Unit 6

Data Part II - Harmful Uses

Syllabus > Unit 6

Overview of this Unit

The purpose of Unit 6 is to help students to be aware that digital era governments create and manage data as a function and by-product of almost every activity, and that this data can harm people in both intentional and unintentional ways.

The unit also introduces students to some of the main forms of mitigation that exist to moderate the harms that result from ubiquitous use of data intensive digital systems.

This material, developed by 'Teaching Public Service in the Digital Age', has been prepared to help university faculty to add digital era skills to the teaching of Masters in Public Policy and Masters in Public Administration programs. All these materials are based on our eight Digital Era Competencies - this Unit relates closely to Competency 2.

This unit is one of eight units that make up a full semester course. The units have also been designed to be used by educators independently, without students taking the rest of the course. This unit can be taught in either one or two classes.

🚨 The harms created by governments misuse of data and digital technologies are disproportionately likely to impact groups traditionally discriminated against by both state and society. This continues to include groups such as:

People of color, indigenous peoples and migrants
Women, LGBTQIA+ people, and people with non-traditional gender identities
Children and the elderly, people with disabilities and those excluded from education

As an instructor, it is critical that you engage with and contextualize these harms within the society where you teach - harms which may be very different from one location to the next.

Learning Outcome 1

By the end of Unit 6 students will be able to describe different types of harm that result from choices governments make in relation to data. This means understanding that:

There are several types of decisions that governments can make that lead to harms caused by data, particularly to historically marginalized communities. A list is available under Concept 1.
It is important that students understand and can anticipate several different types of data-related harms without unduly focusing on one type of harm over the others.

Learning Outcome 2

By the end of Unit 6 students will be able to describe some of the actions governments can take to minimize data harms. This means understanding that:

A diverse and multidisciplinary team is more likely to be able to identify and solve complex problems that result in different types of harms.
'Threat modeling exercises' are a common tool for anticipating vulnerabilities in digital systems, products and services.
Auditing algorithmic decision-making systems can promote transparency and identify bias embedded in systems. They are particularly important as new AI systems are introduced.
There is great value in training public servants to recognise and make use of the most common and effective security protections in workplaces, such as multi factor authentication, learning to spot phishing emails, and using password managers to avoid password re-use.
It is important to put in place appropriate legal and institutional mechanisms to protect rights and collective wellbeing from both unethical and illegal use of data by government and third party suppliers.
It is vital to establish procedures to identify, address and rectify harms that occur due to government decisions about data, including through the use of algorithms and other automated AI systems
It is desirable to design standard procurement and hiring processes that mitigate against the unfair use of government data by suppliers and third parties.

Learning Outcome 3

By the end of Unit 6 students will be able to understand that there is often a trade-off between the harm prevention measures built into a system and its accessibility and usefulness. This includes:

'Security Theatre' is a phenomenon where institutions create mechanisms that make people feel more secure, but which actually do not, instead wasting resources and potentially producing feelings of false security that then drive problematic behaviors.
Legal measures designed to protect people can prevent government data from being linked, which can reduce the ability of governments to protect people in other ways.
Anonymizing data about people can protect individuals, but may undermine the utility of the data when it is used to improve service delivery.

Learning Outcome 4

By the end of Unit 6 students will be able to describe how harmful uses of data can reinforce power structures that perpetuate discrimination and disadvantage in societies, especially through algorithmic decision-making and AI systems.

Summary of Key Arguments in this Unit

Argument 1 - There are several ways in which government decisions about data can harm people or the environment.

We explained in Unit 5 how using data well can enable governments to succeed. Presented here are six ways that governments can produce harms through data usage:

Governments can use data systems that carelessly and unintentionally harm people, for example by using unaudited AI systems.
Governments can use data intentionally to harm people, especially groups that are systematically discriminated against.
Likewise, governments can similarly harm people by deciding not to collect essential data about them and the communities to which they belong.
Unauthorized access to government systems and create harm using data found within them.
Governments can permit private actors to legally use government data in ways that harm citizens.
Governments can allow people to be harmed by not successfully regulating non-government data used by actors outside the public sector.

Argument 2 - Mitigating the six types of harm above requires governments to have capacity in several different areas

Because data can create so many sorts of harm, numerous different skills and capabilities are required to prevent or reduce them. For example:

Digital security skills to prevent malicious actors from gaining unauthorized access to systems.
Public servants need a clear grasp of data ethics, especially when data collection and usage directly affects groups that have been victims of discrimination and marginalization.
Oversight and auditing capacity to ensure government data is used in ways that comply with policies.
'Data Aware' procurement and contracting skills that avoid common mistakes such as allowing what is fundamentally government data to be owned or resold by suppliers.
Algorithmic auditing skills to check whether AI systems that use data to make or facilitate decisions have biases that discriminate against people of colour, and other people who have historically encountered regular discrimination when interacting with the state.
Regulatory skills to prevent actors outside government from misusing data to harm people.

Argument 3 - Attempts to mitigate the harms caused by misuse of data can themselves create harms.

Governments have long worried about unauthorized access to government information systems. These days this means governments worry a lot about cybersecurity.

Carelessly implemented security measures can make systems so difficult to use, or limit their functionality so severely, they start to cause other harms such as preventing legitimate access to welfare services. All digital era public servants need to be aware of the danger of securing systems in a way that produces new types of administrative burden, or inaccessibility.

Detailed Class Breakdowns

In this section we offer examples of different ways of teaching this unit.

Option A - Full Class Breakdown by David Eaves, Harvard Kennedy School - Includes Video

David teaches Unit 6 via one guest lecture, and one 90 minute class. These breakdowns include learning outcomes, goals, and detailed segmented lesson breakdowns including videos and analyses of teaching and guest lecturing.

Materials to Inspire Your Class Design

We recommend you read or watch the following before you design your own approach to teaching 'Unit 6'.

Read The OPM hack explained (2020), by Josh Fruhlinger

Read Poverty Lawgorithms (2020), by Michele Gilman

Read Hospital workers convicted for snooping into Rob Ford's personal health files (2016), by May Warren

Have a play with the 'The Security Cards' (2013), by Tamara Denning Et Al.

Take a look at the live Digital Attack Map - show current Distributed Denial of Service (DDOS) attacks

Read Without a critical approach to big data it risks becoming an increasingly sophisticated paradigm for coercion (2017), Hamish Robertson & Joanne Travaglia for the LSE Impact Blog

Read Hacking, Glitches, Disinformation: Why Experts are Worried about the 2020 Census (2019), Article by Chris Hamby for The New York Times

Suggested Pre-Reading for Students

Four Ethical Issues of the Information Age (1986), Richard O Mason

The Dark Side of Numbers: The Role of Population Data Systems in Human Rights Abuses (2001), by William Seltzer and Margo Anderson

Surveillance self-defence: Your Security Plan (2019), by the Electronic Frontier Foundation (EEF)

Threat Modeling: Designing for Security (2014) Chapter 1, pp. 3–28, Book by Adam Shostack

Fitness tracking app Strava gives away location of secret US army bases (2018), by Alex Hern

More than a digital system: how AI is changing the role of bureaucrats in different organizational contexts (2022), by Sarah Giest, Bram Klievink

GenAI for Local Government: Privacy and Cybersecurity Concerns (2024), by Kate Burns

Deeper Background Reading for You

Understanding artificial intelligence ethics and safety (2019), David Leslie

Data Governance: The Next Frontier of Digital Government Research and Practice (2020), Amanda Clarke

Beijing’s Big Brother Tech Needs African Faces (2018), Article by Amy Hawkins for Foreign Policy

Data of 14,200 people with HIV leaked online by US fraudster who was deported from Singapore (2019) by Chang Ai-Lien, Fabian Koh and Salma Khalik

Pen Testing a City (2015), by Gregory Conti, Tom Cross and David Raymond

The Ethics of Algorithms: Key Problems and Solutions (2021), by Andreas Tsamados et al

We keep falling for phishing emails, and Google just revealed why (2019), Article by Rob Pegoraro for Fast Company

Case study of problematic data usage: “F**k the algorithm”?: What the world can learn from the UK’s A-level grading fiasco (2020), Daan Kolkman

Security Case: The Estonian Cyberattacks (2013) Andreas Schmidt

Security Case: Analysis of the Cyber Attack on the Ukrainian Power Grid (2016) - E-ISAC

Security Case: Inside the Cyberattack that Shocked the US Government (2016), Brendan I. Koerner

Security Case: NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history (2017), by Chris Graham

Data and rights in the digital welfare state: the case of Denmark (2021), Rikke Frank Jorgensen

How can you get support teaching this unit?

We're dedicated to helping make sure people feel comfortable teaching with these materials.

Send us a message or ask us a question via this page.

What are your rights to use this material?

We have developed these materials as open access teaching materials. We welcome and encourage your re-use of them, and we do not ask for payment. The materials are licensed under a Creative Commons Attribution 4.0 International License.

If you are using any of our syllabus materials, please credit us on your course website using the following text:

We are proud to use the Teaching Public Service in the Digital Age syllabus in our curriculum and teaching. Developed by an international community of more than 20 professors and practitioners, the syllabus is available open-source and free at www.teachingpublicservice.digital