On 14 January 2011 23:01, Mark Pack <[email protected]> wrote: > You make some very good points Francis, but I think it's not quite as cut > and dried as: > "So, in my view, either data is something that you are happy with > being public or not. There really isn't room for a middle way."
I think you misunderstood what I have suggested. Its an important point so I'll deal with it. > Privacy isn't a simple "it's either fully private or it's not" option, as > there are different and overlapping levels. The existing electoral register > is a good example. Someone who has fled from an abusive partner can get an > anonymous entry on the electoral register so that (a) they can still vote, > but (b) there is an official, confidential record of where they are living. > That record isn't 100% secure - an abusive partner trying to track them down > might break into a council office, bribe an employee, hack into a system > etc. But it is far more secure and private than if the person's address was > published in the electoral register which is available at the council > offices and in the local library. "Private" and "impossible to access" or "secure" are not synonymous, nor did I intend them to be. The data which links individuals to their addresses that forms a part of the electoral register is not public. It is private (it is lawfully accessible only to certain people in certain ways). In this case we have made a policy decision that the fact that someone lives at a particular address is sufficiently private that it should not be public data unless they chose it to be (as some people do of course). Now the fact that data is not public does not mean it is not open to abuse (for example health and police databases are much absued), but that is not a relevant consideration for this discussion. My point is that a fact, such as that I am the registered title holder of my leasehold should either be public or private. The situation at the moment is that it would be hard, but not impossible, for someone to discover which property I owned by brute force (knowing roughly where I live and sufficient resources would get it). That, in my view, is unprincipled nonsense from a privacy point of view. Either my ownership of this property should be public or not, rather than live in the half-world of infeasibility. The reason this is difficult is that the existing database - the land registry - doesn't do the job it is intended to do at all well. It records my name, by my name is not a unique identifier for me, and it records nothing else that would uniquely identify me (hence the frauds that are committed in the name of conveyancing). In order to allow a proper use of the land registry without making my address publicly identifiable would require a deep re-think about the nature of the register. That is something there is little enthusiasm for in official circles. However, it should be possible, and relatively easy, to provide ways to avoid this problem, both for the land registry and companies house (and other similar data sets) that would not require an enormous amount of work or reorganisation. The change to the way in which directors are identified has improved matters somewhat. > In this case there is a middle way between something being completely > private (person doesn't tell anyone else where they live) and it being > public. And, judging by the small but regular use of this option, it looks > as if people in such a tragic situation do value having this option. You have misunderstood what I mean by the middle way. The problem is that *this* kind of argument is continually deployed as a reason not to make useful, important and public data available to the public freely. It is one that is sometimes deployed against making judgments available, where the argument is entirely specious. The answer is not to wring ones hands and hope that the bad guys don't have the money to do bad things (or maybe that bad things won't happen all that much because most nasty people won't be able to afford it) but to address the privacy question properly and decide what to do about it. For example, by permitting people to anonymise themselves on the electoral roll (in my view it should be opt in not opt out, but that's another matter). Francis > Mark > > On 14 January 2011 21:37, Francis Davey <[email protected]> wrote: >> >> On 14 January 2011 21:05, Mark Goodge <[email protected]> wrote: >> > >> > It works reasonably well for the land registry. The information is >> > available >> > to anyone who needs it, but the costs of creating a full database would >> > be >> > prohibitive even for large corporations. >> >> Its available, but its _expensively_ available. Sometimes you need to >> search a lot of titles to be able to reconstruct information that >> really ought to be available under one. In practical terms this means >> a lot of downloads, and the cost adds up. Fine if its a big >> conveyance, but not everyone is in that position. >> >> But that's just from a normal user's perspective. There's a lot of >> information locked up in these databases that can't be got out in any >> easy way. For example, any kind of study of the nature of land >> ownership in England would want to cover a lot of the land registry, >> but would be prohibited by cost. >> >> Also, reverse searches _are_ sometimes sensible. Finding out that X is >> the director of a lot of other companies is (I think) something that X >> should not be able to hide, even if X can hide their address. >> >> > >> > I'm not suggesting that price-rationing is an ideal solution. But it is >> > one >> > option, and may possibly be more effective than some others. >> > >> >> Anonymising the data properly? Or removing particularly sensitive >> information. >> >> Really, this is about deciding what should be made public and what >> should not. The idea that only organisations with the money or effort >> to circumvent security-by-infeasibility is not (in my view) a good >> one. >> >> Eg, the liberal democrats once bulk mailed (as in posted via the Royal >> Mail) all electors in the City of Cambridge (I think it was). They did >> this without breaking any rules about getting a computer readable >> database of the electoral roll or scanning it or anything, but the >> _hard_ way by having lots of volunteers go through it by hand. >> >> So, in my view, either data is something that you are happy with being >> public or not. There really isn't room for a middle way. >> >> The debate then becomes about what is and is not suitably public >> (sorry if I'm repeating myself - I plead having been to Southampton >> today). In the case of the land registry, we don't really need to know >> names of owners, just whether two owners are the same or not, or are >> the same as some other person somewhere else in government data (both >> impossible questions to answer with the data as it is currently >> recorded of course). When conveyancing you want to check that the >> person you are dealing with has title, but there's no way of doing >> that anyway. >> >> For Companies House, its reasonable that the fact that a particular >> person is a director of a company should be public, but maybe their >> address not. >> >> -- >> Francis Davey >> >> _______________________________________________ >> developers-public mailing list >> [email protected] >> >> https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public >> >> Unsubscribe: >> https://secure.mysociety.org/admin/lists/mailman/options/developers-public/mark.pack%40gmail.com > > > _______________________________________________ > developers-public mailing list > [email protected] > https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public > > Unsubscribe: > https://secure.mysociety.org/admin/lists/mailman/options/developers-public/fjmd1a%40gmail.com > -- Francis Davey _______________________________________________ developers-public mailing list [email protected] https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public Unsubscribe: https://secure.mysociety.org/admin/lists/mailman/options/developers-public/archive%40mail-archive.com
