WRITTEN ON November 21st, 2007 BY William Heath AND STORED IN Data nitwittery, Foundation of Trust, Identity, Transformational Government, What do we want?
Four thoughts about the HMRC data loss: about responsibility, the value of the information and the temptation that creates; restitution and the new risk for the taxpayer; and lessons for the ID System.
CIO responsibility
Paul Gray who chairs the Board of HMRC assumed responsibility and has gone, but this is fairly and squarely a CIO responsibility. We need CIOs to run reliable systems that prespect people’s personal data, and to educate their Boards about the political and business risks of what they are being asked to do in creating e-enabled “transformed” public services. I dont believe thay have. I wonder how HMRC’s CIO and the HMG CIO see this today.
It is pretty clear that all the operational aspects, procedures, culture etc reside within the HMRC CIO function. But the failure to do more than pay lip service to the value of personal data, lack o interest in PETs, , the “trust us” culture, and the wilful blindness to the risk from corrupt and incompetent insiders is characteristic over years of mainstream Cabinet Office CIO policy.
People like Ross Anderson are dismissed as “having an agenda” and vilified behind their backs (or in the case of Simon Davies, publicly).
I’ve presented face-to-face and in writing the key points arising from this IdealGov conversation about the characteristics of a foundation of trust in e-enabled public services. We know what it’s like to be politely ignored. It creates ill-feeling in which the tone of our conversation degenerates.
Value of the data
What were those disks worth? The FT tells us a person’s full bank account details sell for £15-200 on the black market. We’re dealing here with a fuller profile also including NI number and dates of birth for the whole family. And there are 25m records, and 7.25m families. Assuming the families have one bank account each that values the data at £100m-£1.5bn. Maybe there’s a bulk discount, or maybe there’s a premium for “total control” of the market for reputation-based financial fraud. Perhaps the wholesale leak floods the market and depresses the price. We need to understand the economics of traded personal data.
Now, it is implied this data was lost by a nitwit, and doubtless there are some honest incompetents still working in the ever-leaner HMRC. But plenty of people working there will be smart. And if it’s possible to create disks of this sort of value, which can easily be copied before they’re posted, we can see there has been an irresistible temptation for some time now. It would be extraordinary, an unbelievable tribute to the universal integrity of human nature (and an insult to the energy and ingenuity of the contempory British crook) if this data had not been stolen already, perhaps many times.
Restitution
After rightly resisting for about six hours the shrill Paxman/Peter (thingy from Radio Five-Live) calls for the government to recompense any financial loss we read in today’s FT that Darling says the government WILL cover losses. This means that banks (who are now the only people able to manage this greatly increased risk) can pay out money to the wrong place confident that the taxpayer will pick up the bill.
People work in banks because they like money. Not every single person working in a bank is entirely honest. Personally and corporately they are drifting into difficult, perhaps desperate times. They now have a huge temptation to arrange financial scams in their own favour. If they can blame the HMRC leak (and who is to disprove that?) the bank gets recompensed by the taxpayer. This risk stretches forward for years. There is no way of predicting what it will cost. As with Northern Rock, this is weak defence of the taxpayers’ interests for short-term popularity.
Lessons for the ID System
The Chancellor seems to think this episode strengthens the case for ID cards. I disagree.
It may underline the case for good ID management now and in future, but underlines that
- government is not the right place to do it (remember the Home Office is way below HMRC on the scale for competence, quality and morale of staff etc)
- such data should not be centralised
- it’s bad enough losing our NI numbers and account details but worse still to put our biometrics into wide circulation
- and that government is clueless about restitution when it all goes wrong (which is the only thing we want – we all know nothing is secure).
The more we control and manage our own data the less likely this sort of thing is to happen. And we are the ones who care about it most.
4 Responses to “Four immediate thoughts about the catastrophic HMRC data loss”
I never met Deepak Singh. I tried to meet Steve Lamy several times but he was always too busy.
Former CIO Ian Watmore – an excellent communicator – listened intently to IdealGov insights and gave me further platforms to spread the ideas. But the work done under his tenure did not (I felt) reflect emerging Cluetrain/Web2.0/IdealGov insights about co-creation, quick wins, feedback and the foundation of trust.
And I feel the present CIO John Suffolk, who is less of a natural communicator, is focussed more on the making the central CIO/CTO/delivery Councils and IT markets work better. There’s plenty of scope for that – I’m sure it’s at least a full time job already. But for me it misses the bigger picture of educating upwards (ie what does the Board and Cabinet need to understand about the possibilities and responsibilities of e-enabled public services) and the wider principles of customer-driven change and how to treat people’s data (which I think of as the “what every CIO needs to understand about human dignity and rights” agenda).
So if there is a big government IT culture change I STILL feel we’re at the beginning of it, and not in the final stages. But this shameful episode may be a milestone. I just hope we derive the right lessons.
I agree, only by building tools on the side of the individual will we be able to change what is a fundamentally broken modus operandi.
Couple of quotes I hope are germane from this week’s net.wars (partly about this, partly about the many digital identity conferences in London this week):
>>The access limitations inherent in physical storage media must be painstakingly recreated in computer systems or they do not exist. The problem with security is it tends to be inconvenient.
With paper records, the more data you provide the more expensive and time-consuming it is. With computer records, the more data you provide the cheaper and quicker it is. The NAO’s file of email relating to the incident (PDF) makes this clear. What the NAO wanted (so it could check that the right people got the right benefit payments): national insurance numbers, names, and benefit numbers. What it got: everything. If the discs hadn’t gotten lost, we would never have known.>>
>>It is characteristic of our age that the favored solution is the one that creates the most data and the biggest privacy risk. No one in the cluster of organisations opposing the ID card – No2ID, Privacy International, Foundation for Information Policy Research, or Open Rights Group – wanted an incident like this week’s to happen. But it is exactly what they have been warning about: large data stores carry large risks that are poorly understood, and it is not enough for politicians to wave their hands and say we can trust them. Information may want to be free, but data want to leak.>>
The rest is here.
wg
For the record, the HMRC’s CIO has been Deepak Singh since June 2006. Deepak took over from Steve Lamey when he was appointed Chief Operating Officer.
“Deepak joined HMRC in June 2006 from T-Mobile where he was an Executive Vice President responsible for IT Strategy, Governance, Quality Management and Change Management.”
http://www.hmrc.gov.uk/board/