Is the government sleepwalking into a digital disaster?

It was 2009 when I first became aware that there were potential problems with the Horizon system used by the Post Office. I was at a coffee morning in my constituency, where I was introduced to former sub-postmaster Jo Hamilton. She had been wrongly prosecuted and convicted, and had to pay the Post Office £36,000 she did not owe.

When she told me what had happened, and that she was not the only postmaster to have been dragged through an unjust prosecution and forced to pay out vast sums because of a faulty government computer system, I was horrified. I tried to get the government to listen, but was brushed off, even though the government was the Post Office’s sole shareholder. For many years, I and others worked to support the growing number of victims in the face of defensive and intransigent public bodies, as the Post Office continued to cover up evidence of bugs in the system and false accusations. Before justice was finally serviced, many small businesses, and many people’s lives, were destroyed.

So I am acutely aware of how badly things can go wrong when government computer systems are wrongly regarded as infallible. That is why I feel obliged to speak out now, as I see the risk that history repeats itself. 

Right now, the government is working on another ambitious IT project: the digital identities framework. Every government department will be affected, and the scheme will be used by hundreds of thousands of private businesses and millions of individuals. If things go to plan the savings will be immense — in reduced costs and greater innovation for businesses, in greater efficiency for government, and in less bureaucracy for ordinary people. The UK will be positioned as a world leader in digitising personal identity while protecting privacy and preventing identity theft and fraud.

But if things don’t go to plan, the result will be disastrous. And right now, the government is burying its head in the sand, refusing to heed increasingly urgent warnings from campaigners pointing out that the official data on which the system is built — personal records for all of us — have a flaw that will be fatal unless it is urgently rectified.

This is an extraordinary state of affairs, because biological sex is an important and unalterable fact about every one of us

The issue is that for many years, government departments have been failing to keep accurate records of individuals’ sex. Anyone with a UK passport or driving licence, or registered with the NHS, can easily and cheaply change the sex that is recorded against their identity. Campaigners estimate at least 100,000 people have their sex misrecorded in at least one of these places — and many of those people will have inconsistent data, with M marked on some government documents and computer systems, and F on others.

This is an extraordinary state of affairs, because biological sex is an important and unalterable fact about every one of us. It’s routinely needed in everyday situations such as healthcare, sport, law enforcement and single-sex services. We can’t ensure that we treat everyone appropriately, and we can’t keep everyone safe, without this information being accurate for everyone.

Imagine someone who is seeking urgent medical care for abdominal pain. If their sex is recorded wrongly, serious medical conditions risk being missed. A female person might have an ectopic pregnancy, which can be fatal if not treated immediately, for example. But this will be missed if the person’s electronic records state their sex as male.

Or imagine the fear and distress of an elderly lady who lives alone and has signed up with a care agency to receive in-home support, including intimate care such as toileting, washing and dressing. She says she wants her care worker to be a woman — but the agency is relying on official data delivered via a government-approved app, and one of the “female” workers that registers with them is actually male. 

Or imagine a private business that matches students or tourists looking for accommodation in shared rooms, or young city-dwellers seeking flatshares. Customers are permitted to say whether or not they are willing to share a room or a flat with someone of the opposite sex. The business relies on a government-approved digital identity system that claims to record everyone’s sex accurately, but in reality doesn’t. This is a disaster — and potentially a costly legal action — waiting to happen.

Transgender people will be ill-served too, since different government sources, all of them treated as authoritative — completely reliable — may contradict each other concerning a single individual’s sex. Such a person may be locked out of the system altogether, flagged as a “synthetic data” risk — that is, as a fraud. The personal consequences in an increasingly digitised world could be very severe.

Together with Lord Lucas, I helped to add three safeguards to the Data (Use and Access) Bill. These would prevent unreliable data sources being given a top score for reliability. They are sensible, practical and essential. Together, they would ensure that the system works as it should for everybody, including transgender people, and forestall another IT disaster. 

But rather than engaging seriously with the issues we have raised, the government is minimising and dismissing the problem. It has said it will seek to remove those clauses, and has shown no sign of accepting the flaws we have brought to their attention. More than 15 years after I first became aware of the Post Office scandal, I fear that we are on track to see another scandal, one that could affect every one of us, with the same tragic mix of personal suffering and public waste.