity to provide evidence. I'm doing so in a personal capacity, as you've mentioned.
Consumer and citizen trust is essential if governments and businesses alike are to use technology to the benefit of us all, yet all too often we are seeing personal data being taken and misused. It's either by intent or as a consequence of poor security and privacy. Topically, the Facebook and Cambridge Analytica revelations are obviously highly pertinent to that.
We need to improve the general level of understanding about data and computing. Equally clear, there is a need to increase the understanding of the important difference between public or open data and private or personal data, which citizens wish to see better protected. In particular, we need to ensure that sensitive data, which covers everyone from vulnerable children to undercover law enforcement, is much better protected.
Much government data quality is often poor, since many people only deal with central government occasionally. It's also duplicated in many places. Government generally lacks well-developed data architectures. There's a need to map and better understand the use of data and stop believing that data sharing is a way to fix poor design.
In computing, we already have better approaches that can be used, such as zero knowledge proof, use of interfaces, encryption, authentication and authorization, and attribute or claim confirmation. Zero knowledge proof, for example, enables one party to prove to another party that a given statement is true without conveying any information apart from the fact that the statement is indeed true—for example, that I am over 21 or that I'm entitled to a particular welfare benefit.
Such computational techniques need to be embedded in the way we design systems. If they're not, the more the paper age data-sharing legacy persists in an age where computer systems operate on a scale and at a pace previously unknown, the quicker security, privacy, and trust will be degraded and fraud increased. The human and financial suffering data misuse causes is only likely to increase unless governments adopt stronger legal and technical means of protection.
One country in particular that the U.K. has looked to and learned from is Estonia. They have a good set of principles, particularly in terms of putting the citizen at the centre and organizing around them, even to the extent that citizens can see which officials have had access to their data. Transparency is I think essential to help build and maintain public trust.
In 2011 Francis Maude, MP, the then Minister for the Cabinet Office in the U.K., established the Privacy and Consumer Advisory Group. It comprised academics, privacy and security advocates, and representatives of consumer groups. Its remit was to ensure that government programs address citizen privacy, trust, and confidence, from initial policy planning to requirement specifications and through to delivery.
The group worked very well when it had the direct backing of a strong minister like Francis Maude, but after his departure some officials no longer responded to or attended the group. My recommendation would be to establish a similar expert group but have it report directly to Parliament, perhaps via a committee such as yours, so that it cannot be marginalized or ignored.
The Government Digital Service—GDS—technology code of practice is important. They set out criteria to help government design, build, and buy better technology, and it emphasizes privacy in particular, including explicitly that citizens should have access to and control over their personal data. The code still has a principle that privacy should be integral.
The prevention of cyber-attacks and the protection of data is a constant challenge, from external attacks to insider abuse, whether that's an official inappropriately accessing or using data or indeed a developer putting in place rogue code that can later be exploited. The U.K. has expert help and guidance in this regard from the National Cyber Security Centre, which is part of GCHQ.
I do have, however, a concern about inadequate privacy by design and security engineering.
Many government departments and agencies have set up their own bespoke development programs using web developers, many of whom are not trained or experienced in writing secure code. The requirement of minimal standards for software engineering quality should be considered, such as the ISO standards, the application of the Consortium for IT Software Quality, and specialist advice such as that available from the NCSC.
At the infrastructure level, there is better practice around the protection of data, both in motion and at rest. There are also strong access controls and auditing, including protective monitoring of the most sensitive systems.
A lack of understanding of technology, both the good and the bad, at the most senior levels can create gaps in policy and between intent, outcome, and legislation. Sometimes existing legislation can be a blocker to effective improvements in services and their outcomes. It's important to have a process for highlighting where legislation needs to be simplified or updated.
There can be a naive tendency amongst some politicians and officials to assume that technology can somehow magically solve complex policy or socio-economic problems. I wish that were true. The idea that technology can be a solution for everything does need to be challenged. It must never be about websites and online services, but how better digital infrastructure helps those who need face-to-face services too, and those who don't have access to modern technology.
Government can lead by example in the secure, consent-based use of data and the establishment of principles to be applied to the ethical use of data and software that acquires, processes, and utilizes it.
One of the key issues on which government should be playing a leading role is user consent: engaging and educating users to ensure their consensual participation and understanding, including of the data they are revealing, what's being done with that data, and how they can provide or indeed revoke consent.
Another key role is in the legal aspects, by ensuring legislation is adequate or by identifying work that needs to be updated to keep pace with changing technology.
Government can also play a role on the economic issues, meaning understanding the impact that better use of data and techniques such as artificial intelligence and machine learning are likely to have, both at microeconomic and macroeconomic levels, including on the potential future configuration of public services as the Internet of things and embedded health sensors become more ubiquitous.
Then there are the access and control issues of establishing a trust framework, one that spans anonymization, pseudonymization, and strong identity proofing.
I've already mentioned data quality. It's to ensure data is of sufficient accuracy and veracity to ensure that resulting decisions are coherent, particularly before building analytics and machine learning on top of unknown data quality. Users need to be provided with access to their own data to ensure their records are accurate.
Data de-identification and anonymity are known problems that already exist with anonymizing personal data successfully. This is becoming an increasingly significant and complex issue. De-identification is not the same as anonymization, and more research is needed in this area.
On data access, we need to ensure that appropriate control mechanisms for public, private, or personal data accessed by systems are in place. This includes appropriate protections ranging across security, privacy, audit, accountability, and protective monitoring.
On data veracity and integrity, how do we know that data being used by such systems can be trusted? How do we know all data have been released from the systems when we attempt to regulate or ensure they're compliant with laws of non-discrimination?
Concerning code jurisdiction, code and data are increasingly operating in the cloud or serverless environment in systems scattered across the planet. There is a need to clarify how they meet the standards required—for example, not exhibiting biased, illegal, or discriminatory behaviour or being compromised by hostile actors.
Finally, on resilience, as many services become ever more reliant upon the new generation of interconnected systems, the potential resilience to failure, whether that's caused by accidental or malicious purposes, is a significant issue. More research is required into the potential interactions, vulnerabilities, and risks of the emergent systems of systems.
If the best legal, ethical, and trust frameworks are not in place, the poorly designed acquisition and use of personal data will be discriminatory, wrong or inaccurate, biased, unaccountable, manipulative, and they will create significant security, privacy, legal, and trust issues.
However, if well applied, there is certainly an upside, which is that they can help support better policy-making, health care, education, and transport, for example, through responsive and more efficient systems.
Consistent standards of security, privacy, and software engineering, together with transparency, are required. To be successful, any digital or e-government initiative first needs to determine what it wants to achieve by going digital. Is it simply to automate existing services, or is it optimization, re-engineering, or transformation? Is it about moving resources towards the front line by taking cost out of internal operations by helping to streamline and simplify them? There needs to be clarity about exactly what the design outcomes and benefits are, rather than a simple assumption that this is something we need to do in the digital age.
I think that government can play a significant and positive role in showing how we can enjoy the upside of our digital age, rather than the downside. Rather than simply following the model of the worst of the private sector, misusing and abusing data without users' meaningful consent, government should look to raise standards. There is a chance to lead by example.
I would be happy to provide more detailed links and references after today's session if that would be useful. Thank you for taking the time to listen to me this morning.