Ask Once, and what will you receive?

While working with an American state government on an IT modernization project, one of my colleagues loved to use the example — very real, he assured me — of the guy in a rural part of the state whose sole job (under state contract) was to remove deer carcasses from the highway. Whenever this example was raised, the point was usually to discredit whatever innovative or efficiency-producing idea — say, mandating electronic vendor payments — by citing a highly specific example where it would hit a dead end.

In considering if the federal government should adopt an “Ask Once” policy for collecting, storing, and linking citizen data, I return to this example for a different purpose: to provide an illustration of what this policy looks like, as well as some of the challenges it might pose.

In addition to paying him for the vital yet thankless task that he performs, the government has several reasons for taking an interest in our hypothetical roadkill-clearer. It must tax him for the wages he earns. If his interest extends to living animals as well, it must ensure he has a permit to prevent overhunting. It must determine his eligibility for entitlement programs that he might qualify for, such as healthcare or unemployment insurance. In the event of an emergency, such as a forest fire, it may try to contact him. Despite initially seeming like the proverbial self-sufficient mountain man, he may interact with government a lot. And each of these purposes likely involves a different agency with different systems.

By implementing an “Ask Once” policy, advocates are right in saying that it has the potential to cut down on a lot of wasted time and money. And in theory, it’s pretty simple to implement: (1) give each citizen a unique identifier, and (2) allow agencies to share attributes of that citizen with each other according to that unique identifier. In the private sector, this is already common and is known as the “universal view of the consumer.”

But government is not the private sector. In his interactions with each of the agencies responsible for say, health care and wildlife, it is not obvious that our example citizen thinks he is interacting with “the government” or “the agency.” Some agencies enjoy broad public support and seem relatively benign, such as the postal service, while others — say, the tax authority or the state police — generate more anxiety. He may be surprised to learn that, for example, his application for a hunting license might now factor in his health care information, or incorporate how timely he was in paying his taxes last year. Any policy that puts all of this data in one place risks a lot of information about anyone being available to someone who doesn’t need to know it — a challenge for both internal abuse as well as external hacking.

The risks of “Ask Once” are not just for the privacy of the individual — if citizens become reluctant to share data altogether, it may limit the effectiveness of government itself.

In addition to the many nightmare scenarios the average Black Mirror enthusiast could dream up, there are also likely many “unknown unknowns” associated with this policy that we can’t yet fathom in 2020, in the same way that government use of the internet has outgrown its initial mode digitizing the same old paper forms. At this point, the risks are not so defined that they can be mitigated, and the benefits do not appear so significant that they warrant proceeding anyway.

Many other democracies are moving ahead with some version of this policy — this is to your benefit, and I encourage you to learn from their experiences. But do not forget that what is right for Estonia is not necessarily right for you. The tradeoffs between efficiency and privacy are inherently political choices that must be the result of debate within a well-informed public, not the result of a business case. If the size of the tradeoff can be minimized through technical innovations, all the better. Perhaps a limited “opt-in” program can prove insightful while only enlisting interested citizens, or IT solutions can truly provide transparent internal controls and an ironclad process for how data is accessed and when.

But in any event, an “Ask Once” policy must be implemented in a way that it can be understood on two very different planes: (1) by the technical experts who can grasp why it works and how abuse is being mitigated, as well as (2) by the average citizen who will live according to its implications and whose trust it depends on. Until that can be accomplished, I would offer the same advice to the federal government considering “Ask Once” that I would offer the deer that risks becoming our hero’s charge: wait and see before you try to cross the highway.