Leaders determine culture: The troubling case of UK policing.

A senior police officer of the Hamburg police ...

A senior police officer of the Hamburg police on assignment at Hamburg city hall, Germany. Français : Capitaine de la police de Hambourg en faction devant l’hôtel de ville de Hambourg, en Allemagne. (Photo credit: Wikipedia)

UK College of Policing published a report on police leadership culture.[1] The report found that the top officer culture is problematic as it encourages bullying, sexual harassment, and a sense of entitlement to legal and illegal perks. The report describes specific problems and opportunities. I am interested in the report because of what it suggests about corporate culture. In particular, I am interested in the way that culture influences how the employees deliver their services. In this case, how the police behave.

A fish rots from the head, and the barrel creates the rotten apple.

In a previous post, I looked at the idea that an organisation, like a fish, rots from the head down. I concluded that an organisation rots from the inside, as the corporate culture turns toxic.[2] In a related post, I explored the idea that rotten barrels create the rotten apples.[3] I found that employees will have local or team specific cultures yet follow the dominant culture within their organisation. If the organisation tolerates or encourages certain behaviours, the staff will adopt them or adapt to them. In these blogs, culture is expressed in the saying that “it is how we do things around here.”

Do staff follow the leader in the culture journey?

What I want to explore in this post is the way that a leader’s culture is emulated by staff. In particular, I will argue that the oft-repeated claims of rotten apples or rogue officers reflect the leadership styles at the top. I do not mean that the top officer are rogue so much as their behaviour encourages or creates a culture in which rogue officers can develop. If they fail to lead ethically, then their behaviour influences the rest of the organisation even if it is only indirectly. I suggest that what is done at the micro level (top) is emulated and exaggerated at the macro level (front line). If the top act unethically then the frontline staff will pick up these clues. The middle managers, though, are critical as they transmit this culture. The middle managers in this case, the font line supervisors translate the culture to the frontline. They encourage the junior officers behaviour that they belief will please the senior officers and match what they expect.

The leader embodies their organisation for better or worse

As a hierarchical organisation, the police encourage deference to authority based on seniority. As the organisation is designed around and supports the leader, their behaviour is less likely to be challenged and carry a greater influence. The leaders set the tone within the company. http://www.smartbiz.com/article/articleview/228/2/3/.  How they approach their role and the organisation will influence the overall culture. If they encourage the hierarchy and the sense of entitlement, junior officers will be initiated into that culture. They understand the system and conform to succeed. As a result, they are habituated to accept it as the “the way we do things around here”.

The hierarchy benefits senior officers who want to retain the culture that enables their behaviour as it discourages junior officers from engaging in reforms. The report suggests that leaders encourage junior officers to communicate upwards. However, this reform is less likely where there is a residual autocratic culture. The previous culture is what middle managers will know. They benefit from it and the reforms threaten those advantages. When middle managers retain the previous autocratic culture, senior officer reforms will be less likely to succeed. The middle managers will resist reforms that undermine their advantages. The previous culture gave them benefits as their authority was respected as it was based on the hierarchy. The autocratic culture reinforced their status. By contrast, the transformational culture removes that advantage. Even though the report says that a senior police officer who encourage bottom up communication will engage and develop junior officers, they will not succeed without middle managers. Yet, the report overlooks the middle manager’s role. They create the tension between the proposed and the current culture. The senior officer who exploits the structure for perks is less likely to be challenged. The structure cloaks or explains their behaviour. By contrast, similar behaviour by a front line officer would draw attention. A senior officer who drives an expensive car is less noticeable than a frontline officer who drives the same car.[4] However, the two behaviours are linked by the culture that created them.

A rogue office reflects a rogue culture

When an organisation explains the behaviour of a junior officer as “rogue”, it reflects more on the organisation that creates or enables the officer. If the culture of the hierarchy encourages senior officers to act rogue then it will habituate junior officers to accept that culture. The junior officers will be encouraged to belief that the position comes with privileges. What we see in the report is a problem that affects all organisations although it is more problematic for the police. The senior officers appear to undermine the control systems that would limit that corruption.[5] In this, the report and recent scandals suggest a larger problem not just for the police but also for many organisations.

Organisational Corruption when an organisation no longer serves its purpose

The senior officer culture can corrupt the institution. When this happens, the institution begins to serves senior officers. The culture encourages senior officers to see the organisation as something that serves their interests. For example, arrests and policing are made to make top officer look good. The institution moves away from its purpose to something else.[6] The senior officers will consider the organisation’s reputation and increase efforts to protect and promote that reputation. The more the organisation serves their interests, the more they will want to manage its reputation. The reputation becomes more important than the organisation’s purpose. In effect, its reputation becomes its purpose as the senior officers benefit from that reputation not the organisation.

How senior officers corrupts the institution with reputation management.

When reputation management becomes more important than its purpose, then institutional corruption occurs. When the Metropolitan Police worked closely with the News of the World, through the Fake Sheik, they were interested in reputation management. The senior officers were seduced by the promise of good press and publicity. The police appeared more eager to accommodate News International than meet the police objective. The senior officers never broke the law even though their behaviour limited the organisation’s ability to deliver on its purpose. Institutional corruption also occurs when a senior officer manages the arrest of a powerful person to protect the organisation.[7] The institutional purpose is not being served as it does not uphold the law. A frontline version of these events can be seen in the problems associated with Plebgate as seen in Operation Alice. There, the frontline officers engage the press to manage the incident. They behaved like the senior officers as they used the organisation to subvert the organisational purpose. In effect, the police appeared busy in the effort to manage the press and the politics instead of uphold the law?

Transparency and accountability can restrain a leader but do they exist?

If the structure challenges the senior officer behaviour, it can contain it. The challenge will come from transparency that encourages accountability. The corporate governance is supposed to create the accountability. However, the report shows the police are weak at scrutinizing senior officer behaviour. In large part, this weakness comes from the organisational culture and hierarchy. They combine to discourage challenge and scrutiny. The hierarchy encourages deference and the culture remains infused with the autocratic past. The autocratic past also encourages the deference.

External scrutiny is needed but is that compromised?

Greater external scrutiny would help to improve the internal governance. Yet, like the Rotherham scandal, scrutiny is missing.[8] The local authorities and the police commissioners seem unable or unwilling to hold the police leadership to account. If they are not reviewing the practice and behaviour of senior officers, their partners, who is? If the scrutiny panels have not reviewed these issues at some point or on a regular basis, we have a problem. It would appear that scrutiny becomes an elaborate governance kabuki where local authorities look the other way in return for an easy life. We all just get along without anyone airing their dirty laundry. Instead of resisting toxicity and insularity, the system encourages it because partners become silent co-conspirators. They reduce or avoid scrutiny and accountability becomes superficial as the focus turns to less institutionally contentious issues. There are always other priorities and that excuse the cultural continuity. Instead of understanding that the organisations have to hold themselves to account and hold each other to account, if the public are to trust them, they turn outward. They never get their own house in order as no one wants to rock the boat.

What can be done to hold the leadership to account?

The report recommends that the police develop their internal communications to allow bottom up accountability. The new organisational culture has to reject the autocratic past and become democratic. A more democratic culture will help to develop the idea that senior officers justify their work to the organisation. The future will require them to convince and not command. Although this may take time for the police who have a historical autocratic culture, it is what other organisation do to develop their culture. When employees are engaged by the organisation, they see the proposed behaviour modelled by the senior manager. An engaged employee is more likely to contribute to the overall culture. An engaged employee will have a stake in the organisation’s purpose and work to resist changes to it by leaders who wish to subvert its purpose for their own ends. The challenge will be to created accountability mechanisms, like public hearings, or staff surveys that explain and measure the corporate culture. The senior officers will need to need to justify the culture they create and nurture. It is not enough to say, “We are hitting targets” if those targets serve the police leadership and not the public.

Conclusion

What the UK police leadership reveals is that its influence on culture endures and is stronger than in other industries. The challenge is whether the leadership can change itself and in changing itself whether it will change the overall culture. The report suggests that it might be beginning to succeed. However, the residual autocratic culture remains embedded within officers and organisation. Perhaps we need to look at the middle managers as the guardians of the old culture who need to change. They are the leaders that determine the police culture and any organisation’s culture. Perhaps this is a topic for future research.

[1]http://whatworks.college.police.uk/Research/Documents/150317_Ethical_leadership_FINAL_REPORT.pdf

[2] http://thoughtmanagement.org/2011/11/21/does-the-fish-rot-from-the-head-down-when-organisations-go-toxic/

[3] http://thoughtmanagement.org/2012/01/07/the-myth-of-the-rogue-employee-rotten-barrels-create-rotten-apples/

[4] http://www.bbc.co.uk/news/uk-england-birmingham-30710852

[5] The Dark Side of Authority: Antecedents, Mechanisms, and Outcomes of Organizational

Corruption   Ruth V. Aguilera and Abhijeet K. Vadera Journal of Business Ethics,

Vol. 77, No. 4 (Feb., 2008), pp. 431-449 Stable URL: http://www.jstor.org/stable/25075575

[6] Denis F. Thompson proposed a model of institutional corruption in which he looks at institutional corruption as occurring when an organisation, in his research Congress, deviates systematically from its proper purpose. See Denis F. Thompson Ethics In Congress: From Individual to Institutional Corruption (1995). See also Institutional Corruption: a Fiduciary Theory M. E. Newhouse Cornell Journal of Law and Public Policy vol 23 553-594 and Dennis F. Thompson Two Concepts of Corruption Edmon J Safra Working Papers No. 16 August 2013. There he describes institutional corruption as occurring “when an institution or its officials receive a benefit that is directly useful to performing an institutional purpose, and systematically provides a service to the benefactor under conditions that tend to undermine procedures that support the primary purposes of the institution.” (p.3)

[7] Fleet Street routinely nurtures a crop of untold stories about powerful abusers who have evaded justice. One such is Peter Morrison, formerly the MP for Chester and the deputy chairman of the Conservative Party. Ten years ago, Chris House, the veteran crime reporter for the Sunday Mirror, twice received tip-offs from police officers who said that Morrison had been caught cottaging in public toilets with underaged boys and had been released with a caution. A less powerful man, the officers complained, would have been charged with gross indecency or an offence against children.

At the time, Chris House confronted Morrison, who used libel laws to block publication of the story. Now, Morrison is dead and cannot sue. Police last week confirmed that he had been picked up twice and never brought to trial. They added that there appeared to be no trace of either incident in any of the official records

http://www.nickdavies.net/1998/04/01/the-sheer-scale-of-child-sexual-abuse-in-britain/

[8] Rotherham grooming scandal showed the scrutiny to be limited and ineffective. It became a captive of the status quo and failed to challenge the organisation. Officers appeared to feed the Members a steady diet of good news and the Members did not want to look for problems. Instead of providing accountability and challenge, even if informally, it failed in that duty as it became a servant of the political leadership. http://www.cfps.org.uk/domains/cfps.org.uk/local/media/downloads/06_09_17_Rotherham_report_1.pdf

Posted in bureaucracy, coruption, culture, leadership, learning organisation | Tagged , , , , , | 1 Comment

Thoughts on TRILCon15: The Privacy Arms Race

Hospital curtains used to give patients privacy.

Hospital curtains used to give patients privacy. (Photo credit: Wikipedia)

On the 21st of April, I attended the Trust Risk Information and the Law Conference 2015. It was by the Centre for Information Rights. The theme was the Privacy Arms Race. My blog on the previous conference can be found here.[1] A write up by Paul Gibbons (author of the well-regarded FOI-Man blog) can be found here (accessed 25 April 2015)

The event, sponsored by Bond Dickinson, was a good mixture of academics and practitioners exploring the various challenges in the race for privacy against the increased capacity to broadcast, track, and find personal data.

Kieron O’Hara, who gave the opening talk in 2014, returned with an eloquent presentation on the Right to be Forgotten (RTBF) and the Google Spain ruling. In the Google v Spain decision, he pointed out, we are not forgetting people so much as de-indexing them from search engines. Although free speech advocates worried it was stifling free speech, the decision has less of an effect on speech and more of an effect on search systems. There will be ways to find the information, if interested, but it will not be as easy to find.

The ruling, as Prof O’Hara explained, was also a possible regulatory bar for new entrants into the search engine business. New entrants will need to manage the searches in response to the new regulatory burden as well as customer expectations. The costs and bureaucratic systems might be easy for Google to manage but will smaller or new search engine companies might struggle.

Implications: What I found interesting from the talk was the way in which the ruling is a first step in setting the boundaries to the digital public space. I will return to this theme throughout the post. I found one way to look at the privacy arms race was that individuals were trying to become better digital citizens and expecting digital behaviour from governments and corporations in line with their expectations. The RTBF is an example of the community, through the law, shaping the public memory. O’Hara explains that it is not a new right as such as the control of memory and the belief in a right to be forgotten, such as with various societies allowing historical cases to be expunged or removed.

After the opening session, two breakout sessions were available.

One was stream 1B which was about The Information and Enforcement Battle ground

The papers were

Privacy, Darknets, and the Consequences of Copyright Enforcement Andrew Black, David Komuves (University of Edinburgh)

The case of public documents of high public interest where private information can be found: a comparison between England and Spain. Pilar Cousido Gonzalez (University of Madrid, visiting Professor University of Winchester)

Predicting your behaviour: the need for big data policies Andrew Kimble (Bond Dickinson LLP)

The second was 1A: The technology battleground.

I attended this session as I was presenting the second paper.

Possible Futures for personal data stores. Marion Oswald (University of Winchester) Kieron O’Hara, Max Van Kleek (University of Southampton) Dave Murray-Rust (University of Edinburgh)

Dave Murray Rust presented the group paper which explored how and why people lied online to protect their identity. The paper found that people often engaged in this behaviour because privacy notices were too complex, too long, and too difficult to understand. The concerns about the way the organisation might use their personal data, which if the privacy notice was poorly written or structured, would be high, could lead people to become “privacy vigilantes” to protect their privacy. Methods that might be used are providing false or incomplete information. One solution they explored was the idea that people would have their own personal data stores. They could take their personal data and set the various access controls so that when the visited sites or used devices the settings were already in place. An alternative was that the PDS would contain the links to the personal data and act as a conduit to where the data was stored and not a store in itself. The goal is to create a system that enables the user to manage their multiple identities across the various systems.

What underpinned this paper was the discussion the idea that people had multiple identities depending on the context. A person can be a member of a demographic group and be a member of a voluntary group. They could then manage their identity within each group. Another concern was who owned the data and whether the law would change about data ownership. At the moment, we do not own our personal data. [See  Ruling on Fairstar]

Implications. Can the user bundle their identities together in such a way that they have not created their own security service dossier. By collecting the information together so that they can manage it, the user also makes it easier to manage them. Even if the PDS is encrypted, it does give a focal point that provides a near instant understanding of a person across all their platforms. Does the benefit from convenience outweigh the surveillance or identity theft threats?

I gave the second presentation.

Esotericism or Encryption: Can technology protect philosophy?

I argued that the threat from state surveillance and persecution are a threat that is coeval with political life. The individuals who wanted to protect their privacy from the state or from the community used various devices. I compared and contrasted the practice of esotericism with encryption. The key change, though, in esotericism was the rise of the modern state and the Enlightenment idea of free speech. The ability to speak openly and be tolerated reduced the need for esotericism as persecution was reduced. However, in the digital age, persecution has returned and individuals use encryption to protect themselves. The problem though for both esotericism and encryption is that technology can defeat both. For a short summary of the article see this blog post https://lawrenceserewicz.wordpress.com/2015/04/24/persecution-and-the-art-of-writing-the-return-to-an-ancient-problem/ (25 April 2015)

The result is a deeper problem. If philosophy is a radically private act and Internet of Things threatens that privacy, is philosophy possible? If philosophy is not possible, so that all philosophizing has to be done publicly, then it becomes a political activity. In that domain, the technological state can ensure a status quo because it can search out through algorithms and computer assisted linguistic analysis to find ideas and speakers who threaten the status quo. Any change will be filtered through the technological status quo, which might moderate most change but also make some changes impossible. For a short blog post on this point see https://mediameditations.wordpress.com/2015/04/23/freedom-of-thought-and-the-public-domain/( accessed 25 April 2015) However, all of this assumes that the status quo is just and desirable. If not, then the ability to change it might be stifled. In a sense, the technological status quo encourage a dogmatic belief in the status quo that becomes tyrannical.

Implications: The struggle for privacy is part of a wider struggle of the individual against the community or the state. The danger from a search for privacy is that we can surrender the public sphere to ensure we retain our privacy. In that sense, we want the public to accept and condone our private lives and acts in exchange for accepting the political status quo. If we trade privacy for public life, do we have the basis to shape the public life and to resist the state’s power on anything except the private life that it might challenge and thus accepts a political status quo so long as it is benign towards our private lives.

To wear it or not – that is the question! Melanie Eberlein-Scott, Spencer Wood (Facts International) The new black is wearable technology. Melanie discussed a wearable technology is becoming both a fashion item and a powerful tool for marketing and health industries. Spencer was not able to make the conference, but provided a video clip for his parts of the presentation. The way fashion and technology intersect because it shows how individuals, and society, seek to adapt to it. At the TRILCon14, there was an interesting presentation on fashion and its response to surveillance.[2]

This presentation went beyond the previous one as it was describing devices that were being used and the services that rely on those devices. Although this was focused on the benign technology, these are devices that the user wants to wear and are not required to wear; the technology has its origins in surveillance. The earliest wearable technology for monitoring was military use for global positioning systems and law enforcement with prisoner tracking bracelets. The technology is becoming fashionable as it provides health and consumer data that allows for an individualised or personalised service. The technology allows us to track our performance and monitor our status. For marketing firms the technology can provide a valuable insight as companies can see in real time the effect of product placement and advertising. The wearable technology field is increasing with Google Glass and Apple Watch leading the way. It remains to be seen, though, whether Apple Watch can ignite interest beyond the low-key response to Google Glass

Implications: Wearable technology will only increase. Even though the technology might not broadcast user information, it does provide a ready store that hackers or other interested parties would want. One point that was raised was whether the wearable technology could be used to modify behaviour or ensure compliance such as with health information for insurance purposes that limit the user’s freedom. Despite these concerns, the field looks to grow as there are many applications for industries seeking comparative advantages and users who want to benefit from the personalised services such as health monitoring or consumer advice that it can provide.

Lunch Plenary Address

After lunch, the plenary session was Professor Hankin discussion the Foresight report on Future Identities. https://www.gov.uk/government/publications/future-identities-changing-identities-in-the-uk (accessed 25 April 2015) The report looked at what went into online identities and recognized that there was not a single unchangeable identity for an individual. The report was the product of this research project. https://www.gov.uk/government/collections/future-of-identity (accessed 25 April 2015) The site is worth visiting because it contains the 20 background papers prepared to support the final report.

The implications: The future of identity will have to find a way to put the individual within a wider context even as it seeks to individuals or personalize identity and services. Someone’s group identity might have a greater impact on their behaviour than their individual identity.

After the plenary session, there were two choices. The first stream covered the regulatory battleground

The expanding scope of the Data Protection Directive: The exception for a “purely personal or household activity” Oliver Butler (University of Cambridge) –

Will Export Control Regulations Change the Way Corporations Use Cloud Computing Services? John Eustice, Timothy O’ Toole, (Miller & Chevalier) –

The second stream, which I attended, was the online battleground

A right to an online private life for employees? Megan Pearson (University of Winchester) –

She discussed how employee privacy has evolved as the social media age has allowed surveillance to expand into the time away from work and the way private life can affect professional life. The presentation covered how many employees had been fired or punished for comments on social media. The cases were based mainly on bringing the company into disrepute. Two main issues were how the company became aware of the material, often it was an anonymous tip off, or the comment had received wider circulation.

What was interesting was the expectation within the audience that people either should know better or that the issues could be solved by a company being clear about the policies associated with social media. What was also interesting is that the sensitive material was often broadcast or provided by friends and not the state or the company monitoring the employee or the web. In some cases, there are people who seek out such comments or pictures to amplify them or report them to the company.

Implications: The danger to employees is similar to the average user who finds their tweet, post, or picture being broadcast across the web. The issue was the balance between an organisation’s concern about its corporate reputation if an employee brought it in to disrepute and the individual’s social media life away from work. What is emerging though is that companies and individuals are learning from it. We might be starting to see people become better digital citizens as they learn to behave online and to understand the boundaries to acceptable and unacceptable behaviour that we learn in the public domain from childhood. If we accept that the digital domain is still in its relative infancy with people being able to publish directly to a global audience, the law, society, and individuals are adapting quickly to develop the acceptable social conduct.

 

The final plenary session was themed on Data protection & the right-to-be-forgotten – the future?

Is data protection law the new defamation? Judith Townend (Director, Centre for Law and Information Policy, Institute of Advanced Legal Studies)

Judith explored whether the data protection law and the increased emphasis on privacy would have a chilling effect or a deterrent effect on journalism as it was suggested the defamation law would. The results suggest that it did not have an effect, in large part because the exceptions that exist, and the focus on other issues. The research showed that privacy and privacy related issues had a much higher profile. However, in light Leveson’s promised review of data protection and journalism, which has not arrived, it remains an open issue. Even though the ICO has published guidance on the role, it is not a statutory guidance. An interesting finding from the paper was that news organisations were receiving more requests for personal data which suggests that the public now have a greater awareness of their information rights.

Implications: Even though the paper did not find a positive result, it did raise a point of continuing friction. The Leveson review’s promised review of journalism and data protection might have been overtaken by events. The Vidal-Hall v Google ruling reaffirmed the tort for the misuse of private information. Although journalism is not directly affected, it does raise the bar on those who might access the information in the hopes of providing it to the media. A second issue is that the Right to be Forgotten are influencing the way that Google, which appears to want to increase its role as a news organisation, manages its search engines. As media companies have to rely on the search engines, it can mean that the regulation of search engines has a knock on effect on journalism.

Where now for the right to be forgotten? Iain Bourne (Group Manager, Policy Delivery, Information Commissioner’s Office) –

Iain discussed how the ICO was handling the RTBF complaints. These are the complaints lodged by people who are refused by Google in their request to be de-indexed. What they found was that for the thousands of requests that Google had received very few had led to an ICO complaint. The low conversion rate could either mean that Google has an effect procedure or that people are unwilling to appeal. One point to consider from the presentation was that Google v Spain focused on privacy and not the context of search as search is not the same as search. The presentation explored their published criteria and the challenge, especially around information that covered allegations of criminal offences . The difference between EU members on this issue as they have different approaches to what is available and what is not. The process is not seamless or without its flaws because the web global reach means that mirror sites can host information outside the EU jurisdiction. There are also sites and organisations devoted to retaining links to the data that had been de-indexed.

Implications. The low conversion rate suggests that the RTBF is having the desired effect. Cases where there is a borderline issue seem to be handled well by Google. Thus, the clear-cut cases are handled easily. The same approach seems to work in the cases where someone might have cause to appeal are not appealing because of the response provided by Google. What needs to be explored is if the RTBF case is having an effect on what people publish and the way that search algorithms are being designed. Although more sites are changing their systems so that the search engine robots cannot scan inside the site, it is uncertain if there has been an effect on what is published. The challenge is whether the RTBF can be scaled to a global “right”. Even if it is, the effort to enforce it in all but the most obvious cases may prove difficult. However, it does signal intent and it does start to shape the public domain and what is published and how search engine companies operate in the new regulatory environment.

Trust as Collateral Damage in the Privacy Arms Race – the right to be forgotten Alastair McCapra, (Chief Executive, Chartered Institute of Public Relations)

The final paper of the plenary session looked at whether trust was possible in light of the right to be forgotten. Alastair discussed several issues of how the RTBF was affecting the trust in the web as a record keeper and whether that process was being shaped by such request. He looked at how Wikipedia entries had been affected by take down requests under RTBF. Another area of concern was that the RTBF was giving the false impression that PR disasters could be “cleaned up”. The RTBF would not change the underlying issue and it gave a false expectation that it would mean that issues could be addressed.

Implications: The continuing struggle between privacy and transparency and the desire to control information with the desire to make information free presents a struggle that has consequences for how individuals will use the web. The right to be forgotten is the first attempt to manage the public domain in a way that responds to the individual and gives them some control over their personal data.

 

Overall, I found the day stimulating and full of interesting ideas. The presentations were excellent and they sparked good discussions with the audience. The organisers are to be commended for running a seamless event. The event has developed from its first year and I look forward to the next one. If you get a chance visit the Centre for Information Rights site.

[1] http://thoughtmanagement.org/2014/05/11/thoughts-on-the-trilconference-trilcon/

[2] Electronic surveillance, fashion, marketing & the law’ Savithri Bartlett, University of Winchester, Matteo Montecchi, University of the Arts London, London College of Fashion and Marion Oswald, University of Winchester

Posted in culture, customer service, management, privacy, transparency, Uncategorized | Tagged , , , , , , | Leave a comment

Friend or Foe? The state’s only question about your digital identity

The major issue for the web is how to identify a user. At first glance, this seems an obvious question. We know who someone is by the IP address and the owner of the computer. Except that is not always the case. First, else might be using the computer. A child might be logged on instead of the computer or account owner. Second, someone might be using a false identity, a legend, to appear to be someone else. Third, someone might be using encryption to hide their identity, which makes it difficult if not impossible to identify the person at the computer. Google’s privacy counsel argued a similar point in the year after[1] the EU Article 29 working party ruled on personal data.[2]

Are you the person at the computer?

Google’s argument at the time was that the information they collect relates to a machine and not to a person. Yes, a person may own or associate with the machine and therefore it is personal data for the purposes of the UK DPA and the EU Article 29 Working Party.  However, the wider issue of privacy in the digital age is that we are not certain that the person at the MAC address or IP address is the person listed. Another person could use that address or computer either legally, a housemate, or illegally a hacker or someone seeking a cover. As the identity is difficult to determine, in a way that is not as difficult in the physical domain, the state has to undertake digital investigations and in some case surveillance.  However, encryption increases the difficulty associated with basic effort to validate someone’s identity.

Who is a friend, who is an enemy? The questions a state has to ask. 

The governments in the physical domain spend extensive resources making sure they can identify their citizens for their services. They issue them with passports, so they know they have a right of return if they leave. They issue them with driving licenses so they know they are licensed for the road. They issue them with social security numbers to know who is entitled to social service benefits. For each of these documents they have to prove their identity to the state usually through official birth certificates as issued by the state or a recognized institution. However, this is only part of the issue. Identity is not so much a problem as to determine whether someone is a threat.

Who you are in the physical domain is not always who you are in the digital domain

In the physical domain, residence is usually a sign that an individual is not an immediate threat. People who hate a government or the society usually move away. Even if they do not move away, their thoughts and views against the government can be seen in their physical behavior. They can participate in protests, support violent groups, or take direct action. In each of these, there is a clear line between legitimate politics, as accepted by the society and the illegitimate politics where violence is used for political change. Thus, the problem for a regime is when it uses the methods designed against illegitimate protest on legitimate protest. However, this is a secondary issue as the main issue is how to identify threats.

Unless the state can recognize friend from enemy, it cannot keep you safe

The state’s highest responsibility is for society’s self-preservation from physical threats and secondarily from intellectual threats. Even in the intellectual realm, a state will take a stand against threats to society’s safety especially if the society cannot manage those threats by itself. For example, many states will control or outlaw certain types of speech that are directed at violent overthrow of the state or society. In this way, the liberal democratic state serves to protect itself from a radicalism that would destroy it from within as would external physical threats. We can see this in ways that states, especially at war or under threat, will censor news outlets or even specific individuals. Yet, in those instances, the state can identify the threats.

There is a lot of work to make it easy to identify who you are in the physical domain.

In the digital domain, the identity is harder to confirm. Even if someone says they are the person using the computer at this moment, how does anyone reading their email or blog post know that it is? Moreover, does the ISP know it is their user and not someone else? They may have strong circumstantial evidence that it is user (proper authenticated sign in, regular pattern of behavior[3]) but these rely on secondary issues for verification such as cctv if available, coworkers if present, third party testimony someone else who witnessed the user’s behavior, or a personal statement from the user. All of these problems are ones that the state surveillance systems, through their intelligence agencies, have to overcome. They can be overcome through a huge intensive cross matching of many uncertainties. However, they are much more difficult than the physical domain where no encryption exists.

Will our physical identity become the basis for our digital identity?

What might happen with web identity is that computing becomes as organic as the physical domain.[4] If computing, and storage, become organic then our gene sequence will be our “face” or our identity just as in the physical domain our identity is created within the context of our family, community and state. We can then use ourselves to demonstrate identity or authenticity within the digital domain. With this identity confirmed, the state can then reduce the need to focus on those who can be dismissed as non-obvious threats as they do in the physical domain.

What is God’s name is the same question we ask in the digital domain.

The digital domain’s problem with identity is only an exaggerated version of the problem in the physical domain. We may have a name but who are we? Are we a threat? In this we are reminded of what God said when he was asked his name.  I AM WHO I AM (Exodus 3:14).

Verified identity will reduce the need for digital surveillance.

For the state, the question of identity can be the difference between life and death. In the age of encryption, it is no surprise that the stat is concerned to be able to identify friends from enemies so that it can keeps its side of the bargain to protect society and ensure its self-preservation. In this sense, encryption makes the problem worse and it identifies the problem is not technological it is a political issue of how a state can keep its obligation to its citizens by determining who is a friend and an enemy.

[1] http://peterfleischer.blogspot.co.uk/2008/02/can-website-identify-user-based-on-ip.html (accessed 29 March 2015)

[2] Here is the website that explains what the Article 29 Working Party is http://ec.europa.eu/justice/data-protection/article-29/index_en.htm (accessed 29 March 2015) There 2007 decision on personal data is her.

[3] Our online behaviour may tell others more about us than we realize as we type and use input devices. http://www.theguardian.com/technology/2014/jul/18/how-your-electronic-dna-could-be-the-secure-login-of-the-future (accessed 29 March 2015)

[4] http://www.swissinfo.ch/eng/swiss-team-uncovers-time-tested-preservation-method/41272794#.VOdWrIXddRY.linkedin (accessed 29 March 2015) and http://www.gizmag.com/dna-data-storage/36151/ (accessed 29 March 2015) and the research press release http://www.sciencedaily.com/releases/2015/02/150212154633.htm (accessed 29 March 2015)  Discuss the attempt to store data through saving data as a DNA sequence.

Posted in compliance, elearning, information management, privacy, records management, Uncategorized | Tagged , , , , , , | 1 Comment

Vexatious What the public sector calls a troll?

On the web, people who are argumentative, rude, or even threatening are called trolls. People block them and shun them from contact. In extreme cases, they can be banned from the social media platforms. The same process occurs in the world of public sector customer service. Instead of being declared a troll, you are declared vexatious. When you are declared vexatious, you lose a number of rights. In particular, your right to complain is reduced and your right to contact others about your complaint is reduced.

Doing more with less means no one will suffer fools gladly?

In the public sector, customer service is changing. Over the past few years, the resolve to deal with “problem” customers has increased. In the past, the organisations might have suffered in relative silence. As they lacked the customer service experience, resources, or willingness to deal with these types of customers, they would have put up with them. They would have accepted them as the cost of doing business or simply refuse to deal with them until compelled to by law. Unless they became abusive or threatening, it was difficult for an organisation to turn them away.

Vexatious Litigant is a related issue.

The legal term “vexatious litigant” has existed for many years.[1] It describes a person who makes frivolous or malicious legal claims that do not pursue a legal issue beyond the ability to vex the other party by forcing them to endure a legal claim. The court can declare a litigant as vexatious and future related claims can be rejected or the applicant must seek permission from the court to apply.[2] What is new, though, is that this term and idea vexatious complainant has arrived in customer services. In the past, public sector organisations could not use this approach because it dealt with a particular area, the law, and it was about an application to the court. By contrast, public sector has a legal obligation to provide services and cannot refuse to deal with the applicant. Thus, one approach was to ignore the complainant. For many this is what happened.

The FOIA changed the balance but only for a time.

In 2000 the Freedom of Information Act gave the individual the power to compel an organisation to respond to requests for recorded information. Although it was not the same as dealing with complaints, it did force the public sector organisation to respond to written requests for information. Organisations had to accept that they would have to deal with applicants who had become unreasonable, persistent, and problematic. For the first seven years of the Act’s life, organisations put up with these type of applicants as they believed the law limited their options. In 2011, the First Tier Tribunal overturned the decision to consider an applicant vexatious. The decision of the First-tier Tribunal (General Regulatory Chamber) (Information Rights) dated 20 September 2011, following the hearing on 24 August 2011 under file reference EA/2011/0079. This was appealed by the ICO on behalf of the Devon County Council. The appeal was successful and the Upper Tier Tribunal Information Rights, handed down a ruling supporting the ICO’s appeal. The decision also set ou how “vexatious” requests could be understood.[3] If an organisation decided that the requests fit these categories, they could refuse to respond to it. The exemption also allows the organisation to refuse to accept an applicant’s request on the topic without needing to tell them.[4] Although an applicant can appeal to the ICO, however, success is unlikely.[5] If they appeal to the Upper Tier Tribunal, the stage after the ICO, successful appeals are rare. However, the FOIA ruling is important for another reason. It has provided the public sector a way to class complainants, as it did with requests, as vexatious. I would argue the ruling has changed the way public sector organisations provide customer service and has shifted the balance from the individual to the organisation.

Protect the staff and resources, but at what price?

The public sector in the UK, which has to do the same or more with a reduced budget, has sought way to limit those customers that take up the most time. These customers were often called “problem customers” or “serial complainers” who, for any number of reasons, take up the organisation’s time and resources. They are considered persistent, prolific, or vexatious applicants and organisations, and their customer services, need a way to deal with them. The preferred approach appears to be to declare them vexatious. Once declared vexatious, the organisation can refuse them services, reduce them or manage them in a specific way.[6]

On the surface, the new rules appear to be justified. Complaints and requests can cost a public sector organisation time and money. If the applicant has a grudge or is unreasonable, they can create problems for the organisation. The public purse needs to be protected and staff need to be protected from applicants who have a grudge, who make persistent unreasonable requests, and take up a larger amount of time than other applicants. To do this, organisations have created policies and procedures that help them identify and deal with vexatious complaints.

When we look beneath the surface, the policies give the organisation increased powers over the individual. In one light they can appear potentially undemocratic if not a violation of human rights. In another light, they can appear vindictive as the organisation can use it as a first resort or as a threat to deter and prevent complaints. If you are a vexatious complainant you can lose various rights. Here are the various rights than can be taken away.

The right to free expression: the right to complain.

Some organisations have policies that state if the complaint complains to other people or to another organisations about their complaint or at the same time as their complaint, they can be declared vexatious. Yet, under the Human Rights Act, every individual is allowed the right of free expression (Article 10 Right to free expression and information) except, it would appear, if you have a complaint. Then you lose that right. If you write to your MP about the organisation, they can take that as vexatious behaviour and refuse to deal with you.

Adopting a ‘scattergun’ approach: pursuing a complaint or complaints with the authority and, at the same time, with a Member of Parliament/ a Councillor/ the authority’s independent auditor/ the Standards Board/ local police/ solicitors/ the Ombudsman.

We do not want to be held to account in a way we do not manage

The vexatious complaint procedures will declare your complaint vexatious if you record any meeting or telephone call without informing them first. As I wrote here, people are turning to social media to hold organisations to account. Many people no longer trust the organisations, and their staff, to keep their word. When the trust breaks down, the complainants believe they can only get a fair hearing if they record the meetings or telephone calls. The Data Protection Act allows a person to record a telephone call or a meeting without consent if it is for their own personal use.[7] Once the organisation finds out that you have recorded the call, according to their policy they are free to declare you vexatious and refuse to deal with you except in writing, if at all.

The following, non-exhaustive list, are examples of the actions and behaviours of unreasonable and unreasonably persistent complainants which may cause the policy to be invoked

h) Electronically recording meetings and conversations without the prior knowledge and consent of the other persons involved

In many cases, organisations record or monitor the incoming telephone calls to protect their staff and to ensure customer service standards are being met. Yet, in some cases organisation can work on the principle that if it is not written down it did not happen. Such an approach, while well intentioned, puts the complainant at a disadvantage because the employee not the customer takes the notes. If the issue is contentious, the organisation might say “well our employee wrote it down that way and if it wasn’t written down it did not happen. What evidence do you have that it did happen as you say?”

Raise your voice and you’re on the Potentially Violent Persons Register (PVPR)

If the complainant use aggressive language over the telephone or in person the organisation can put you on their potentially violent persons register (PVPR). Thus, they go from having complained to their MP about the complaint process to being classed as a vexatious complainant. If they express their frustration in less than civil terms, they can be put on the PVPR and declared vexatious.

So whatever you do, try to avoid complaining. If you do complain, make sure you are polite and don’t complain to anyone else at the organisation. Always remember that you cannot contact your MP or anyone else about your complaint until the organisation has decided your complaint. If you fail to follow these rules, you will be declared vexatious. If you make an FOI request about it, you can be declared vexatious.

The organisations now have increased powers to protect themselves and manage the individual. Who is speaking up for the individual?

[1] Here is a short history of the term and the legislation around it. http://www.infotextmanuscripts.org/vexatiouslitigant/vex_lit_history.html (Accessed 22 February 2015)

[2] Here is a list of vexatious litigants held by the UK government. https://www.gov.uk/vexatious-litigants (Accessed 22 February 2015) This applies to England and Wales

[3] In Information Commissioner v s Devon County Council & Dransfield [2012] UKUT 440 (AAC), (28 January 2013) , Judge Wikeley recognised that the Upper Tribunal in Wise v The Information Commissioner GIA/1871/2011) had identified proportionality as the common theme underpinning section 14(1)and he made particular reference to its comment that ‘Inherent in the policy behind section 14(1) is the idea of proportionality. There must be an appropriate relationship between such matters as the information sought, the purpose of the request, and the time and other resources that would be needed to provide it.’

[4] Here is the guidance from ICO on dealing with requests under section 14 https://ico.org.uk/media/for-organisations/documents/1198/dealing-with-vexatious-requests.pdf (accessed 22 February 2015)

[5] If we examine the ICO’s database on decision notices, where they rule on whether the organisation applied an exemption or refused information correctly, we see the trend. In the last year, as defined by the ICO data base, there were 131 complaints on s.14. Of these 32 were upheld and 110 were refused. This means that of a 131 cases, the applicant succeeded 32 times while the organisation succeeded in 110 cases. The numbers do not match because there can be partial or overlapping complaints. The next highest, with a public interest test, was s.43 (Commercial Interest). Here there were 47 cases last year. 18 were upheld (siding with applicant) and 28 were refused (siding with the organisation). The highest use exemption was s40 (Personal Information). As there is no public interest test for this category it is an outlier. However, there were 230 requests 52 were upheld (for the applicant) and 189 were against)

[6] The policies are curiously consistent across many organisations and seem to have been copied or shared to save time. I did an internet search with this phrase and found it was the same in a dozen policies. “Electronically recording meetings and conversations without the prior knowledge and

consent of the other persons involved.”

[7] Under the Data Protection Act 1998 (DPA), Section 36, there is an exemption which states that “personal data are exempt from the Data Protection Principles and the provisions of Part II (individuals’ rights) and Part III (notification) of the Act where they are processed by an individual only for the purposes of that individual’s personal, family or household affairs (including recreational purposes).” This means that an individual can carry out covert recordings without being in breach of the DPA as long as the information is for their own personal and domestic use.

http://www.computertel.co.uk/wp-content/uploads/2013/05/Call-Recording-Law-in-the-UK-updated-2013.pdf

Tribunals and Courts may not like the covert recordings by individuals. However, they will accept that justice needs to be served and any evidence that proves a case needs to be considered. Following a number of tribunal cases that allowed for it to be submitted.

http://www.cipd.co.uk/pm/peoplemanagement/b/weblog/archive/2014/04/11/employers-may-need-to-record-disciplinary-meetings.aspx (Accessed 22 February 2015) See also The Tribunal was clearly uneasy at admitting the evidence, but could not avoid it on the facts.

http://www.brodies.com/node/2011 (Accessed 22 February 2015)

Posted in bureaucracy, compliance, coruption, Uncategorized | Tagged , , , , , | 5 Comments

Who cares if records get lost?

Records life-cycle consisting three stages: cr...

Records life-cycle consisting three stages: creation, maintenance, and disposition of the record. FEA (2005). FEA Records Management Profile, Version 1.0. December 15, 2005. (Photo credit: Wikipedia)

When we hear about the lost records at the Home Office or other public sector organisations, many of us will not give it a second thought. We think that lost files or poor records management are facts of life. We just live with it as governments and organisations muddle through somehow and deliver their services. As long as services are being delivered and nothing is going obviously wrong, the public are content to ignore such internal matters. Even when these files contain something out of the ordinary, such as allegations of child sexual abuse by powerful people, many people have explained the lost or missing records as not something out of the ordinary. Records get lost on a regular basis or they get destroyed as part of the normal records management process. In local government, if the documents are not part of the official decision process, then there is no reason to keep them or provide them to the local Records Office. In the case of the child sexual abuse allegations, the file was small and to some commentators it was relatively unimportant as it only contained allegations. For others, the lost files are explained by the lack of space at the Home Office; which would explain why the files were destroyed. As The Telegraph cautioned that an undue focus on the lost records and the allegations could create an atmosphere conducive to a witch-hunt.[1] ?

Records? We lost those, sorry. Were they important?

At first glance, these views make sense.[2] They appear to explain what happened. It was as an unfortunate incident that happens with unsurprising regularity. Organisations struggle with records management as they lack space to manage the records. Records management is rarely given a high priority and few organisations approach it in a systematic way. For many employees, filing and managing records is neither glamorous nor a priority. For senior managers, and corporate directors, what matters is the organisation delivers its work. If a few files get lost, that is the cost of doing business. Middle managers have higher priority to deliver products and outcomes to their customers and clients.[3] Given that records management is a low priority, often handled as an afterthought or by junior employees, it would appear that lost records only become a concern when their content creates the necessity to find them. If the records had been something else, such as an invoice for an IT project, we would be less concerned. Whatever their priority, we know the police have begun to investigate the child sexual abuse allegations, so do we really need to be concerned with lost records or poor records management?

Without records you cannot hold power to account.

The short answer is yes. You need to be deeply concerned for three main reasons. The first reason is that lost records affect the organisations and the employees that manage the records. The second reason is that the flawed records management, which allows records to be lost, undermines democratic and historical accountability for a community and for the individual. We can see this problem in the Daniel Morgan murder investigation and the Shaw Report. The third reason is the lost records fail to dispel the possibility of a cover-up that destroys the faith in justice.

Archivists are haunted by lost records of potential political misdeeds

For archivists the case in Westminster should raise deep concerns. Although the testimony by those in charge of the records appeared to allay concern about the records being destroyed or edited on purpose, the case contains has a powerful shadow of the way that archives within a political organisation or the police can be threatened. The case will remind archivists of something that haunts the profession. All archivists, and most records managers, will have heard of Heiner Affair and the Nordlinger Affair in Australia.[4] These are Australian cases where public documents were shredded to hide evidence of abuse of young people within the care of the government. The case revealed that politicians pressured records managers and archivists to remove documents and destroy documents to avoid accountability. The same is likely to have occurred in the United Kingdom. The state of records keeping associated with children in care shows a shocking disregard for accountability. The Home Office case is the highest profile example of “lost records”, but it is not the only one nor will it be the last. However, the problem is not new. The problem of lost records is common in local government.[5] Many organisations will cover up their malfeasance through such excuses as lost records. We have seen court cases collapse because of poor records management. The Daniel Morgan murder trial is only one of many cases where poor records management has caused a case to collapse.[6] Even more recently the claim that records were deleted in the phone hacking trial with News Corporation shows the way that records will be deleted. The problems with organisational records management reveal a deeper political problem.

Records create democratic accountability

Without records it is difficult to hold the powerful to account. We only need to consider how Magna Carta, the UK government’s oldest piece of legislation, remains a touchstone as it contains the country’s fundamental political contract. The same role is played by historic town and city charters. Even though we are not interested in historical artefacts they do show how records are used to hold the powerful to account. If the powerful contravene the promises within these documents or the promise that the document expresses, then they can be held to account. However, it is a truism that political power resists the efforts to control or constrain it. The politically powerful seek to manage the ways they are held to account so they can control it or influence it.[7] They will use their power and position, and the resources it provides, to protect themselves and their office. If records create an account against which they can be judged, they will delete, discredit, or destroy it. Even if they welcome it because of political necessity, they will seek to influence it to reflect their interests or the interests of their office. We know from history that to avoid accountability, powerful people and organisations will destroy records that show their faults or criminality.[8] In extreme situations, powerful people will try to influence the records management process or the archival process by putting pressure on archivists and records managers. Such outcomes are not reserved to tyrannies or totalitarian regimes, they also occur in democracies.[9] From the smallest parish council to Parliament, no government is immune from this behaviour. Even without the extreme example of the Heiner affair, the basic problem is that when records are unavailable or inaccessible, democratic accountability is thwarted. The individual cannot hold their government or government representative to account. We have seen in history how repressive regimes regularly destroy records and seek to edit history to avoid accountability. In extreme situation they attempt to edit their opponents or misdeeds from history.[10] The only criminal sanction in the Enron scandal occurred because of the large scale destruction of records to avoid accountability.[11] The pressure to edit records and edit history is something that concerns all records managers and archivists in large part because it makes the complicit in a cover up.

The problem of cover ups

The lost records and the failure to retain documents are issues that go to the core of the archival field and raise deep questions about political accountability, archival independence, and archivist professional ethics and standards. These issues are now more prominent today as social media makes the public and organisations aware of how events are captured and recorded. In addition to public archives and records, which create institutional memories to hold governments and organisations to account, we now have personal records and memories to create an alternative to challenge the official record. We have learned from the Hillsborough tragedy that the Police lied about the events, attempted to cover up their lies, and the Sun proclaimed the official record by claiming it was the truth. They acted in concert to create public story, an official record, to explain the event and shift blame to the Liverpool fans. Only through determined families and individuals, who wanted truth and, were the police and the press brought to account. Without the Hillsborough Inquiry’s records, the families would be denied a chance at justice.

Rotherham: an outlier or a harbinger?

In the Rotherham scandal, records disappeared from the organisation. Reports were suppressed and kept from being recorded in the Council’s formal decision process, which meant that they were not retained.[12] If the records were managed appropriately, they would have been either submitted to Members as part of the public record or they would have been retained as evidence of officer decisions. However, in both cases, they were not included so that they could not be retained for historical accountability. The officers avoided organisational scrutiny and, for the most part, historical scrutiny. One witness, in a sworn statement, has alleged that records of the scale of the sexual abuse, which would have shown the council’s and the police’s short comings, were removed from a locked filing cabinet within a secure Council office.[13] In the Rotherham case, like the Hillsborough case, other organisations and people retained enough of the records to show the files that existed and were able to demonstrate that the organisation “knew” of them. If the records are not kept or are destroyed or “lost”, it is much more difficult, if not impossible, to obtain justice.

Is asking for good records management asking for a witch hunt?

When the media, like the Telegraph raise concerns about the possibility of a witch hunt, they may be taking a myopic view.[14] As such, it can make it appear that the concern for poor record keeping around child abuse allegations is only a concern for records manager and archivists. The records relate to someone’s life. Moreover, the UK’s less honourable history is demonstrated in the way it has handled records of the most vulnerable: looked after children.[15] The state becomes their parents by default. When the state loses their records or destroys their records, it takes away their childhood memories. It takes away their voice. It takes away their ability to seek justice. However, some governments, perhaps ones more sensitive to the problem of historical injustice at the hands of those who had power over them, have listened to their citizens and taken steps to right historical wrongs. In the UK, Scotland has done this with the Shaw report.

What is the Shaw Report?

The Shaw Report refers to Scotland’s Historical Abuse Systemic Review: Residential Schools and Children’s Homes in Scotland 1950 to 1995.[16] Tom Shaw led the work and wrote the report. The report catalogued the institutional abuses children and young people suffered over decades in Scotland’s Residential Schools and Children’s homes. It revealed the poor record keeping by the homes and the local government that denied the adult survivors a chance to recover their childhood memories. They were denied the records children (and adults) take for granted.

How Scotland used its devolved powers to protect the vulnerable

Scotland used devolved powers to create the report and change its records management system. England has refused to do this. It is not surprising given the scale of abuse and the way the establishment treated looked after children. It is time that England reformed its records management system to deliver the opportunity for justice to its most vulnerable. It needs to give its children a chance to retain their childhood memories.[17]

Why does Parliament resist the need for good records management?

When we see the lost files in this context, we see the deeper problem. This is not a problem of Westminister mandarins. This is not a problem of selective record keeping. This is not a problem of competing institutional priorities. This is a problem of justice. Justice is the core of any decent political society. If justice is unavailable to victims, can any government consider itself decent or civilized? Parliament’s refusal to change its approach to records management raises questions about its commitment to justice. It suggests an institutional resistance to being held to account by the public let alone the victims. Parliament is accountable only to itself. When the issue is framed as “a few lost records”, it suggests an inability to see what the problem represents. The question gets to the heart of the British society. We either have a decent political society where we are equal and accountable before the law or we have a society where the strong can do as they will and the weak must suffer because they lack the power to defend themselves. Democratic accountability starts with records management. The desire to avoid accountability seems to be a common theme rather than an unintended outcome. If Britain is to address the issue of historical child abuse and child sexual exploitation, it must get its records in order. If Westminster will not prioritize records management how can it claim to have a democratically accountable government? To put it directly, it is time that England had its equivalent of a Shaw report. Scotland has done it so why can’t England?

 

[1] http://www.telegraph.co.uk/news/uknews/law-and-order/10956642/Witch-hunts-thrive-in-a-climate-of-fear.html

[2] What most people will not know, though, is that in 1952 (5 September 1952) the Home Office issued a circular HO 200/52 that stated “Indecent practices in approved schools or boys and criminal offences involving the interests of boys or girls detained in approved schools”. Thus we find evidence that records should be kept of allegations and such matters should be reported to the police. (see paragraph 7). The next questions are whether such allegations were reported and what happened to the records?

[3] A priority can be used to justify any course of action either to avoid something or to do it. The most well-known is the priority of national security. All organisations have these priorities and are able to refer to them as needed. For example, the police will refer to their priority to fight crime or maintain order. A local council might say that social services are the priority. You might see this referred to as a “duty of care” such as a duty of care to ensure the health and safety of employees. Curiously, when an accident occurs, the organisation will do all that it can to either get out of this duty of care, strict view of the issue, or demonstrate that it was taking all the minimum steps necessary but could not do more because of other priorities. In rare occasions, an organisation might look at all of its priorities and consider whether it has chosen the right ones. Perhaps, you might ask your local councillor or your MP or the government department what their priorities are and how they reconcile them when they conflict.

[4] http://www.mybestdocs.com/hurley-c-lucas-keynote0703.htm   (accessed 19 January 2014)

[5] Consider that in 1952 the Home Office issued instructions that allegations were to be reported to the police. Many did not and fewer recorded heir abuse as many have no records relating to any abuse or allegations of abuse.  http://www.bbc.co.uk/news/magazine-28212710 (accessed 19 January)

[6] See reference to cases in Wales. Cite the reference to Daniel Morgan found elsewhere in a previous blog.

[7] See for example the different types of holding to account. http://webarchive.nationalarchives.gov.uk/20081023163307/http://www.hm-treasury.gov.uk/d/38.pdf (accessed 19 January 2015)

3.5 It is helpful to consider further what the notion of accountability entails. One analysis 1  has split it into four aspects:

giving an explanation – through which the main stakeholders (for example Parliament) are advised about what is happening, perhaps through an annual report, outlining performance and activity;

providing further information – where those accountable may be asked to account further, perhaps by providing information (e.g. to a select committee) on performance, beyond accounts already given;

reviewing and, if necessary, revising – where those accountable respond by examining performance, systems or practices, and if necessary, making changes to meet the expectations of stakeholders; and

granting redress or imposing sanctions – if a mechanism to impose sanctions exists, stakeholders might enforce their rights on those accountable to effect changes.

1 Barbaris P (1998) ‘The New Public Management and a New Accountability’ in Public Administration, Autumn. Also Neale A and Anderson B (2000) ‘Performance Reporting for Accountability Purposes – Lessons, Issues, Futures’ paper at International Public Management Workshop, Wellington, New Zealand

[8] In Hannah Arendt book Eichmann in Jerusalem, we see that in the final year of the war, the Nazis tried to destroy records of the Final Solution in the belief they could avoid or minimize the accountability.

[9] We can see this in the way Wikipedia accounts are edited by powerful people through their proxies.

[10] In extreme situations people are banished from history. The Damnatio memoriae refers to this process. http://en.wikipedia.org/wiki/Damnatio_memoriae

[11] The case against the accounting firm Arthur Andersen as a result of shredding documents that revealed Enron’s faulty accounting practices was ultimately overturned.  http://www.nytimes.com/2005/05/31/business/31wire-andersen.html?pagewanted=all&_r=0 (accessed 19 January 2015). The case was overturned because the burden of proof to determine criminal intent was too low. However, it still shows that it was records management and the destruction of records that was the turning point.

[12] Unless a document held by an officer is entered into the official decision making process either through a Cabinet meeting or through an official decision, it will not be retained in the archives.

[13] The Home Office researcher at Rotherham explains what happened. http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/home-affairs-committee/child-sexual-exploitation-and-the-response-to-localised-grooming-followup/written/12361.pdf (accessed 19 January 2015)

[14] A less charitable view would be to suggest that they have an institutional interest in dismissing the story as they work within a political framework and, like the Sun, they have a relationship with those in power which they wish to nurture. However, such an uncharitable view would need someone else to investigate it.

[15] Other records capture the UK’s history such as the Kenya torture records and many of these were destroyed. http://www.theguardian.com/uk/2012/apr/18/britain-destroyed-records-colonial-crimes

[16] http://www.scotland.gov.uk/Publications/2007/11/20104729/0 (accessed 19 January 20150

[17] http://www.nas.gov.uk/recordKeeping/legislationReview.asp (accessed 19 January 2015)

The record keeping review led to the change in the law in Scotland. Public Records (Scotland) Act 2011 http://www.nas.gov.uk/recordKeeping/publicRecordsBillNews.asp (accessed 19 January 2015)

A model system was developed that all Scottish public authorities had to follow to comply with the public records act (Scotland) 2011. http://www.nas.gov.uk/recordKeeping/PRSA/modelPlan.asp

Posted in bureaucracy | Tagged , , , , , | 7 Comments

January Break see you in February

Dear Subscribers,

I hope you had an excellent 2014 and I wish you a wonderful 2015. I am letting you know that I am taking a break from blogging until February. I have been writing three blogs over the past year and I wanted to pause and recharge. I thank you for reading the blog over the past year and I hope you will continue to follow it.

Look for future posts in February.

See you then.

All the best,

Lawrence

Posted in Uncategorized | Leave a comment

Why do bureaucracies delay disclosing information: the Case of Daniel Morgan Independent Panel

English: Administrative burden in Bucharest (R...

English: Administrative burden in Bucharest (Rumania) (Photo credit: Wikipedia)

According to a recent report, the Metropolitan Police have delayed the work of the Daniel Morgan Independent Panel.[1] The article says the delay is caused by the lack of an agreed protocol with the Panel for the transfer of documents and records. The police want to protect the identities of two informants. The claim is reasonable and respectable. Without informants, the police would find it difficult, if not impossible, to solve cases. If an informant cannot be protected, then few would volunteer information. However, there are other reasons why a bureaucracy would delay disclosing information. Christopher Hood has explored many of these and the efforts taken to resist them in his article “What happens when transparency meets blame avoidance?

All organisations are bureaucracies which means they are secretive by default.

All large organisations are bureaucracies and they will have their own reasons to keep information private.  However, by their nature, bureaucracies are secretive. They keep secrets for operational reasons (to keep sensitive information from competitors). They keep secrets for organisational reasons (to keep information secret until it is needed such as a product launch).[2] In this case, though, the veil of secrecy is being removed. The Metropolitan Police and the other organisations have agreed, in principle, to disclose information. However, they have continued to delay that disclosure. They have provided a public reason, the concern over their informants, but there are other, private reasons that need to be considered.

The list of reasons set out below is not exhaustive. They capture the main ones that justify keeping information secret. These are the reasons that have to be overcome when they decide to disclose information. Organisations may have to disclose information because of legislation, like the Freedom of Information Act or the Data Protection Act, or voluntarily such as under the terms of the inquiry. The reasons also show why it is so difficult for organisations to be transparent.

Institutional Embarrassment. The case is embarrassing to the organisation. Despite six investigations and over 25 million pounds, the police have not been able to bring Daniel Morgan’s murder to justice. The Independent Panel is set up to look at these failures. The organisation will know its own failures and now the panel, and the public, will know them as well in detail. It is one thing to be accused of incompetence and failure; it is another thing to have it demonstrated publicly.

Internal politics. The Metropolitan Police are a large organisation and like all large organisations, they have their own internal politics. Who is in charge of disclosing the information will have the power to harm their political opponents within the force. What is disclosed will have a direct impact on the status and reputation of a number of officers current and former. To the extent that there are those pushing for disclosure, they will face resistance from those who have something to lose, such as a promotion or a status built on that reputation. Someone has to take the fall and like penguins on an ice raft, they are jostling for place to avoid being pushed off.

Ego. In any organisation, managers and senior managers will have tied their egos to decisions or positions. They will defend those positions so that they do not lose face. To that end, they use the organisation to prevent or delay disclosing anything that will hurt their ego. To understand this we need to look at the officers who have sign off on the documents and which officers who have been consulted on the decision.

Waiting Game. Bureaucrats know that if they wait long enough, the problem will go away. The senior managers or managers wait or delay so the applicant loses interest. The waiting game is particularly useful when there is no regulator to give some urgency or force the organisation to answer. Even then, the organisation can use this to their advantage. When the applicant has to pester the organisation, they seem vexatious. The organisation has delayed but they rarely admit that to a regulator. Instead, they point to the applicant who has unreasonable and vexatious behaviour. An institution can wait; the person cannot.

Code of silence.[3] The need for secrecy can have formal or legitimate reasons and it can have informal and illegitimate reasons. A code of silence is an example of the latter. In a police service, as in any regulatory agency, everyone has a skeleton, a dodgy decision, a dubious arrest, or complicit in a decisions that flouted the law. No one speaks up because they do not want their own flaws to be revealed.[4] A related issue is that police may ignore small infractions, as part of the job, but object to financial gain.[5]

Reputation management.[6] All organisations try to protect their reputation. If they are in the private sector, they do this to survive. In the public sector, they do this to make it easier to work.  Good customer service and a good reputation take less effort than dealing with complaints, investigations, and regulatory oversight. If the documents and records threaten that reputation, an organisation will want to disclose them in a way that does the least damage.

Fear of defamation. In organisations, employees often write comments in emails and notes that they never expect anyone outside the organisation to read them. In other cases, they may use slang some of which may be particularly derogatory or disrespectful.[7] In particular, they never expect the subject of their comments to read them let alone know about them. When disclosure is threatened, the employees start to panic.[8] They know they have written comments that will embarrass them. Even if they are no longer employees, the organisation will know that the comments are inappropriate and fear the consequences. They will attempt to cover it up. The best response is to apologize for it and explain that they will remind staff that such terms are not right. However, trying to cover it up is usually the immediate reaction because it protects the employee and the organisation. (See above Ego and Reputation Management)

The other organisations in the inquiry will have similar reasons when it decides to show documents and records to the panel. The organisations know that the panel has no power to compel disclosure. This may create the perverse incentive to withhold more and show less. Whatever happens, the panel will have to find a way to overcome these barriers if they are to succeed.

=====

[1] http://www.exaronews.com/articles/5426/daniel-morgan-murder-scotland-yard-obstructs-panel-inquiry There are 7 organisations, including the Metropolitan Police, due to provide information to the Panel.

“b) obtain and examine all relevant documentation from all relevant bodies,

governmental and non-governmental alike, including but not limited to

papers held by;

 The Metropolitan Police;

 The Hampshire Police;

 The Crown Prosecution Service and the Attorney General’s Office;

 The Police Complaints Authority (as it was then);

 The Independent Police Complaints Commission;

 Southwark Coroner’s Court;

 The Home Office.”

 

The panel will also accept information from and interview relevant individual

“c) interview and receive relevant information from individuals who are willing

to provide that information”;

See the terms of reference for the panel. http://data.parliament.uk/DepositedPapers/Files/DEP2013-0776/DANIEL_MORGAN_-_FINAL_TERMS_OF_REFERENCE_-_080513.pdf

 

[2] For the classic description of bureaucratic secrecy see Max Weber http://harpers.org/blog/2009/07/weber-official-secrets-and-bureaucratic-warfare/ See also Secrecy in American Bureaucracy Francis E. Rourke Political Science Quarterly Vol. 72, No. 4 (Dec., 1957), pp. 540-564 http://www.jstor.org/stable/2146193 (registration required)

[3] https://en.wikipedia.org/wiki/Blue_Code_of_Silence

[4] The police are in a position similar to the military because their lives are in their colleagues hands. If you are seen as unreliable or worse a “snitch”, you may find your colleagues desert you when you are in trouble. The Serpico case in New York is an example of what can happen. The circumstances of the case suggested that his fellow officers set him up to be murdered and none of them called for medical assistance when he was shot. https://en.wikipedia.org/wiki/Frank_Serpico

[5] See http://oro.open.ac.uk/4553/ Westmarland, Louise (2005). Police ethics and integrity: breaking the blue code of silence. Policing and Society, 15(2) pp. 145–165.

[6] See for example https://en.wikipedia.org/wiki/Reputation_management See also Reputation Warfare https://hbr.org/2010/12/reputation-warfare/ar/1

[7] In this article, the authors left out some of the nastier slang for fear of encouraging others to use it.

“The largest group is simple obscenity and derogatory name-calling. We include many such terms, but would refrain from encouraging their use and, as such, withhold those intended to simply offend.”

Terms like FLK (Funny Looking Kid) or NFN (Normal for Norfolk) were often used by organisations especially before the Data Protection Act allowed people to find out what was being said about them and the organisations had to explain the acronyms. http://interesting-articles.wikispaces.com/file/view/Medical+Slang+in+British+Hospitals.pdf

[8] We can see this when organisations had to explain what they wrote about clients or patients after the Data Protection Act (DPA) allowed people to access their personal data. If you want to find out, all you need to do is pay £10 and write a letter explaining that you want the organisation to provide your personal data and enough information to help them identify and locate your personal data. For further advice see the Information Commissioner’s website https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/subject-access-request/ If there are no derogatory statements and no questionable remarks by anyone anywhere, over a 27 year period, it would be quite an achievement as the profession, unlike the medical profession, is not known for its pastoral care of individuals. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2312388/ However, the applicants never know until they put in a SAR and pay their £10 fee.

Posted in bureaucracy, coruption, culture, records management | Tagged , , , , , , , | Leave a comment