Feeds

1m French out of work thanks to dodgy data - UK next?

Get vetted and go... on the dole

Choosing a cloud hosting partner with confidence

As the UK prepares to put in place its shiny new vetting database later this year, analysis of a similar project in France reveals a devastating degree of inaccuracy, leading to real hardship for a very large number of people.

A report (pdf) issued last week by CNIL, the French Data Protection Agency, reveals that as many as a million people have lost jobs – or didn’t get them in the first place – because of inaccuracies in the police STIC database (Systeme de Traitement des Infractions constatés, or "criminal record check system").

Police databases have been very much in the news in the course of 2008, following the creation, by decrees published on 1 July 2008, of two new intelligence databases, EDVIGE and CRISTINA.

The purpose of CRISTINA (Centralisation du renseignement intérieur pour la sécurité du territoire et les intérêts nationaux) is the "Centralisation of domestic intelligence for homeland security and national interests". Because CRISTINA is classified as being for defence purposes, its contents are deemed to be an official secret and details of what is held on it remain a mystery.

But that's not the case with EDVIGE, which provoked such outcry that the government backed down in November 2008, agreeing instead to bring forward proposals for a modified system, known as EDVIRSP.

Objectors to EDVIGE were horrified to learn that it would have gathered information on any person having applied for or exercised a "political, union or economical mandate or playing a significant institutional, economical, social or religious part as well as information on any person, starting from the age of 13, considered by the police as a "suspect" potentially capable of disrupting the public order".

Opposition was swift and brutal, with thousands of people demonstrating in over 60 cities. Faced with petitions and up to a dozen separate legal challenges, the French government decided to cut its losses and back down. While detail of what will be held in EDVIRSP is still not known, it is believed that it will specifically exclude information relating to people’s health or sexual orientation.

But what then of STIC? The CNIL report reveals that STIC, created in 1995, but only officially acknowledged since 2001, is accessed by the police approximately 20m times a year. That alone represents a massive degree of surveillance and checking.

However, CNIL's President described STIC as "more dangerous than EDVIGE", because of the huge number of errors that CNIL has discovered recorded in it.

STIC now covers approximately half of the French population – without any age limitation. In this one detail, our own vetting database compares favourably, as current estimates suggest that, in time, it will hold data on no more than half the UK’s working population.

In other respects, serious issues over the provenance of data illustrate all too clearly what happens when the government starts to collect data on its citizens without putting adequate measures in place for updating and accuracy checking.

Thus, the police may register individual details on STIC after an offence has been committed. Registration should include not only suspect details, but those of the victim as well, and the records should be updated with the outcome of any court decision. "Innocent until proven guilty" works under French Law as well.

Unfortunately, CNIL report that not only are updates very seldom applied – but that on occasion victims are mistakenly registered as suspects. Overall, CNIL identified an error rate of 83 per cent on STIC records: not all errors were as serious as those suggested above; some were. This is "staggering": it also has major social consequences, since – anticipating the UK’s own law on Safeguarding Vulnerable Groups 2006 by three years, the French passed a law in 2003 which extended the role of STIC to checking the (criminal) records of anyone applying for a wide range of jobs – especially in the security field. Sounds familiar?

CNIL’s estimated 1m hired or fired "by mistake" include victims recorded as criminals, and suspects whose not guilty verdict was never added to the database. The single comfort for French citizens lies in the fact that unlike our own vetting base, STIC inflicts its damage through the simple mechanism of mis-recording actual verifiable data.

It will be left to EDVIGE to implement the second feature of UK’s new checking system – which is to add in allegations and accusations, irrespective of the accuracy of either. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.