HMRC’s two-tier privacy system

If government didn’t see the importance of protecting people’s personal data, you could call it stupid. But they’re not stupid at all - they’re very clever. Just as yes Minister spelt out over and over again 20 years ago, they’re very clever indeed, and more amoral and cynical than one would believe possible.

That’s the conclusion I take from the revelation that, as The Times put it,

HM Revenue and Customs has set up a secret “two tier” security system for online tax records giving extra protection to a small group of MPs, royals and other VIPs...the HMRC admitted that 29m ordinary taxpayers did not benefit from the same high levels of protection as MPs and other members of a small elite.

It’s not that they don’t understand that protecting people’s data is important. They just don’t care much about hoi polloi, as long as we’re productive economic units and pay our taxes. More anon.

Published by William Heath on 28/01/08 at 1:51pm

Comments

ref: http://www.times online.co.uk/tol/news/politics/article3256322.ece

Reply by Phil Wilson on 01/28/08 at 4:08 pm
Yup Phil. Sorry - more haste, less speed etc. Thanks

Reply by on 01/28/08 at 6:12 pm
Ruth sent (from HMRC’s press statement)
Some newspapers and broadcast media have claimed that that HMRC’s online filing systems are not secure because Members of Parliament and a small number of other taxpayers cannot use the Self Assessment service.

This is completely untrue. A small minority of taxpayers, including MPs, cannot currently use online services because the additional internal safeguards on their records mean that their taxpayer reference numbers are not recognised on the authentication system.

This therefore has nothing to do with the security of our online services. HMRC online services use the highest levels of encryption generally available and authentication processes similar to online banks.

HMRC is continuing to explore ways to extend online filing to all taxpayers.

Almost 3 million Self Assessment taxpayers have used SA online to file their return safely and securely.

As she rightly observes, it’s not quite Matt Poelmans’ e-Citizen Charter, is it?

Reply by on 01/28/08 at 10:15 pm
What that really means is:

i) their system is so inflexible it can’t cope with an extra digit (even tho they put the extra digit there in the first place, so presumably knew it was lurking about)

ii) they’re still pretending that encryption delivers security, avoiding the issue that tens of thousands of their staff (the normal proportion of whom are nitwits, and the normal proportion crooks) have access to the system.

Don’t fob us off with paternalistic spin, Friends! Wiibi you dig deeper to lay that foundation of trust!

Reply by on 01/28/08 at 10:19 pm
I hesitate to spring to HMRC’s defence, but there are real reasons (not just made up ones) why the risks are different for some people, and it makes sense in principle that the response should also be different (whether the actual differences are the optimal way of responding to the varying risk is another question).

People inside large organisations get bored with their work and can be as nosey and curious as anybody else. There is a temptation to look up famous people on the system (whatever that system might be). You don’t in general want to stop those people accessing personal records - by definition of their having access in the first place, that’s part of their job. And it isn’t that some records are intrinsically more deserving of protection than others, it is that some records are more attractive to both prurient individuals and to the tabloids than others, so the trade off between internal accessibility and protection is different.

It’s perfectly legitimate to argue that everybody’s record should be as hard to access as those of people with artificial identities in witness protection schemes. But there is a cost (in terms of service responsiveness, rather than money) to that, a cost which most people get little real benefit from incurring.

To draw a slightly absurd but not wholly false analogy, it doesn’t trouble me that the prime minister has armed police protection and I don’t. More people want to kill him than want to kill me (AFAIK), so it makes sense for society to invest more in protecting him. That’s not all benefit for the PM - he can’t nip round the corner for a pint of milk when he runs short. For him that’s a worthwhile trade off, for me it wouldn’t be.

(all of which means that comment 4, point ii is likely to be the opposite of what is really going on: my guess is that this works as it does precisely because HMRC *do* recognise that their staff has the normal proportion of nitwits and crooks).

Reply by Public Strategist on 01/29/08 at 3:36 am
I agree with Public Strategist - there are a number of individuals whose data has a perceived higher “value” internally and externally to and justify the costs - and it’s not just MPs and celebs, this would include spooks, domestic violence victims, witness protection etc.

Even if there was not a data sensitivity issue there are some simple economics here. MPs ( and their welsh and scottish equivalents) have their own tax return form which will have it’s own data schema,validation rules and tax calculations.

Would not HMRC be better focusing their resources on providing other online services to the masses?

I suspect most will use accountants who tend to use commercial tax software. Given the size of the market I can’t see the Sages and Iris’s of this world making the investment.

Perhaps the answer here is to regularise the whole MP salary/expenses situation so they can file data in the same way as the hoi polloi

Reply by YP on 01/30/08 at 2:20 pm

Next entry: Identity Scheme: have they got their fingers burnt?

Previous entry: Welcome e-Government: servant not master! (in the Netherlands, that is)

Ideal Government

Let's say what we want from e-enabled government. Let's observe government first-hand. Let's say "Wouldn't It Be Better If" (WIBBI). Become an ethnographer of bureaucracy today! It beats getting frustrated with public services.

Comment

Anyone is free to comment. Or mail with an article if you want to be an author. I'll post it up and send you a password. This whole thing is supported by Kable.

Authors

Member List

Sign up for new articles

HMRC’s two-tier privacy system

Comments

Ideal Government

Categories

Comment

Authors

Sign up for new articles

Copyright

Designed by...

Statistics

HMRC’s two-tier privacy system

Comments

Ideal Government

Categories

Comment

Sponsor

Authors

Sign up for new articles

Copyright

Designed by...

Statistics