Absurdly Open Data: ippr recommends giving organised crime open access to criminal justice systems

At first sight the ippr report on Open Justice looks attractive. But consider the recommendations in the context of the current lack of security of the systems that will be opened to view and of the technologies that will be used to access them. Yesterday I blogged on the coming fight for control over the Internet between non-Western Governments (via the ITU) and the global cartel of Internet Service Providers (via ICANN and Internet Governance Forum).

Today I had been going to blog on the need to carry forward the work started by EURIM over a year ago to unravel the confusion between Electronic Identities and Digital Signatures.

International law has been clear for over a century on the status of “Ben Bones his mark”: whether it is a smudged thumbprint, a squiggly cross or a signature written in ink, blood or analogue or digital electronic pulses. But we now have a morass of initiatives, industry and government, which muddy rather than clarify the issues.        

Then ippr raised the debate over Open Data to a new level of absurdity. Once again we need to refer back to the work done by EURIM over recent years on the issues that have to be addressed before the wet dreams of the enthusiasts turn into Dark Nightmares. 

The titles of the sunmmaries of some of the EURIM studies say it all:

From Toxic Liability to Strategic Asset: Unlocking the Value of Information

Improving the Evidence Base: the Quality of Information


Can Society afford to rely on Security by Afterthought not Design

As well reported in the Guardian , my successor as Secretary General, Dr Edward Phelps, has echoed my own support  for the ideals of Open Government while emphasising the need to improve the professionalism of those managing the process.

The harm done by over-enthusiastic amateurs can be every bit as great as that done by pseudo-professionals who conceal their ignorance and lack of genuine training and experience in cloaks of confidentiality.

The first integrated study to take a look at the potential benefits from the application of IT to police and justice systems was done in the mid-1970s. I may still have a copy in my files somewhere.  At the technical level it was very much more impressive than the study I led on the Computing needs of the re-organised Water Industry at the same time. But it had far less impact on subsequent developments because it failed to take account of the politics of implementation. The biggest weakness of the ippr exercise is that it fails to take account of the sophistication of those who make a very good living from corrupting our law enforcement and criminal justice systems.

A Chairman  of the Conservative Technology Forum  I applaud the breadth of vision. As a former Information Systems professional I deplore the lack of insight. 

Enhanced by Zemanta

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I've now read the document. Even without hacking, it's interesting how the proposed approach presents opportunities for misuse. Just off the top of my head:

* Whenever someone renews an insurance policy (buildings and contents, car, etc) the insurance company could check the crime maps for their postcode and adjust the premium accordingly

* If police officers are being encouraged to tweet their locations as they patrol their beat, criminals can wait until officers are at the furthest point from them before committing an offence, thus maximising police response time

* Denial of service attacks - whether by sheer volume or false crime reporting - to divert police officers' attention from genuine crime

Also, I assume the idea of tweeting from court only applies to people in the public gallery; what further measures would need to be put in place as a result of this, to keep jurors isolated from information which may prejudice their deliberations?

"You Be the Judge" appears to accord the justice system the status of a game show.

I haven't fully listed in my own notes the reasons why it woud be utterly mad to encourage victim support groups on Facebook, as such a list would be very long...

Finally, as I see all too frequently, the document glibly states "Such a service should offer victims a secure service that ensures their personal data remains confidential", apparently without considering how these aims are to be achieved.

This is a document proposing a new infrastructure with considerable potential impact on systems which are currently isolated from the public Internet, such that indirect Internet connectivity to them may be required for the services to work; it is my view that all initiatives and proposals involving security impact should consider and include at least an overview of the threat model (in this case, "threats to victims", "threats to suspects and previously convicted criminals", "threats to the police" and "threats to other parties" around regulatory, confidentiality, integrity and availability contexts) - and a threat model is very conspicuous by its absence, here.

The document and its aims are nowhere near as ill-conceived as the plans for NHS electronic patient record management, but there are certainly several areas which require further detailed consideration. Issues of adverse impact on police effectiveness, and potentially on the right to a fair trial, are completely overlooked.