Who’s in control in a world of algorithms?

The recent A-levels fiasco has shone a very bright light on the use of computer algorithms in policy and operations. While the Prime Minister’s fatuous comments about mutant algorithms has drawn a lot of media attention, the experience of this cohort of students raises fundamental questions about the way we process and analyse data and the controls and oversight that are necessary to get it right.

Data, data everywhere

The exponential rise in the power of computers – exemplified by Moore’s Law – has had a profound effect on how organisations and society operate. The ability to process ever-greater volumes of data at ever-increasing speed has led to two significant trends.

First, with all this processing capacity, we can create data models that are more granular and versatile than ever before. The aim is to undertake analyses that are more sophisticated, nuanced and – therefore – accurate. The consequence is that data – and the algorithms we apply to it – become exponentially more complex.

The second trend is the continual growth in the expectations of what we can do with this technology. The cult-like aura that surrounds phrases like Big Data and Artificial Intelligence fosters a blind – or at least myopic – devotion to the power of the algorithms. We expect to have the ability to make insightful decisions and to deliver seamless and personalised services to our stakeholders.

Hard data meets the soft world

The ability to deliver increasingly complex solutions against these ever-growing expectations is constrained by the capabilities of people and the organisations in which they work; Moore’s Law does not apply here. In reality much of this work is becoming increasingly niche and critically dependent on advanced statistical and technical skills making it increasingly difficult to provide oversight and assurance.

The recent judgement of the Court of Appeal in the case of Bloomsbury Institute vs Office for Students highlights this problem. The OfS were defending their decision not to admit Bloomsbury Institute to the Register of HE providers based on the performance of the institute in the key regulatory metrics. The court found that critical elements of the algorithms used by the OfS were buried in internal operational documentation and were therefore not subject to a level of scrutiny and consultation that was appropriate given their significant policy impact. When the OfS attempted to explain the algorithms, arguing that they were fair and rational, the judge effectively gave up and concluded that they were “very hard to follow.” The judge commented “I believe that I was not alone in that respect”.

Three principles of assurance

So, the combination of rampant technology and exponential expectations can result in examinations chaos and a regulatory mechanism that fails both policy and transparency objectives. At times like these commentators often look for answers in the governance (or lack thereof) of organisations and their activities.

The scale and complexity of modern datasets and the algorithms that work with them presents some unique challenges for governance and assurance. I think there are three key areas that any governance framework should focus on.

First the expectations and aspirations of data processing and analysis should be realistic in the context of both the technology and the capabilities of the organisation and any relevant stakeholders. Risks will increase if there is imbalance between these different elements.

Second, there should be a clear and demonstrable link between the high-level policy objective and the detailed implementation. This will depend on effective feedback mechanisms in order to verify the implementation and stress-test the policy. If this link is not strong the law of unintended consequences will apply.

Finally, there should appropriate oversight and assurance at all levels of data processing and analysis and this should work to standards that are equivalent to those we would see in areas such as finance and legal issues. Specialist expertise should be brought in to provide assurance where appropriate.

The digital revolution creates opportunities for transformational change but brings with it challenges and risks that are novel in both scale and nature. The challenge of assurance and oversight in this area will only become more critical.

September 2020