I got my letter from HMRC at the weekend, apologising for losing some CDs with information about myself and my family. Unfortunately, all the apology, and all the news has been about the wrong problem…
Most of the comments have focused on the facts that the CDs weren’t sent by registered post, and that the files were just protected with a zipfile password…
(technically this is encryption, so I’m guessing that all the nonsense about ‘password protected but not encrypted’ was to say that it hadn’t got strong encryption, but if they’d put the key on the disk anyway, what difference does it make)
Now of course these aspects of the affair are just stupid: stuff gets lost in the post all the time, and if you are going to use physical media it makes sense to encrypt it as strongly as available, and to send the decrypt key separately or electronically.
More importantly, though, we have to wonder how on earth this state of affairs came about. I know in other parts of government there are secure networks: if you want to work from home in some government organisations you can’t use your own ISP, but you get an extra line that connects to government servers. In this case there would be no need to use the post. Indeed, for important mail you’d think the government would use its own internal mail service, Government Mail, although this is run with a private company and it’s possible that HMRC had to get the best deal, and this turned out to be TNT.
And why and how was the information sent out in this format in the first place. Apparently a junior manager burnt the data to CD and sent it out, but surely this is something that should only be done with authorisation at the highest levels. Otherwise, what’s to stop a corrupt employee doing this with all records: just copy them to a memory stick and leave the building and no-one would ever know.
More importantly, the auditors didn’t want all this information anyway. They wanted all the address, bank and parent details removed, but the HMRC people reckoned this was a burden too much, and could cost £5k to do ‘additional data scans/filters’! Now I know it’s a big database, but once the query is set up, it should only take minutes to make a new query without this data. Even if this couldn’t be done, it would have been easy to run a query on the outputted dataset: at most an hour’s work and then leave a computer to get on with the new output. This suggests that the IT providers have got the government over a barrel. The database is set up in such a way that the HMRC staff (and I assume someone there could do the work) can’t get full access to it. And then they charge five grand to come and make minor changes.
Herein lies the rub. EDS (I believe it’s them) have designed a system in which the end user (HMRC) can export data from a query that uses every record to a CD, yet can’t create or modify queries; the government have their own ‘secure’ mail network but they don’t use it, and have their own secure intranet but don’t use that either.
It just goes to show how well ‘competitive tendering’ works. It reminds me of a conversation I had with an IT professional who said that the industry was slowing down because they could no longer ‘rip off the government’. He said that in the past they could charge the government ludicrous amounts for small amounts of work, but that the government had got wise to it and new contracts were much less profitable. Looks like the HMRC job was sorted long before this, though.