Trust in digital public services

Kevin Chalmers MBCS reports from a BCS Voices event that asked: Do we trust ourselves and our services to deliver in the digital age?

Trust was at the heart of a two-hour discussion led by Professor Bill Buchanan OBE, of Edinburgh Napier University. Part of BCS Edinburgh’s Voices events, thirty people joined Bill in a debate and discussion examining aspects of trust and governance in the digital age.

Bill Buchanan presenting at BCS Voices event

Presenting his vision, Bill provided several anecdotes to share to get the audience engaged with the Voices format; like when his son (Bill Jr.) moved away from home, and Bill Sr. had trouble voting? A quick mobile call by the polling officer and they allowed Bill Sr. to vote. No check involved. Simple, and untrustworthy. This set the stage for many similar stories.

The start of the discussion focused on why we don’t have a sufficient level of digital services in the UK. Much of the debate explored IT project failure in both the public and private sectors. The audience had a wide range of experience including banking, health and critical systems. Everyone who spoke could provide horror stories of system failure. A particular concern was the number of vulnerable systems out there. The audience considered many old systems to be out-of-date. With so much at stake in such systems how can they gain trust if they are always failing? For public IT systems, Bill’s view is that the scale is wrong. A UK system is hard. A system for Scotland not so. Indeed, Finland, Estonia and Latvia illustrate the potential. Bill showed how London allows access to personal data such as health information.

So why don’t we have these services? Some of the audience pointed to project management as a failure point. Poor processes and ideas from outdated methods lead to failure in the agile needs of today. Embracing new approaches could be a step forward.

Another problem was the lack of importance put on digital services in the public sector. Bill noted that London had a Chief Digital Officer whereas Scotland did not. Having someone responsible for digital services at the heart of government would be beneficial.

A big point of debate was around government trust. Do we trust the government with our data? If not, why not? We already take many government services on trust, such as health, social security, and National Insurance. It was unclear if we can place the same level of trust on public data services. Yet, this is a first stage. A problem raised was the lack of a UK constitution. At present, elected officials have supremacy in the UK, not the law. The audience asked if we can trust a system without an overarching rule of law.

Audience at BCS Voices event

Bill was also keen on the view of electronic voting. The audience had mixed views on electronic voting and online voting for the UK. Trust was again an issue. This had two sides: does the government trust us to vote electronically; and do we trust the government to manage an electronic voting system? Although the idea of electronic voting was appealing, the audience felt that societal challenges needed to be overcome.

A challenge seen by members of the audience was in accountability. Some have blind trust in political statements. The audience gave Brexit Facebook posts as an example. What does this mean for our trust in the government and online voting? The audience considered the impact of incorrect information hard to solve in light of the global nature of today’s platforms.

A big question was how to get a new UK trust system in place. One possible solution proposed was the introduction to a government ID system. Citizens could share information with trusted services. For example, we could share our name and address as a government service rather than filling in many independent forms. This is already part of our online profiles from Google, Facebook, etc. Many argued that a central credentials document is a good first step.

In our new age of automation and voice control, a true test of meeting this ambitious goal was easy to define for the audience. ‘OK Google’ (or similar), ‘book me a doctor’s appointment.’ This will be a challenge, but possible with today’s technology.

To make this happen, there has to be a campaign for change. The audience thought the right people needed to argue the case. Not only IT specialists, but doctors, politicians, business owners, etc. Find anyone with a stake and influence to help argue the case for digital services.

The audience also noted that any significant proposal needs public backing. The public must be in control of their digital selves. This will promote buy-in and allow ideas to move forward.

Another potential stumbling block was ensuring society was ready for full-scale roll-out of digital services.  Vulnerable groups - such as pensioners - may not be ready to use digital services. So, any new system must support existing processes. In time, the full-scale system can be provided.

A final problem raised was on the NHS. Any money not spent on doctors and nurses is not good politically at present. Any IT push would be money directed away from front-line care. Even if the benefits of improved digital services are obvious to some, it is difficult to argue against funding doctors and nurses.

Data access formed the middle of the debate. Bill had shown the data that cities are producing for open use. London, Glasgow and Leeds were doing well. Aberdeen sat at the bottom with no data. The idea of ‘smart cities’ providing digital services using these data sources was debated. The idea of a central credentials document was raised again as a possible supporter to this idea.

Towards the end of the discussion, the audience debated resilience and standards. Standards were a particular point of concern. Looking at the success of data sharing in Finland - where data sharing standards are in place - the audience believed the UK should have similar standards. There were calls for international standard bodies to step-in. Bill and other audience members see a potential role for the BCS in such standards definition.

The lack of system resilience was also raised as a concern. Again, standards were discussed. The audience asked if the standards were in place, and if so were they being met? Some of the audience believed that the Information Commissioner was not ensuring auditors were doing their job.

Members of the audience also pointed out that security is not always important in the private sector. An investment in security does not lead to a return on that investment. It is a preventative measure, which, if not a major business risk, is often ignored. GDPR was considered a possible tipping point here if it is enforced. The audience also felt IT departments need greater influence to apply their skills and professional standards. A discussion on why this is not enforced - especially as the UK has a chartered IT body - was undertaken. The views on the need for professional body membership were mixed.

Perhaps the best analogy to the discussion came towards the end. In the UK, every restaurant must show a Food Hygiene Rating certificate. It allows consumers to decide where to eat. No such scheme exists for IT products. Why is it you cannot get a certificate for IT products or services from a government body which measures security and resilience standards? If we need that much to trust our £5 lunch, maybe we need that much to trust our £50 million IT system.

About the blog

The Echoes blog showcases the best of the conversations on the BCS Voices debate platform.

See all posts by Echoes
April 2018

Search this blog