Size matters

Non-technologists may have noticed that ‘big data’ is the most recent addition to our ever-expanding lexicon of webtwopointwhateverspeak.

Big data refers to datasets that are beyond the means of ordinary software and processing power to analyse, owing to their sheer scale and complexity.  An obvious example is Facebook; the London Data Store is another.

Commercial organisations have been collecting vast amounts of data for years; Anyone that has regularly used Gmail, a supermarket loyalty card, or shopped at Amazon, will have at least an inkling of how an organisation can i) collect data and ii) use it to target them with personalised actions.

What is new, is that in many instances the supply of data that companies and government now collect or access vastly overshadows their own ability to actually process it into useful information. It’s not only computer-processing power that is lacking; a recent report by Deloitte points to a massive shortage in skilled labour. These are however short-term barriers that will be overcome by the larger organisations, either by outsourcing data analysis to countries with a surplus of quant talent, or by simply importing that skilled labour directly.

Traditional critics of data collection have made their arguments on the grounds of individual privacy. However the era of ‘big data’ has other, potentially more sinister implications. Writing recently for The Atlantic, Alexander Furnas of the Oxford Internet Institute believes we have yet to fully appreciate the macro-implications of the information age:

“Rather than caring about what they know about me, we should care about what they know about us. Detailed knowledge of individuals and their behavior coupled with the aggregate data on human behavior now available at unprecedented scale grants incredible power. Knowing about all of us – how we behave, how our behavior has changed over time, under what conditions our behavior is subject to change, and what factors are likely to impact our decision-making under various conditions – provides a roadmap for designing persuasive technologies.”

Taken in conjunction with the popularity of behavioural economics within policy-making circles (consider the UK government’s “Nudge Unit” as a case in point) the potential applications of ‘big data’ for public policy are considerable, and deserve closer scrutiny.

The man with a $30,000 computer buried in his chest

Before you ask, no, he’s not a cyborg from the future, or a genius billionaire playboy philanthropist. Although it sounds like science fiction, this is increasingly science fact for thousands of cardiac patients across America and around the world.

Hugo Campos has an Implantable Cardioverter Defibrillator (ICD) attached to his heart. He suffers from a relatively common heart condition and needs the ICD to facilitate electric therapy in the event of irregular heart activity.

The same device also streams a great deal of complex information back to its manufacturer, information that the implantee  is unable to access directly. Even though the ICD is implanted into his own chest and regularly transmits data about him out of it, Hugo has to rely solely on his doctor, who actually doesn’t have access to the complete real-time “raw data” either, instead an interpreted dataset from the manufacturer.

Personal data doesn’t get more personal than this. When Mr Campos approached the ICD’s producer and requested direct access to the information being beamed out of his own chest cavity, he was refused. (See “Top Five Excuses ICD Manufacturers Use to Justify Not Releasing Data to Patients” and also “Five Reasons Why Patients with Implantable Defibrillators Deserve Their Data”)

In response, he disabled the transmission entirely and by his own admission is now risking his health to make a political statement: “I will not be monitored remotely if I am not made part of this data loop.”

It is not clear how much and what type of data is being excluded from the manufacturer’s dataset, and consequently its ultimate usefulness is unknown. Mr Campos argues that at the very least he has the right to see it, and determine this for himself. “We get all our financial data — why is it different with health care? Patients should be empowered to take care of their lives.”

The information age has transformed our expectations. In years gone by we would trust our physicians to know best; we had little choice. Today, Hugo Campos represents a growing e-patient movement who want to break away from the total dependency inherent within the traditional doctor-patient relationship.

Of course, in order to be denied access to data, the data has to be there in the first place. Globally – nobody has precise figures – it’s fair to say that many people with high-risk hypertrophic cardiomyopathy cannot access, let alone afford an ICD, or are simply not diagnosed in time.

Nevertheless, it’s hard to shake the feeling that Mr Campos has a point.

Profit versus privacy

As recently remarked on over at the Bits blog, tech companies like Facebook are increasingly fond of making the “economy versus privacy” argument. It goes something like this:  Because they create jobs and generate growth in an otherwise bleak landscape of rising unemployment and negative growth, it would be foolish to burden innovative technology firms with privacy laws that could jeopardise these rare economic boons. Facebook has commissioned a study to this end, suggesting the company brings £2.2 billion to UK PLC and supports a further 35,200 jobs in sectors that are dependent on the popular social networking site. Their CEO Sheryl Sandberg recently commented “we want to make sure we have the right regulatory environment — a regulatory environment that promotes innovation and economic growth.” Mark Zuckerberg has in the past also not shied away from expressing his belief that privacy is no longer a social norm.

Today, the European Commission formally proposed amendments to the 1995 Protection of Personal Data Directive.  These proposals include a “right to be forgotten” clause, allowing people to delete their personal information from a website if there is no legitimate basis for the company to retain it. Facebook claims however that far from wanting to delete their personal data, most Facebook users prefer having their details retained indefinitely. According to Richard Allan, Facebook’s Director of European Policy, “they want us to give them a guarantee that data will remain available in ten or 15 years’ time so they have a record of how things changed over time.” The UK Information Commissioner’s Office (ICO) also appears sceptical of an ‘rtbf’ clause, fearing that it could “mislead individuals and falsely raise their expectations, and be impossible to implement and enforce in practice.”

Sandberg, Zuckerberg and Allan frame the privacy debate as progress and economic prosperity versus anachronism and bureaucracy. As these amendments are debated over the coming months, we will get some measure of exactly just how anachronistic privacy really is to Europeans.

Protecting Data Protection: accounting for human error

Following recent revelations made by The Mirror, Oliver Letwin has undoubtedly been forced to adopt a more conventional filing system.  On approximately five separate occasions throughout September and early October the Prime Minister’s policy advisor (and MP for West Dorset) was seen discarding handfuls of paper work into public bins close to Downing Street.  Whilst the various correspondences and documents were clearly considered to be redundant or unimportant by the MP, for The Mirror they were journalistic gold, and were therefore retrieved from amidst empty Coke cans and used train tickets.  Totalling in excess of 100 sheets, the papers allegedly relate to a diverse array of individuals (including the Dalai Lama, Philip Green, Tony Blair and Letwin’s own constituents) and topics (from “The Big society” to al-Qaeda and British security).

There is no doubting that Oliver Letwin’s actions went against protocol, eliciting an apology from the MP and described as “not a sensible way to dispose of documents” by a No.10 spokeswoman.  Indeed whilst the Cabinet Secretary, Gus O’Donnell, has stated he is satisfied that none of the papers in question were of a classified or sensitive nature, the Information Commissioner’s Office is, nonetheless, investigating the case to deduce whether or not Letwin’s actions were in breach of Data Protection Laws.

“Bin-gate” was not however the only (potential) breach of data protection to have been discovered in the past few weeks, though it certainly received the most national media attention.  A housing group based in Dorset (Letwin’s neck of the woods) was found to have emailed the personal details of 200 employees to the wrong external email address clearly breaching data protection.  Furthermore in Scotland, the Dumfries and Galloway council accidentally published the names, salaries and dates of birth of almost 900 employees (past and present) in response to an FOI request.  The information could be viewed on the council’s website for over two months and was only removed following complaints from a trade union and numerous individuals mentioned in the data. This accident broke the fundamental principles of data protection, intruding on the privacy of affected individuals and exposing them to identity fraudsters. It is telling (yet by no means surprising) that Oliver Letwin’s blunder has received so much more media attention, despite the fact that the severity of his actions is as yet unknown and potentially minimal.

Whilst the nature and consequences of these three cases differ, one common variable is present in all: human error.  Through misjudgement and mistakes the most basic principles of data protection fail to be upheld.  All too often we see politicians carrying confidential papers in transparent folders or hear of memory sticks holding volumes of important information being left on trains.  Incidents like these would not look out of place in an episode of “The Thick Of It”.  Fundamentally, Data Protection Laws are only as robust as the integrity of those entrusted to maintain and abide by them.

The Information Commissioner has recently called for the ICO to be given more powers to carry out compulsory data protection audits on local government, the NHS and the private sector, all of which have breached data protection repeatedly.  Speaking at the 10th annual data protection compliance conference, Christopher Graham stressed how important it is to ensure that those handling data concerning members of the general public are acting within the rules.  It will be interesting to see both whether his appeal is acted upon but also whether increased auditing can help identify or even minimize human errors which, given its nature, are particularly damaging to data protection.

Palin’s e-mails: why so bland?

They waited nearly three years for boxes of what promised to be controversial and entertaining news fodder, straight from the fingertips of the U.S. vice-presidential candidate.

“Editors, bloggers and producers were doubtless rubbing their hands in glee on the expectation that the unfiltered thoughts of Sarah Palin as expressed in her email messages would be at least as idiotic as some of the unfiltered statements that come out of Sarah Palin’s mouth when she’s in front of a camera,” wrote L.A. Times’ Dan Turner.

What they got instead is a 24,000 pageload of mundane messages. No new revelations, not even material for a laugh.

The e-mails – or at least the ones the media has managed to sift through — are so boring it makes one wonder whether Sarah Palin, conscious that the messages could potentially be perused by the public, wrote them accordingly: free of gaffes, uninformed statements and controversy. (The Guardian has asked the public to help them sift through the e-mails)

She wouldn’t be the first politician to do so.

Some researchers claim the Freedom of Information Act – which the U.S. has had more than 40 years of getting used to –  has had a “chilling effect” on politicians in Sweden and Canada. Sanitising records or making important or controversial decisions in unrecorded oral discussions may be a logical result of politicians and staff being conscious of potential public scrutiny (a study by the Constitution Unit, showed UK politicians would rather keep good records than face any negative consequences, however.)

Palin is often ridiculed for lacking media saavy and being a teleprompter addict – but she may have just outsmarted us all.

The disclosure on Friday and Monday by the state of Alaska contains e-mails from her Yahoo account, as well as the state-related e-mail from her staff’s personal and work accounts.

Until now, the documents consist of correspondence with aides, nice words for then-presidential candidate Barack Obama,  e-mails showing annoyance about certain press coverage and a picture of Palin and her husband with an Elvis impersonator.

The e-mails spanning Palin’s first two years as governor were requested during the 2008 national elections, when she was Senator John McCain’s running mate, by citizens and news organisations such as the Associated Press. By now, her aspirations are one step further up the ladder as she toys with the prospect of being president.
Almost 2,300 pages were held back due to data protection issues, however.
“Who knows what juicy tidbits we might have found had the rest been available?” Turner wrote.
It may be that the good stuff was simply redacted or withheld. It may be that a golden nugget is hidden under the crease of a photocopied e-mail printout. Maybe Palin is simply not as interesting as people seem to  think — or she just knows how to avoid FOI.

Study ranks Canadian FOI laws dead last

Canada’s The Star has cited a Unit research paper analysing FOI regimes around the world:

http://www.thestar.com/news/canada/article/918732–study-ranks-canada-s-freedom-of-information-laws-dead-last

Further information