A week when databases go bad

Apologies for the lack of blogging over the past few weeks, I’ve been taking a break that included cycling to Paris and living in the woods for 10 days. In reviewing the mountain of news items that were waiting in my inbox when I returned, I noticed four examples of incidents that blow away the old lie “if you have nothing to hide, you have nothing to fear“.

On Monday the Telegraph ran a feature piece on security risks in ContactPoint (aka the Children’s Index), the ‘junior National Identity Register’ that will hold details of England’s 11 million children in a single register. The design flaw is simple: by the time it goes live it will have 390,000 authorised users. No system administrator could ever hope to keep track of staff movements and actions across the thousands of schools, hospitals, GPs, councils and other bodies that will inevitably forget to notify the government of staff changes. The government has been keen to reassure everyone about security levels, but the fact remains that it has designed a system that fundamentally depends upon management of an unmanageable user population and assumes endpoint security across a vast population of machines over which it has no control. Criticising ContactPoint’s security is a little like shooting very large fish in a very small barrel, but we have to keep doing it so that we can say “we told you so” when the whole thing unravels horribly in the near future.

On Tuesday we saw the revelation that nine individuals have been sacked from local authority service for misuse of the Customer Information Scheme database, which will form part of the National Identity Scheme. If we assume that security managers have only detected a small proportion of misuse (34 incidents were detected), that means that there is a significant population of authorised users digging around in the database that the government expects to underwrite the deep truth about all of us. Of course some will be benign idiots looking up their own records for fun, but others will most probably be a lot less benevolent.

Wednesday brought a fascinating tale of an error in Southend County Court’s database of debtors. Instead of registering a debtor as having settled a £5,000 debt, a clerk updated the record to show £254,000 still owing, with a County Court Judgement to that effect. That’s quite shocking – a CCJ effectively instantly shuts down an individual or business’ access to credit regardless of the accuracy or cause, and just a typo can effectively circumvent a local magistrate’s decision. The individual concerned tried to sue for damages after his business failed, but the judge (Mr Justice Bill Blair QC – for it is he, brother of former PM – an irony that I hope isn’t lost on New Labour but probably will be) ruled that the civil service cannot be found liable for damage caused by its own record-keeping mistakes. Yes, if you lose your benefits, your job, your house or your clean criminal record because of an administrative cockup, you have no recourse to compensation. For some reason the government seems to believe that it can still use computers with impunity whilst punishing private sector organisations that get it wrong.

On Wednesday we also had the (not really news because we knew it anyway) revelation that organised criminals are subverting HMRC’s online tax return systems to submit fraudulent claims and claim refunds. This has been a problem for as long as the systems have been in use, and has nothing to do with hacking, but rather interception of passwords and impersonation of legitimate taxpayers. Under its previous management team, HMRC became the gold standard for data loss and shoddy systems, and there are still years of work ahead to put those problems straight. Some of the issues are ridiculously simple – an accountant friend informs me that if a company submits an online tax return that shows a refund owing from HMRC, the system issues a receipt for the return then promptly ditches the record because it can’t recognise the ‘negative’ balance. Any queries to HMRC result in an assertion that the tax return was never submitted in the first place, despite the issued receipt.

So, rant over. Public sector data incidents are as bad as ever, but the official approach seems to be to ignore the issues, and when they can’t be ignored, to deny any liability whatsoever. In an environment where neither the facts nor the accountability for mistakes are accepted, can anyone really feel they have nothing to fear?