honestlyreal

No technology contracts bigger than £100m.

Bye-bye proprietary software monopolies–hello Open alternatives.

An avalanche of government data to generate new business opportunities and pump billions into the economy.

Fast broadband for (almost) all.

Agility, everywhere–no more risk-averse, unchangeable systems–instead, a commitment to diversity and experimentation.

Reskilling in-house tech teams, reducing dependence on external suppliers with vested interests.

And after years of false dawns, services actually joined up around–and designed for–their users.

There’s not a lot not to like, really. Is there?

Just before the election we heard a torrent of such promises. Watching the gathered geeks and entrepreneurs around me at the launch of the Conservative Technology Manifesto last March I could see tongues virtually hanging out. We weren’t just being offered the keys to the sweetshop–Francis Maude and Jeremy Hunt were pretty much proposing ripping its doors off.

How much of these sweeties have actually been delivered post-election is a story for another day (ah, the shackles of that Coalition Agreement, I’m sure…).

But over recent weeks and months we’ve seen glimpses of another what’s-not-to-like initiative. And now it’s been launched.

Midata.

[Ok, try this link. I was making a dodgy CMS point with the first one, that Google (and BIS site search!) gave me…]

So here comes the grumpy blogger to get all picky with what on the face of it is a risk-free, consumer-enriching move willingly volunteered by industry, facilitated by government, to make real people’s lives easier at no cost. (Coz there’s loads of those.)

Well, not so much of the picky, really–just an interest in shining a light into some of the corners of this debate. Because corners and angles there most certainly are.

The first thing to get to grips with is that there seem to be two big agendas wrapped up together here.

Both can be connected to the words “me” and “data”. But they seem to be quite different in their nature and purpose. That’s always a recipe for confusion if not properly unpacked. So let’s see what we have.

Agenda 1: better information for consumers

We have a consumer empowerment angle here, clearly. “Giving people back their data” is billed as putting the customer back in control when forming or reviewing a relationship with a vendor. For some services, especially things like utilities and telecomms, the case is very tangibly made.

We generate a lot of data in consuming the service. Understanding our consumption patterns in detail would help us when making future choices about service provider, as we’d be able to match the terms that were on offer with what we actually needed.

So far so good.

This also extends to things like preference data: as we go about buying things (and even just looking at them) we generate a cloud of information about our preferences, choices, needs and their timing. This has a value–how much, nobody really knows, though there are some florid estimates–to marketeers, and could drive better deals and more targeted, less intrusive advertising.

Agenda 2: proving your identity online

The moment we started to move transactions away from being with someone you knew personally in your village, we increased the complexity of how you prove things: who you are, can you pay, entitlement-by-residence and so on. Online, it’s pretty horrible, and attempts at building something that’s simultaneously secure and usable by normal people have foundered.

(There is more elsewhere on this blog about these issues–otherwise this post would be very long.)

Suffice to say that the current approach (which actually looks pretty promising) is that of “federated identity assurance”. Not trying to create one massive database of people information against which things can be checked, but to use information sourced from a number of existing trusted relationships, in combination, to give sufficient assurance of identity.

Which means that both these agendas are the same, doesn’t it? They both involve consumers getting their hands on personal data that’s previously been locked up in companies.

Well, actually, I don’t think it does.

Why not?

A definition of “personal data” is harder to pin down than might seem initially apparent [more here]. Lots of things that don’t look that personal by themselves (points on a map, equipment serial numbers etc.) take on a whole new power when linked to an individual.

There’s the obvious “personal facts” stuff, of course: name, address, account number etc. which usually (but not always) identify an individual.

Then there’s operational data, made much of by midata: what we’ve used, what we’re interested in, what service choices we made etc.

Releasing structured chunks of this latter type could well meet Agenda 1’s objectives. And there are design choices to be made here which will have a big impact on risk and privacy.

Would it be sufficient to get a log of mobile calls by time band and number type, for example, rather than a detailed list of numbers actually called, and precisely when they were made? The former could well be enough to allow a better contract to be found: the latter would be a potential privacy nightmare, not just for the caller, but also whom they called, if it were mislaid.

My point being that meeting a consumer empowerment agenda requires the “giving back” of information with certain characteristics–i.e. tailored to fit the way that consumer services are packaged.

But the giving back of information to help confirm an identity relationship–Agenda 2–seems to me to be a very different beast.

Because I thought the whole concept of using a number of different identity providers was that you asked them to pass confirmations of trust around–not the actual personal data itself? So one might ask a bank to confirm electronically that some submitted data matched a record that they held, but that’s not the same as handing the requestor (or indeed the individual) chunks of personal data.

So I fear that in an attempt “not to go into too much detail” we’ve got a conflation of two separate, interesting, important issues under the midata flag.

One can always argue that “it’s the principle that counts–we should establish that first, then let the clever people get on with the solutions”. Well, yes. Ok.

We did that with electronic patient records, with Post Office smartcards, with national identity cards and registers… At some point we do need a public airing of the underlying principles in a greater level of detail than the initial press release. And before a major delivery programme has been commissioned, I’d suggest.

Other than this “issue overlap” there are a few other points that strike me about midata. There is this underlying sentiment that consumers have a right to “their data”. But what is it that actually makes a particular piece of data “theirs”?

Information about usage is a hybrid of personal facts (e.g. who is the account holder?) and operational information as a consequence of service use. How far does it extend? Basic consumption patterns? Probably yes. Detailed, time-stamped records of every purchase and all parties involved? Hmm. Maybe. Serial numbers and last maintenance dates of the precise routers and masts that were used to deliver a phone call? Well, now you’re being silly, Paul.

Yes, I am, of course. But I’m trying to illustrate that the translation of this “right to data” into reality involves more than just signing a memorandum of understanding. Update: there’s a more detailed post about “Whose data is it anyway?” here now.

And then there’s the cost angle. Even if we assume that the addition of a simple bit of code will suddenly enable service providers to spit out raw chunks of data onto the Internet (aka the “it can’t be that hard to get their systems to…” fallacy argument) the midata announcement is already talking about a greater degree of sophistication: particularly the bit about “access, retrieve and store their data securely”. Who’s going to pay for that?

And do we have robust evidence that there is interest and demand for this type of data release, other than from the vociferous lobbyists with their eyes on constructing a wealth of new “personal data store” opportunities?

It’s great to see entrepreneurial spirit flourishing, but how much is this about solving real consumer problems, and how much about playing yet more variations on the “consumer as product” theme–you tell us about your interests, and we’ll give you better deals (but only as a share of what we’re really making by selling that information to other vendors).

The argument that better information increases customer choice, and therefore power, is of course another “what’s-not-to-like”. But if you take a step back, and look at the implied problem that “people don’t know which is the best deal as they’re all so complicated and people don’t really know what they use anyway…”

…would you put your energy into releasing chunks of data to help make a better match with a complicated tariff, or would you have another look at the issue of tariffs in general, and simplify them? Yes, both represent some form of intervention, and I can see the political attractiveness of the former, as (especially under a voluntary scheme like midata) it plays down the regulatory role in favour of cheerful vendors all quite happy to be a lot more transparent with their/your operational information. But one wonders just how sustainable this level of voluntary cooperation would actually be in the longer term in highly competitive markets…

That’s a bit like imagining a set of doors with fantastically complicated locks, and giving people the right to have equally complicated keys cut–rather than pushing for simpler locks in the first place.

So, a lot of questions remain. Conceptually, midata isn’t something that could or should be objected to. And this post is not written to criticise, but to suggest a few areas that need more detail and analysis.

When we see press releases that let fly with cool talk of data, empowerment and choice we should be getting a lot more eager to ask the next level of questions. What does this really mean? How will it work in practice? And what might some of the broader economic, competitive, social and privacy implications be?

Until we do, we’ll be dazzled by press releases and then a bit disappointed when delivery swings into action. And it’s usually too late by then to do much about it.

Johnny was a rebel. A real maverick of a man. Show him a system, and he’d find a way round it. All the little get-outs, he got out through. He opted out of all opt-in mailings, he had his number put on the list to avoid junk calls, he made sure as hell he wasn’t on that electoral roll that’s for sale. His email address was a miracle of concealment to fool the bots, and you’d be bloody lucky to get it. And almost nobody got anywhere near his ‘real’ online identity.

If he was a bit naughty in his car, he’d make a real song and dance about ’fessing up to who was actually driving. There had to be pictures. Of his face. If not, he’d write long letters inevitably quoting the Human Rights Act. Stopped by the coppers in Waterloo? Same thing, knowing all the right responses to give to stay just the right side of the law, and exactly what would press the frustration button of the guy in the yellow jacket.

Junk calls? He loved those – playing right into the hands of his call centre victim – baiting them further and further into revealing who they worked for, and where, while tapping away merrily on his 192.com account and his Google Maps (and other, darker sources). Until he could surprise them by telling them the name of their wife. And if really pissed off, that he was watching their house from across-Church-Street-right-at-this-minute-pal.

Always pushing things to the very edge to protect his data, and his rights. Because information was Johnny’s lifeblood. His belonged securely locked away. But others’? Especially ‘public’ information? Ah, that was a bit different. Everything had to be open. Without compromise. If the government had it (or he thought they had it) he wanted at it. If there was something out there about a corporation, he wanted it mashed-up, unpacked, aggregated, chopped every which way.

Consumer rights were a passion. He joined every pressure group he could. It was his duty to share with others, not about himself of course, but about his purchases, how he claimed his benefits, what he did to swing the right school place for his kids, and so on…

He delighted in sharing the things The Man didn’t really want you to find out. The uglier stories of corporate hell. The product reviews that told tales from inside the factory. The quicker routes to claiming from the state. Where the councillor lived, and what they got up to on the internet that they thought nobody could find out about…

He bloody loved saynoto0870.com.

He whiled away boring afternoons phoning companies to pester them into giving up geographical alternatives to those noxious money-making numbers. They hated it, he really knew they did, but he knew how to beat the scripts – where to find the weak spots. And when he struck gold, up on the site it went.

Johnny was liberating the system for the downtrodden: the people who actually lived in the same town as their bank and shouldn’t be paying national rate numbers. The bundled-mobile-minutes crowd, who were buggered if they were going to pay twice for the same call.

And so it went. Until the day the crushing pain gripped his chest. Late nights, junk food, way too much coffee – his heart was giving out. He reached for the phone. The local health practice’s 0870 number… nah, he had the ‘real’ one. – Sure, get here asap, they said. The ambulance came. On the trolley now, doctors coming and going. A bit blurry. Fading, fading. A machine – wires… something, something wrong. Shaking heads. Dark, dark, dark.

The back-up defibrillator had failed. Wouldn’t normally have been used, but the real one had gone away for repair. In the old days, when the budget allowed, they’d have got the engineer on site. But things were pared to the bone now, and there was a 24-hour turnaround contract.

Of course, the budget shortfall hadn’t been helped by the drop in all the little sources of income for the health centre. Those guys who’d found an inconsistency in the boundary records for the car park, and had clawed back all those parking charges. Oh, and the strange drop in the margin on the 08— numbers. Some clever arses had found out the local numbers and put them on the internet.

At the edge of every system, it’s the tiniest differences that swing things. Johnny had just slipped, irretrievably, over the edge. 

Game Theory fascinates me. How one’s own choices interact with those of others – sometimes with quite perverse results. This isn’t the place to give an entire take on the theory; but let’s just work with one of the core concepts: cooperation and defection.

Cooperators work the way the system says they should work. Defectors don’t play by the rules. Cooperators follow conventions, patterns, structures. Defectors deliberately ride roughshod through them. Typically, the Defector’s short-term gain from ‘cheating’ can be shown – at least in theory – to be completely unsustainable. Very often it’s possible to create a sort of morality message which shows why the rules are the way they are. And yet Defectors very often do very well…

An example: heading east on the M40, about two miles before the M25 junction you notice something strange. The nearside (~slow) lane is a queue of very slow-moving cars. The other three lanes are moving rapidly. You want to join the M25. If you Cooperate, you pull over to the far left, join the queue and just take your turn. If you Defect, you listen to a dark voice in your ear… “Go on my son, just hang in there in Lane 2, or even 3. There’s always a gap, easily enough to slip in to. And if there isn’t a gap, just force yerself in, a flash of the lights, pick on a nervous-looking lady, away you go…”

And from years of experience of this route, you know that the gap is always there. So you Defect: you wait until the last minute and carry out what is known in traffic-management-land as a ‘swoop’. And you always do better than if you’d sat in the two mile queue.

Highways designers think up all sorts of crafty schemes to try and stop this (seen those strange ‘diamond’ lane dividers?) but no more detail needed on this example: the lesson here is, cheat and prosper.

The crowd usually cry out at this point “Ah, but if everybody did that, there would be total chaos and everybody would be held up even more. There’d be crashes, and rude gestures, and… erm… it’s just not… right!”

So there’s clearly more to Defecting than just having a whole load of empirical evidence that there’s always big gaps between 400 and 100 yards from the point of no return before the M25 turn-off. You have to be a bit of a git as well.

Aww, I’m kidding. It’s not always called gittishness. Sometimes it’s called “being a free spirit”, sometimes “playing your own game” and sometimes “righteous warrior against systems set up to subjugate the individual”.

Now go and have a look at saynoto0870.com. Have a think about Cooperation and Defection in the light of its wonderful, enlightened, citizen-centric proposition. And we’ll be back here shortly with a fable to drum home the point…