2021viii19, Thursday: A failure of trust.

A brace of Court of Appeal cases highlight both some fascinating litigation points – and why charitable trustees need to trust themselves, and their friends, a little less.

Like many people who’ve spent time in counter-fraud, I have a firm but nuanced view of fraudsters.

Nuanced, because part of the classic fraud triangle is “rationalisation” – the fraudster’s ability to convince themselves that what they’re doing isn’t really wrong. Not really. Not when looked at from the right angle, in the right light. (Albeit possibly only at 4.13pm on the second wet Thursday in October.) And not often, but sometimes, there’s almost genuine pathos in that rationalisation – particularly when it’s linked to a necessity which is caused less by greed than by some personal or family disaster.

But firm, because when you get down to it fraudsters are still essentially stealing someone else’s stuff, usually by lying to them or otherwise betraying their trust. And screwing with the trust someone places in you is, to my mind, one of the worst betrayals there is.

I could go off on a long tangent here about fiduciary obligations – for the non-lawyers, the term for the duties which arise in special kinds of relationship where you’re obliged to put someone else’s interests before your own, and not simply balance yours against theirs. Directors to their companies. Trustees to their beneficiaries. Solicitors to their clients. And so on. The tangent is tempting, not least because of a long talk with a client recently which I spent trying to convince them why what had been done to them, while patently wrong and immoral, wasn’t a breach of a “fiduciary” duty; and that calling it that would hurt their case, rather than helping it.

(We play with words, we lawyers, and forget sometimes that – as with any jargon – legal cant can seem to be a touchstone to the uninitiated, rather than a vessel of specific meaning.)

But I won’t, because what I’m really interested in here is a particular kind of fiduciary obligation: that of a charitable trustee. 

Because more than once in my career, I’ve seen charitable organisations – or those which, while not actually a charity, are non-profit and trying to do good – get taken. Badly taken. And while my primary visceral hatred is directed at the crooks (and, I admit, occasionally fools) who took them, there’s a small pipette of bile reserved for the idiots who let them.

Yes. Let them.

One example? A religious charity – an independent pentecostal church – whose affairs I investigated a decade or so ago, after they entrusted their money (that is, the money gifted by the faithful) to a friend of the pastor, who said he could produced a 60% annual return.

The return was indeed about 60%. Minus 60%. More than half the money was lost. Because the trusted idiot – and I think he was a fool, rather than a crook – had convinced himself and the pastor that contracts for difference were the right way to gamble with the church’s money. And because he was the pastor’s mate, none of the church elders lifted much of a finger to stop it happening. 

This kind of “we’re religious, so we should trust because our leaders say we should” is dangerous. It’s at the root of affinity fraud, the kind of fraud which rips through a community once the fraudster is inside the circle of trust, and which strikes religious groups particularly hard (but of course isn’t limited to them). And it’s particularly pernicious in the kind of religious groups with charismatic (small-c, I stress) leaders, tithing traditions, and few controls. Yes, ultimately it’s the fraudster’s fault, and yes, perhaps people should caveat the emptor just a bit. But in line with my core belief that certainty is not to be trusted, any leader who gives off a vibe that discourages his (usually his, rather than her) followers from doing their own due diligence is simply dangerous, unprincipled, arrogant and – put simply – in the wrong job.

That particular church case inspired me to put together a one-day course for pastors in training, as part of a ministerial training course run by a friend of mine. I only ran it once, but it centred on the vital importance of audit – and the idea that “trust, but verify” was the exact opposite of unfaithful.

Misplaced trust

All this was a long time ago, but I was reminded of it recently by a brace of Court of Appeal cases involving a genuine financial and legal tragedy. They involved a venerable law firm in Yorkshire, Dixon Coles & Gill, the Bishop and Diocese of Leeds, and four well-known national charities. 

And the former senior partner of the law firm, who over the course of a couple of decades stole millions – yes, millions – from the firm and its clients.

To tl;dr the background: the firm, DCG, had been around some 200 years. It was forced to close in 2016 after its two other partners discovered to their horror that Linda Box, their colleague, had systematically been bleeding funds not only from its client account but also from funds she personally held for several charities (including the Church). Unsurprisingly, the Church and the charities sued. Since the firm was an old-fashioned partnership instead of a more modern LLP, the two other partners – who, it should be said, were wholly innocent of deliberate wrongdoing – were in principle on the hook with unlimited liability.

In fact, the Court of Appeal allowed the remaining partners to benefit from the usual six-year limitation period, overturning a ruling in the High Court in Leeds that they should be found to have been “party or privy” to Mrs Box’s fraud under s21 of the Limitation Act 1980 – but it also dismissed an appeal from that same court’s ruling that the firm’s insurers were liable to pay out on all the claims (if the claimants were successful), rather than being able to limit total liability on the grounds that all the claims essentially arose from a single series of related acts.

They’re fascinating cases: in particular the first, for anyone interested in limitation (and that should include all lawyers involved in contentious litigation).

But I mention them in particular for a startling detail in the first-instance claim. At paragraphs 42 and 43, HHJ Saffman notes that the remaining partners suggest Mrs Box – in handling a substantial proportion of the Diocese’s money – was acting on a personal rather than professional basis. And he points to a 1995 letter where a past Bishop of Leeds seems to have allowed Mrs Box to have sole signing authority on a Church fund – a fund in relation to which he was (as Mrs Box wrote to him in 1995) “under no legal duty to divulge the accounts to anyone“.

I find this shocking, and frankly disgraceful. As some will know, I come from a Church background. My late father was a vicar, then a canon, then a bishop – retiring in 2011 after 15 years as Bishop of Winchester, one of the largest dioceses in the Church of England. I’ve met plenty of priests and bishops who took a pretty autocratic view of their rights, and of how they should be allowed to fulfil their obligations, although my dad – a believer in sunlight as the best guarantor of probity – wasn’t one of them. (Not for him the clergy equivalent of “I find your lack of faith disturbing,” although I’ve seen variants far too often.)

So I’m sure there are plenty of funds held by priests and bishops in the CofE with similarly – ah – opaque oversight structures. 

But to take such a fund, and give a single individual who isn’t even the office-holder the unaudited power invisibly to handle the cash? It’s insane. More than that: given that the funds are charitable, or at least the fruits of faithful labour by many hands and the generosity of many hearts. it’s simply immoral.

This simply shouldn’t be. No more should there be unaudited funds for charities and churches, than that churches should be able to mark their own homework when it comes to safeguarding. 

Not because churchpeople are uniquely bad. They’re not. Most are genuinely trying to do the right thing. 

But because they’re people. And in my view, it simply isn’t fair to put people in a position where – if they find themselves at risk of yielding to temptation – there’s nothing in place to hold them back.

Trust, but verify. It’s only sensible. But far more importantly, at least for people of faith like me: it’s un-Christian to do otherwise.

(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021vi23, Wednesday: “Important.”

Qualified good news about open justice – but with a significant sting in the tail. And a fascinating update on corruption definitions from an old friend.

Short thought: For anyone relatively new to the law (by which I mean the past half-dozen years or so) the idea of a life before BAILII is just incomprehensible. 

Seriously? No public access to judgments? Court decisions – which in our common law world define much of the law, and are absolutely critical to anyone resorting to it – only available at vast cost, or to the tiny minority of practitioners? Madness. Worse; injustice. 

(A good description of why this matters is in the case of R (Unison) v the Lord Chancellor. I’ll take any excuse to point to paras 65-73 because it’s one of the paradigm examples of judicial disdain, cloaked in perfect and elegant courtesy. In this case, the Supreme Court saying to the government minister in charge of the legal system: just sit down and shut up, while we explain your job to you. With pictures. And short, easy words. But the key paras for this purpose are 69-70, where the critical role of case law in our common law system is concisely and superbly outlined. With a sarcastic sting in the tail.)

So the fact that we have this resource, with vast numbers (if by no means all) of judgments from the Tribunals, via the High Court and Court of Appeal, to the Supreme Court, freely available, and searchable, is not just desirable. It’s necessary.

Having “grown up” in the law with BAILII, I find the existence in the US of PACER both staggering and an outrage. A public database of federal court decisions – great. But not only is it charged for – but the charge is $0.10 a page! As any trial lawyer will tell you, researching a case often means looking at loads of authorities, many of which will prove ultimately to be useless or even counter-productive. Most are dozens of pages long. Some are hundreds. This is just as much an obstruction of justice as were the Employment Tribunal fees that the Unison case ultimately, and rightly, defeated.

All this said, it’s worth remembering that BAILII isn’t a public enterprise. It gets about a quarter of its £230,000-odd budget from the Ministry of Justice, but it’s a charity.

Some may see this as an anomaly. And change is on the way. The MoJ has just this week announced that the National Archives will from next year host an openly-available archive of “important” court and tribunal judgments, including “Judicial Review rulings, European case law, commercial judgments and many more cases of legal significance from the High Court, Upper Tier Tribunal, and the Court of Appeal”.

I’m not going to be a curmudgeon about this – at least, not immediately. This is an advance. It’s absolutely worth having. And putting it in the hands of the National Archives, rather than the MoJ, is the right move.

But there is a problem. The words “important” and “of legal significance” do a lot of heavy lifting. Again, any trial lawyer will tell you that it’s not always the obvious cases that are worth having. Sometimes, the “legal significance” won’t emerge for some time, till various authorities and competing bits of jurisprudence settle out over time. This could leave huge gaps. And I want to know: who gets to decide what’s “important”? 

I’m not alone in this. Smarter and better minds – such as Paul McGrath and Natalie Byrom – have beaten me to it.

The counter to which could be: BAILII will still be there. Well, yes… but as part of this new deal, the MoJ will stop its funding to BAILII from next year. That’s a huge slice of budget. I’m really worried about its future. And its loss would be a loss to us all.

Someone is right on the internet: As anyone foolish enough to expose their thinking online (but not irretrievably arrogant) will tell you, one of the greatest joys of this game is when something you write prompts someone smart to help you expand your mind.

Tristram Hicks, former Detective Superintendent of the Metropolitan Police, has been kind enough to do that. Tristram, whom I’ve known on and off for a good long while, specialised during his policing career in economic crime: fraud, asset recovery, money laundering – and corruption. 

He’s reminded me firstly that I got the standard corruption definition wrong in my piece on Monday. I should have said: “abuse of entrusted power for private gain”. That’s “private”, not “personal” as I had it. 

In the context in which I used it, I’m not sure there’s a great difference; “private” in the sense of “for the sake of the organisation itself, not for the sake of its mission” works better than my explanation, but perhaps not materially.

But Tristram points me to a piece he wrote for Sussex University’s Centre for the Study of Corruption, which I commend to any reader of these pages as an excellent use of 10 minutes of their time. (It’s not long – less than 10 sides of A4.) Entitled “Why are there so few domestic corruption cases in the UK?”, it explores some of the familiar (no resources; no incentives; no measures) reasons why domestic corruption goes largely uninvestigated, unprotected and thus unpunished – but also some more unfamiliar ones. 

(He doesn’t mention my particularly caustic and cynical take: that successive governments are so wedded to the UK’s image as a “clean” place that except in certain specific locations, such as prisons and border control, there’s simply no incentive to lift the rocks and look underneath. In case we find anything…)

But alongside this, Tristram also points out that my mistaken definition is the one the Government adopted for its 2017-22 Anti-Corruption Strategy, although it wrongly attributed its wording to Transparency International (the source of the “private gain” one). And then it added a further gloss: the corruption, by the Government’s definition, had to “benefit a third party – an individual, business or other organisation”. Like Tristram, I don’t believe this is right. At its most basic level, the additional condition might be interpreted as ruling out people within the organisation in question – particularly those running it, whose motives might well be mixed up with or attributed to the organisation itself. And even if that’s not the case, this definition carefully exempts the kind of “institutional corruption” we were discussing on Monday.

Not good enough. We’re not as clean as we think we are. Narrowing the definitions to exclude some of the ways in which that manifests itself only makes things worse. Thanks, but no.

(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021v28, Friday: Not oil.

Getting the analogy wrong can ruin policy, as our approach to data has shown. And turning to real fossil fuels: two big, big events involving an oil company and a coal mine.

Short thought: Taking a short break from thingification, this week marks three years since the General Data Protection Regulation, or GDPR as most of us know it, came into force.

Many hate it. It’s caused a huge amount of work for organisations of all kinds. It’s clunky, imprecise, open to vast interpretation as to how its extensive obligations should be implemented, and therefore tends towards lengthy tickbox exercises rather than the “privacy by design and default” which is, to me, the heart of the whole exercise.

And, of course, it leads to all those dialogs every time you log into a website. And more recently, also the pointless and aggravating requests that you acknowledge the site’s legitimate interest in using your data any way they want. 

(Pointless because if push came to legal shove, I can’t believe a court would waste more than a few seconds on any such factor. Your legitimate interests aren’t something you can just sign away. Particularly not without genuine consideration. Yet another piece of annoying figleaf. Aggravating for the same reason.)

But I still think the anniversary is worth celebrating. Because GDPR did something really important. It enshrined, far more strongly than its predecessor legislation the core principle that your data is yours. It’s not some public resource that organisations can use however they want; some commons they can enclose at will. 

Analogies are important here – and yes, I realise we’re back on stories again, because when the story’s wrong, our responses to it are wrong too. Here, the problem is the dominant analogy: “data is the new oil” is a phrase often bandied around, but as Matt Locke notes here, this is entirely the wrong categorisation:

The discussions around data policy still feel like they are framing data as oil – as a vast, passive resource that either needs to be exploited or protected. But this data isn’t dead fish from millions of years ago – it’s the thoughts, emotions and behaviours of over a third of the world’s population, the largest record of human thought and activity ever collected. It’s not oil, it’s history. It’s people. It’s us.

To indulge in a bit of shameless exaggeration, treating data as a common untapped resource from which anyone can make a buck is akin – in direction if not in scale – to treating Swift’s Modest Proposal as a sensible contribution to the argument on population control.

Think of data as a part of ourselves, and suddenly the priorities change. Stories like the UK government’s attempt – again! – to give relatively unfettered commercial access to health data become as vile as they seem. (On that, instructions to opt out are here – the deadline’s 23 June.)

It’s not oil. It’s us.

Ultra-short before-thoughts: While we’re on the subject of oil, a couple of interesting items which I haven’t had time properly to process yet:

  • A small investment outfit has managed to force directors onto the board of Exxon who actually care about climate change. My recent reading of The Ministry for the Future, by Kim Stanley Robinson, has been scaring me witless, and bringing me to the belated realisation of just how much harm climate change naysayers have done to my daughter’s future. About damn time.
  • This one I really want to read and consider: an Australian federal court has denied an application by several children for an injunction to stop a vast open-cast coal mine. But in doing so, it’s found something legally fascinating and with huge potential implications: that there is a duty of care on a government minister to consider what such a project will do to those children’s futures. To anyone with a nodding acquaintance with the common law jurisprudence of negligence, this is immense: new duties of care rarely emerge, with courts (at least in England and Wales) highly reluctant to go beyond existing categories of duty; and only then incrementally and with small steps, based on analogy with existing duties. (For a really good explanation of how this works, see the case of Robinson in the UK Supreme Court.) I really, really need to see how the judge in Australia reached this conclusion (which is at [490-491] of the judgment). I’m on vacation next week, so I might have time to take it in. 

Because I’m on vacation, no promises about posts next week. I’’ll try to take thingification a bit further forward, and there’s so much to do on privacy. We’ll see where we get to.

(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021iv26, Monday: An affront to justice.

Firstly – sorry for being off-schedule. Exhaustion, I’m afraid. Back to work, with a few words about the wholly shameful tale of the Horizon prosecutions.

Preface: I apologise. Last week was insane, to the point where I fell asleep before 9 on Friday night and (unusually for me) slept for more than 8 hours without interruption. The combination of general exhaustion and a hearing on Thursday for which the papers arrived very late, together with a family need to drive into central London and back on Wednesday (which meant losing about 6 hours of the working day) means I’ve wholly failed to keep up the schedule.

With readers’ permission, I’m going to forgive myself the lapse, and simply try to get back on schedule.

With that in mind…

Short thought: There are probably more egregious examples of shameless people doing shameful things than the one highlighted in the acquittal on appeal of 39 sub-postmasters in the Horizon affair. But offhand, it’s very hard to think of any.

The tale is told, with clarity, in the Court of Appeal’s judgment. For those few who don’t know:

  • A Post Office accounting system, called Horizon, found significant errors and omissions in the accounting of a number of post offices.
  • The Post Office said, and continued to say, that Horizon’s numbers were unquestionably accurate, and that the only explanation was fraud by the sub-postmasters running the post offices in question.
  • It prosecuted dozens of them. For many, the Horizon data was the primary basis for the prosecution. Many were found guilty. Others pled guilty because they weren’t given access to underlying data and – in effect – had to prove their own innocence without the tools to do so.
  • But – as it later transpired – Horizon was fatally flawed. Its data was unreliable, as an earlier civil court case demonstrated in a superb judgment from Fraser J, one of a series of such exemplary pieces of jurisprudence.
  • And the Post Office knew it, but despite advice from a barrister who does credit to my profession (see paras 81-90 of the Court of Appeal judgment), refused to disclose it so as to avoid embarrassment.

A number of sub-postmasters appealed their convictions. And now, for all but three of them where there was other evidence, their convictions have been quashed.

I’m not sure “quashed” is a strong enough word. The judicial distaste, bordering on real anger, for the way the Post Office conducted the matter (as a private prosecutor) rings out throughout the 447 paragraphs of the Court of Appeal’s judgment.

Honestly, I can’t do justice to it. It’s a long read. But this is one of the great scandals of English criminal law: the conviction of dozens of people whom the Court of Appeal says were subject to prosecutions which amounted to “an affront to justice”.

These are not idle words. What the Court is saying is that in effect the system of criminal justice was abused by the Post Office, in its deliberate failure properly to investigate, and then to disclose matters which it had been clearly warned it had a legal duty to share with those it was prosecuting.

The depth of dissatisfaction is clear at paragraph 133:

POL’s [Post Office Ltd] failings of disclosure and investigation… ‘directly implicate the courts’. If the full picture had been disclosed, as it should have been, none of these prosecutions would have taken the course it did before the Crown Court. No judge would have been placed in the unhappy position of learning – as some judges (or retired judges) will do if they read this judgment – that they unwittingly sentenced a person who had been prevented by the prosecutor from having a fair trial.

To be clear: the Court of Appeal isn’t just feeling sorry for its sibling judges. Far from it. From the previous paragraph:

It is important here to state that many of these appellants went to prison; those that did not suffered other penalties imposed by the courts; all would have experienced the anxiety associated with what they went through; all suffered financial losses, in some cases resulting in bankruptcy; some suffered breakdowns in family relationships; some were unable to find or retain work as a result of their convictions – causing further financial and emotional burdens; some suffered breakdowns in health; all suffered the shame and humiliation of being reduced from a respected local figure to a convicted criminal; and three – all “Horizon cases” – have gone to their graves carrying that burden. Inevitably, the families of the SPMs have also suffered. In each of the “Horizon cases” it is now rightly conceded that those human costs and consequences were suffered after the denial by POL of a fair trial.

POL’s conduct was beyond shameful. It betrayed the trust of trusted, loyal employees. It condemned them to ignominy and poverty on false information, covering its own back along the way.

POL and those responsible for making the relevant decisions showed absolute contempt for the court. I can’t help wondering whether the court might, in turn, wish to take more formal notice of this. There’d be some justice in it, for sure.

(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021ii22, Monday: tl;dr.

Lord Leggatt is a judicial hero. And, as we now know, he understands that somethings really are too long; didn’t read. Also: creative conflict at its best.

Short thought: Smarter and better minds than mine have crawled all over the Uber judgment, handed down by the Supreme Court on Friday. It’s justifiably been the centre of attention in the employment law world: although obviously deriving from a specific set of facts, it nonetheless lays down a clear line as to whether companies can seek to dictate through contract terms whether their staff are workers – to whom they owe at least some employment rights – or independent contractors, to whom they owe nothing but payment for services rendered.

The tl;dr version: they can’t. It’s a question of statutory interpretation, not pure contract law. And it’s the reality of the relationship, not the words on the page, which make the difference.

Big news. Gig economy “employers” will have been poring over their business models and contracts over the weekend. Many, I anticipate, will find themselves in (for them) uncomfortable territory. I’m of the view (for what it’s worth) that the Supreme Court has gone the right way on this. That said, what will change straight away? Perhaps not much. Individual workers may need themselves to sue, given that the government seems notably uninterested in doing anything about it themselves. (The post of Director of Labour Market Enforcement, occupied on an interim basis by Matthew Taylor, falls vacant at the end of this week. He offered to stay in the job for nothing. He was turned down. Apparently none of the candidates were suitable. So clearly this wasn’t a high priority.) And as we’ve seen, the backlog in the employment tribunals, largely thanks also to government policy, is vast.

Among the mass of commentary, Jason Braier (unsurprisingly – his #ukemplaw Twitter form is near-unrivalled) has one of the best explanations. Fifty-plus tweets, but worth following through all the way. Although a pupil at our chambers, Ian Browne, managed to sum the whole thing up beautifully in two paragraphs:

But it’s not Jason’s (or indeed Ian’s) splendid work that I want to point to. No; it’s the magisterial judgment itself – the work of Lord Leggatt, a relatively recent addition to the UKSC. Friends and colleagues who’ve appeared before him are fans; even those he’s monstered with his questions or found against. I haven’t risen to those heights. But he was already one of my judicial heroes thanks to his judgment in the case of Gestmin v Credit Suissewhich I wrote about recently as the starting-point for the acceptance by the English courts (the Commercial Court, at least) that the fragility of memory was a critical consideration in how justice could be delivered.

Well, Lord Leggatt has done it again. We’ve all done that thing where you turn to the back of a judgment to find out the outcome, only to find there are 50 paragraphs of obiter addenda to wade back through. Not so here. In a glorious judicial tl;dr of his own, and perhaps in the knowledge that many reading a judgment with such significance for working people won’t be lawyers, Lord Leggatt gives the outcome upfront in paragraph 2, in just 39 words. Bless the man.

Someone is right on the internet: “Why can’t we just get along?” Because sometimes, just sometimes, we need to argue.

Argument is not, in itself, a bad thing. Debate and disagreement are like mistakes. Without them, you can’t learn, or grow, or find out you’re wrong. And if you can’t do those, there’s no hope for you – and no point in listening to you.

In this bit of writing, Ian Leslie calls on two examples. The first is an interview between noted right-wing poster-boy Jordan Peterson and Helen Lewis. Lewis is a great reporter, but this interview caused lots of people to accuse her of malice or unfairness, or (grow up, people) of some kind of “woke agenda”, in how she treated Peterson. I can’t see it. As Leslie suggests, she seems to be engaging in – to British eyes – a perfectly normal piece of searching and probing, but by no means unfair or aggressive, interviewing. To which Peterson seems to respond in a notably thin-skinned, take-it-personally manner. Odd, for someone whose shtick seems to be all about people toughing up, taking responsibility and stopping with the whining.

But it’s the second I really loved. You’ll have to scroll all the way down for it, but he describes a row (apparently well-known to Beatles fans, which I’m not particularly) between Paul McCartney and George Harrison during a rehearsal for a TV performance. Apparently it’s cited as an example of why the Beatles split, but Leslie instead sees it as an example of how conflict between collaborating artists can take their creativity to still loftier heights:

Maybe this won’t be interesting to anyone who isn’t a Beatles nerd but even if you’re not, isn’t it incredible have a raw and unfiltered record of one of the all-time great creative collaborations, as it happens – tensions, irritations, disagreements and all? If it is a little boring, that’s interesting too – it shows how magic can grow out of a long series of banal interactions. Anyway – it’s during this extended argument that Paul coins a favourite quote of mine, applicable to any creative process: “It’s complicated now. If we can get it simpler, and then complicate it where it needs to be complicated.” Whether you’re stuck on a song, an essay or a coding project, this is great advice: strip it back to its simplest form and then let the complications force their way in. (A little later, Paul rephrases it: “Let’s get the confusion unconfused, and then confuse it.”)

“Get the confusion unconfused, and then confuse it.” Wonderful. My new theme song.

(If you’d like to read more like this, and would prefer it simply landing in your inbox three or so times a week, please go ahead and subscribe at https://remoteaccessbar.substack.com/.)

2021i15, Friday: Thank God it wasn’t me.

In (virtual) court for a 10 day hearing at the moment. So again I’ll be brief. A wrenching judgment, and a lovely bit of writing about a friendly neighbourhood hero.

Short thought: Whenever I’m talking to law students, I always say: read the judgments. Not just the brief snippets with the authoritative bit you want to quote. No; read the whole thing when you can. Partly for the context, of course. (And because every advocate has, albeit hopefully only once, done that thing where you find a fabulous quote, but overlook the perfect way of distinguishing and thus destroying your point two paragraphs further down. Which, of course, your opponent finds and seizes upon to devastating effect.) But mostly because the best judgments are some of the most phenomenal legal writing you’ll ever be exposed to; an education in themselves.

Put differently – when I read a really good one, I find myself thinking: I want to write like that when I grow up.

But every so often comes a judgment… and you’re so, so glad you weren’t the one who had to write it. Guy’s & Thomas’s v Pippa Knight [2021] EWHC 25 (Fam) is one such.

The story’s heart-wrenching. Pippa is five years old. She is on a ventilator. She suffered brain damage in 2017. Her father took his own life shortly afterwards, having already lost a child to meningitis. She can’t breathe on her own, is unconscious and has lost most function. The hospital went to court to ask whether it should withdraw life-sustaining care. 

I can’t do anything approaching justice to the care, consideration and professionalism of Poole J in reaching and writing this judgment. Katie Gollop QC has done a fine job of describing the key points. Read her twitter stream. Read the judgment. It will break your heart. But maybe some things should.

There’ll be those who say Poole J was wrong. That care should not, or should never, be withdrawn. There’ll even, perhaps, be those who see him as a monster, or as having committed a grievous sin. (On which subject: I’m a person of faith – and I have zero sympathy with, and some anger for, those who use tragic cases for politico-religious ends. I don’t think anyone has here, thank God. But still.)

But I see none of that. I see a fine jurist, facing a heart-rending choice with no good or easy answers, doing his level best to do what the law – and, I think, morality – requires: to put the child first. While still respecting and highlighting the awe-inspiring love and dedication that her mother has shown her throughout her life.

I want to write like him when I grow up. Just not about that. Please God, not about that.

Someone is right on the internet: I’m a sucker for Spider-Man. I sometimes find superheros somewhat annoying (although that doesn’t stop me watching Marvel movies, or the Arrowverse DC TV shows). But Spidey has always been special.

Like so many others, I watched Into the Spider-Verse with gratitude, wonder and delight. Not just because in Miles Morales there’s a whole new generation reflected in the best and most demotic hero ever. But simply because of the joy, craft, art and genius – and love! – that went into making it. It’s a genuine masterpiece. 

And I have to admit, Tom Holland does an excellent job in the new MCU ones.

But every so often I go back to the 2002 film that got Spidey onto the silver screen and kept him there. Sam Raimi’s Spider-Man creaks a bit at the edges, and the effects – well, you have to work a bit not to see the seams. But the film, and Tobey Maguire in it, get Peter Parker right. Like no other film truly has. (The sequel did too. More so, perhaps. Let’s agree not to talk about the third one, OK?)

The AV Club, home of some of the best culture and genre writing around (its TV reviews are to die for), in one of its long-running series (this one looks at the highest-grossing movie in the US for each year, starting in 1960), has made it to 2002. And their write-up on Spider-Man gets it just right.

Won’t say more. If the phrase “With great power comes great responsibility” means a thing to you, go and read it. You won’t regret it. And then, if you’re like me, you’ll want to push off and watch it. All over again.

(Don’t forget – if visiting a site doesn’t float your boat, you can get this stuff in your inbox. Subscribe at https://remoteaccessbar.substack.com/.)

Algorithms, face recognition and rights. (And exams, too.)

The Court of Appeal’s decision to uphold an appeal against South Wales Police’s use of facial recognition software has all kinds of interesting facets. But the interplay between its findings on the equality implications of facial recognition, and the rights we all have under GDPR, may have significant repercussions. Including, possibly, for the A-level/GCSE fiasco.

Most nerd lawyers will, like me, have been fascinated by the Court of Appeal’s decision to uphold the appeal in R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058. The tl;dr version is that the Court said South Wales Police (“SWP”) had acted unlawfully in mining CCTV to scan the faces of thousands of attendees of large public events, compare them to a “watchlist” of persons of interest using a software tool called “AFR Locate”, and identify people for further police attention.

It’s worth noting that the Court did not find SWP to have acted wholly improperly. It’s clear from the narrative that they made at least some efforts to build safeguards into their procedures and their use of AFR Locate. Nor did the Court find that an activity like this was unlawful per se. However, the Court found that both in who SWP chose to look for, and where they did so, its procedures and practice fell short of what would be required to make them lawful. To that extent, Edward Bridges, the appellant, was right.

It goes without saying that for privacy activists and lawyers, this case will be pored over in graphic and lengthy detail by minds better than mine. But one aspect does rather fascinate me – and may, given the tension between commercial interests and human rights, prove a trigger for further investigation.

That aspect is Ground 5 of Mr Bridges’ appeal, in which the Court of Appeal found SWP to have breached the Public Sector Equality Duty (PSED). The PSED, for those who may not be intimately familiar with s149 of the Equality Act 2010 (EqA), requires all public authorities – and other bodies exercising public functions – to have due regard to the need to, among other things, eliminate the conduct the EqA prohibits, such as discrimination, and advance equality of opportunity between people with a protected characteristic (such as race or sex) and those without it. As the Court noted (at []), the duty is an ongoing one, requiring authorities actively, substantively, rigorously and with an open mind, to consider whether what they are doing satisfies the PSED. It’s a duty which applies not so much to outcomes, but to the processes by which those outcomes are achieved.

Bye-bye to black box algorithms?

In the context of the Bridges case, SWP had argued (and the Divisional Court had accepted) that there wasn’t evidence to support an allegation that the proprietary (and therefore undisclosed and uncheckable) algorithm at the heart of AFR Locate was trained on a biased dataset. (For the less nerdy: a commonly-identified concern with algorithms used in criminal justice and elsewhere is that the data used to help the algorithm’s decision-making evolve to its final state may have inbuilt bias. For instance, and extremely simplistically, if a facial recognition system is trained on a standard Silicon Valley working population, it’s likely to have far fewer Black people and quite possibly far fewer women. And thus be far less accurate in distinguishing them.)

The Court of Appeal found this argument wholly unconvincing. The lack of evidence that the algorithm WAS biased wasn’t enough. There was no sign that SWP had even considered the possibility, let alone taken it seriously.

Most interestingly, and potentially of most far-reaching effect, the Court said at [199] that while it may be understandable that the company behind AFR Locate had refused to divulge the details of its algorithm, it “does not enable a public authority to discharge its own, non-delegable, duty under section 149“.

So – unless this can be distinguished – could it be the case that a black-box algorithm, by definition, can’t satisfy the PSED? Or that even an open one can’t, unless the public authority can show it’s looked into, and satisfied itself about, the training data?

If so, this is pretty big news. No algorithms without access. Wow. I have to say the implications of this are sufficiently wide-ranging to make me think I must be misreading or overthinking this. If so, please tell me.

Algorithms and data protection

There’s another key aspect of the lawfulness of algorithm use which SWP, given the design of their system, managed to avoid – but which could play a much bigger role in the ongoing, and shameful, exam fiasco.

GDPR is not fond of purely algorithmic decisions – what it calls at Recital 71 and Article 22 “solely automated processing”. (I’m using algorithm here in its broadest sense, as an automated system of rules applied to a dataset.) This applies with particular force to “profiling”, which Article 4 defines as automated processing which “evaluate[s] certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”.

In fact, Article 22 prohibits any such decision-making on matters which either affect someone’s legal rights or otherwise “similarly significantly affects” them – unless it is:

  • necessary for entering into or performing a contract between the data subject and the data controller;
  • Authorised by EU or (in this case) UK law which incorporates safeguards to protect the data subject’s rights and freedoms; or
  • Based on the data subject’s explicit consent.

Unlike a number of other GDPR provisions, no exemptions are allowed.

Similarly, s14 of the 2018 Data Protection Act (“the DPA”) says such processing – even if authorised by law – must allow the data subject to ask for a decision to be made which is not “based solely on automated processing”. And that request must be honoured.

The key word here so far as Bridges is concerned is “solely”. The human agency at the end of SWP’s process, whether inadvertently or by design, takes this out of the realm of A22; so this didn’t form any part of the Court of Appeal’s reasoning, or of the grounds of appeal. Were there no human in the loop, this kind of processing might be in serious trouble, since there’s no contract, certainly no freely-given consent (which can only be given if it’s possible to withdraw it), and I don’t know of any law which explicitly authorises it, let alone building in safeguards. And using facial recognition to target individuals for police attention is a paradigm case of analysing someone’s “personal aspects, including… behaviour, location or movements”.

So what about exams?

[UPDATE: Unsurprisingly, the JR letters before action are coming out. And one in particular raises points similar to these, alongside others dealing with ultra vires and irrationality. The letter, from Leigh Day, can be found at Foxglove Law’s page for the exam situation.)

But even if A22 wasn’t an issue in Bridges, I suspect that the rapidly-accelerating disaster – no, that implies there’s no agency involved; let’s call it “fiasco” – involving A-levels and no doubt GCSE results will be a different story.

I won’t go into detail of the situation, except to say that an algorithm which marks anyone down from a predicted B/C to a U (a mark which is traditionally believed to denote someone who either doesn’t turn up, or can barely craft a coherent and on-point sentence or two) is an algorithm which is not only grossly unjust, but – given 18 months of pre-lockdown in-school work, even if it isn’t “official” coursework – is likely provably so.

But let’s look at it through firstly the PSED lens. The Court of Appeal in Bridges says that public authorities using algorithms have a duty to work out whether they could inherently discriminate. I haven’t read as much as the lawyers crafting the upcoming JRs of Ofqual’s materials, but I’m not at all certain Ofqual can show it’s thought that through properly – particularly where its algorithm seems heavily to privilege small-group results (which are far more likely in private schools) and to disadvantage larger groups (comprehensives and academies in cities and large towns).

(I have to acknowledge I haven’t spent any time thinking about other EqA issues. Indirect discrimination is certainly conceivable. I’ll leave that reasoning to other minds.)

Now let’s switch to the GDPR issue. We know from A22 that decisions made solely by automated processing are unlawful unless one of the three conditions applies. I can’t see any legal basis for the processing specific enough to satisfy the A22 requirements – certainly none which sufficiently safeguarded the rights and freedoms of the data subjects – that is, the students at the heart of this injustice. Nor am I aware of any data protection impact assessment that’s been carried out – which, by the way, is another legal obligation under A35 where there’s a “high risk” to individuals – self-evidently the case for students here whose futures have been decided by the algorithm. And the fact that the government has thus far set its face against individual students being able to challenge their grades seems to fly in the face of DPA s14.

One final kicker here, by the way. Recital 71 of the GDPR forms the context in which A22 sits, discussing in further detail the kind of “measures” – that is, systems for processing data – with which A22 deals, and which are only permitted under narrow circumstances. It stresses that any automated measures have to “prevent… discriminatory effects”.

Its final words? “Such measure should not concern a child.”

Watch this space.