The Government plans for us all to have personal web-access to their on-line services inside four years, as described in the Times today are as “ambitious” and cahllenging as they are overdue. If they are serious about socailly inclusive delivery the first step must be to ensure that the “Digital Gateway Offices” have on-line access that is fit for a sub-postmistress to access on behalf of a queue of frail pensioners. The second is to ensure that all involved (including contractors in the supply and support chains) are vetted and subject to personal liabilities for carelessness and indiscretion, let alone active misconduct, that are at least as strong as for those who run a sub-post-office.
Only then can we have confidence that the on-line systems will have the same level of security and confidentiality that our parents expected when they transacted via their local Post Office. The recent revelation that the DVLA, currently thought of by government as a flagship of success for cheap on-line access, is not only riddled with inaccuracies but a favoured start point for impersonation, should give cause for thought. The problem is not the technology but the people – from those using the systems to those running in, let alone alone those working out how to loot it.
The Victorians knew that when they used government mail contracts to pull through the age of steam and telegraphy (railways and packet ships serving not just the UK but the Empire). Their draconian penalties for interfering with the mails need to be replicated for interfering with on-line communications (whether by staff or contractors) if we are to have the trust that is necessary for government to achieve its savings.
Othwerwise we will merely have new and more imaginative frauds against the taxpayer that will dwarf the prospective savings. One of the lessons form the Individual Learning Accounts is that easy-to-use, insecure automated systems are also wide-open to automated looting. The recent National Fraud Authority report indicated a cost of fraud to the taxpayer over well over £15 billion – even though it used the DWP’s own estimates of fraud.
Insecure on-line systems will be even more amenable to automated looting.
The potential savings from secure systems that also cut the cost of existing fraud, at the same time as cutting the overheads of delivery as howver massive. They can also be used to fund the provision of the world-class communications networks that will also be needed to deliver what is being promised.
But implementation must follow much better information management and information systems practice than has been the case over recent years – beginning with clear and realistic objectives. It is also essential that the new systems are designed around secure people processes, reinforced by secure by defauilt/design technology processes.
The Information Society Alliance (EURIM) Security by Design paper is due to be placed on the website for a final round of editing and peer review this week. The group agreed that this should be an open review so it will be available in the public area. It will blog again when it is.