• silicon.com
• Technology
• Security

By Martin Brampton, 22 November 2006 15:35

COMMENT

Data theft is rampant, we've heard again and again. This shouldn't be too surprising, says Martin Brampton, but more importantly it may be telling us something about the state of our society.

Talk of data theft has often focused on faceless criminals grabbing credit card details or emptying bank accounts. But the recent conviction of a couple who made £140,000 per year selling personal data points to the institutional tendency in misuse. And it raises deep questions about the kind of society we want.

Following the conviction, information commissioner Richard Thomas said he was investigating a number of organisations that have bought personal data and warned of raids and prosecutions. On similar lines, recent stings by television reporters have disclosed data taken from Indian call centres is for sale. Defenders of India point out that the country may well be no worse than anywhere else.

We should not be too surprised that fraud now seems endemic to the digital world. Fraud has been endemic ever since exchange began. What is of concern is whether institutional standards are falling, to the detriment of society at large.

Another angle on the issue is demonstrated in a recent survey run by YouGov for Hummingbird. It showed that 29 per cent of company directors admitted to stealing data when they left the company. Presumably some unquantified number also stole data but did not admit it. Hummingbird, a technology company, advocated a technological solution: "Businesses should stop relying on the moral code of the individual employee to ensure information capital is protected and implement the appropriate enabling information management systems to control information flow."

This comment seems mistaken in several respects. First, there is no sign that technology does much more than move problems from one place to another. At the same time, it would seem entirely unreasonable to expect company directors to hold to moral standards higher than those exhibited by companies. It is not so many years since Boeing was caught in possession of 25,000 pages of documents belonging to rival Lockheed Martin. It seems unlikely that was an isolated incident and the recent conviction suggests that companies are regularly trading in illegal data.

Indeed it would be surprising to find things otherwise, given the propensity for companies to mislead their customers and the general public. It is hard to see Enron as an exception - rather, it pushed widely adopted practices too far and came to grief as a result. There is a substantial ongoing overstatement of profits by US companies in their pre-audit accounts. And given the pusillanimity of auditors in cases such as Enron, one has to wonder about the post-audit accounts.

Is government different? Sadly, it seems not. Government seems prepared to take whatever personal data it chooses and to use it for whatever purpose it wishes. The much vaunted NHS patient record system will be loaded with patient data - whether the patient wants it or not. Critics have called it "data rape" and the judicious British Medical Association has expressed a similar sentiment in rather more words: "We believe that the government should get the explicit permission of patients before transferring their information on to the central database."

silicon.com Public Sector

Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!

The response to these concerns by the health department's IT agency is uncompromising: "Patients will have data uploaded... Patients do not have the right to say the information cannot be held."

How secure will the data be, once loaded? Pretty insecure is the general opinion, given that 250,000 people will have some level of access. And no details yet exist on implementation of promised safeguards such as the ability to review and check one's own data, or the provision of 'sealed envelope' restrictions on some data. Moreover government will retain the right to make use of any data on the vague and unverifiable assertion of 'national security'.

So it certainly seems that government and the private sector will both continue to make free with our personal data, building huge databases out of doubtfully procured material. It is also clear that technology is quite incapable of delivering on the bland assurances of accuracy and privacy that are offered to mollify the electorate. Indeed it should be obvious that the problems are not so much technological as human. Which returns us to the question of morality.

Evidence on contemporary morality is, as ever, contradictory. A study back in 2004 found that 70 per cent of employees have stolen key data. In many cases, the individual felt their own contribution to the gathering of the data justified the action. There are some signs that jobseekers are looking for employers that have good ethical policies but younger people show fewer scruples. In a recent study, 49 per cent of 16- to 24-year-olds did not consider taking things from the workplace stealing. A significant source of critical data leaks is the unhealthy combination of disgruntled employees and crooks.

None of this is helped by the bone-headed attitude of some employers. The Inland Revenue has lately put itself forward as the prime example with its excessive zeal for clear desks, and a spokesperson who asserted that employees were hired for the sole purpose of carrying out the work of the Inland Revenue and should leave their personalities at the door. Quite apart from its doubtful effect on productivity, this Gradgrindian approach is scarcely likely to win moral respect or avoid creating numbers of disgruntled employees.

The only logical conclusion to this conundrum is that while we cannot presently rely on personal morality, we need to be able to do so. Not completely, since human beings are inevitably imperfect. Personal morality has often been put in a corner as something to do with sex or putting a pound in the charity box. Or it is assumed to be pious or detached from reality. In fact, it is a set of fundamental questions about how we most effectively relate to one another in all kinds of ways. If we have lost interest in those issues, then we are in the process of creating a seriously impoverished world.