The shut down of the Government Gateway after an apparent compromise may influence your response to the NHS consultation on other uses of oatient data, on which I blogged on Friday. It should not. There is whole array of privacy enhancing technologies that can be used to prevent such failures. The problem is not hardware or software. “Its the wetware stupid“.
The title for this entry was sparked by listening to Christian Bok plugging Eunoia on the Today programme at 8.20 on Thursday. On the morning of 27th November I am due to chair the opening session of Cybersecurity KTN’s event “A Fine Balance” , a review of the current state of research into PETs, (Privacy Enhancing Technologies) and am being chased by the organiser for an advance note on my opening comments.
I used to be a sceptic, regarding PETs as another way to sell cryptography and the extra hardware needed to run it. Now I have come to appreciate that there are as many variations of electronic PET as there are of physical pet. From yappy puppies which demand all your time, and more, while devouring important e-mails (or routes them straight to delete) to cats which will quietly rid a farmyard (network) of mice (spyware and anything else that was not explicitly authorised) in return for an occasional cuddle (updates on what you do wish to permit).
But PETs have to be used as part of holistic approach to information governance if they are to prevent “compromises” like that reported in the Daily Mail.
And it is a matter of culture not cash.
Barnardos, Citizens Advice and the Salvation Army are loath to divert more than they have to from looking after the most vulnerable in society but have information security that is “fit for purpose” – unlike many of the government departments and agencies they deal with.
The mass deployment of PETs need not be expensive but their effective use depends on human beings, from the top of the organisation to the front line, and especially those in ICT and the ICT supply chain. They have to have the equivalent of PGP, “pretty good paranoia”, not just the technology but the attitude of protectiing other peoples’ data as they would their own and their families’.
The time has come for HMG to stop patronising the “third sector” and instead pay them the going rate for consultancy – especially on how to motivate clever techies and complacent bureaucrats to take a holistic approach to combining economy with efficiency and trust.
P.S. The advance papers for the EURIM Directors Round Table on Information Governance are being placed on the website as they come in. There is some excellent reading there and I do not envy the member of my staff who I have tasked to produce a 4 by A4 summary of the key points. The deadline for submissions has passed but we will take late submissions if they raise points not already covered.