Don’t blame the messenger

November 21, 2007

In Prime Minister’s Questions today, Edward Leigh’s question hinted at what may have been the root cause of the security catastrophe facing the government. “Is the prime minister aware”, he asked, “… that when the NAO asked for narrow details—not people’s personal bank accounts—the Revenue said that to disaggregate that information would be too burdensome for the organisation?”

Hmm. It occurs to me that the poor chap who mailed the CDs – he’ll no doubt lose his job – may have been working around an intransigent IT department.

An IT department which you’d hope could muster the meagre talent required to filter a few fields from a text file. Hell, any half-competent programmer I’ve ever worked with could have done this in a few lines of shell script or, if the data were XMhelL with a couple of XSLT matchers.

So, maybe the HMRC doesn’t have IT resource they can deploy on a 10 minute task like that.

Or, maybe they asked one of the cowboy IT consultancies to quote them for the job and received a ‘burdensome’ price – after all, it’s an enterprise-y task that’s much harder to do on a 25 million line file than on a 10 line one. Isn’t it? Umm. Not really.

I can’t help feeling that the real problem may be a lack of agility in their development and IT management. And everyone knows that the harder it is to work with IT departments, the more people learn to work without them. Policies or no policies, skills or no skills, expert or bonehead.

Moreover, I’ll predict that the announced inquiry won’t touch this – instead they’ll suggest management and HR failures and recommend more security training for staff. I hope I’m proved wrong here.

Thankfully, it’s not as if they’ve chosen anyone with links to the IT consultancies I mentioned above to conduct the review – they’ve gone with the chairman of PricewaterhouseCoopers…

One last point: I’ve read much suggesting this is a problem specific to the public sector. It definitely isn’t. Most big companies have similar data management issues, IT intransigences and security holes. Most small ones too, I think. More on that anon.

Leave a Comment

2 Comments
  1. Paul Battley says:
    November 21, 2007 at 11:39 pm

    I heard a tidbit of extra information on the radio this evening: apparently, filtering the information wasn’t part of HMRC’s contract with EDS.

    I might have known that that name would crop up.

  2. Tom Ward says:
    November 23, 2007 at 9:35 pm

    Seems like you’ve hit the nail on the head. I’d have balked at a £5000 estimate. Of course that price was before the scandal hit – now I’m sure they can charge even more.