Thursday, November 22, 2007

That's not what software-as-a-service is meant to mean!

The Biggest Data Fart In The World Ever (BDFITWE) just keeps on getting better/worse. Check this out:
Sir John Bourn, the outgoing comptroller and auditor general, told a secret session of the public accounts committee that a senior business manager at Revenue & Customs had authorised the information to be released in its full form. His email approving the sharing of the data was copied to an assistant director....It asked for all child benefit numbers, national insurance numbers and names but did not want bank accounts and addresses and dates of birth. According to Bourn, Revenue & Customs told the NAO that removing the extra information would be too costly.


You what? Too costly? How? Oh, right, it's the old standby - "there's a contract". We can't find you the plates for your flak jacket/diagnose your cancer within less than three months/type SELECT (names, addresses) FROM families WHERE child=Yes rather than SELECT * FROM families because there's a contract.

So how does it work? Do they have a little taxi meter on their desks that increments every time they issue a database query? How much is Crapita or Siemens or whoever charging them per SQL statement? But yes:
The e-mail states that the data would not be "desensitised" in the way that had been requested as it would require an extra payment to data services provider.
I think I just ate my hat. Mmm, felt.
Shawn Williams, a partner in a law firm specialising in fraud cases, said he regularly received confidential data from Revenue & Customs in CDs with either no password or the password written on the disc itself.

Realistically it's only going to be "password", isn't it? Or maybe something more secure like "passw0rd". Of course it's meaningless, because a CD can't actually check passwords; if you were to access it with a program that didn't perform the password check (like, say, a slightly altered...) this would not help in the slightest.

Further, on a general point, can anyone point to any evidence that The New Public Management - contracting out, next steps agencies, numerical targets and all that jazz - has ever achieved anything useful anywhere?

5 comments:

Simon Fawthrop said...

I have a real problem with this payment issues. So the HMRC would have had to pay their contractor to "dissaggregate" (sp?) the data (see Hansard), but presumably the NAO would have to have done the same. So wouldn't the NAO have had to do that anyway? In which case you and I as tax payers would have been in exactly the same finacial position.

Alternatively why didnt they just do some cross billing if they were that worried about budgets? We do that all the time in private industry - well the more anal ones anyway.

There is still a lot more to be revealed IMHO.

Sir S said...

It's nasty to imagine, but another possible reason the contract doesn't allow the stripping of names and addresses is not that the SQL statements per se cost money, but that the private contractor owns the data, so to send it between agencies would require paying them for access to their data.

It's too nasty to be real though, surely. More likely the contract only allows the govt to run certain pre-programmed SQL statements (in, for example, a pre-existing proprietary report-generating front-end). This would be a fantastically stupid contract, but even dumber is to sign such a contract and then, in your schedule of available queries, fail to include one which strips names and addresses...

Tom said...

I believe the HMRC contract is the Aspire one with CapGemini, which there's a lot written about already out there. It's probably no surprise to anyone that it hasn't exactly been an easy ride.

NAO I don't believe is outsourced, but it's too late by the time it gets there.

I wonder what would have happened if the HMRC had either passed the cost on or sent a note saying 'too expensive', as they presumably do with FoI requests. Is there a statutory duty to cough up data to the NAO which clashes with the duty to slash and burn for Gordon and stomps over the duty of care for Joe Public.

I think we should be told.

guthrie said...

HAng on a minute- can someone back me up on this:

When I read this section:
----------
So how does it work? Do they have a little taxi meter on their desks that increments every time they issue a database query? How much is Crapita or Siemens or whoever charging them per SQL statement? But yes:
The e-mail states that the data would not be "desensitised" in the way that had been requested as it would require an extra payment to data services provider."
-----------
I followed the link to the BBC story, which doesn't have the quoted section in it at all.

Have I missed something? Has our esteemed host mistyped a URL? Or is the BBC censoring its web pages and can someone use the internet wayback machine to rescue an earlier version?

guthrie said...

Curioser and curioser. Your post is from THursday the 22nd. The BBC page at the top says:

"Last Updated: Friday, 23 November 2007, 08:43 GMT"

What a surprise!
I'm beggining to get angry here.

kostenloser Counter