Unintended Consequences: The Ethics of Cloud Computing

An enjoyable day at the Royal Society! The EPSRC leads of the digital economy programme for RCUK. This is a wide interdisciplinary set of activities that look in a joined up way at the benefits and risks of the digital technologies as well as their general development.

The theme of the conference was the ethics of Cloud Computing. (See #cloudmatters). The assembled mix of academics, industry and policy folk talking about these issues, made for a challenging and interesting set of debates.

My reading of the day was that no new ethical issues arise from PaaS/IaaS type services that have not arisen with the Web and Internet. However, once you get into the data layers things get complex and fraught with conflicting challenges that may lead to serious unintended consequences.

The issues of IPR, Privacy and security are widely discussed within the technical domain. Similarly, the legal issues of governance and jurisdiction are widely debated. However, when you look through an ethicists eye, an economists eye or with a policy dimension, the infancy of cloud computing is much clearer to see.

Of all the personal data issues, health records provide the most complex challenges from an interdisciplinary viewpoint.

For a child born this year, we need to think about their health record being available and accessible for 120 years or more. That is around twice as far into the future as the history of the ICT industry. The technical challenges of data formats on that timescale are not inconsequential.

Look beyond the technical and the impact of decisions we take now will have economic and societal impacts for generations to come. Let me illustrate.

While misrepresented, in my opinion, terribly by the media, the Connecting for Health IT programme to provide electronic patient records for all is both expensive and controversial.

So, in an age of austerity can we do it differently, more cheaply and with reduced risk of breaches of security?

An obvious approach is to allow individuals to sign up with private providers who will manage their records for them. The Web 2.0 approach of free to the user sounds attractive. We could reduce costs to the taxpayer while providing choice for the individual.

However, we still live in a country where 15m adults do not use or have access to the internet. This week Finland has become the first country in the world to make broadband access a Legal right Living in a country with a largely socialised system of medicine, then the challenge of universal service at the data layer is a serious political and economic challenge in such areas as health records.

At the same time, the Free and Freemium models are creaking for many service offerings. If Flickr, Linked-in or another service folded ( I am not suggesting they will, by the way)while valuable to me, the loss of data would be far less of an issue than if my health records provider failed. Increasingly active privacy campaigns around the world are likely to restrict what a service provider can put in their terms of service as allowable use of personal data. Health records will certainly be one of the most scrutinised.

Given that Health records have this challenge of longevity it is worth reminding ourselves how few companies reach 50 years of age, let alone 100 to 120 years.

So in a few years, a health records provider finds that the free model doesn’t work for them and decides to charge a nominal £50 per year per user. Say they hold 10 million peoples records.

The poorest individuals decide they cannot pay. Who steps in? Does the notion of a Universal Health record become unsustainable?

We cannot of course anticipate all potential problems. Nor should we hold back valuable technological advances because of this type of complexity.

What interdisciplinary academic research can provide for us I believe is valuable insights into areas where short term problems and decisions may create long term unintended consequences. It can provide insight into the areas where policy needs to be proactive rather than merely respond to the latest crisis.

So, how might the IT profession demonstrate its wider societal role to ensure that the benefits of Cloud Computing are delivered to the economy and wider society while minimising the downside risks?

One of the political ideas of the day is the “Big Society”. For me, what this idea is about is the role of the voluntary and private not-for-profit sector alongside the state and the private sector. I should declare an interest here, as a past Trustee of the School for Social Entrepreneurs.

The disruption of the industrial age led to a proliferation of new organisational forms: the Building Society, Mutual and Friendly Societies and the Co-Operative movement being important examples.

When IT professionals talk about the Cloud platform, the words open and collaborative are frequently used. My suggestion is that the challenge is for new organisational forms to emerge which embrace the Cloud platform’s values to build inclusive and diverse forms to reach all of our citizens and to meet their diverse needs and wants.

We are building the technology. Do we need to build the social vision? Can we afford not to?




Comments (6)

Leave Comment
  • 1
    Ariadne Tampion wrote on 14th Jul 2010

    More important, I believe, than the medium in which health records are kept, is the attitude towards them of those in authority.

    In 1993, when I fell pregnant for the first time, my doctor informed me that she did not have any records for me prior to 1983. Having a hunch as to why this might be so, I took steps to track them down, concerned that they might contain important and/or relevant information. Eventually I got to speak to an official who informed me summarily: "They will have been destroyed."

    One approach could be to allow the patient to keep a copy. One's own health will always be of far greater concern to oneself than to any bureaucrat.

    Report Comment

  • 2
    Richard Hall wrote on 14th Jul 2010

    I've always thought that rather than trying to host/store everyone's health records in one place it would make far more sense to keep the data in the hands of the data controller (the actual GP office or hospital trust or dentists practice etc).

    A new common/open XML-based data exchange format could once established be used by health services sector software vendors to enable the request for records to be routed to the correct server (in a hierarchical manner similar to that of DNS routing), and using a common/open software interface protocol (API) current software can be upgraded by the original software vendor or extended by third party software vendors to incorporate the new request/response handling functionality.

    All data sent back and forth between systems can be both XML compliant while wrapping (like an envelope protects and conceals hardcopy letters) data with PGP/GPG public key encryption. Whenever data is shared to other healthcare providers a reason must be recorded on file along with expectations for the use of the data and how long it will be locally cached/kept available on their own systems etc.

    Centralised servers could simply maintain the top-level routing information, the encryption keys for all parties exchanging data, and monitoring systems to ensure that if any participating data controller's are always available and assist with rapid troubleshooting where required.

    Participating data controllers (GP's, hospitals etc) would also be required to meet and be assessed to mandatory basic security requirements similar to the Payment Card Industry Data Security Standards (PCI-DSS).

    I'm sure there's a lot more to it than this but perhaps this could be a workable model or provide some food for thought if nothing else.

    Report Comment

  • 3
    Chris Yapp wrote on 15th Jul 2010


    Many thanks for your responses. Let me expand on the challenge in light of your comments. There is no plan to have central records and never has been despite the rhetoric around CfH/NPfIT.
    Each individual has a set of records which are not necessarily available to the GP. Optician records, dental records, Feritility records, mental Health, STIs and cancer records are not fully integrated at the GP or anywhere else. There are various permission regimes for these. I personally agree that the individual should maintain a copy of the whole record or have access to it. This however contains some huge issues. If you have power of attorney say for an ageing parent should you have full access to your parents record as their care? if so under what terms?
    If you had access you might discover things about your parents or indeed yourself that might be challenging. If you didn't you might make decisions that would have a health impact on a parent.
    Richard's, approach to the technical issues is what i am comfortable with but it will create societal and personal problems that we will have to have human protocols to deal with.

    Again, my thanks

    Report Comment

  • 4
    Allen wrote on 16th Jul 2010

    Sorry Chris but the evidence suggests that at least an attempt has been made to join up records. My nephew had reason to get his health records and they were confused with those of somebody else with the same name and DOB but completely different locality who incidentally seemed to have a rather dodgy background. The obvious dangers of using these to support treatment, of reputational damage and the fact that my nephew had seen the other person's record are not the only issues here. Richard's approach has a lot going for it.

    Report Comment

  • 5
    Chris Reynolds wrote on 16th Jul 2010

    I've worked in healthcare IT for a while now and am familiar with many of the issues we are discussing. To me though the problem is not technology. in the NHS there are legal frameworks in place that are out of date - the current government would do better to fix the legal frameworks. To give just one example (it will be different for mental health, sexual health and others), a child health record (defined as up to the age of 16) maintained by a community service, will be destroyed after 8 years, if it is not requested and accessed as a part of the patient's care by another provider. So this data/record whether paper or electronic is lost/destroyed. Given the evidence about the importance to long term health of the first five years of life, this is crazy. The legal frameworks have just not caught up with the technology.

    Report Comment

  • 6
    Gayle Calverley wrote on 16th Jul 2010

    My experience is that, particularly for mobile individuals who may use a number of providers (and which is now more the case over a person's whole lifetime), it is useful for the individual to hold a copy of their own records and to be able to refer to the original provider for more detailed information as required. For example, not all UK residents will have been treated all their life in the UK or in the same part of the UK.

    From that standpoint, the comments above seem to be contributions to different levels of an acceptable solution, interim, long-term and governance.

    As an example, I have in the past been asked " Are you the same person as this person who ..." or had aspects of my history disbelieved because they are not consistent with local conventions of that provider at the time.

    Report Comment

Post a comment

About the author
Chris is a technology and policy futurologist. Chris has been in the IT industry since 1980. His roles have spanned Honeywell, ICL, HP, Microsoft and Capgemini. He is a Fellow of the BCS and a Fellow of the RSA.

See all posts by Chris Yapp

Search this blog

February 2018