Scott's Workblog

scott.bradley.wilson@gmail.com


attention!
This blog has moved! Go to my new blog!


May 21, 2006

I Before E: Identity & e-Portfolios

Last week's I Before E was a very interesting event (and thanks to Andy Powell for reminding me about it). The premise of the event was to try to examine the intersection of identity management and e-portfolios. It threw up some surprises, some familiar disappointments, and identified some gaps in our understanding we need to remedy.

One of the critical political topics is that of identifiers - and in particular the allocation of unique identifiers for all learners. I've been quite publicly opposed to this for quite some time, but it now looks like a "done deal".

For the record, my objections stem from two aspects of my pre-education background. Firstly, I worked in the software sector concerned with supporting the criminal intelligence community. So I know exactly how IT systems interact with policies concerned with individual liberty - and how loopholes and gray areas can be exploited through automation. Secondly, I worked in business intelligence, CRM, and data warehousing. So I know how you might exploit the presence of identifiers for analytic purposes.

Ok, so what does that mean? Well, basically, that when I state that the premises on which identifiers are justified to solve primarily analytic issues is not convincing, there is a vague possibility I might know what I'm talking about.

In analytics, the main purpose is to identify trends and correlations irrespective of individual identity - so while attributes of users may be grouped to identify trends, individuals do not need to be identified for this to happen.

On closer inspection, it seems like the primary incentive for the Unique Pupil Number is actually nothing to do with this usage of "analysis", but is actually far closer to criminal intelligence - the primary usage within government is to maintain a register of all children, so that it is possible to check that all children have been registered in school. (Presumably so parents can be told off).

Now we come onto the system aspects - if we accept that the register performs a necessary function (I'm not totally convinced yet) then why would it be necessary to extend this capability to link together all personal information? I think this is where the arguments sound particularly unconvincing, and more like a "solution looking for a problem". I'm sure it will make some operations in the civil service easier, as you could possibly avoid lots of regulations pertaining to cross-searching government databases. But is that a good thing? Sometimes things are made difficult in bureaucratic systems not simply because they are inefficient, but because requiring consideration and effort on the part of an actor is actually part of how the policy is intended to operate.

For example, I once worked on a product that, quite legally, increased the efficiency of the process by which a police force requests authority to access telecommunications records. The policy restricting this type of access was still enforced, yet made so rapid by automation that the primary mechanism by which the policy had an effect - making a senior investigating officer reflect on whether he or she really needed the data to obtain a conviction or identify a suspect - was completely circumvented by making the entire request a case of pressing a button and then selecting a plausible-sounding reason from a drop-down list.

Shane made the quite reasonable comment that, even if many government databases share unique personal keys, that this would not be a problem as policies would ensure correlations were only made where appropriate. This is both true, and slightly misleading, as the above example I think illustrates. Yes, the presence of a unique identifier within the data systems does not in itself challenge privacy policies, but it does offer an opportunity to apply automation to reduce the deterrence of policies. To such extent that perhaps correlated cross-database queries would be the norm, not the special exception for particular cases.

I'm all in favour of government being more joined up, and of making policy decisions based on better intelligence. However, I don't think unique identifiers - or, indeed, compulsory ID cards - is the answer. Analytics work extremely well using anonymized data (even analytic CRM sometimes uses this approach to protect customer privacy), and services can be personalised by presentation of the user of a preference profile as well as by storage and correlation of a persistent profile.

I can see that in some cases database correlations can prevent some very serious problems, for example gaps between social service, police, and school records can prevent the detection of serious abuse of children. However, devising effective policies and systems to manage these exceptions would be more appropriate, I feel, than in changing correlated querying into the rule - effectively turning the set of government service-use databases into a single criminal intelligence-style database correlating the behaviours of every single "learner" (i.e., everyone).

Without a far better system, policy and above all culture of privacy for citizens on the one hand and openness of processes on the other, I simply don't see how it is possible to trust the government to make effective and proper use of this technology.

Anyway, that just one of the background policy drivers, before we get into what e-Portfolios are, and how they relate to identity management at the individual, federation, national, and global levels.

Ironically, on my way back to Manchester I was stopped and searched under Section 44(1) of the Anti-Terrorism Act. This is the one where police have the right to stop and search you without any reasonable grounds for doing so. PC Curnyn (7189) was very courteous about it, although I couldn't help but wonder how closely I fit to a profile of your typical suicide bomber!

main archive