The BCS believes that the incident has exposed the vulnerability of the system and poses the question of whether it could withstand mischievous or criminal hacking.
The Self Assessment Online service was withdrawn after what the Inland Revenue calls "a very small number" of users reported that they had been able to see other people's tax returns.
"Taxpayers expect confidentiality from the Revenue, and that applies to electronic services as well," says BCS chief executive David Clarke. "Although this incident is reported to be accidental from the limited facts available, it does pose the question of whether it could happen again or whether the Revenue's system would remain impervious to deliberate attack."
The BCS says the high risk attached to complex online systems and potential criminal access to confidential information means that all systems designed for confidential access need to embrace certain procedures. These include:
- Absolute access identification and authentication
- Confirmation that an individual is allowed to perform specific tasks as requested
- The ability to ensure that only requested information is displayed or sent
- Logical structure and grouped data content
- The checking of process mechanisms to confirm data structures and contents.
In addition, operational procedures should ensure that programs only perform the functions expected, and that system or program upgrades are tested before they go live.
"Despite the best preventative measures, there always remains a residual risk of errors in the live environment," says Clarke. "A method of finding such errors quickly and taking appropriate action needs to be established. Clearly the prompt action by the Revenue in shutting down its service to determine what went wrong is the result of such procedures being in place.
"We would expect that the lessons learned from this occurrence will be applied to other government online developments."