This isn’t a political blog, and it is a coincidence that I came across a couple of things that chime with each other on the same day that the UK government has started to reverse from its enthusiastic promotion of ID cards for all.
The first juicy nugget came from Anne Marie McEwan. In writing about social networking tools and KM, she linked some of the requirements for successful social software adoption (especially the need for open trusting cultures) to the use of technology for monitoring.
And therein lies a huge problem, in my strong view. Open, trusting, transparent cultures? How many of them have you experienced? That level of monitoring could be seen as a version of Bentham’s Panopticon. Although the research is now quite old, there was a little publicised (in my view) ESRC-funded research project in the UK, The Future of Work, involving 22 universities and carried out over six years. One of the publications from that research was a book, Managing to Change?. The authors note that:
“One area where ICT is rapidly expanding management choices is in monitoring and control systems … monitoring information could connect with other parts of the HRM agenda, if it is made accessible and entrusted to employees for personal feedback and learning. This has certainly not happened yet and the trend towards control without participation is deeply disquieting.
If ICT-based control continues to be seen as a management prerogative, and the monitoring information is not shared with employees, then this is likely to become a divisive and damaging issue.”
On the other hand, the technology in the right hands and cultures creates amazing potential for nurturing knowledge and innovation.
What struck me about this was that (pace Mary Abraham’s concerns about information disclosure), people quite freely disclose all sorts of information about themselves on public social networking sites, such as Facebook, LinkedIn, Twitter, and so on. The fact is that some of this sharing is excessive and ill-advised, but even people who have serious reservations about corporate or governmental use of personal information lose some of their inhibition.
Why do they do this? In part it may be naïveté, but I think sometimes this sharing is much more knowing than that. What do they know, then? The difference between this voluntary sharing and forced disclosure is the identification of the recipients and (as Anne Marie recognises) trust. Basically, we share with people, not with organisations.
The second thing I found today was much more worrying. The UK Government is developing a new strategy for sharing people’s personal information between different government departments. It starts from a reasonable position:
We have a simple aim. We want everyone who interacts with Government to be able to establish and use their identity in ways which protect them and make their lives easier. Our strategy seeks to deliver five fundamental benefits. In future, everyone should expect to be able to:
- register their identity once and use it many times to make access to public services safe, easy and convenient;
- know that public services will only ask them for the minimum necessary information and will do whatever is necessary to keep their identity information safe;
- see the personal identity information held about them – and correct it if it is wrong;
- give informed consent to public services using their personal identity information to provide services tailored to their needs; and
- know that there is effective oversight of how their personal identity information is used.
All well and good so far, but then buried in the strategy document is this statement (on p.11):
When accessing services, individuals should need to provide only a small amount of information to prove that they are who they say they are. In some situations, an individual may only need to use their fingerprint (avoiding the need to provide information such as their address).
But I can change my address (albeit with difficulty). I can never change my fingerprints. And fingerprints are trivially easy to forge. Today alone, I must have left prints on thousands of surfaces. All it takes is for someone to lift one of those, and they would have immediate access to all sorts of services in my name. (An early scene in this video shows it being done.
What I really want to be able to do is something like creating single-use public keys where the private key is in my control. And I want to be able to know and control where my information is being used and shared.
Going back to KM, this identity crisis is what often concerns people about organisationally forced (or incentivised) knowledge sharing. Once they share, they lose control of the information they provided. They also run the risk that the information will be misused without reference back to them. It isn’t surprising that people react to this kind of KM in the same way that concerned citizens have reacted to identity cards in the UK: rather than No2ID, we have No2KM (stop the database organisation).