No Mr Bond, I expect you to fill out the form

Britain’s security and intelligence agencies used not to exist, officially. Now, you can download documents discussing MI5 officers’ failures to fill out electronic forms. On 3 May, someone new to the approval process for accessing bulk personal datasets reported that it was being over-ridden. One imagines he or she was unpopular with colleagues; hats off, nevertheless, for protecting both the privacy of the largely innocent people on those databases and MI5’s reputation. Continue reading “No Mr Bond, I expect you to fill out the form”

Those GCHQ, MI5 and SIS NHS medical record denials in full

Last week, Computer Weekly published my article headlined ‘MI5 staff repeatedly overrode data surveillance rules’. This was one of several interesting stories contained within the documents released by Privacy International in late July which I rounded up in the article, another being specific statements by GCHQ, MI5 and SIS (or MI6) in witness statements that they do not retain bulk personal datasets of medical records, from the NHS or anywhere else.

Tweeting this attracted a fair bit of attention, including some querying the careful language quoted in the article. Given the interest, here are the sections regarding medical records from each of the three agencies, all from this document which contains the three witness statements. By bulk personal datasets (BPDs), the agencies mean untargeted data covering a lot of people, most of whom will be innocent – the haystack rather than just the needles. Continue reading “Those GCHQ, MI5 and SIS NHS medical record denials in full”

Good news from government on FoI, too early to say on IP bill

Today saw announcements on two areas of major interest to journalists. One, the report of the Independent Commission on Freedom of Information, is good news. There were expectations that the commission was primed to weaken FoI; it hasn’t, and in fact it recommends ways to strengthen it, including speeding and shortening the appeals process.

The government’s response is also cheering, saying that charges for FoI will not be introduced, as “We believe that transparency can help save taxpayers’ money, by driving out waste and inefficiency”. Well, quite.

On the Investigatory Powers Bill, it’s too early to say. Some of the recommendations in the three parliamentary reports on the draft IP bill have been adopted, including better protection for journalists, but police have also gained further powers.

Continue reading “Good news from government on FoI, too early to say on IP bill”

Cambridge’s eHospital problems and Scotland’s IT projects

ComputerWeekly.com has published my article on Cambridge University Hospital NHS Foundation Trust’s problems bringing in eHospital, a £200m IT system based around software from Epic and hardware from HP. While the trust initially reported all was going well, eHospital has recently been fingered by Monitor and the Care Quality Commission as contributing to the trust’s problems.

I spoke to a number of people with knowledge of eHospital, including this former IT employee of the trust who spoke on condition of anonymity: Continue reading “Cambridge’s eHospital problems and Scotland’s IT projects”

Life in GCHQ: form-filling, bulk interception and internal emails

The Edward Snowden files provided a lot of material on GCHQ. Some of it, such as the existence of a chess club, a social media service called SpySpace and in 2011 a sports day at the Civil Service Sports Club in London, was fairly innocuous. Some of it was explosive, and the detonations continue to this day with the disclosure that parliamentarians are not exempt from bulk surveillance.

What the Snowden material couldn’t provide was any kind of overview of life in GCHQ; that isn’t what you get from a dump of documents. Neither could it provide information on whether a practice had stopped, given the UK government’s neither confirm nor deny policy.

On The Register today, I have pieced together material that comes from the recent reviews of government surveillance, primarily drawing on the report by the Independent Reviewer of Terrorism Legislation David Anderson QC (PDF). These got most attention for their recommendations, but they also provided quite a lot of insight into how GCHQ works. Continue reading “Life in GCHQ: form-filling, bulk interception and internal emails”