baldysblog.co.uk

Data is a highly valuable commodity and yet this does not seem to have penetrated the conciousness of the Government and it’s employees which is little short of extraordinary in 2007. The current story of the “Taxman” loosing on two disks, a copy of a database containing the details of 15 million names, addresses, including children, is shocking but what it points to is both a totally wrong culture and bad line management.

However, that is not all because it indicates that at the highest level and most especially at the political level, there is no clear understanding of Information Technology, what it can do, what it can’t do, what you want it to do and what you can trust any “system” to do. My impression of the response of the average MP when confronted with IT matters is that rather like Red Indians when first confronted with muskets which is to say, “White man has fire stick !”

People Too…
People are also part of an IT system and ‘data’ is so precious that the system should have prevented the database even being copied. As a general rule, the default response from any system that requires a major activity such as duplicating it is “NO” and will require automatic escalation to “System Administrator” level before it can be done. At this level, an audit trail of activity is created and therefore naturally lends itself to a very tied down end to end procedure which involves not just the IT system but also all the people who interact with it so that any problem is immediately known rather than 3 weeks later ! In any large organization, it is not as simple as “Do I know the password to login to my PC ?” It is also what any user can do and what information they can access that counts as well, this latter part is known as the “Security Model”.

Trees
Perhaps a simpler way to describe it is to call it a “permission tree” so that literally, we can think of a tall tree with branches. The principle being that whatever branch you sit upon, you can see all the information below you but none above you so, from the top you can see all, halfway up, you can see half, at the lowest level, you can see just enough to do your job. With this picture in mind, it therefore follows that if you want access to information above your level, you have to ask for it from your “boss” which then invokes a formal procedure and, an audit trail which can be traced later.

ID Card
Now whilst this may all seem totally boring to most people it does have great relevance when looking at the “biometric” ID Card this demented Government is hell bent on introducing. I have always been opposed to this project but on technical rather than ‘Civil Liberties’ grounds. From an IT perspective it clearly a ‘crock’ and the Labour Government has bought and, been sold a pup that will just be a “one stop shop” for wholesale identity fraud and it (Government), being “in denial” following this latest cock-up is unbelievable to any honest man or woman.

The ID Card system itself, will be rendered useless within a month of going live, but it is not the “card” itself that is the real technical issue, it is the database behind it plus the “security model” that governs access to that data which is the problem. However done and in the current case, throwing a copy into a jiffy bag as opposed to it being “hacked” externally, is the problem that came to light yesterday.

What yesterday demonstrated yet again, was that both the Government and the Civil Service are “culturally incapable” when it comes to IT Projects and using the resulting systems. There are probably only one or two MPs of any party who can even start to be considered qualified to examine an IT project as the woeful mess of the NHS system has again demonstrated. Even before it started with a projected cost of £5-6 billion, experienced IT people said that it would cost a minimum of £18 billion and even not finished, it has comfortably passed that figure.