HMRC fiasco: Government “not interested” in expert warnings

Professor Ross Anderson, UK computer security expert and Chair of the Foundation for Information Policy Research, appeared on Newsnight last night, to discuss the HMRC data loss fiasco. He labelled the fiasco “an accident waiting to happen”, and calmly, methodically, indicted the Government for brushing aside the advice of security experts who have been warning them against the centralised, top-down approach they have been taking to electronic government.

I hope Professor Anderson will not object to my transcribing his words in full, and linking to the reports he mentioned and the government responses that have brushed aside expert concerns.

“But if we return to the matter in hand, I’m afraid that there is a policy issue here not an operational issue because the government has repeatedly, over the last few years brushed aside one lot of advice after another about the growing problems of privacy and safety with aggregating more and more data.

We wrote a report for the Information Commissioner in November last year pointing out that the proposed children’s databases were both unsafe and illegal. That was brushed aside.

Lord Broers’ House of Lords Science and Technology Committee reported earlier this year saying that the government needed to get its act together on personal internet security. A large part of that was Treasury responsibility, better regulation of online banking. That was brushed aside.

The Health Committee reported in September saying that people needed a right to opt out of the large central databases of personal medical information that the NHS is collecting. That was brushed aside.

Again and again and again these warnings have been made in different contexts by expert groups and the Government has not been interested.”