Reflections on oversight and transparency in public digital services

This post is a revised transcript of my speech during the XIII Nexa Conference on Internet and Society, dedicated to Digital and the State.. Many thanks to Lucio Bragagnolo for the effort

The design of Italy’s public digital infrastructure and the current legislation, starting from the Constitution, indicate that the road for public services must lead towards decentralization; on the contrary, we are witnessing an ideological trend towards centralization on which important questions must be asked and on which we should reflect at a time when the stability of institutions and governability is not in question.

UPDATE: if you thought that it’s paranoid considering untrustworthy the internal perimeter of a State’s digital systems, read this about what mr Orbàn has done in Hungary. One could argue that “we are not mr. Orbàn’s Hungary”. But neither was Hungary before mr. Orbàn.

Foreword

Some time ago I attended a meeting with one of the persons in charge of the digital policy team for Hilary Clinton. The topic was digital democracy, an increasingly topical issue due to the scandals and problems of the over the top (Facebook in the first place). The discussion, like pretty much all discussions on the subject, focused on transparency and oversight. France has recently issued documents (one, two) regarding the digitization of IT in public administration and its transparency. They have been hailed with great favor.

We’ve all heard about Surveillance Capitalism, which is a very happy term that is nothing more than the observation from the other side of the personalized advertising industry: the advertising industry, thanks to digitization, collects an immense amount of information about us, correlates it and uses these correlations to make – in a few tenths of a second – a mass customization of the content and advertising that is presented to us. It’s not an oxymoron, it’s really mass customization.

In that talk I raised the following point with my interlocutor: we need to prevent a shift from so-called surveillance capitalism to “Surveillance Government.” And he commented, “Yes, we need to control how the technologies that these companies create are used by states.”

I didn’t say “Surveillance State,” but really “Surveillance Government.” The State is defined by the territory, the people and the political and legal systems; the Government is the entity that, within the State, exercises executive power.

I believe that limiting ourselves to thinking about the issue of data transparency and surveillance capitalism embodied by a few large companies is a reductive point of view and that we need to take a couple more steps forward in our thinking.

Public computing in Italy began to develop in the 1960s, with the contribution of companies like Insiel. In order to contextualize the technology of the early seventies, I’ll tell you this example: my brother was a ticket agent on the freeway and, when a driver arrived at the toll booth, he would ask her where she wanted to go. When she answered “I want to go to Milan”, my brother gave her a ticket to Milan, a ticket that was then checked at the end of the journey, at the exit from the freeway. It was not really possible to do otherwise, in the absence of data encoding/reading devices and their digital transmission.

It’s not the same scenario as now, when we all have one or more computers at home, or rather in our pockets! In fact, more than one! It’s a completely different scenario, so when we make historical comparisons we have to keep in mind that the world has changed in an absolutely radical way.

While I was in Parliament during the last legislature (Leg. XVII, 2013-2018), I believe at the very beginning, a momentous event occurred: in a case brought by a citizen regarding an inconsistency between his paper tax return and the data in the archives, the judge ruled that the data in the archives, which was only apparently less alterable, should prevail.

This was a turning point. Now the world, whether we want it to be or not, is predominantly digital, even if there is a tax return that was sent by an accountant and then printed.

To help in the reflection, I will bring three insights.

1.- Parliamentary inquiry on a database

The first one is about the database of mugshots of people who have dealt with law enforcement. Before digitization, it contained information and mostly photographs of 50 thousand people.

An Apple advertisement said, with a very apt slogan, that the Mac was a “bicycle for the mind”. Every time a material activity is digitized, becoming immaterial, as I explain in my book Capitalismo Immateriale, our potential increases in speed and scale in a way that was previously unimaginable.

The database in question was digitized with a tender that, if I remember correctly, was for 100 thousand mugshots. Then an upgrade was made and it went from 100,000 to a million. With another upgrade it went to ten million. If I’m not mistaken, it took three or four parliamentary questions over the course of two legislatures to learn that this database contains the files of nearly ten million subjects and 16 million photos.

It is clear that computers increase the scale and speed of activities; however, the nature of things changes because, before, the limits and friction of the system were safeguards, intrinsic safeguards, determined by the materiality of the system itself. Now, with digitization, these limits and frictions no longer exist, and id is possible to seamlessly go from 50,000 to ten million subjects. This should call us for a pause for thought.

It should also make us think that even the acts of inspection, a prerogative of parliamentarians to make ministries (and ministers) accountable for their actions, are a blunt weapon, if it is true that not all requests made by parliamentarians are answered by the competent ministers and, when they are answered, they are sometimes too general or not centered on the point resulting, in the end, elusive.

2.- Two years to access a database

Second cue. AGCOM (Authority for Guarantees in Communications, the Italian equivalent of the FCC) routinely publishes a report of the Observatory on the presence of politicians on television (we collect such data in Italy). A couple of years ago, because of a mistake, there was an extra chapter compared to previous reports. In this extra chpater it was indicated how much time the political leaders had spent in every news show. Not generally on the news, but on specifically the one pm news on tv station X rather than the eight pm news on TV station Y. And it’s very clear that five minutes on the 1pm news, or the 11pm news makes a difference. So I sent a FOIA request to the Authority to get the raw data from the database, as it is legally permitted by the Italian laws. My request was turned down.

This denial made me realize that this was a sensitive point. Being the pain in the ass that I am, I appealed the court against the Authority’s refusal. The court said I was right and instructed the AGCOM to provide me the data.

The AGCOM then appealed to the higher level court, called Council of State. It was before the summer. The Council of State set the hearing for a Thursday in September. And the following Monday it published the decision with the detailed motivations telling my request was legit and AGCOM must have provided me the data.

For those who have experience of administrative justice in Italy (and I believe elsewhere), I believe that this is a historical record: the hearing on Thursday and the detailed motivated decision on Monday.

But, once the request was sent back to the Authority, months passed and finally I received buggy data; for example the date field conitained names, and many other fields contained zeros.

To cut a long story short, at the end, I whispered the hypothesis of requesting the court an appointment of a commissioner to force AGCOM to comply with the decision of the court, confimed by the Council of State.

Finally, after almost two years, with two decisions by the court and the Council of State, I managed to get the data; not as detailed as I wanted and had asked for, although sufficient to make an analysis that could be cross-referenced with other TV-audience data.

The communicative pressure of the various political leaders in TV is not an Area51 secret, it makes no sense trying to avoid its full disclosure, especially in the Internet and social media age. But to work on this nonsense took nearly two years and two court degrees! (and related legal expenses, not trivial).

This little story should make us reflect that, even for a request so obviously in conformity with the law, a request for a FOIA request is a blunt weapon available to the citizen to really make an administration accountable for its work.

3.- How to be entitled to the Green Pass (Digital Covid pass) and work hard to get it

Third cue: my daughter Irene. The premise is that I am immunocompromised and for this reason I am one of the people who received the vaccine first and my daughter is one of the first vaccinated minors in Italy, at a time when there was a problem in the construction of databases and information structures.

Fact is that my daughter, who happened to have been early positive to COVID and vaccinated afterwards, in the early times of the pandemic, could not get the Green Pass. (A vaccination certificate allowing for free access to various types of venues). This at a time when the Green Pass becomes necessary even to sit at the bar.

My daughter was 17 years old; one can understand the psychological and material situation she was in, by not being able to obtain the Green Pass she was legally entitled to, because of some mysterious digital poroblem.

I did everything I could, I phoned ten times until all the waiting time was exhausted at all the three dedicated contact centers, I sent all the registered emails to the appropriate offices. Having exhausted all normal channels including going back to the vaccination centers with all the documents showing she was entitled to the Green Pass, I began escalating. I spoke with political , administrative, regional, ministerial leaders.

Finally, I got in touch with the people who manage the information systems; they verified that my daughter was absolutely entitled to the Green Pass, only she couldn’t receive it. Having made the verifications and managed the error, after weeks of hammering, I managed to get the Green Pass issued.

I know there were other people in his situation; I hope they were able to make it.

This is the point I want to make: transparency and oversight are not about whether my daughter could get the Green Pass. The traditional mechanisms for exercising rights – parliamentary questioning (the highest level of inspection) and civic access – are not blunt weapons; they are generally nearly non-existent weapons, except on the most trivial things.

Without going as far as China, the fact that we can access many services online, such as entering a tender or booking an airline ticket, depends on information technology and the data in a database against which we have blunt weapons.

A first conclusion

This is the conclusion of this first part: digital is a power, and it is an intangible power, like data and the computer applications that process them; a non-obvious power, which can be exercised at the speed of light and on a vast scale of citizens, and with surgical precision, massively customized.

A non-obvious power. A piece of data written in a database changes and the change determines facts that can affect the lives of citizens. One second later, the data can return to its previous state, imperceptible to anyone.

It is not like a truncheon on the head of a single individual then taken to a cell. These are things that act on a limited scale, in analogue and humanly manageable time and scale.

This situation is exacerbated by the idea of a centralization of data and ICT systems. Done with the best of intentions by probe and very good people. In the future more and more things will proceed in this way.

If it were a company, with a few exceptions, I wouldn’t have much doubt: centralizing offers advantages. As a CEO, as a shareholder, I put my own money in, take my own risk, etc.

But what about a State? We should not assume that a State is always good and is always run by probe and good people. Because you can get into an authoritarian system by voting, but voting is not enough to get out of an authoritarian system.

We should not presume that the situation we are in today is the situation we will be in forever.

I remember that not so long ago, on the wave of the 50% consensus recorded in the opinion polls, full powers were asked for by a political leader in Italy.

That would be a big mistake; just look at Hungary or Turkey.

The Italian Constitution angle

We have Article 5 of the Italian Constitution, which defines the Republic as one and indivisible, but also recognizes and promotes local autonomy. “The Republic implements the widest administrative decentralization in the services that depend on the state”. Not administrative decentralization; the widest administrative decentralization!

Unique rules and unique communication protocols are welcome. I made a proposal for an amendment to the Constitution; someone will remember it, although it did not go through because Renzi’s constitutional reform was rejected by a referendum. But the amendment was there. Entered the Assembly with nay by all the groups, after extensive discussion it came out approved unanimously.

Let’s go back to the text of Article 5 of the Constitution: “the Republic implements in the services that depend on the state the widest administrative decentralization; adapts the principles and methods of its legislation to the needs of autonomy and decentralization”.

So, faced with the idea of centralizing IT services, one reads the Constitution, page 1, article 5 and says no. Then comes Article 117 and one can say, let’s agree on protocols, application interfaces and so on. But there is no room for centralization.

Institutions must be defended at times of peace, not at times when they are needed. The moment there are problems is too late.

Talking with President Emeritus of the Constitutional Court Pres. Flick, he explained to me that Article 5 was not written because the administration had to be within riding distance of the citizen. It was written because the Constitution was created after the Second World War, after decades of authoritarian government, and the constituent fathers thought that this counterbalance would serve to mitigate authoritarian impulses that might have emerged.

Transparency of data and traditional oversight are not enough; you have to have a way to “see”, to track this intangible digital power. How can it be administered, what are the controls, the checks and balances, the oversight, the accountability, the remedies for all the people who have found themselves in my daughter’s situation or who will find themselves in it for whatever reason.

When dealing with technological infrastructures that are designed and legally protected for a specific purpose (such as targeted data collection), one must always consider that these infrastructures could one day be used for different purposes, despite the assurances and good intentions of those who created them.

In a very recent case, the German Judicial Police managed to force the local health system to generate a fake Covid outbreak in order to obtain, thanks to the contact tracking app, the information of people who were in a certain place where a crime had taken place.

This is a trivial example if you will, but it demonstrates how a system can be bent for purposes other than what it was designed for and for which safeguards were built that seemed appropriate. How many of these situations occur without being noticed? For what reasons and on whose initiative?

A matter of trust

Let’s think about the infrastructures that manage Italy’s “digital trust,” such as the digital signature, certified electronic mail (PEC), and the digital identity system (SPID).

The digital signature infrastrcture was built distributed, with several providers, and some bodies have been established to verify compliance with the rules. The same goes for PEC and certified delivery services; now come the qualified certified delivery services, which then mix identity and PEC.

SPID has been built with hybrid public/private mechanisms; because, unlike the services for which the State defines only the rules and carries out the controls, with SPID it is also the provider, given that a plethora of subjects operate and can operate.

The way we have designed SPID, based on my initial proposal, a private identity provider is subject to control by three authorities: the judiciary, the Agency for Digital Italy (which is not a real authority even if it has a very significant inspection and sanctioning power) and the Data Protection Authority, which, unlike the above, are independent authorities.

In the future, SPID will be increasingly central to people’s lives, to the management of the immaterial dimension of citizens’ lives. Every signature we make on a form today, in a few years will be a form filled out on a server that we access with SPID.

Imagine if the possibility of accessing a service, an attestation/certificate or signing a form with our name (or not being able to do so) were in the hands of a largely opaque entity controlled by a single individual.

If there were only one digital identity manager in an inherently opaque structure, perhaps in the face of negligence or coercion, he or she could surgically prevent vast groups of people from using their identity, perhaps only for a short time, just long enough to fail to apply for a position or submit a bid for a tender.

How difficult would it be to make digital traces disappear? Clearly, it depends on the log logging procedures (are they digitally signed? Immutably recorded?). Could the identity manager even simulate my access to a service without it being logged? Clearly, if there were no controls by an independent third party (or parties) with extensive inspection powers and heavy sanctioning levers, this eventuality would have much more fertile ground.

Let me recall my experience with the TV ratings data at Agcom rather than the database on the photographed or my daughter’s Green Pass.

Institutions tend toward the Government of Surveillance. Because technologically it is easier, more direct and because the reference frameworks all technical people refer to, are born in the corporate environment, which is, however, different from a State.

I repeat, they are all very good people, very good, with great skills, but we do not know what will happen in ten years-twenty-thirty years, when we might find ourselves in a deep socio-economic crisis, with great social tensions because – hypothetically – we have not been able to generate enough value to honour the weight of public debt that oppresses us. If we were to enter a spiral of forced exit from the euro, to say. We don’t know what could happen.

Let’s imagine that one day, under pressure from the strong man of the moment, a capturing device (Trojan) is added to a State app, issued by an opaque structure.

The effects of democratic risk should be evident to all.

It may be argued that the publication of the source code could reveal it. But how to be sure that the version in the app store corresponds to the published source code? The technically-savvy may believe that it is possible to perform a disassembly and reproducible build to verify compliance, but is this not always possible in real practice? Moreover, when “evidence” could change fuildily ?

Client control is a neuralgic point of IT power.

On a hypothetical future day, when the balance of power weakens, the centralization of data and service delivery would structurally amplify the risk of drift.

The worst happens, where and when you don’t expect it: think of the assault on Capitol Hill on January 6, 2021 in the United States. Who would have thought it possible? Chomsky (and he’s not alone) says the U.S. could be on the brink of a possible civil war.

My thoughts on eGovernment centralization

I was chair of the Digital Italy Agency Steering Committee until a few weeks ago. In all my time as chair of the Steering Committee, I never held a conference or issued a press release; I never expressed my thoughts in public.

Now that I’m no longer on the Steering Committee, I can say that, for a State, I think centralization is wrong. For example, I think that it is undesirable for a State to think about a centralized service for the digital signing of documents (as an alternative to the existing system), or to think about the centralization of the management of digital identity, or to think about the centralization of the management of people’s attestations/certifications, or to think about centralizing the control of people’s access to services.

I believe that it is a factor of democratic control to always ensure the control of data by the citizen (e.g. through wallet according to the paradigm of self-sovereign identity) and the possibility for the citizen to use applications made by independent third parties, subject to a plurality of controllers and, consequently, the requirement that the State always ensures access via API to services.

I believe that, already in the design phase of the services and the regulations that define them, even before their implementation, decentralized systems must be conceived with appropriate checks and balances, systems of oversight, accountability and remedies. I believe that we must think from the outset about how the systems and services we create strengthen the protection of constitutional principles and democracy and that they cannot be abused by anyone in the future. I believe that the ICT of a State must be democratic by design.

Because digital is a fourth power that is much stronger than the previous fourth power.

If you like this post, please consider sharing it.

Leave a Comment

Your email address will not be published. Required fields are marked *