EcoLogics

Note: this post consolidates three posts written on the subject on November 21st

From yesterday’s Guardian online:

‘The chancellor, Alistair Darling, today admitted the personal details of 25 million individuals had been lost by HM Revenue and Customs. The information includes the names, dates-of-birth, national insurance numbers and in some cases the bank details of those claiming child benefits. Paul Gray, the chairman of HM Revenue and Customs, today resigned over the “extremely serious failure” of security. [...] In a Commons statement greeted by gasps of astonishment from MPs, Darling told the Commons that two discs containing details of the 7.25 million families claiming child benefit, sent to the National Audit Office, failed to reach the addressee.’ (1)

* * *

Here are three simple questions for Gordon Brown, and the rest of the members of the New Labour party:

1) If the Inland Revenue can lose this data, who is to say that a similar disaster could not occur with the data for the proposed digital ID cards?

2) If the Inland Revenue can lose this data, who is to say that a similar disaster could not occur with the data for the proposed national medical database?

3) If the Inland Revenue can lose this data, who is to say that a similar disaster could not occur with the data for the proposed universal DNA database?

* * *

Let us be very clear. The more personal information you put about larger and larger numbers of people in one place—be it a portable hard drive, or a mainframe computer’s hard drive in some government department—the greater the potential for disaster (criminal or otherwise) when someone loses that information. In such a context, more information in one place is tantamount to less security, not more.

We might describe this paradox, if it is a paradox at all, as ‘Blunkett’s Law’ in honour of the (former) New Labour minister who was the most ardent advocate of gathering and storing personal information about UK citizens, and who was given a job advising Entrust, an American company that specialises in producing digital ID cards, almost as soon as he left government.

In November 2004, the Home Office put out a press release that included the following quote by David Blunkett, then the Home Office Secretary:

‘The ability to prove one’s identity reliably is an ever-more important aspect of modern life. A national ID cards scheme will provide a ‘gold standard’ for doing that, protecting individuals from the modern-day crime of identity theft, protecting public services for use by those who are properly entitled to them, and helping us tackle crime, terrorism, and illegal immigration and working.

‘They will also give people a simple and secure means of verifying their identity to help them travel freely and complete everyday transactions securely, simply and with confidence.‘ (2)

How hollow these words now seem. They could almost have been written by the PR people in Entrust.

* * *

The government would like us to think that this was a ‘one off’, a minor procedural error with what might, ‘admittedly’, be catastrophic consequences. But two sets of events contradict this convenient version. First, amongst other incidents, HM Revenue and Customs had 41 laptops stolen over the last year, including 16 that were stolen directly from an HMRC office (3). And second, it has emerged that the loss of the data of/on 25 million people was arguably a disaster waiting to happen. The BBC’s Today programme reports today (November 21, 2007) that several employees and former employees have suggested that the merger of the Inland Revenue and Revenue and Customs in 2005 created the conditions for this ‘error’ by slashing approximately 25% of the workforce and by introducing managerial systems that led to low staff morale.

Alistair Darling’s characteristic response: deny any systemic problem, but bring in a private corporation (PricewaterhouseCoopers) to reveal any such problems.

* * *

So the New Labour logic continues unabated: use ’slash and burn’ techniques to erode the public services in the name of ‘rationalisation’ and ‘efficiency savings’, and when this produces catastrophic failure, call in the private sector to tell us what went wrong. Brilliant! If privatisation generates profits for the private sector, then the failure of the already semi-privatised institutions can generate even more profit for the private sector!

It’s a win-win situation for ‘everyone’ except, of course, the 25 million victims of data ‘loss’, let alone all those who might one day be the victims of any further ‘errors’ once additional national databases are in place: not least, the DNA database, and the NHS national health database.

UPDATE: THE PLOT THICKENS

Some breaking news:

Thus far, New Labour has suggested that the data loss was a result of an ‘error’ by a junior civil servant. We were given to understand that none of this should ever have happened, that it was all down to some sloppy employee who did not follow the rules. The BBC’s Radio 4 7pm news bulletin has just suggested otherwise: the bulletin reports that the Tories are claiming that a senior business manager was involved in the decision to send on the two discs with all the data that the National Audit Office (NAO) didn’t want, e.g. the bank details of the benefit claimants. Rather more interestingly, the BBC is also reporting that the business manager in question wrote an email to the NAO saying that ‘those details [the ones the NAO didn't want] would not be taken off because doing so would require an extra payment to their [the Inland Revenue's] IT contractor’.

* * *

This would confirm what many of us suspected: that the data loss is part of a pattern that is consistent with New Labour’s political and social modus operandi, which I described above as a kind of welfare ’slash and burn’ approach—one that weakens state institutions to the point that it seems, all too often, that they must be privatized.

Whether this is a fair assessment or not—whether the Tory version of events proves to be accurate or not—I was stunned to read what the BBC’s Nick Robinson said in his blog today:

‘Forgive me if I’m misunderstanding something – I’m sure you’ll respond if I am – but I fail to see the relevance of job cuts or unopened post or low morale at HMRC to this. Employees should know that data protection is sacred and if they don’t there should be systems in place that ensure they alone cannot make serious errors.’(4)

Eh? Did I read this correctly? Is (was) Robinson really arguing that job cuts or low morale wouldn’t have an effect on the way in which staff manage their daily tasks!?

Perhaps Robinson is so highly paid that he’s forgotten what it is like to have an over–demanding, and relatively poorly paid job that can be lost whenever it suits a minister to demand ‘efficiency savings’? In such a context, how dare he—we— expect that staff working under conditions of duress should treat data protection—or any other task— as something ’sacred’? The combination of naiveté and arrogance is simply breathtaking.

References

1) ‘Revenue and Customs loses details of 25m people’, in Guardian Online, November 20, 2007. http://politics.guardian.co.uk/economics/story/0,,2214109,00.html. Accessed November 20, 2007.
2) emphasis added by EcoLogics. Quote published by Home Office press release on 17 November 2007, ‘Blunkett: ID Cards Will Protect Civil Liberties’, at http://press.homeoffice.gov.uk/press-releases/Blunkett__Id_Cards_Will_Protect_?version=1, accessed November 21, 2007.
3) see http://www.publications.parliament.uk/pa/cm200607/cmhansrd/cm071025/text/71025w0031.htm, accessed November 21, 2007.
4) http://www.bbc.co.uk/blogs/nickrobinson/2007/11/a_yawning_gap.html, accessed 21 November 2007.