Benefits, doubt

21 November 2007

A few questions that have crossed my mind following the great child benefit data snafu of 2007. As the BBC reports:

He blamed a junior official at HM Revenue and Customs’ offices in Washington, Tyne and Wear, who he said had broken rules by downloading the data to a disc, then sending it – unrecorded – by courier to the National Audit Office in London for auditing.

So here goes…

  1. How is it even possible, under security protocols, junior officials at HMRC to be able to query SELECT * FROM TABLE child_benefit LEFT JOIN bank_details (or access archived copies) “just like that”.
  2. Although it’s reprehensible for such mass data trawling to be done by a junior member of staff, what does this also say about the reliability of TNT, who handle the (privatised) government internal mail service? What else have they lost recently?
  3. These discs were bound for the National Audit Office – aren’t audits generally meant to be on a sample of data and not the whole set? Just what did they want with all of that data anyway?
  4. The discs are “password protected” – note the careful wording – not “encrypted”. Does this mean they just used an Excel password? Why isn’t even the most basic encryption & key management being implemented as a matter of course?

Such is the aggregation of data, and so little are the controls on it – think how doctors, lawyers and accountants are so strictly legislated, under threat of professional disqualification, for abusing their clients’ confidentiality, compared to the rules for bureaucrats (both governmental and non-governmental) – that a breach this stupid, though not of this scale, was quite predictable. Hopefully, however, given the nature of the data, any potential abuse is most likely on a case-by-case basis and not systematic.

And some good may come out of it. In an information society we accumulate all kinds of data that is kept on us, and this is inevitable. What isn’t, is how that data is managed, how it is organised on our behalf, how we make sure different sets of personal data are kept separate and private, and only combined and revealed to others when it directly benefits us. The insane, blind stumble towards a Total Information Awareness society can be checked, and stopped, if we take a calm and sober look at how we got here and how to make sure it doesn’t happen again.

That said, I bet there’s a fucking massive run on the banks tomorrow morning. Plus ca change.

Technorati Profile


2 Responses

I can only answer (3).

It turns out the NAO didn’t actually want all of the data. I understand they only wanted some of the non-financial information. But some bright spark at HMRC apparently determined that it was too much of a job to cut out the bank details from the data tables, so just dumped the whole lot onto disc instead.

Fin

On the plus side (yeah, well, that’s as in ‘on the plus side, when I was force-fed my own shit, I just instantly vomitted it back out’), I hear rumblings that this has shoved ID cards back into the ‘Not quite now, things are a lot fucked’ file.

Oh, that and all the IT groups working on it are terrified at the inability/ unwillingness of the separate government departments to liaise with each other, and of the complete lack of interest by the HO in the probability of an error match still being way too high.

What’s got to happen to bury that dung heap?