Richard Hackworth

Errors not acceptable if government databases take off

2008-05-30T09:39:06+01:00

A few years ago I made a flight from London City airport to Geneva. We were all sitting on the plane waiting to leave when the captain came on the PA to say: “Sorry we are a little delayed – temporary technical problem with the navigation computer but it will be sorted out shortly.”

We waited. Ten minutes later he came back on: “We have tried everything but couldn’t resolve the problem, so we have done what you do at home with your PC – we have turned it off and on again. We are on our way now. Thank you for your patience.”

Now, one would hope that navigation systems are considered safety critical but clearly the one on my plane was based on ordinary technology. And yet we trusted it to get us to Switzerland across Europe’s crowded airspace. But of course, as passengers we didn’t have a lot of choice in the matter.

I feel rather the same way about various recent proposals for security databases. For example, there have been announcements about the Communications Data Bill. It is reported that this legislation would enable the Home Office to collect details of all phone calls, emails and internet access by, one assumes, each and every one of us. It is suggested that the data would be held for a year and would be available to the police and security agencies subject to a court order.

Now, I have not seen the Bill and I am certain that any such legislation would be debated vigorously before it hits the statute book. So there is no need to get too hot under the collar about the details at this stage. But is this idea realistic?

This proposal is not alone of course. There have been recent database proposals to support the national identity card scheme and NHS patient records. I am not going to debate the merits of such dat bases for actually fighting crime or improving the quality of patient care, vital though those debates are. My interest is with the management of the technology.

Firstly, how do we manage data quality with such massive databases? The Mobile Data Association reports that in the UK we sent 57 billion text messages in 2007, including over 290 million on New Year’s Eve alone. There were more than 17 million mobile internet users at year end. This is just the mobile stuff. Old fashioned fixed line users like me are on top of all this.

The national ID card system is going to be pretty beefy too. However one cuts the numbers, if the ID card scheme goes ahead there would eventually be tens of millions of cards issued and recorded with a range of personal data. Practically all of us would have NHS records of some kind – another few tens of millions of complex and interrelated records.

All of this data would only be of real practical value if: a) the data is accurate and complete, as measured by very well understood criteria; and b) any inaccuracies and omissions can be detected efficiently, and with minimal and very well understood consequences for the individuals concerned.

If 50 per cent of the records in a database are wrong, this becomes pretty obvious very quickly. The warehouse will soon tell you if half of all inventory records are out by a factor of 10. If only one or two are out by a factor of 10, they probably won’t notice until it is too late. I have known this happen on a real system. Reorder levels on one finished product line were incorrectly increased by a factor of 10. The error propagated through manufacturing planning systems and nobody noticed until a supplier sent an articulated lorry load of stuff to the factory gate instead of the usual transit van.

In a database of 40 million health records an error rate of one in 10,000 might mean 4,000 incorrect patient records, but we probably won’t know which patients. Hopefully no patients would suffer before the error became apparent.

We don’t yet have good ways to measure and manage the quality of data in such large databases. What tools and techniques we have don’t scale to the size of these very large systems. Practical tools are likely to be sample based, using appropriate statistical methods. However, if my liberty or medical treatment were to be based on a statistical assumption about the accuracy of a computer record, arguments about Type 1 and Type 2 sampling errors are not going to cut much ice with me if something goes wrong.

We need effective management tools to understand and control what we are doing before we entrust the day-to-day direction and oversight of our society to massive-scale IT. We need research and development on ways to address this challenge. Otherwise, our politicians and public servants will suffer the consequences as well as our citizens.

I remember being rather relieved on my flight to Geneva when I saw Lac Leman out of the plane window. We had found Geneva and we were not flying blind on that occasion at least. We should have a clear flight plan before we commit to these systems too.

The role of technology in global risk monitoring

2008-02-13T12:56:26+00:00

At the time of writing, the G7 finance ministers reckon total global losses due to sub-prime loans to be in the region of $400bn, according reports in The Financial Times – several times more than the initial estimates.

The FT also reported that the finance ministers of the G7 countries are therefore discussing a co-ordinated regulatory response to weaknesses in the global financial system. This is, of course, one of their important roles in life and it is not an easy one. Different economic and political agendas across the globe probably complicate the beefing up of treaties on regulation of international financial markets. There is nothing new in that, but the landscape has evolved in important ways that, I suggest, require more than better early warning systems and regulation of ratings agencies – just two of the measures that have been mentioned.

With the exception of the BIS capital adequacy requirements of the Basel 2 regulations, practically all financial service regulators focus on their own jurisdictions and borders. They are concerned with the integrity of domestic business and the security of deposits and customers in their own backyards, and they look to financial policy mechanisms to achieve their aims. This is understandable but increasingly risks to the global financial system stem from factors outside the control of individual regulators and the information systems under their control.

Most financial service regulators in major markets have long recognised the critical role played by computer systems, and the need for minimum standards of care - such as system security and assurance - by IT management. But what might not have been recognised so clearly is the extent to which the major global players now depend upon computer and communications systems located and operated in several countries and jurisdictions to carry out even apparently straightforward transactions. They are dependent on global communications networks that span many service providers and pass through numerous countries. The total risk profile of some services extends beyond the reach of any one regulator or company. Meaningful regulation of these IT services requires stronger and consistent international regulation that spans political boundaries.

The end-to-end delivery of some services - particularly fast-moving critical activities such as trading and payments - often employs systems owned and managed by several players in collaboration. In some respects, the risks to the global financial system depend on how well management can understand and track the cumulative global behaviour of these complex arrangements, and how well we understand how to respond if the exceptional occurs. Are international information systems capable of signalling when global risks are changing, and do they provide the detail required to underpin co-ordinated global effort to reign in potential problems before they get too big? Is this area on the agenda of the G7 finance ministers when they meet? If it is not I suggest it should be – it justifies serious study.

The House of Commons Treasury Committee report on Northern Rock raises concerns at how well the financial strategy of Northern Rock was stress-tested against the possibility that its credit supply chain would change unexpectedly. It discusses the challenge of assessing the real likelihood of apparently improbable circumstances that cause business plans to go awry. Some of the comment on recent difficulties in world credit markets centres on the difficulty of identifying where the problems lie, which businesses will bear the pain and how big the figures will be. How much more complex is the challenge of stress-testing scenarios for global financial markets, and how much more serious could be the consequences of misjudgement?

These are questions about business information risk management, and for the way we go about managing international information driven businesses. We hear about increased interest in end-to-end risk management of complex business processes, and that can only be a good thing. However, I wonder if we realise just how far apart some of the ends really are, and how many players make up the chain that connects them.

Perhaps it would be appropriate for international organisations such as the Bank for International Settlements or the Institute of International Finance, and the academic world, to take a closer look at the role of technology for global risk monitoring, and at the policy options. A report to the next G7 summit would not be out of place.