Organising Information

25 years Anniversary Anthology
This article is a contribution to the anthology published in connection with the 25th anniversary of the Norwegian Research Centre for Computers and Law in 1995. A quick calculation will tell you that the NRCCL (or rather its predecessor) was founded in 1970. Some ten years before the advent of the PC, this was quite extraordinary for a small nation and a small Law Faculty. The NRCCL owes its existence to two men who came to have a dramatic influence on the direction of my own life: Professor Knut SELMER and Professor Jon BING. The latter then a student with extraordinary ideas, the former a professor who dared listen to the ideas and render his support to the exploration of unknown territory. I and many others are deeply grateful for the support and dedication with which they provided an academically refreshing environment at the Faculty of Law at the University of Oslo.
The article was hastily written a summer day in 1994 after I had worked with these questions only for a few years. However, rereading it years later with considerably more experience, I basically stand by what I wrote then; the text is unchanged but for a couple of corrected typos. I may not have discussed the details of aggregated information enabled by unique identification sufficiently, but I still think the advantages of controlling the information and the quality of the information outweighs the dangers of combining pieces of information using unique identifiers. The price issues were never actually resolved but I am nevertheless, glad I did not attempt to address the question.
Ola-Kristian Hoff

 

Information Organisation

Introduction

One sunny evening some years ago I walked out of the dusty and safe environment of my alma mater with a mind full of ideas on computers and law. From the quiet reading-rooms of the NRCCL, destiny for some reason landed me with a job in the Civil Department of the Ministry of Justice. And I was to work with people who concerned themselves with computers and law. Work with people who actually work with it, not only theorising about it. So I was put to work with computer systems in the courts of law and various national registers, and lots of other things. My transition from theory to practice did leave its traces. After having seen how society deals with electronic information in practice, my concerns have shifted. Among other things, and not surprisingly, Big Brother no longer appears quite as frightening; if anything, clumsy is a better word. My work has led me to believe that how we choose to organise information is of great consequence if we are to safeguard the information legally. Furthermore I believe that the quality of the information we gather and use, is paramount if society as a whole is going to cope with the information age.

What I am about to write is not really about privacy. It is a look at how we deal with the information we gather. Issues of privacy has a major influence on our actions, but unless we take a serious look at how information is organised we might put the control of information in jeopardy - and as a consequence - privacy with it.

Vast amounts of information - Big Brother perspective

One of my first revelations was how much information that is in fact gathered. Although what I have seen is a rather limited part of public sector, the amount of information is vast.

For instance: You may never have thought of them as such, but our courts of law may very well be seen as information production and processing units. Apart from the obvious - their main output, decisions - they also process other information: information about the cases themselves including parties, information about deceased residents and practically all legal information about concerning realty (as the courts in Norway also serve the function of being registrars of deeds).

The administration of the courts is handled by the Civil Department in the Ministry of Justice. (Administration is a misleading word as the courts have their constitutional independence as far as their judicial function is concerned, but let that pass for now.) The Civil Department caters to other institutions as well, the public prosecuting authority, the Data Inspectorate, a central body of registration called Brønnøysundregistrene and (to a certain extent) the offices for enforcement of claims. As well as performing various other important tasks, paying my wages being one of them.

All in all this same Civil Department is basically in charge of all information in the legal system with the exception of information specific to police work and the penal system. Some of this information is gathered in national registers: among them you will find:

This information - most of it gathered for some legal purpose - is also the information I have come to know, with a view from the top (that is, the executive branch of government). The information is usually gathered for a specific purpose, and more often than not, based on a traditional view of information; that information is contained in static strings of characters in leather-bound ledgers.

I'll have a look at this later, but let me assume the other perspective for a moment.

Vast amounts of information - Little Brother perspective

Travels in cyberspace and the hazards of modern life

Unfortunately I don't really get to travel a lot. So I find consolation in the fact that my name seems to get around. Every day I have the pleasure of finding interesting letters in my mailbox, from all sorts of organisations - most of them hinting all sorts of nice things about me: my luck (lotteries), my generosity (charities), my importance (you'd be surprised) etc. I am rather touched that all these organisations find it worthwhile writing me again and again, despite the fact that I never write back.

A while ago I received a letter from a political party telling me that the day of doom would occur soon unless I voted yes in the referendum deciding whether Norway should join the European Union. Of course I was amazed. Mostly because both my name and address was correctly spelled - and that told me something was wrong. Because only two registers - registers I have come to trust - are the only ones who seem to have learned how to spell my name. So I naturally assumed that among the two I would find the culprit who had revealed my name to a political organisation; the potential culprit was either the tax collector (who again receives some information from the Central Registry of Persons) or the telephone company. A very close look at the letter proved me partly correct. In the fine print hidden on the side of the letter I found the required statement telling me the origin of the name and address. Although the name puzzled me for a while, my best guess was that it must have been a limited company apparently set up by the telephone company to make extra money by selling my name to strangers.

For various reasons I consider this political party to be quite harmless. And I basically believe that the information contained in my name and address should be accessible to anyone. But I do feel a bit sore with a telephone company who sells my name without telling me first. When I first admitted to being listed in the telephone directory, it was in order for people, including bothersome political parties, to find me - not for a subsidiary of the telephone company to turn my name into a sellable string of bytes.

Of course this episode invoked my built-in alarm on privacy, but mostly it left me pondering about how information travels. As far as privacy is concerned: Is the fact that the political party got hold of my name a violation of my privacy? Hardly. As long as I choose to lead a fairly normal life, I must accept that my name is out there for grabs. In lots and lots of registers. However where it is and how it gets there does intrigue me.

I even chose to forgive the telephone company for making the extra money, although that is mostly because there is no other telephone company to choose from as long as I want a permanent telephone installed in my home.

A look at the nature of identity numbers

Let me go on to hypothesise that the letter had also contained my national identity number (fødselsnummer) in order to compensate for (non-existent) spelling errors in my name. Would I feel my privacy violated? No, not really. Whether I am identified by a unique name (as I prefer to believe my name is) or by a unique number, makes no real difference.

There is however a small problem with my national identity number. The national identity number has been shrouded in mysticism. Although public by nature, access to and the use of identification number has been restricted by several regulations. For instance the official body in charge of the identity numbers will usually refuse to give out the number unless you have a legitimate reason for obtaining it - a legitimate reason might be that you need to check on a certain person in the registry of movable property. I find this terribly annoying, mostly because I fail to grasp the reasoning behind making my number a pseudo-secret. Especially as I know that if someone really wants to, they can get it through open sources, provided they can think of a legitimate excuse. The legitimate reasons for acquiring my national identity number are listed in a public explanation of the provisions pursuant to the Act that establishes the number system (rundskriv fra Sentralkontoret for folkeregistrering nr 15-1993, and nr 10-1993). All you have to do is state the excuse, no verification required. Take your pick of excuses - my number is there for anyone who really wants it.

I should add that the explanation to the provisions also specifically state that journalists should not get that number. The reason being that the identification number will help journalists getting information from other sources. But I hardly think this is a good enough excuse. The legal barrier designed to obstruct access to my identification number is too low as there are (and has to be) too many alternative excuses for obtaining the number. However, no one should get confidential information from other sources on account of having an identity number.

The trouble is that many organisations believe that my national identity number really is confidential and thus may serve as identification. So if you equip yourself with my identity number, you probably can bluff several private and public organisations into believing that you must be me as you have knowledge of my number. Through the myth of confidentiality there is actually a chance that my privacy is violated.

This myth bothers me. As I see it there are two apparent courses of action against this problem. One is to ensure that national identity numbers really are confidential, the other is to blast the whole thing wide open so no-one stumbles into the fallacy of believing my number can serve as identification.

In my view there are several good arguments against the first line of action - making the number really confidential: First of all it would to a large extent render the whole system of identification numbers pretty much useless. And secondly, it is a bit late making it confidential after it has been public knowledge for years, isn't it?

The second line of action - making it really public knowledge - is a much better idea. It would give everyone a decent tool for identifying me correctly, which would make me a whole lot happier than them identifying me incorrectly. After all I prefer getting my own bills to getting someone else's etc.

And what do I have to fear? The only hazards of making identification numbers public knowledge are the revelation of my gender and my birth-date, which are both contained in the number. As for my gender I have never made great efforts to hide it anyway - actually quite the opposite applies. And as far as my birthday is concerned, I am rather fond of the possibility of getting more birthday cards, no matter how remote that possibility might be. Though I do realise that my vanity might suffer if I get to live past the point in life when I no longer want anyone to know how old I am. All in all I think I can live with the hazards of someone knowing my number, as long as impostors cannot get away with using it as a phoney ID.

We must learn to see this number for what it is. A reliable information tag, like a baggage claim tag which provides me with an insurance that I will get my own dirty laundry instead of someone else's. And I think that is all there ever was to it.

Other information than identity

From what I have written above, I choose to conclude that information about my identity is actually common knowledge no matter how I look at it. And furthermore it is of no great concern to me that it is. Quite the contrary - I prefer the correct information about my identity to be easily available. Simply because using unique and correct identification is the best counter-measure against computers misunderstanding identity. However - information about my identity is linked to other information. I'll look at a couple of examples.

The mortgage on my apartment is linked to the deed, and all of it is registered in the Land Register. This information is by its very nature public. Unless my bank can make public the information that it has a first right to my property if I default on a payment or two, it is not likely to have lent me money in the first place. And if they did, they would have charged me an interest I couldn't have afforded. This is easily seen if one looks at the problems of land registration in the former east block. Without a public register to ensure certainty of ownership, a right to sell, buy and to mortgage real estate, a market economy will not work. Like it or not, a market economy is definitely the sign of the times, and it seems to me that with it you will get publicity about who owns what.

Then there is information held by public bodies that is harder to classify. Financial information held for tax-purposes (i.e. the information in our tax-returns), information about bankruptcies collected to protect society from fraud, information about companies and who is on the board etc - all gathered in various registers. This represents a more balanced picture - a certain access should be allowed, but it also makes sense not to make it to easily accessible. Thus one has made different Acts and pursuant provisions. The funny thing is that although much of the same information is found in many different registers, the regulations which govern access and handling of information is based on where the information is stored, and not what kind of information it is. The only common denominator is the Act Relating to Personal Data Registers etc. However registers established by other Acts of Parliament only to a limited extent falls under the scope of the Act Relating to Personal Data Registers etc.

This leaves me with a conclusion. Although the information mostly is not very sensitive, there are probably good reasons to put certain limits to the use of this information. But let us not worry about the harmless information - e.g. the general information about identity etc that is harmless in itself or the information that has to be public for my own sake (mortgage registers etc). The multiple legislative efforts to solve the administration of, and access to, this information, present the average citizen with a very confusing picture as to what is registered and how it is used. For instance it is practically impossible to find out how the information travels, and whether it is correct. Partly this has to do with how the information is organised. Let me for a moment look closer at how the management of information may cause problems and why information identification is important.

A question of organisation

In Norway there are two registers of cars. One is a part of the Register of movable property. Established as a national register to provide for using cars as collateral for debt. Cars have unique identification through the license plate numbers. Therefore a positive identification can be made, and a security can be attached electronically to the car through the Register of movable property. Even if the car is sold, the security still stands, so banks willingly help people buy cars they otherwise could not afford. A consequence of this is, of course, that if you buy a car, you had better make sure no one else has rights to it. But thanks to the unique identification of the license plates, a telephone to the Register of movable property will tell you whether the car is pledged as collateral for a debt.

The other register is the central register of the road authorities. This is where the unique identification of cars originates. Once a car is sold for the first time, it is given a number that is meant to stay with it until it is junked. Or anyway, that is the way it used to be. A while ago, the road authorities suddenly changed all this. I don't know what happened, but I suppose the owners of veteran cars complained about having to have new license plates on their old cars. The road authorities were more than eager to please. In a provision pursuant to an Act about cars, they allowed for old cars to change new license plates to old ones. The provision even opened for the possibility of changing back the old license plates to another new set of license plates if you changed your mind later on. What they did not think about, was that by allowing the owner to change car identification twice, one car could actually be identified by three different numbers over a short period of time. Thus the same car could actually be put forward as collateral three times. And rumours have it that this actually happened. Of course legally and practically, this problem could be solved quite easily. Yet I think it illustrates my point: information duplicates are difficult to handle. And difficult to understand.

Furthermore I believe this shows that there is a tendency that any government body that has gathered information, will think of its information only in terms of its own needs. It will use it to its own ends without being able to uphold a general view of the purposes the information fills, and the dangers it might represent. Yet, information is needed by various bodies of government, finding an unbiased keeper of information may not be easy.

What are the significant problems of handling information?

The above has lead me to a few conclusions:

How do we solve these problems?

These problems are not new and hardly unknown to anyone who has been concerned with information gathered by government bodies. Notice however, how the perspective is that of privacy and data protection. Many remedies are being tried out to solve the problems. The directive now being put forward by the European Union certainly suggests many ways of compensating for many of these problems. As do the Norwegian Act Relating to Personal Data Registers etc and lots of other legislation. Yet I believe privacy is only half the question - and might not provide us with an answer. In this context I will permit myself not to focus on the legal measures, but rather try to adopt a practical view.

The gathering and accumulation of information

Generally the tendency over the last decade has been great scepticism towards the gathering of information in general, and especially the combination of information from several sources. The scepticism is usually fairly well founded from a privacy point of view, at least as far as sensitive and semi-sensitive information is concerned. The case for sensitive information is obvious, but even semi-sensitive information like data on income and pensions, can result in additional information when accumulated. Information that was never intended.

However for much of the trivial information I think the fear has been exaggerated. I think this fear has lead to a situation where trivial information is widely spread and gathered many times over, resulting in inferior data-quality, lack of a unified set of regulation, lack of control by the person or entity registered and lack of control by the user of information.

Two recent projects have tried to compensate for this. The first is the not-so-controversial combination of the Norwegian Land Register (register of deeds) and the Mapping authority's cadastre/municipal planning register. This project combines all information identified by physical location to comprise legal and technical information. The plan is that by 1995, this information will be available to the public as if it existed in one register. As of writing, there are still a few unsolved legal problems which mostly have to do with co-ordinating the rather different Acts and provisions that regulate the two registers. But even so there seem to be no major obstacles. The advantages are obvious: a harmonised set of rules will simplify access and handling of information, the quality of the registers are expected to increase vastly, and in the long run the users will be speared the extra cost of running two independent registers.

The second project is slightly more controversial: establishing a National register of legal entities. The basic idea was that this should not really be a register, but a meta-register from which all other registers needing updated information identifying legal entities could update their information. I will not go into the rather complex history of this meta-register, but only point out that it is now more limited in scope compared to the original plan presented by the Government. The Parliament chose to 1) reduce the number of entities to be registered and 2) reduce the amount of other registers that should exchange information with the central register. The Register of legal entities will be put into operation in 1995.

Without going into detail, I think a few lessons should be learned from the fact that both projects are getting closer to successful completion. Both projects have vital elements that I think we must bear in mind if we shall be able to keep vast amounts of information under control over the next decade.

The key to this is found in the first point. Unique identification is a precondition to solve the others. Certain information entities are easily identifiable - and identifying them for common use is of vital importance. These information identification entities must serve the function of being a link between all other information; they already exist: a national identity number (for natural persons), an identity number for legal entities and an identity number for real property. The list could be added to include certain items of movable property as well: cars, planes and ships already have similar numbers. The point is that if information is to remain under control, the identification of information itself is vital.

Computing has developed into something more than being electronic ledgers. Stand-alone computers have been put into networks. Information is being linked regardless of physical distance. Buzzwords such as LU 6.2 and WorldWideWeb, are really all about sharing information. Once proper information-identification is established and used by all concerned, modern technology will help us rid ourselves of duplicates.

Can and should we dare take one step further?

I am, for reasons stated above, tempted to apply many of the same principles to the identification of physical persons. But of course with limitations. Instead of letting thousands of registers grow independently and out of control - as they will - we should take the backbone we have today, namely the Central Registry of Persons (physical), and expand it. All information that is public or semi-public, could be moved into (or linked with) this central register. Naturally rules of access must be enforced strictly and the register as a whole must be guarded by strict confidentiality. Sensitive information should be kept in separate registers - as they are today - but there could be identification pointers (links) to the central register to ensure that the identification of persons are updated. In addition the pointers would serve as a means of tracing information back to its source in the separate register.

For instance: should we keep supplementary information about owners in the Land Register at all? I think not. Once the owner is identified as a person or legal entity, the identification number alone should provide the link to name and address etc - all of which should be stored in a central register. Once a search is made in the Land Register, a query should be initiated to a registry of physical persons to provide updated information on name, address etc. This would leave us with a few sources that are easily manageable.

Mutual declaration

Every year the Government sends me tax-return forms for me to fill in and declare heaps of information. Now, should not the same principle apply to the Government? In order for the Government to receive information from me, the least I should expect in return, is for the government to declare all its knowledge about me, and how it is being used. I would get a list from the Government, beginning with the most trivial information: my name, my address, my phone-number, my national identification number, previous years' income, titles registered in my name etc. All this information is gathered in the tax-authorities' computers anyway.

For each scrap of information there could be check-boxes allowing me to state if I wanted to restrict information or not. Probably there should be different alternatives to each piece of information depending on its nature. But in principle I feel I should be able to limit the government's power to give out any information about me.

The Government letter to accompany the form would state what the information has been used for. If any item of information has been used according to specific legislation, the item should be marked. There could for instance be a note saying that there have been 6 requests for information about previous year's income - provided I had opened for revealing this type of information the previous year. Then there might be a note that my phone number has been sold to advertising company XYZ. Which I had probably found out by then, but at least I could check the box for no commercial distribution for next year.

As we get further down the list, it would no longer contain the actual information, but state that there is other information (in the separate registers) and where I could find out exactly what was registered. Naturally the list would not say that there is further information about me in the central register of sexually transmitted diseases - it would only say that detailed health information can be obtained from bureau x.

This system would - despite its dangers - provide for a possibility of fulfilling the intentions of information to the data subject as described in the EU directive article 12. I think more centralised information is the only practical way of dealing with this. Do I want a postcard every time my name gets around? No, thank you. But I do want to be able to find out who was allowed to fiddle around with my tax-return information for commercial purposes. Information on request to a central register, supplemented by an annual report would do quite nicely.

Further aspects of getting information under control

I gladly admit that getting information under control does in it self not solve all problems. But apart from making it easier to enforce privacy regulation, it might also help us adopt a coherent attitude to other questions.

One question is which price we should put on (public) information when it is sold. In Norway one has chosen to sell information from the Land Register at what many consider to be a steep price. That is - if you go to your local registrar you can usually obtain the information for free. But on-line access (and written, certified information) is more expensive. This was done in order to finance the expensive transformation of written material into electronic registers. The rationale being that whoever benefited from improved access should also pay. The cadastral information, when first made into an electronic register was gathered by a different public body. As this information served mostly public purposes, the same information was sold cheaper from the cadastre than from the electronic Land Registry. As of 1995 both registers will be accessible as one, and the broader questions of pricing information must be addressed. I could go on about prices, but as the government is in the process of sorting out these issues (Prisingsutvalgets innstilling), I think I will refrain from the prospect of being rendered obsolete by the time this is published.

Another problem is the burden every government put on its subjects by requiring information for various reasons. This problem has been identified as quite troublesome as different governmental agencies ask for the same information over and over again. Someone has tried to estimate the cost paid by society (usually represented by small enterprises). I would rather not comment on the numbers, but there is little doubt that the cost is substantial. This cost could be greatly reduced by co-ordinating the collection of information, and it goes without saying that co-ordination of registration also would simplify the co-ordination of gathering information from a public point of view. In connection with the above-mentioned register of legal entities there are plans to establish a body to organise information-gathering (Oppgavepliktprosjektet, Nærings- og energidepartementet).

Custody of our Big Brother

As I mentioned I suspect that any government body primarily will focus on its own needs as far as information is concerned. Therefore I believe co-ordinated information will be influenced by its keeper. The obvious example being that Treasury will gather all information with tax-collection in mind and in the process might forget a general public need for information. The centralisation of information will probably augment this danger. However most branches of government does in fact hold specific interests in information, and that leaves us with a problem. Although I think this can probably be controlled through general political control and public scrutiny, I do believe it would be an advantage if the agency put in charge of information itself had no specific interest in the information as such.

But creating independent agencies is not all that easy as long as financial control usually still will remain with, say, the Treasury. I would like to leave you with one last thought, highly unfinished, but it does keep coming back to me, especially as I reread "The Hitch Hiker's Guide to the Galaxy", where I found an old saying: ".. those people who most want to rule people are, ipso facto, those least suited to do it."

This might indicate the executive branch of government may not be best suited as the controlling body of information. But there are two other branches of government. Either one could establish an independent body directly under the control of parliament. Or - a thought I find to be even more attractive - one could set up a body as "arbitrator of information" putting it under the control of the courts of law. Naturally the executive branch of government would still need access to the information, but the separation would at least ensure control as to how information was gathered, processed and used. I might add that there is hardly reason to believe that the courts of law would be much interested in taking on such a task, or show much interest in the information itself; which could well be why they are well suited for the job.