Can we trust them with our data?

Another disaster waiting to happen

No we can'tNo we can't

The children's cartoon character Bob the builder gave us the line -”Can we fix it”? To which the children and not a few adults would reply “yes we can”! Well there's confidence for you!

It's now clear that at least 34 people have been illegally looking at information held on central government databases to which local authority workers have access; only 9 were sacked and none prosecuted. We learn this from a story at first doing the rounds of the IT specialist press, but now spreading out into the mainstream media.

Does this story surprise us? I think not. Careful reading of the detail tells us a great deal. In the first place the 34 people caught are very unlikely to be the real number of people who illegally looked up data. In truth the real number of people who acted illegally will never be known.

The leniency towards the 34 is also interesting. Either the relevant authorities don't see this as a problem, or they wished the whole matter to go away as quickly as possible, the classic 'cover up'. This would, they hope, save embarrassment. A Department of Work and Pensions report speaks of "audit trails showing the full access history of those under suspicion”, the suggestion is that these audit trails will be created now, after the problem arose!

The next problem will be who creates these trails and makes the accusations? Just because a worker is in a department that has had a security leak this does not automatically mean they are responsible. How will the innocent be eliminated from enquiries and will the police be involved? For the fact is the police love building up their DNA database in a sneaky underhand way that ensnares the unlucky and keeps them on that database. This is done in a way that has drawn criticism from an EU court of law. Will the innocent be removed from any database? Remember anyone accused of a sex crime, proven or not, stays on the relevant database.

As part of the news management of this story we are told that over 200,000 government workers have access to the data hacked, as a sort of 'fessing up' procedure. However, it would be reasonable to double that number as a guide to the real number who might have an opportunity to do so. The 9 people sacked worked for either Glasgow or Cardiff council. The battle lines in politics in UK cities have always rather fraught, in being lenient are the government trying to keep local authority workers onside? If so then this is not just a simple IT problem, it's gone political too.

I'm sure we all have heard of the local councils using legislation created originally for prevention of terrorism to spy on trivial things like wheelie bin use. An organisation with this sort of culture lacks discipline and the basic comprehension of security matters. Not the sort of thing to appeal to MI5, yet the very data MI5 would seek to protect is available to nearly 500 local councils and almost half a million workers. It's therefore impossible to stop this data leaking out to a terrorist group.

One final word about our title above - Can we trust them with our data? Remember it is our data and not the property of the state and the people who misused the data are public servants. This means we the public pay them to look after our data, they have an obligation to us, that's the nature of the relationship. Not the other way around.

So Bob the builder has a new chant - “Can we trust them”? To which the only sane reply is “no we can't”!