Information & Ethics committee  I agree that humans remain a weak point in many of these systems. I mentioned earlier some of the social engineering we've seen when very sensitive computer systems in the U.K. have been inappropriately accessed. While they do have protective monitoring on those systems that rais

Information & Ethics committee  Yes, of course.

Information & Ethics committee  Thank you. I think there are possibly several layers to that. One is the Estonian type of approach that we have mentioned, whereby citizens can at least see who has had access to or made use of their data. Then there is a bigger question about how much appetite government has t

Information & Ethics committee  Thank you. I think that goes back to the first question of my opening statement: what are you trying to achieve by going digital? Is it purely moving more services online and effectively still operating in a forms world, where it's not paper forms anymore but forms on a computer

Information & Ethics committee  I think that in an ideal world I would take the time to step back and ask, “How do we want our public services to be working and engaging with citizens in the next five to 10 years?” I would be just taking the time to look at everything that's going on. I've mentioned that peop

Information & Ethics committee  They first started building it back in the early 2000s, I think. I'm not sure when it reached maturity. I believe they have continued to enhance it. They added some of the secure SIMs in the mobile phones more recently, so it has been an evolving program. You're probably best to

Information & Ethics committee  I take your point about everything being in one place. Everything keeps coming back almost to Facebook and Cambridge Analytica at the moment, because it's a great example of what happens when somebody gets access to all of your data in one place, impacting not only you but potent

Information & Ethics committee  Thank you. It's difficult to know how much I can say on the cyber-attacks. Government departments are under constant attack by automated bots and agents all the time. We've also had distributed denial of service attacks. We're constantly looking at ways to engineer our way aroun

Information & Ethics committee  Yes, I think that approach would potentially work in a way the U.K. one didn't. I think it also tackles the other issue of how to find the data about me in different silos and link it back to an identity. You issue the identity. I could turn up somewhere and prove who I am, using

Information & Ethics committee  That's a very difficult question. It's the nature of computer security and systems that you only discover years later you were breached. Based on the calibre of the people I've met and what I know of their system, they have as good a series of protections as you could possibly

Information & Ethics committee  There were a variety of reasons. Some of them were around civil liberties. It was seen as a single database register of every single U.K. citizen, which is alien to U.K. culture, apart from during the Second World War when people had identity cards, which finished sometime soon a

Information & Ethics committee  Yes, exactly. It made the fundamental error of assuming that having a single identity number for everything would be a good thing in a highly computerized age, whereas the Estonian model, which is based around a unique ID but keeps your data segmented, if you like, logically wher

Information & Ethics committee  We have multiple numbers. We have a national insurance number, which is issued by the Department for Work and Pensions, which is used by them primarily. We have unique tax reference numbers used by the taxation department, Her Majesty's Revenue and Customs. We have NHS, National

Information & Ethics committee  Yes, most of them are an alphanumeric mix. The NHS number might be purely numeric, but the others are an alphanumeric mix. I'm trying to think. My national insurance number is 10 digits altogether. It's a grouping of five two-digit—

Information & Ethics committee  I agree. I think there are probably multiple solutions here. One is improving the quality of the training and awareness available to officials. The second is improving the design of some of the systems. For example, why do so many screens, when officials access them, reveal in pl