Invasive Procedures
April 26th, 2007Medical students’ personal details leaked
Junior doctors’ details exposed online
The Medical Training Application Service or MTAS is a computer system where student and junior doctors apply for jobs – a system they were repeatedly assured was secure.
The same assurances as for the NHS ‘data spine’ and National Identity Register.
Today Channel Four News can reveal that since at least 9 o’ clock this morning, the details of medical students applying for foundation course posts – the first year to become a junior doctor – were openly available to the public.
This is astonishing. Not only can we see what they wrote in their applications; their addresses; their phone numbers; who their referees are. We can also see if there were white, heterosexual, gay Asian, Christian, Jewish or Hindu, and we can also see if they have got police records and what the crime was.
[…]
Contrary to the report this is not ‘astonishing’ it was entirely predictable in the same way we have been predicting the failure of the National Identity Register, etc. What is astonishing is that junior doctors are being asked to give personal details such as sexual orientaton and ethnic background as these details have absolutely no bearing on their suitability to be doctors.
No Minister was available for interview tonight. Instead they issued this statement:
“We apologise to any applicants whose details have been improperly accessed. This URL was made available to a strictly limited number of people making checks as part of the employment process.
Of course this is only true if the URL has been blocked to spiders and other web searching utilities, the fact that access to the URL was limited is only due to the violation of privacy being flagged up, this could have easily been noticed by some unscrupulous person. You can be certain as a result of this people will be targeting such sites in the future on a speculative basis.
Experts say the level of data included in the applications makes it a gold mine for identity theft and fraud.
Incidentally, good to see that channel4 uses the word experts rather than BBQs usual ‘critics’.
On BBQs Toady program this morning this was indeed highlighted and at last the interviewee (possibly Andrew Lansley) got airtime to make the connection to NIR and the data spine.
One issue about this failure is that it relates to a set of details that aren’t even shared between government departments, financial institutions, foriegn intelligence services, police, local authorities, estate agents, schools, etc, etc. which the Neu Labour government want to extend the NIR/Identity Card scheme to. The wider the access to any database the higher the risk of information being leaked, the NIR will be trawled remorselessy for such information and whatever the government say the NIR ID will make its way onto records that contain personal information such as sexual orientation, ethnicity or any other information that is prised out of you by the State.
April 26th, 2007 at 4:22 pm
These violations, if they were punishable by huge fines, would occur less often, but that is of course, irrelevant.
The people who run these systems are not able to secure them, and do not have the sense to have them audited by people who do know what they are doing. On the same topic, I saw a poster informing parents that they can apply for a place at their local school online now, but if you do not have access to the internets, you can still apply the old way.
No one in their right mind trusts these systems.
This URL was made available to a strictly limited number of people making checks as part of the employment process.
I wonder what they are talking about when they say this. Are they saying that a simple URL was made available, without the need for a login and password? And even if there were a login and password, unless the system was designed properly, those two could also be passed on for use by anyone, by services like Bugmenot which…gah, go look it up for yourself.
The point about this, on top of what Meau as written perfectly, is that open systems WILL be abused. People should not be making more information available that what is necessary, like ‘race’ and sexual orientation. Now we all know that they take these measurements ostensibly to counter discrimination, but the fact is that collecting this data amounts to a huge ‘discrimination bomb’ that can explode and damage you at any time in your future.
This is rather like blog posts or IM logs that can come back and bite you in the ass. We are either going to have to stop logging everything, writing wildly in public and submitting to the data harvesters, OR we will have to adopt a new sensibility when it comes to the pasts of people we want to employ or have anything to do with. This sensibility will essentially mean that whatever you say in the past is irrelevant, no matter what it was. We will have to ignore any ‘evidence’ as irrelevant and inadmissible.
This will be a good thing.
It will mean that everyone will be forever free to write whatever they want without the fear of being googled and the consequences of a prospective employer or voter finding out that you use the word ‘fuck’, or anything else that someone somewhere might find objectionable.
April 30th, 2007 at 10:05 am
Now we all know that they take these measurements ostensibly to counter discrimination
I haven’t personally had to fill out such a form but all the ones I have seen are on separate pages to any [job] application form and are supposed to be processed separately and the data anonymised. If this is the case with the junior doctors then they have been doubly betrayed.