Wednesday, November 21, 2007

How 'Junior' Was the Envelope Stuffer?

It's usual in circumstances like this for the details of a Ministerial Statement to unravel. One thing I am waiting on is for a newspaper to identify the idiot who put the discs in the envelope. How junior was this person? I suspect that they aren't very junior at all, because if they were, they presumably wouldn't have access to the full data. Or would they? If a junior typist can get access to such data then we all ought to be even more worried that we already are!

46 comments:

timgbull said...

Iain: "I suspect that they aren't very junior at all, because if they were, they presumably wouldn't have access to the full data. Or would they?"

I think you reflective doubt is well founded. I think it is very possible that junior staff can access such delicate information, judging by the various comments from IT contractors on government work.

fatboyslimming said...

It is so easy for you to make side swipes at other people. But what about your own responsebilties. I have asked some serious questions of yourself and for your benefit repeated them on my blog. As a future prospective candidate for parliament would you take up the interests of the worker or would you continue to bemoan the fact your bed is to short and your sofa stays undelivered ?

javelin said...

It has to be an IT bod, but the Audit Office asked to have identifying info removed.

Was this request passed to the IT bod?

I would suspect this lives on a IBM DB2 database. I would like to know how many people have access to freely query this database.

We need to know how many people have access to identifying data.

Helen said...

What makes you think senior staff are any smarter?

Chris Paul said...

Mmmm. It is also possible that sticking something in the post passes a long way down the food chain in most organisations.

Thank goodness Grant Schweppes wasn't involved in any way is all I can say. the whole lot would have been on T'Interweb and 1234 would very likely have been the password.

wonderfulforhisage said...

Ultimately, the Satanic Trinity of Mandelson, Blair and Campbell (Father, Son & Holy Ghost) is to blame.

This trio realised that to operate in the dishonest and mendacious way essential to keep them in power they would need to neuter the Civil Service. This they did by appointing Spads and others from what Oborne calls the Political Class to executive positions situated between Ministers of the Crown and the Civil Service.

This destroyed the delicate relationship between elected politicians - the law makers and ideas merchants and the civil servants - the deliverers.

Margaret Thatcher reputedly adored the tv programme Yes Minister. Possibly this was because it reflected the dialectic between the theoretical and the practical that she experienced daily in her dealings with the Civil Service.

Once the spotty faced Spads replaced the Sir Humphreys the rot set in.

I would argue that this latest fiasco was brought about by the arrogance of the Satanic Trinity.

I don't suppose departmental quotas for one legged Lithuanian lesbians helps much either.

David Boothroyd said...

The last time a junior official did something wrong and was identified was David Kelly. That's why the government is not going to identify them. If you want the responsibility for hounding a civil servant, as the BBC hounded Dr Kelly, then by all means press for the official to be identified.

javelin said...

Its not the envelope stuffer it's the Data Controller who needs to take the rap.

Anonymous said...

OK - it generally goes like this in the civil service...
1) request for data to be passed to A N Other third party comes in at "X" level
2) If it comes in at "too junior" a level it gets passed up the chain to a senior manager to approve the transfer of data
3) Senior manager gets his team to investigate how data can be passed over to NAO.
4) Team report back with options a, b & c.
5) Both a & b are too costly for a one off (unless this is a regular thing in which case the entire security department who approved this should walk the plank), so manager elects to go with a cheap extract of data to CDs and post it.
6) decision is passed back down the chain till it hits a team who can do the work. Team manager passes it to person with a CD burner (civil servants are too poor to each have a CD burner built into PC - also for "security" Ho-ho). Poor sap burns CD and posts off.

There is no way that a junior did all of this off his own bat (how would he have got the request to do it in the first place?) as he would have had to get authorisation to copy a full database from his manager, who in turn would have covered his arse... This goes all the way up the chain and some poor sod will be hung out to dry for following orders

javelin said...

This is the Data Controller for the Treasury - somebody called

LORD COMMISSIONER'S OF HM TREASURY

Is this a Politician or a Civil Servant?

http://www.esd.informationcommissioner.gov.uk/esd/DoSearch.asp?reg=3410936

Anonymous said...

I understand that the person responsible is closeted in a hotel room under police supervision to keep them away from the press.

Fitaloon said...

According to the Guardian they were a junior civil servant. The individual responsible for sending the two CDs that went missing acted "completely outside their job remit" and had made "a colossal error".

A spokesperson for HMRC said: "This individual should not have been involved. It was none of their business. They should have forwarded it on to someone else - another group of civil servants at a more senior level."

If this is the case it maybe that even more copies are out there as there appears to be little or no control of the data.

freedom to prosper said...

I once worked in a sensitive area and when I asked for the computer password everybody in the office shouted in unison "PASSWORD" so it just goes to show. Watched your paper review on Sky last night. Who was the American guest? Wasn't sure about your tie and neither was my wife albeit we had been binge drinking (wedding anniversary)Keep up the good work.

Not a sheep said...

jvelin - I believe the LORD COMMISSIONER'S OF HM TREASURY are some of the government whips.

BOF2BS said...

Anonymous 1.21 pm

And apparently the criminal fraternity! At $X00 per bank a/c thats a lot of $'s even at $2 = £1!

As someone else said if it really is a junior official then even the less intelligent criminals will have already identified/placed junior officials in every Government department & agency in the land!!

Anonymous said...

In this day of "headcount reductions" - where junior staff (known as the doers) are culled on a monthly basis, I suspect the more middle managers will be the new junior staff and therefore responsible. I can guarantee that a junior typist would never make that sort of mistake. They are almost always the most professional people in an organisation.

Anonymous said...

In this day of "headcount reductions" - where junior staff (known as the doers) are culled on a monthly basis, I suspect the more middle managers will be the new junior staff and therefore responsible. I can guarantee that a junior typist would never make that sort of mistake. They are almost always the most professional people in an organisation.

Anonymous said...

I also wonder just how junior was the person, mainly because of the way the government is trying to spin that it was a mistake by a junior staff member.

Oscar Miller said...

If the 'junior person' as culprit is a piece of spin, then it is a total failure. As nearly everyone has pointed out, the idea that a very junior person can access such sensitive data is terrifying. It has to be said Campbell and Mandelson would have spun it much much better than that. This government is even incompetent at spinning.

Henry Rogers said...

Just a thought, it needed to be someone with enough status to get all that data written to disc. It needed to be someone who was completely unfamiliar about the correct procedures for physically passing highly classified material from one location to another for the data to be lost. A junior clerk wouldn't have access but would know the procedures inside out. Somebody quite senior would have the authority to get hold of the data but might well not know how to deal with it.

So, was this an urgent request dealt with out of normal hours by someone quite senior who cocked things up disastrously while trying to be helpful?

Tameside Eye said...

How "junior" was the officer at Tameside Council who created a bias article on the EU referendum?

It is an excuse commonly used.

Struan Jamieson said...

wouldn't it be delicious if it emerged that the "junior official" was actually an illegal immigrant?

jafo said...

ITV News are putting out that it wasn't a "junior employee" and the NAO didn't actually ask for the info in the first place - all they wanted were names and National Insurance numbers.

But a decision was taken by HMRC that it was "too costly" to separate the data so sent all the information they had - the "junior" just did what he/she was instructed to do.

So GB has misled the House, hasn't he? Alistair Darling certainly has.

peter whale said...

How many computer terminals are capable of downloading that information to disc? How many people have access to those terminals?

Curly said...

Seems he/she was junior, Tyne Tees Television now claiming he/she has resigned

Tone made me do it - he's a bad influence said...

"Radio 4 anyone but the English" seems to be confirming that a senior figure was involved in sending out the discs.

Cameroon missed a trick on this at 12.

Trumpeter Lanfried said...

This is the line for Cameron to press home. What was the job title of the person who was first asked to send the data and what action did he or she then take?

Anonymous said...

HMRC IT systems are managed by Fujitsu. Could it be that it was not even a civil servant who extracted the data, but a contractor? If so, he/sh may have been committing an illegal act. Just a thought.

Anonymous said...

As at April 2006 -

"HM Revenue & Customs (HMRC) has integrated the two separate IT contracts that were in place before the merger of the Customs & Excise and Inland Revenue departments last year.

The old Customs & Excise IT contract held by Fujitsu Services will now become part of the 10-year £3bn Aspire IT services contract awarded to Capgemini by the Inland Revenue at the end of 2003.

Under the new arrangement Capgemini will continue to be HMRC's main IT supplier with Fujitsu Services the key sub-contractor.

HMRC has also extended the Aspire contract to include a new data centre, enhanced print services and a new support centre for the department's 100,000 employees."

Anonymous said...

This on 13th November -

"IT outsourcing outfit Capgemini is to slash its workforce at the Inland Revenue by more than 20 per cent following the HM Revenue and Customs (HMRC) decision to restructure its Aspire contract."

So, against a background of rumours about redundancies, personal financial data disappears. Curious, eh? And the police are known to be investigating.

Anonymous said...

Just a point but, Northern Rock, a Newcastle based company,Child Benefit Centre in Wahington, Tyne & Wear (about5-6 miles from N'cle).
I suggest we re-draw the border with Scotland upon dis-union. We keep our oil & they get the Geordies (fat-necked f***wits). That'll teach 'em.

Jess The Dog said...

This situation has arisen through institutional incompetence and a contempt for the integrity of the data held. During my service with the Armed Forces I undertook the duties of Unit Security Officer at two bases, with comprehensive training in security procedures and compliance monitoring. We operated under the Government Protective Marking Scheme (ie restricted, confidential, secret etc). There were laid-down procedures for protectively marking material and for handling procedures. Two principles of security were that the protective marking of material was derived from the damage that could be caused by its unauthorised disclosure, and that the aggregate protective marking of multiple items could be higher than the highest classification of what was contained within. The damage caused by the unauthorised release of personal bank account data is significant enough, but when the database has millions of records, then the consequenses are catastrophic. This is a criminal blunder - there is no way that such data should have been prepared or disseminated without very senior authorisation. I believe that this demonstrates an institutional disregard for the integrity of "our" data. If this had been government information, then someone would end up in the dock over this.

There is another lesson that can be drawn from this. ID cards are incredibly risky and incredibly expensive. It is an established security principle that protective measures must be multi-layered ie. a steel safe with a combination lock is secure enouth, but far more secure in a locked room than in a car park. ID cards place a lot of eggs in one basket, and all the emphasis on the basket. If, for example, a terrorist adopts someone's identity (buying a mobile phone used in the planning of a terrorist act in the United States) by bribing a civil service clerk on £14K a year, then the poor sod will have the battle of his or her life to prove their innocence and avoid extradition. It is no good having a cast-iron copper-bottomed biometric system if there are failure points elsewhere in the system.

bitter and twisted said...

Its apparent from the comments on Sky that both Brown and Darling have misled the house. Unless this is accidental (highly unlikely) they both need to resign.

Darling has said it was due to a low grade employee when it was a decision that the department could not cope with the extra 5 minutes work.

Brown has said there was a conflict between NAO and the treasury about events when there was not.

bitter & twisted said...

The government defence is possibly worse than reality. If this leak was made by a junior employee on say 18K facing a 1 in 4 chance of redundancy due to job cuts what is the chance that one of the 25K they are letting go will sell all the info to fund his retirementhwhmp

Anonymous said...

Seems the guy was a 23 year old AO, so really low down in the pecking order. A lance-corporal at a stretch. Of course the rats want to blame this poor kid but what kind of systems allow such a low level civil servant to download information on 25 million people.

Of course the blame lies much higher up the organisation, the lad should have his job back.

Anonymous said...

We are getting layers and layers of lies, spin, misdirection and deception.

We were told it was a junior civil servant making a mistake. Lie. Mike Crick has shown on Newsnight tonight that senior civil servants were involved.

We were told it was a few CDs. This has been shown to be unlikely - more likely this was a regular bulk carry of a database on multiple media that should never be taken outside HMRC computers. Many computer experts are publicly stating that this is wrong-headed and was directed on a policy level.

Outsourcing and muddle following the merger of HMRC plus chaos in the upper levels of management, indifference to the public welfare, utter cluelessness surrounding the protection of data and manifest ignorance, lies and incompetence by ministers. What a sorry bloody mess.

Anonymous said...

Surprise, surprise, the dismal Crapita are involved. This bloated PFI company goes from disaster to disaster and incompetent project to incompetent project, yet continues to receive ever-larger sums of public money. There is quite literally nobody in government who now regulates public expenditure in a practical, agressive manner to defend the taxpayers interests. New Labour ministers are like rabbits in the headlights. All that matters is the huge graft flowing into the pockets of the outsourcing directors running their companies from the Grand Caymans and Bermuda. Nobody in British government cares any longer about Britain or the British. The aim is to make money and to spin, lie and decieve when anything bad happens as a result of the operations of the devastated public services. All approved of course by the WTO deals, which Tories, Labour and LibDems all support and will continue in office.

freedom to prosper said...

They put these departments in Labour areas always have always will. The staff combined with the other inhabitants (always on benefits) provide the ideal uninterested workforce. Wasn't the farmers subsidy thing somewhere in that area?

young pretender said...

It would be interesting to see whether those who favour public sector management would countenance it in their own offices. Would the New Statesman hand over its subscription database management to the civil service? I think not.

Many government employees are still printing out each and every email they receive, because they haven't moved beyond the internal mail memo system. And that's often departmental policy. And it's worth remembering that in the first few years of online tax returns, although you filed the details over the web, when got to the other end, they were printed out and typed into the system... because there was no system, just a printer!

Anonymous said...

Anon 11.00pm, you are right, but it's worse still. The same indifferent self-serving pack who describe themselves as a "government" are also actively waging war, sending British service people who deserve better to their deaths and doing nothing for them; whilst featherbedding their own careers, providing luxurious new headquarters for the MOD etc and pouring money into the contractors. We don't just need a change of government, we need something akin to a purge and a cleansing of the British and international political system. From Brussels to London and from Washington to Baghdad, the whole system is rotten to the core. The oil rich and Goldman Sachs call the shots and their puppets in the Commons do their bidding.

Anonymous said...

Anonymous at 10:51

what kind of systems allow such a low level civil servant to download information on 25 million people.

Of course the blame lies much higher up the organisation,


Spot on. It is not the 23yo's fault that he's so poorly trained and supervised he can drop a brick like this. The problem is systemic, and the culpability therefore with whoever owns the system.

Anonymous said...

I think last night's 10.000 news mentioned EDS (surprise). The report was:

Civil Service management gave instructions that all the data be sent. To do the truly simple job of stripping out just the required data would have required the department to pay more money to EDS to do the simple work. The cheaper option was to send it all.

Anonymous said...

young pretender said...
"And it's worth remembering that in the first few years of online tax returns, although you filed the details over the web, when got to the other end, they were printed out and typed into the system... because there was no system, just a printer!"

So it saved the postage costs, the handling of incoming assessment forms and the decyphering of scrawled entries on the forms.

Jess the Dog said...

Are there other avenues of complaint? The Information Commissioner seems the obvious choice. I would argue that the data loss is maladministration, could the Parliamentary and Health Service Ombudsman investigate?

Also, what would be the best way to frame a complaint - and would this benefit from a co-ordinated approach?

David K said...

So TNT lost a package entrusted to them? And this is somehow the fault of the civil service.

What NO-ONE is saying is that if TNT had done the job that they were paid (with taxpayers money) to do, then there would be no problem here at all!

The Essex Boys said...

This is a case of deja vu! We remember how poor David Kelly was initially described by the MOD as of junior, then later middle rank in order to belittle the opinion he gave Andrew Gilligan on the government's WMD case. Yesterday we heard that the HMRC culprit is of 'junior' rank and, today, that he is being protected by a government media minder! All we feel bound to say to the incarcerated Tynsider sitting in his secret motel room is..."Please, please do NOT go walking in the woods anytime soon!"