So why did the MTAS site spring a leak?

It’s taken me almost two weeks to calm down enough to think clearly about the MTAS leaked documents fiasco.

I now have three questions to ask Mike Clement of MTAS:

Does he ascribe the MTAS leaked documents to:

  1. Lack of clarity about the requirements for the system – was it being used to do things that were not agreed with the client at the requirements stage?
  2. Lack of technical skill in those who specified the security architecture of the system?
  3. Lack of user-training – were users over-empowered but under-trained?

I’ve emailed him to ask the questions, but I doubt I’ll get any kind of answer.

Slide from an MTAS presentation - reassuring that they take it seriously, eh?I’ve been thinking about this off and on ever since it happened, and I can only ascribe it to one of the above three causes or a combination of them all. They are of course interlinked:

  • if the requirements weren’t fully thought through then MTAS staff would do what was necessary to get the functionality they needed;
  • if the system’s security had been properly built in from the start, then they would not have been able to do it even if they wanted to;
  • if they had been properly trained then they would have known about crawlers and bots (which are automated systems dedicated to finding and harvesting personal data) and understood why they should only publish the data on a secure server even if they had the ability to publish it on open servers.

Whichever way you look at it, it’s a fuck-up; call me histopathological, but I want to understand why.

I nicked the slide from the Ferret Fancier. This is not just any jokey slide about IT security. This is from Sarah Thomas’s illiterate and uninformative slides specifically about MTAS.

They’d make great satire, but Ms Thomas (Dr Thomas?) is one of the masterminds behind the flawed MTAS: she is the Lead Dean for National Electronic Recruitment and MTAS is based – very very loosely – on some of her research. Oh, and call me a quibbler, but she cannot spell. I am now feeling a whole new wave of rage about this thing.

6 responses to “So why did the MTAS site spring a leak?

  1. cornersofmygarden


    I am very ignorant about how spiders and crawlers get themselves inside computers, however, this was the first worry I had when I heard the news of the security fault. I read that it was generally links that were picked up, but was not very reassured that this was always the case.

    I think if I were a junior doctor my paranoia would result in me doing Google searches for my details every day. However, maybe they have even more to concern them at the moment.

    The fact that a security leak of this potential has happened at all is very, very bizarre.

    The Witch Doctor.

  2. The worry is not so much that they get inside your computer, it is more that they harvest data. The concern for those whose details were leaked is “who has that data now and what will they do with it?


  3. Why aren’t you striking?! Haven’t you had enough?!! What are you going to lose?! Everyone thinks ‘it won’t be me!’ Oh, yes it will, even if it ain’t you this year, it sure will be you next year! Looking forward to 8 June, are you!

  4. Well partly because Aprha isn’t a Doctor probably. Why aren’t I striking? I know it will be me -but I believe I work for my patients not the NHS and it will be my patients not the NHS who suffer if I strike.

  5. What Z said; I’m not a doctor and those who are doctors are – well – they’re doctors. They’re too professional to strike.

    This, from a recent Torygraph, might cast some light on why they feel as punch-drunk as they do:


  6. Pingback: Now you CD it, now you don’t « Aphra Behn - danger of eclectic shock

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s