What’s the Issue?
In a world in which we are all increasingly dependent on electronic communication methods, the debate around PRISM opens up many issues related to the privacy of our citizens. But it is one which is not as simplistic as many are putting forward. It basically distils down to: the information which our governments have control over; the information which we freely release into open sources; and the information which is held on us outside our national boundaries. Never before have citizens had an opportunity to both influence how their information is being used, but also in controlling on how it is used.
While we are increasingly exposing our own information to the rest of the world, we are also, generally, moving towards methods which are under control of the citizen. It is thus their choice on exposing their own information. With Facebook, an individual may tell their friends, that they are on holiday, or on Twitter they may expose the football team that they support. The days when information was held within the confines of organisations bounded by network firewalls or within the confines of buildings, are now gone, and information now exists in many forms on us in a digital form such as in ISP logs, Twitter feeds, Facebook posts, CCTV recordings, mobile phone logs, each providing a mine of information, but when cross-correlated could give a complete time-line of our lives. One can see, in the future, that our complete lives could be placed back with full multi-media showing where the have been, who we met, what we did, and even what the weather was at any given time. The key to this will be citizen control of the provision of this storyline, where individual will have full rights to define how their information is provided to others.
Is this a Big Brother Society?
The key concept of Big Brother is that our governments are spying on us, and trying to control our lives. Generally this type of activity is nearly non-existent in the UK, where DPA defines the rights of privacy of the citizen, and where regulations such as RIPA define the context of when information from multiple sources can be used. Law enforcement professionals must thus tread a fine line, where any breaches of our rights will restrict future activities. In general, it seems that this is done well in the UK, where ISP records or CCTV records are only used within the confines of a criminal offense. Our worry would be when we open up these systems to external parties, who aim to gain some advantage of using the data. It is thus with PRISM that we see the opportunity that occurs when information is shared across judicial boundaries. Within national boundaries the usage of data is well defined within a context, but as it moves outside these, the restrictions of its usage can often be lifted.
A major difference between our Internet-enabled society and a Big Brother society is thus the move towards more citizen control of their own information. With this governments must operate within a legal framework in the how citizen data is used and how they share information across different areas. As the citizen decides on the risks that they willing to expose themselves to. Unfortunately, at present, we are in a transition phase in understanding the key risks involved with this, where users sometimes fail to understand that their information may offend their own circles-of-trust, and where social media posts can be open to those outside our trust circles.
Who’s jurisdiction are we covered by?
Another major difference in the Big Brother analogy is where a nation state has complete control of all the information held on citizens. Within our Internet-enabled world, our information is spread across the World, and often with little control over where the actual location of the information. In an age where emails, Twitter feeds and Facebook posts are stored on systems which are outside of our national boundaries, it makes the acquisition of information difficult by law enforcement difficult, as it is controlled by a different laws and regulations. Thus the scope of any spying would be restricting to monitoring network packets that flow into the Internet. This type of monitoring, though, is becoming more difficult as cloud-based email system move towards using secure connections for their communications. Thus it is almost impossible for governments outside the USA to actively examine email messages. At one time there was, though, a trace of activities on the host computer, where emails could be examined as the information was stored on disk drives. Increasingly, though, we exist within a cloud environment and use Web browsers to access our information, thus evidence trails our now stored within the Cloud, and often outside national boundaries. The acquisition of a laptop, these days, can release very little information on activities, apart from showing connections to remote cloud-based email systems. The one saving grace for investigators is that user names and passwords for cloud-based systems are often cached within the browser, giving them some form of access within a criminal investigation. Again, in the UK, the rights of access to this information by law enforcement professionals is carefully controlled, and the police in the UK understand the bounds for their rights to sensitive information held on computer equipment.
A more citizen focused society
It is a more citizen-focused information infrastructure that our public sector must start to adopt this type of approach, where we must start to question why things like our health and social care records are kept to with limited access from the citizen. The barriers to this are often due to a resistance from employees on changing their methods of work, and also the fact that many IT systems within the public sector were designed to restrict access from outside, and have very few access methods from the general public. The only way to change this is to start to trust external systems, and to support methods which the citizens trust in providing their identity.
To identify whether there was a demand for citizens to control their own data, in May 2013, Edinburgh Napier University conducted a survey on the attitudes on the access to electronic health records in the UK. With 477 respondents, 79.04% of participants said that they wanted full access to their electronic health record, while only 16.98% wanted a summary of their record, and only 3.98% wanted no access to their health record, at all. This shows that there is a strong demand from citizens to actually access their health records. Of the reasons that citizens would most like access the main reasons were:
• Check its accuracy (36.07%).
• Recall key information (32.64%).
• Add comments (15.24%).
• Make amendments (11.45%).
There is thus a strong demand from citizens to make checks on their records, along with making their own notes on their record. When asked for who should own the health record, 60.80% reckoned that the citizen should own them, which goes against the limited access that many UK citizens have to their record today, whether it be electronic or paper-based. The two main barriers on allowing access to their health record, where identified as poor security within the health care infrastructure (55.56% quoting as a strong reason), and the cost of building the IT infrastructure to support citizen access (44.89% quoting as a strong reason).
As might be expected, the main services that users would like are to view their health record (29.52%), and, closely followed by, booking appointments on-line (29.19%). These perhaps highlight a growing requirement for citizens to interface with the health care infrastructure using electronic methods.
If there is a demand for online access to services, the survey prompted for the identity provider that they would most trust. For this the results in Figure 1 show that the traditional identity providers such as Facebook, Microsoft Live, Linkedin, and so on, are not the ones that users most trust to provide their identity. It can be seen that users are most keen on using a security tool that they control in some way, and one which has a strong security procedures, similar to online banking security measures. Thus it can be seen that users are demanding a higher-level of trust for the provision of their identity in the access to their health record. This is likely to be because they want to protect the security of their own record, while supporting a fairly easy method of access. A Government method of access, while trusted more than the traditional identity providers, trails behind these methods, which perhaps shows that, while trusting the identity provision, it might not be the easiest, or most controllable, method.
When asked about the identity provider that they least trusted (Figure 2), the majority of users identified that Facebook as the least trusted (56.2%). This perhaps shows that users are becoming more educated in the understanding of trust and the way that organisations use the data gathered on individuals. Thus a provider which does not focus on identity provision, may have other reasons for proving identity, such as determining the services that they are gaining access to, so as to push relevant advertising material to them. It can also be seen from Figure 2 that Twitter and Linkedin score highly on the least amounts of trust in identity provision, which could point to recent security problems within their infrastructure, where passwords have been compromised.
It is thus a changing landscape of trust, and it can often end up being a 1:1 relationship that users have with their trusted organisations, and which can change quickly depending on changes in the environment. If trust is comprised at any time, citizens have the power to move their information to other sources. Thus if I citizen feels that their information is being used incorrectly, they can move it to sources that they trust more. A compromise in this, as has been highlighted in within the PRISM debate, can have serious consequences on the trust that citizens have in their Internet services/providers.
We have open-up our information systems, and digital information can now easily flow across both organisational and physical boundaries. Indeed, the Pandora’s box has been opened, where information can be used for the good of society, such as where a child is at risk, where attendance records could be highlighted from one information source, and this then correlated with social care records on the child having bruises, and with a police record highlighting a threat of violence in the family. Within each of these, there many not be a significant risk, but by aggregating together, the risk is highlighted. Thus there are great opportunities in aggregating information across boundaries, but we need to be careful with it, in the same way that PRISM highlights the risk, in that a strong governance infrastructure is required, which defines exactly the information that is being accessed and on the organisations and roles which are used to define these accesses.
The researchers within Edinburgh Napier University have been working on this problem for the past five years, and now have managed to extract a definition of a trust infrastructure, and then define the overall governance of the systems using enforceable rules.