Dilemmas of Privacy and Surveillance

The Royal Academy of Engineering has just released a report entitled Dilemmas of Privacy and Surveillance Challenges of Technological Change. The report focuses on areas where the developments in IT have had a particularly significant impact on personal privacy. It gives examples of some of the harm that can be done by exposing people to these risks, for example while talking about RFID chips in British passports:

With sensitive personal details readable over a distance, it could even become possible, with appropriate antennas and amplification, to construct a bomb that would only detonate in the presence of a particular nationality or even a particular individual.

The report also covers proposed government databases holding sensitive personal information. It urges the government to prepare for failures in these systems.

There are a number of incidents in which a government or series of governments have suffered loss of trust due to poor role performance, or perceived poor performance. Crucially to the interests of this report, a number of these relate to the introduction of new technologies. For example, the implementation of a new computer system in the Child Support Agency (CSA) was considered a disaster, with many vulnerable people failing to receive child support payments due to its inadequate functioning. The failures associated with the CSA have been brought up in criticisms of plans for the NHS project ‘Connecting for Health’ which involves bringing modern computing systems to the NHS. They have also been raised in connection with the ID cards scheme and the associated National Identity Register (NIR).

Both past problems and recent difficulties mean that government is vulnerable when it comes to trust in their ability to implement a large IT project, or any other complex business change project. Of course, government is not alone in experiencing difficulties in implementing complex projects with a large IT component, but it is particularly vulnerable since its projects use public money and involve critical services such as the NHS.

The Academy calls for the government to take action to prepare for such failures, making full use of engineering expertise in managing the risks posed by surveillance and data management technologies. It also calls for stricter guidelines for companies who hold personal data, requiring companies to store data securely, to notify customers if their data are lost or stolen, and to tell them what the data are being used for. It recommends that engineering solutions should be devised which protect the privacy and security of data.