Privacy, Security Risks Make Government Databases a Political Battleground

As government agencies try to use databases to solve serious policy issues such as curbing prescription drug abuse and improving student education, they find themselves fighting political battles rather than technological ones.

by / March 8, 2016
close up photograph of generic javascript code on computer monitor kiiweb_technologia
close up photograph of generic javascript code on computer monitorkiiweb_technologia

In 1998, the FBI launched the National Instant Criminal Background Check System (NICS), a database that federally licensed gun dealers use to determine whether a prospective buyer is eligible to purchase a firearm. Unfortunately, by all accounts, the data in NICS is woefully incomplete, which means that the background checks are not preventing those who shouldn’t have guns from buying them. Bad data leads to bad results, yet attempts to fix this problem have consistently run into political opposition.

To give just one example, until recently, many state law enforcement agencies did not send information about individuals with known mental health problems to NICS because doing so risked running afoul of federal health privacy rules, and changing these rules would be contentious. It was not until this past January that the U.S. Department of Health and Human Services finally modified privacy rules in the Health Insurance Portability and Accountability Act so state agencies can report certain relevant information to the NICS when they lawfully determine someone poses a danger to themselves or others.

However, even this rather banal change originally faced strong opposition from groups like the American Psychiatric Association (APA), which argued it would discourage those with mental health problems from seeking treatment. The APA eventually came to support the new rules, but only after nearly three years of regulatory delay. And while the new rules are better than before, many states still do not have mandatory reporting laws to ensure that the NICS database has a complete set of records on individuals who are ineligible to purchase guns because of mental illness. As a result, the nation’s gun laws go under-enforced.

One might reasonably hope that once a policy decision has been made through the legislative or regulatory process, implementing it would be fairly straightforward. But in reality the political process carries on, and government databases have become a popular battleground, especially since accusations about privacy and security risks can quickly galvanize public opposition. As a result, government agencies find themselves fighting political battles, rather than technological ones, as they try to use databases to solve serious policy issues from curbing prescription drug abuse to improving student education.

Advocacy groups often object to standard database management practices to undercut the implementation of certain policies. For example, a basic feature of a relational database is to have a primary key that links together different records. But when it comes to health care, Americans still do not have unique patient identifiers to securely link their electronic health records stored on various computer systems, even though this would improve patient safety, because privacy groups have consistently fought efforts to create one.

Or consider the recent fight in Alabama over abusive payday lending practices. State law limits individuals from borrowing more than $500 from short-term lenders; however, these limits are difficult to enforce without a database to track multiple loans. When the Alabama Banking Department tried to establish such a database, payday lenders sued the state, claiming it didn’t have this authority. The Alabama Supreme Court recently ruled in favor of the state, but again, the legal challenges delayed implementation of the database for almost a year.

The politicization of databases is particularly problematic because as we move further into the digital era, government agencies increasingly will rely on technology to operate efficiently and effectively. If building a database to enforce a law or implement a regulation becomes a political action, rather than a technocratic one, public administration will suffer. No government technology projects will be delivered on time and on budget if every line of code has to undergo judicial review or be subject to regulatory oversight.

There’s not a simple solution to this problem, as it is naïve to suggest that we can take politics out of public-sector projects. However, obstructionist politics — whether driven by affected industries, privacy absolutists or other forces — is now a problem not just for state legislators, but also state CIOs. The states that find the best strategies for dealing with this challenge may be poised to lead the next era of e-government.

Daniel Castro Contributing Writer

Daniel Castro is the vice president of the Information Technology and Innovation Foundation (ITIF) and director of the Center for Data Innovation. Before joining ITIF, he worked at the Government Accountability Office where he audited IT security and management controls.