Former privacy commissioner Malcolm Crompton says governments are not doing enough to attract citizens to use their online services due to an overly risk-averse and closed-minded approach to liability and privacy.
Crompton, now managing director of consultancy group Information Integrity Systems, told the CeBIT conference in Sydney yesterday that agencies looking to "gain the wisdom of the crowd" using Web 2.0-style online services will only succeed if citizens feel completely comfortable with the privacy implications of the service.
Most of the government's current approach to producing online services, he said, is centred on managing their own liability.
"Where is the citizen in this level of thinking?" he asked.
Crompton said that too often citizens are asked to provide an exhaustive amount of evidence of identity and asked to give broad consent for that information to be used at the agency's discretion.
This approach, which places all the risk in the hands of the user and all the control in the hands of an agency, has created what Crompton terms a "trust deficit" in terms of how citizens engage with the government.
When asked for too much information, too much consent, and without being reassured by any statement of accountability on the part of the agency, the citizen will choose either not to engage or to engage in an unproductive way — by falsifying information, for example.
"How many times have you all lied in an online form?" Crompton asked the forum, relating a story about how he often poses as a penniless elderly woman when filling in online forms, to avoid "being marketed to".
Crompton said Web 2.0 users will act with such defiance when they feel their privacy is being impinged upon. Some 700,000 Facebook members petitioned, for example, when the social networking site made a change that allowed for the dissemination of information about a user's relationship status. Similar controversy erupted when the social networking site first launched its Beacon advertising service.
Users will react positively to online services, on the other hand, if three key concerns are addressed: control, fair risk allocation, and accountability.
If a user doesn't have control of their own information, they won't participate, Crompton said. A user's private information has to be available to them — a principle enshrined by the Privacy Act.
Risk also has to be allocated fairly between provider and user of the service. If it isn't, the user will not engage with the service, he said.
To illustrate where risk allocation is unfairly weighted in favour of the agency, Crompton displayed the sign-up page to Medicare's online services. The terms and conditions seek an exhaustive amount of information about the user, he said, but Medicare claims no responsibility of its own.
"The responsibilities of the user seem reasonable," says Crompton. "But there are a lot of nots in the list of what Medicare is responsible for. They are not liable for any claim, any loss, any liability incurred, and so on and so forth. These clauses might be good for the lawyers, but they are not a great way of attracting consumers. You would think that if Medicare wanted you to use these online services and thus become more efficient, then it would take on a greater share of the risk than that."
Crompton said organisations should compensate for any occasion they can't give the citizen choice or control — such as paying tax to the ATO for example — by strengthening accountability and transparency.
"If we are truly to capture the wisdom of the crowd, I would suggest that all government departments have some work to do in this area," he concluded.
