The UK Prime Minister, Gordon Brown, admitted today that his government has a long way to go on data security, but he also claimed this was a problem for both private and public sector bodies around the world. I think that is what they call an understatement.
As time goes on, more and more examples of the UK government's inability to maintain even basic data protection systems become apparent.
On November 20, Customs and Excise finally admitted that they had lost two CDs containing 25m highly confidential Child Benefit records and the bank details of 7.25m individual recipients. The following day, the Prime Minister apologised, whilst his coleagues laughably maintained the ignorance-is-bliss position that there was as yet no evidence that the information had fallen into the wrong hands. They also took the opportunity to mention that a mere 41 laptops that had been stolen over the past year or so, which also contained important data.
It turns out that even lowly officials can access and download entire databases of highly personal citizen information; not only that, but they can also put them on a CD in unencrypted form and hand them over to a commercial courier company who run the inter-governmental mail service (don't they have a secure electronic network?!?). I have used this courier and it is not entirely without precedent that they "lose" a consignment, but given the HMRC opted for a standard service delivery, we don't even know whether the package even reached them in the first place. And, of course, the National Audit Office had not actually requested the entire database, but the private sector contractor used by HMRC would have charged £5,000 to run a SQL query across the database to select a sample dataset, and HMRC wanted to save some money. Imagine how that stacks up against the costs to taxpayers of helping the banks protect 7.25m accounts against fraud.
As reported by Kablenet, Chancellor Darling confirmed the Treasury relies on "rules", not actual computer security, to stop people from downloading this data. Somehow, Darling thought that telling us this action violated the rules would be re-assuring. It conjures up images of a dog-eared photocopy with bold, centred text asking people not to download and share the entire database of citizen data, pinned up next to the tea-making rota.
Two weeks later, an ex-contractor at the Department of Work and Pensions told a newspaper that she had forgotten to return unencrypted CDs containing details of thousands of benefit claims for over a year. I was personally re-assured by the DWP spokesperson's response, which rather hinged on the spurious notion that information cannot be copied:
"Although there is no indication that any customers' data was compromised by this incident, we are investigating and will ensure the safe return of the information"
Clearly, this is just the tip of the iceberg. As the Register reported yesterday, among other losses that have come to light recently, "HMRC lost data in six previous cases since 2003, the DVLA lost 6,000 drivers' details and sent letters containing private information to the wrong addresses."
Perhaps even more frightening, though, is the government's long term answer. As Matt Mower mentions, their preferred long-term solution is for citizens to give the government even more vitally important and private data to centralise in a single mis-managed ID card database, which can then be used to curtail our liberties and freedoms every time a database administrator gets an update wrong.
So what is the answer? Bigger private sector contracts to shore up IT systems?
I think the issues are a more fundamental.
First, there is a major question mark over whether the government should host the repositories for citizen data in the first place. Why can't citizens use more trusted data repositories that give them responsibility to correct errors and ensure data is updated? There are some interesting conversations going on right now about this, among people who care about the issues, and it will be interesting to see what proposals they can come up with and how the government responds. Any system that seeks to store citizen data centrally, in one place, is creating a hostage to fortune.
Second, we need to recognise that old-fashioned traditional IT project management and delivery has an in-built tendency to produce problems like this, partly because an obsession with defined requirements ahead of time means that key features may never be predicted, and partly because traditional IT does not understand human behaviour anywhere near well enough.
By coincidence, on the day of the HMRC debacle, I was speaking at a seminar hosted by the law firm Linklaters on the implications of Web 2.0 for data protection. I tried to address some of the myths surrounding the impact of more open, Web-based systems on security, arguing that the vast majority of breaches are caused by human vulnerabilities, often as a kludge to route around poor or bureaucratic IT systems. And that is exactly what happened here. The same IT folks who rail about the "risks" of sharing and online social networking are also responsible for creating systems so unusable and inflexible that they lead users to dump entire databases onto CD and lose them. I think it is fair to argue that IT systems that do no understand people are a bigger risk than human-scale web computing that treats people as adults.
Finally, I cannot help thinking that the way private sector companies are used in this process is also part of the problem. Requirements for next year's big IT system must all be known ahead of time, and then the contractor backends the work to outsourced developers who know only the derived specification, not the client or the real needs, and they deliver a solution that can be ticked off against the documentation. This is the very opposite of agile development, and it places government agencies in a worringly dependent position on commercial suppliers.
I genuinely believe that government needs our help with this, and it is certainly in all our interests to ensure they improve quickly, so let's chip in with some ideas and new thinking about how to avoid these problems in the future.
Comments on this Entry:
The Headshift blog feed