Home
August 20, 2008 Est 1999 Scotland's award-winning independent newspaper
Countdown to a catastrophe
By Neil Mackay
Part three: How it happened

THE TIMELINE THE emails couldn't have been more explicit - or damning. Back in March this year, the National Audit Office (NAO), which keeps a watch on the way the government spends taxpayers' money, was conducting a review of the child benefit system. To do so, its auditors wanted to see information held on the millions of children whose parents receive child benefit payments today.

SPECIAL REPORT

Brown facing revolt as more personal data disappears in internal mail
By Westminster Editor James Cusick and Health Correspondent Judith Duffy

Losing the plot
Part one: How bad is it for the government?
By James Cusick, Westminster Editor

Losing the plot
Part two: A litany of IT disasters
By Iain S Bruce, Technology Editor

Government: the real identity thief
By Ian Bell

Lost discs are last nail in the coffin of the ID card scheme
What we think

Child benefit fiasco may make us grow up about data protection
Business Comment

However, in an email sent on March 13 at 2.41pm, the NAO clearly asked Her Majesty's Revenue and Customs (HMRC) department not to send the data with any sensitive information attached. The NAO categorically said it didn't want "address, bank or parent details" - key pieces of personal information that can be used for identity theft and fraud.

Forty minutes later, at 3.23pm, HMRC sent out a reply email to the NAO stating that it would not be subjecting the data to any heavy editing process. The NAO says: "We requested the more sensitive elements to be removed, including bank details and addresses. HMRC stressed they would prefer us to use the data they held and not run additional data scans/filters that would incur a cost to the department."

These "unredacted" files, replete with personal information on millions of voters, were duly sent to the NAO in March. On October 18, a junior official at the HMRC office in Washington, in Tyne and Wear, sent out two more CDs - once again containing complete information on 25 million children and parents - to the National Audit Office in London. The CDs were sent by neither recorded nor registered post. In fact, the posted envelope didn't even require a signature from the recipient when it was delivered. In the end, it never arrived.

It is against standing procedures to pop the most sensitive personal information on millions of UK citizens in the internal mail, but the HMRC was well aware that its staff was breaching rules and regulations. On October 2, more than two weeks before the missing CDs were mailed, the NAO warned HMRC that the last time information had been sent to it there were 100 zipped files on two CDs. It added: "Please could you ensure that the CDs are delivered to NAO as safely as possible due to their content."

By October 24, when it became apparent to the NAO that the package had failed to arrive, the audit office contacted HMRC. The NAO also fully searched its offices at this time in a bid to discover if the discs had been lost on its premises. Nothing was found. A second batch of the same CDs was then sent once again by the Tyne and Wear HMRC office to the NAO in London, this time by registered post.

On October 25, the NAO confirmed receipt of the replacement CDs, and added that it had still not received the first set. Despite this, it took until November 5 for the HMRC to reply to the NAO by email about the discs. It wasn't until November 8 that HMRC told the NAO it had "raised a security incident on the missing CDs". The junior civil servant who posted the CDs is said to have believed that the package was delayed by a postal strike and "hoped" it would turn up.

The NAO immediately conducted a further search, and once again nothing was found. On November 10 the prime minister and the chancellor were told about the loss. Two days later, the HMRC reassured ministers that the CDs would certainly be found. Sadly, they were mistaken. On November 14, when it became clear that searches were getting nowhere, the chancellor, Alistair Darling ordered Scotland Yard to be called in to take over the hunt. The Metropolitan police says it wasn't alerted until a day later, November 15, almost a month after the discs first went missing. The security lapse was deemed so serious that the police taskforce was headed up by acting assistant commissioner Janet Williams, a specialist in organised crime and a former Special Branch commander.

On Tuesday November 20, Darling announced to the House of Commons that the CDs had vanished.

The Delay in Telling Parliament According to Darling, the 10-day delay between the Cabinet being told of the missing data and parliament being informed was because banks wanted more time to prepare anti-fraud measures and get ready for a barrage of enquiries from worried customers ahead of any announcement. High street banks deny this was the case. The British Banking Association said it "did not ask for any more time", and Lloyds TSB added: "Categorically, we did not ask for additional time." Barclays also said it asked for no delay, as did Apacs, the Association of Payment Clearing Services. Apacs added that it was informed on Friday November 16 and then given until Monday November 19 to get ready.

Who Is To Blame?

According to Darling, the decision to post the full child benefit details was taken by a junior member of staff at the HMRC, but Sir John Bourne, head of the NAO, said the decision was taken by senior HMRC officials. Evidence shows that senior managers at the department refused to edit sensitive information out of the child benefit data because it was too expensive. March emails also show that senior HMRC officials were also intent on keeping cost down at the expense of safety months before the CDs were posted. George Osborne, the Conservative shadow chancellor, said: "These startling revelations ... call into question the entire defence mounted by the prime minister of this catastrophic failure of his government."

Outsourcing lies behind the HMRC's money-saving decision not to agree to the NAO request for child benefit data to be edited. EDS, the company that provides data services for the government, would have required extra payment to tweak the data. It's estimated the cost would have been £5000. Today, it's thought the final cost of the child benefit scandal will top £200 million. On Thursday, HMRC was forced to admit that cost-cutting was the reason for the entire unredacted database being sent in the post. "We don't have infinite resources. We have to use our resources rationally," a spokesperson said.

On the day that Darling briefed the Commons, the HMRC chairman, Paul Gray, resigned over the affair, although he remains on full salary. He was replaced by Dave Hartnett. Just days before, the HMRC had admitted losing CDs containing the records of some 15,000 Standard Life customers.

Trade unions have accused the government of putting the HMRC under too much pressure to cut costs after Gordon Brown, when he was chancellor, forced through a 2004 merger between the Inland Revenue and Customs and Excise, axing 25,000 jobs. According to the Public and Commercial Services Union (PCS), job cuts and reorganisation turned HMRC into a working environment of chaos and carelessness. The union said that one million pieces of mail were lying unopened at HMRC offices. In 2006, the HMRC spent some £106m on consultancy work at the same time as the department was meant to be making savings of £105m through staff reductions.

More damaging claims are now coming out of the woodwork about the lax nature of security at HMRC. Shawn Williams, a lawyer, said he regularly received confidential information from the department which either required no password or came with the password supplied. The IT systems within HMRC are also notoriously inefficient. The Institute of Chartered Accountants said it had been pointing out for most of 2007 that the "service standard" of HMRC was deteriorating.

The department has had more than 2000 data protection breaches in the past year. A government review in 2003 also identified "serious risks" of information getting lost and advised that all data be encrypted.

What Happens Now?

Gordon Brown has now ordered a root-and-branch overhaul of the security of government data systems in a bid to restore confidence. The process of rebuilding confidence is unlikely to be helped by news that a member of the public who had requested a copy of his conversations with HMRC call centre staff was sent a CD in the post containing part of a stranger's conversation with revenue officials. The HMRC insisted that such errors were "not widespread".

There is also concern, according to government insiders who have spoken to the Sunday Herald, that the junior official implicated at the heart of the child benefit fiasco is being set up as a scapegoat. The 23-year-old employee, who has been suspended pending disciplinary action, is now in hiding at a hotel, with a minder, in order to protect his identity. One source, referring to the suicide of the weapons expert Dr David Kelly during the furore about the Blair government's alleged "sexing up" of the case for war against Iraq, said: "There's a real worry that the government will end up doing another David Kelly on this person, and that they'll be hung out to dry for one of the biggest cock-ups in history." It is believed that the employee is male and works in the IT department of the Child Benefits Agency.

Share this story on: Digg | del.icio.us | Furl | reddit | NowPublic | Yahoo!
Posted by: WE NEED TO KNOW on 8:45am Sun 25 Nov 07
Yes - its all the fault of this junior clerk in the Benefits Agency.

Get used to it people - this government won't flinch - and there is nothing you can do about it. Nothing!
Quote | Report this post
Posted by: Neil, Aberdeenshire on 10:01am Sun 25 Nov 07
The 23-year-old employee, who has been suspended pending disciplinary action, is now in hiding at a hotel, with a minder, in order to protect his identity.

It's nice to know HMRC is going to such lengths to protect somebody's identity. It's just a pity they didn't think to do the same for the rest of us.
Quote | Report this post
Posted by: Yogesh Raja, Aylesbury, Bucks. on 10:04am Sun 25 Nov 07
Hi-Tech has made our signature and PIN systems unreliable and hence until we personalise signatures with ID stickers and use Card Key Code described on website www.xwave.co.uk to make PIN system reliable, fraud crimes will just continue to grow.



Proposed ID KEY system will deter fraud and hence eliminate the need for us to protect our personal details and PINs.
Quote | Report this post
Posted by: Jane, Edinburgh on 10:56am Sun 25 Nov 07
Wait a minute. A junior civil servant was instructed to burn a couple of CDs with zipped files containing information on millions of benefit recipients, and then send the CDs to another office... and when this went wrong, it's going to be entirely blamed on the junior civil servant? This was an important job which needed to be done securely and safely, not just handed over to some low-level flunky without any details of how to do it.
Quote | Report this post
Posted by: IT dude on 3:01pm Sun 25 Nov 07
EDS are to blame, for creating a culture of cost to do even the most simple things.
Quote | Report this post
Posted by: claudero, Edinburgh on 8:17pm Sun 25 Nov 07
The delight of delegation allays fear
that there will ever be a precise here
where the buck could know to stop
in the realm of the ever-spinning top.
Quote | Report this post
Posted by: Sorry, not this time on 12:54am Mon 26 Nov 07
I used to be a computer programmer for the Civil Service, at Fleetwood and Norcross, Blackpool. (ICL 3890 mainframes.)

It would have taken less than two hours to write, test and QA a bespoke COBOL program to censor the sensitive data from those CB records. It would be less than 50 lines of code and would cost well under £100 even now. Piece of cake.

The milking of the public funds by companies with friends in Govt has always screwed the Civil Service. Once trained up, all the half-decent programmers would leave, join these companies and return to doing the exact same jobs as 'consultants' (because now the Service was chronically understaffed), but for ten times the money. Anderson Consulting was the EDS of its day.

A story I heard while there: Newcastle once screwed up sending a crucial master tape to London, leaving the benefits accounts empty. But they had to be paid, so the UK went bankrupt for 24 hours, needing an emergency loan from Germany. The interest (for 24 hours) was £7m. I heard that in 1990 - not sure when it is supposed to have happened.

Plus ca change.
Quote | Report this post
Posted by: dave, plymouth on 10:18am Mon 26 Nov 07
when are people going to stop blaming the postal strike for everything that goes wrong this item did not even enter royal mail it was dealt with by a private courier ie:- T.N.T. in fact H.M.R.C. could have sent this item by Royal mail for under ten pounds it would have been tracked and delivered by 9.00pm the next day qnd i think the blame is on the civil servant who sent this item out by all accounts it was not his job to dispatch these disks anyway so why dont he stop blaming other people and take the blame like a man
Quote | Report this post
Add your comment
Name:
Email: *
Location:
**
Security Image. Registered site users are not required to enter Security Image Information.
 
 e.g. 123-123
Comment:
Please note: All HTML tags will be ignored.
Format Text:

 
By posting a comment, I confirm that I have read and agree to the terms of use. Comments are not moderated but we will react if anything that breaks the rules comes to our attention and we may delete inappropriate postings. Please treat other people with respect. You must not post anything that is abusive, indecent, unlawful or defamatory. Remember, you are personally liable for what you post on this site. If you wish to complain about a comment, contact us here.
* Your email address will not be displayed
** To avoid register now or login