Questions raised about information security

Nov 24 2007 by Paul Loraine, The Journal

The loss of 25 million people’s confidential information has raised fundamental questions about computer security. Paul Loraine reports.

THE shock of a huge amount of personal data going missing has been inevitably, and importantly, followed by an inquest.

Was this an individual’s mistake or, as David Cameron would have it, the product of systematic failure within HM Revenue and Customs? Were we witnessing the result of cost-cutting or a one-off human error?

But perhaps the most pressing doubt to emerge was this: how far can we trust the Government with our personal data?

At a time when the debate about identity cards rages on, and NHS patient records are soon to be brought together on a national database, the query becomes all the more pertinent.

Any problems one might have about the intrusiveness of an increasingly surveillant society are compounded by errors like the one exposed in Washington. Once the information is with the Government, what kind of assurance can they give us that it will remain protected?

Thousands of people are viewing databases with our details on every day and there are obvious risks involved with such widespread access to vast amounts of confidential information.

According to Lyndsay Marshall, a lecturer in computing science at Newcastle University, systems need to be tightened to avoid repeats.

“I don’t think anybody can be trusted with our personal information,” he said.

“There’s a basic problem in that mistakes happen and it’s very difficult to get the right balance when you’re creating a system.

“A secure system is an unusable system. If you make your system extremely secure, you have unhappy employees.

“But there is no question the Government should tighten up their systems.”

Our anxieties about the handling of our personal data by Government departments extend beyond technical considerations.

The issue, as is often the case, returns to a financial problem. David Cameron has blamed cost-cutting for the mistake and union leaders this week argued that demoralised and over-worked staff will inevitably run into trouble.

Mr Marshall agreed, adding: “Financial issues underlie a lot of this. The HMRC don’t have a secure internal delivery service and had to go through TNT which led to the loss of the disks. It’s a terrible idea.

“You have to train people to know about the risks. There is a huge amount of pressure on the Government to train an efficient civil service. Civil servants have often been berated in the past but they need proper support to do their jobs.”

Of course, there are compelling reasons to collect data in some instances. In the case of the NHS patient records, the efficiency of the service should be greatly improved by the national database. But a large number of people will have access to these records and it seems all too easy for confidential information to get into the wrong hands.

Dr Gidon Cohen, a lecturer in politics at Durham University, admitted such databases were a cause for concern.

He added: “The problem of securing data is extremely difficult and small actions can have huge consequences.

“The NHS database is another cause for concern, but as in most of these cases there is clearly a benefit. You have to weigh up the risks against the benefits.

“You can see very significant cost-savings in the new NHS system but with a national ID database, for example, it’s very unclear where the benefit lies.”

So our furnishing the Government with a certain amount of information is unavoidable, but there is always the matter of our privacy to protect.

What do they truly need to know about us?

For Mr Marshall, the use of national databases threatens our rights to privacy as well as risking the loss of our details. Like Dr Cohen he was concerned with the idea that our details were being collected with no benefit in sight, merely because the technology is available.

He said: “The Government should only have what they need but, of course, that is not a fixed point that everyone can agree on.

“They always make out that having our information is a necessary part of protecting us but the point is, when you start giving people power they over-use it.

“In America now they are cross-checking people’s library records to see which books they have taken out. That is ludicrous.

“Just because you can do something is no reason to do it.”

Such an argument might be applied to ID cards, the benefits of which are unclear.

If the Government was facing considerable opposition about their introduction before this week, their position now is even weaker.

Newcastle Liberal Democrat Coun Greg Stone is one of many to have challenged the idea.

He said: “The Lib Dems have always had concerns about the whole process of ID cards. First we have an objection to the principal but we are also critical of the Government’s ability to safeguard personal data.

“So this week’s events have only really served to prove our concerns are valid.

“There have to be very real fears that the Government can’t be trusted with this data.

“This information has been about Tax Credits and Child Benefit payments but there is also the question of bank details and very real concerns that the Government is compiling a DNA database for people who have committed no crime. That is extremely worrying.

“This week has shown the flaws in the Government’s arguments.”