It’s taken me almost two weeks to calm down enough to think clearly about the MTAS leaked documents fiasco.
I now have three questions to ask Mike Clement of MTAS:
Does he ascribe the MTAS leaked documents to:
- Lack of clarity about the requirements for the system – was it being used to do things that were not agreed with the client at the requirements stage?
- Lack of technical skill in those who specified the security architecture of the system?
- Lack of user-training – were users over-empowered but under-trained?
I’ve emailed him to ask the questions, but I doubt I’ll get any kind of answer.
- if the requirements weren’t fully thought through then MTAS staff would do what was necessary to get the functionality they needed;
- if the system’s security had been properly built in from the start, then they would not have been able to do it even if they wanted to;
- if they had been properly trained then they would have known about crawlers and bots (which are automated systems dedicated to finding and harvesting personal data) and understood why they should only publish the data on a secure server even if they had the ability to publish it on open servers.
Whichever way you look at it, it’s a fuck-up; call me histopathological, but I want to understand why.
I nicked the slide from the Ferret Fancier. This is not just any jokey slide about IT security. This is from Sarah Thomas’s illiterate and uninformative slides specifically about MTAS.
They’d make great satire, but Ms Thomas (Dr Thomas?) is one of the masterminds behind the flawed MTAS: she is the Lead Dean for National Electronic Recruitment and MTAS is based – very very loosely – on some of her research. Oh, and call me a quibbler, but she cannot spell. I am now feeling a whole new wave of rage about this thing.