The news was on in the background. I was paying little attention. But I caught the following. It was Wikileaks, and some be-suited mandarin commented: “It was a private conversation between the United States ambassador and the King of Saudi Arabia. A private conversation!”
That’s what’s wrong today. This dislocation between public servants and what they are. They are public servants paid by the public to serve the public. By what right does an ambassador believe he can keep from his employers, us, what he says on our behalf to foreign dignitaries? He cannot and must not.
This absurd arrogance is rampant in all democracies, and all levels of bureaucracy. From members of parliament fiddling their expenses and being annoyed when found out; to park keepers officiously and offensively saying where we can and cannot walk on the land we own and upkeep with our taxes; to the policemen who strike legal demonstrators with vicious sticks that we pay for, even when fallen. The list goes on and on and on.
Public servants need to be held to account. They have to do what we want, whether they are presidents, prime ministers or park keepers, or be sacked. But they seek to protect themselves with secrecy. Secrecy that leads to illegal wars that kill thousands upon thousands of people. Secrecy that leads to our money propping up banks and bankers who prefer to pocket it rather than lend it back to us. Secrecy that leads to health scares that lead to our money stockpiling drugs that aren’t necessary, aren’t wanted and aren’t used.
Only by breaking this cult of secrecy, this bureaucratic arrogance, and by making our servants accept that they are our servants and not our masters will we maintain democracy. And only Wikileaks seems capable of doing this. So rock on, Wikileaks: you are a greater defender of democracy than those we pay to defend it.
The UK’s Information Commissioner has finally used his new powers and imposed financial sanctions on wrongdoers.
The first penalty, of £100,000, was issued to Hertfordshire County Council for two serious incidents where council employees faxed highly sensitive personal information to the wrong recipients. The first case, involving child sexual abuse, was before the courts, and the second involved details of care proceedings.
The second monetary penalty, of £60,000, was issued to employment services company A4e for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.
This has provoked a range of different reactions. “It’s good to see the ICO showing its mettle for the first time, sending a clear message that it is completely unacceptable to be cavalier with private and confidential sensitive information,” said Graeme Stewart, public sector business development director at Sophos.
Ed Macnair, CEO of Overtis, is slightly more critical, “At first glance this looks like the ICO has real teeth. However, in the case of the stolen laptop, the penalty is less than £3 for each lost record. When you consider the fact that A4e is a £145 million company, the breach has had a higher impact on the 24,000 individuals whose confidential information has been lost.
“Similarly, this council had clearly not learned from the first devastating security breach and continued to use the same insecure channel for sharing highly sensitive information. The technology is there to prevent information from being stored in unencrypted format and to tightly control the faxing, sending and printing of confidential information. Let’s hope that the ICO’s action encourages other organizations to urgently review their policies and procedures.”
This is closer to my own views. £60,000 to a large company is nothing – it will be less than the cost of some decent security software and staff awareness training. So in fact the ICO is saying it’s cheaper to lose the data than to protect it.
And in the case of the council, as I’ve said before, it’s the public what pays. It’s silly to fine a public body because public bodies don’t have any money: only the body public has money, and it’s the body public, you and me, that has to foot the bill. My view is that people who lose personal data should also lose their job: and that should apply as much to the CEO as the clerk. I asked Ed Macnair, whose company develops user activity management and monitoring software that can prevent such leaks, if the ICO is worth its cost.
“Absolutely,” he replied. “While you make a good point that a government office imposing fines on public sector bodies is ultimately penalising the tax payer, there are many hundreds of private sector organisations that are also storing personally identifiable information on UK citizens. Many of them are doing so in a sloppy manner, using systems that are highly vulnerable to accidental data loss or deliberate theft.
“Loss of personal information that has been entrusted to an organisation is a breach of trust and causes a great deal of distress to the people affected. I think the imposition of fines is a step in the right direction. While a £100k fine may seem disproportionate to the damage caused by organizations breaching the Data Protection Act, it sends a strong signal that the Information Commissioner is ready to wield his power.
“I think that since the ICO gained its increased powers in April, the UK has held its breath to see whether Christopher Graham would act. He has acted. This should serve as a strong warning to any other organisation, in the public or private sector, that still hasn’t put the policies, processes and technology in place to safeguard UK citizens’ data.”
I repeated my view that fines don’t really hurt anyone (unless they are personal fines), and that really, heads should roll.
“When it comes to culpability,” he replied, “I do believe that fining the organisation is the right approach. I don’t believe it is fair to fine individual employees because often they are simply trying to get on with their jobs and the data breach is caused by them doing something in a rush, without following policy. The organisation has a responsibility to set policies; educate staff on safe data handling; and to set up systems, processes and technology to prevent these policies from being breached. Pinning the blame on individuals would negate the responsibility of company directors who should be putting the policies, procedures and technology in place to prevent breaches occurring. That said, where an employee has maliciously flouted policy and succeeded in damaging their organisation’s reputation by leaking personal identifiable information, then this should be dealt with in the same way as any act of serious professional misconduct.”
This is why I want a smartphone:
- I want my computer with me at all times
- I want instant access to the internet; anywhere, anytime
- I want all those wonderful apps you can get for a smartphone, either free or at a tiny fraction of the cost of the equivalent on a laptop or desktop
What I don’t want a smartphone is for – a phone. Why should I want another phone? I’ve got a mobile phone. It’s more than adequate. I speak into it, and I hear from it. It’s a perfectly adequate phone. So all I need or want from the smartphone is the computer – not the phone.
But can I have a smartphone without the phone? Can I he…
Well, wait a minute, maybe I can.
All I need is a SIM free smartphone. Provided I have access to wi-fi broadband, such as at home, where I have already paid for access to the internet, then I can use wi-fi to hop onto my prepaid broadband.
But it gets better, because I can then use Skype to get free VoIP telephony while I’m at home. And, come to think of it, according to their latest television adverts, if I subscribe to BT Internet, then I qualify for free use of thousands and thousands of BT wi-fi hotspots all over the country – so I can get free VoIP telephone conversations on a SIM free smartphone in an increasing number of situations and places. I’ll be able to keep my existing dumb smartphone pay-as-you go for emergencies when I can’t access a BT hotspot.
Now I totally accept that this is just theory, and that BT’s hotspots will be a long way from giving me adequate VoIP telephony just yet. But maybe the hotspots is BT’s way of fighting back at the microwave mob… Maybe, with more and more people using mobile phones instead of BT’s landlines, BT is beginning to be a bit concerned. And maybe, just maybe, the free wi-fi hotspots is a plan to stop the rot. I do hope so.
(Sadly, I have to admit that this is all theory. I don’t have a smartphone, SIMful or SIMfree, so I don’t know if this would actually work. The theory sounds good though… Anyone?)