Imagine if YOU controlled YOUR data!

3 07 2009

This post is a suggestion for the @gov2taskforce and may be a lot more technical than some people would like this discussion to be.  However I believe it’s a simple and tangible solution that could easily be prototyped and explored.

Imagine if YOU controlled YOUR data.

If you could update it in one single place and Government Departments/Agencies could just collect it from there.

Imagine if this central data store gave you MORE privacy.  You could control which fields different Departments/Agencies were able to access and you could control if they could personally identify you or just use generic information like your age or postcode.

Imagine if it automatically created a log of each time a Department/Agency accessed your data and you could set the option to allow you to control that data – imagine it sent you an email or SMS and you could allow or deny them using important parts of your private data.

Imagine if you could start by just putting in simple information that you currently have to re-enter a million times like your home address, your phone number and email addres, your age, gender and marital status.  Then if you chose to you could add other information like medicare number and TFN – but it was YOUR choice – and YOU could turn on and off a Department’s access to those specific fields.

Imagine if every government web form you went to gave you the option to auto-populate your details – IF YOU WANTED TO – but it was completely your choice.

From the Department/Agency perspective.

Imagine if you could rely on easily getting people’s up-to-date contact details in a simple and secure way.

Imagine if you could integrate it into your existing websites/web forms without changing any of your pages or back-end systems – unless you wanted to.

Imagine if you could improve the auditability of your use of personal information while improving the quality and freshness of your data too.

Imagine if you put your users in control of their own data…but it also made your life simpler and better!

Imagine if you had a long term strategic vision of user data management that you could deliver today but that would help you evolve and adapt over the next decade and further.

But do people really want this?

According to Interacting with Government – Australians’ use and satisfaction with e-government services review from 2008 I believe they do.

two-thirds (68%) would still prefer the convenience of updating information (such as change of address) for government only once

Sure over half (57%) claim they would prefer complete anonymity and are happy to re-enter their data – but I believe that’s because they’re NOT AWARE of any options that can deliver both improved privacy/security AND convenience. Surely an secure system that was optional and also provided an audit log of when Government Departments/Agencies accessed your information would be something a civil libertarian would embrace.

What magical solution would achieve this flight of fantasy?
There are many ways this cat could be skinned – here I’d like to propose one of them at a very high level. If enough interest is shown in this idea then I’d be happy to map out the architecture and key sequence diagrams and user journeys to take this discussion to the next level.

Here’s one way it could be achieved.
I believe that a simple OAuth data store could be setup that would enable much of this functionality. It could be wrapped in a simple Mobile and PC web application that allowed users to control and manage the OAuth tokens they authorise.

I also believe it would be possible to create a simple jQuery plugin that could simple be integrated into existing Gov. Department/Agency webpages by just adding a single line of HTML code. This is very similar to the simple User Voice feedback buttons that are spreading across sites like wildfire – exactly because they are so simple to integrate. This plugin would add a visible button or element to the page (much like the User Voice feedback tab) that would offer the user the chance to pre-populate the form on the page they are currently on. The plugin would then manage all of the OAuth data store’s signup and token creation/authentication processes using Ajax and DHTML for overlays. It would then map the common fields from the users OAuth data store into the fields on the page (e.g. using something like JSONT rules that could be quickly customised for each form). In this way the underlying form and server-side scripts would not need to be changed at all.

If this model then did gain traction, over time Government Departments/Agencies could upgrade and integrate their back-end systems more closely with the central OAuth data store.

There is a lot of technical and user experience detail that needs to be discussed, however I’m confident that a simple proof-of-concept or prototype system could be created in a very short time. I also believe that all of this could be completed as an Open Data and Open Source project that would allow for peer-review for security enhancement and API based integration for developers to extend and enhance.

Personally, this is something that I would use, however I’m very concerned that the output of the Gershon Review and the existing Government Architecture is very “big vendor” and “internally” focused. Opening up control and externalising this core data seems to be currently sitting in the “too hard” basket.

Sure, not everyone would use it and they wouldn’t have to. And sure, not everyone has a javascript enabled browser. But if you don’t then you’re not likely to want to even think about a central data store and audit logs either.

Now, feel free to tell me I’m a dreamer – but please be prepared to back that up with detailed descriptions of WHY this wouldn’t work!