Feeds

1m French out of work thanks to dodgy data - UK next?

Get vetted and go... on the dole

Secure remote control for conventional and virtual desktops

As the UK prepares to put in place its shiny new vetting database later this year, analysis of a similar project in France reveals a devastating degree of inaccuracy, leading to real hardship for a very large number of people.

A report (pdf) issued last week by CNIL, the French Data Protection Agency, reveals that as many as a million people have lost jobs – or didn’t get them in the first place – because of inaccuracies in the police STIC database (Systeme de Traitement des Infractions constatés, or "criminal record check system").

Police databases have been very much in the news in the course of 2008, following the creation, by decrees published on 1 July 2008, of two new intelligence databases, EDVIGE and CRISTINA.

The purpose of CRISTINA (Centralisation du renseignement intérieur pour la sécurité du territoire et les intérêts nationaux) is the "Centralisation of domestic intelligence for homeland security and national interests". Because CRISTINA is classified as being for defence purposes, its contents are deemed to be an official secret and details of what is held on it remain a mystery.

But that's not the case with EDVIGE, which provoked such outcry that the government backed down in November 2008, agreeing instead to bring forward proposals for a modified system, known as EDVIRSP.

Objectors to EDVIGE were horrified to learn that it would have gathered information on any person having applied for or exercised a "political, union or economical mandate or playing a significant institutional, economical, social or religious part as well as information on any person, starting from the age of 13, considered by the police as a "suspect" potentially capable of disrupting the public order".

Opposition was swift and brutal, with thousands of people demonstrating in over 60 cities. Faced with petitions and up to a dozen separate legal challenges, the French government decided to cut its losses and back down. While detail of what will be held in EDVIRSP is still not known, it is believed that it will specifically exclude information relating to people’s health or sexual orientation.

But what then of STIC? The CNIL report reveals that STIC, created in 1995, but only officially acknowledged since 2001, is accessed by the police approximately 20m times a year. That alone represents a massive degree of surveillance and checking.

However, CNIL's President described STIC as "more dangerous than EDVIGE", because of the huge number of errors that CNIL has discovered recorded in it.

STIC now covers approximately half of the French population – without any age limitation. In this one detail, our own vetting database compares favourably, as current estimates suggest that, in time, it will hold data on no more than half the UK’s working population.

In other respects, serious issues over the provenance of data illustrate all too clearly what happens when the government starts to collect data on its citizens without putting adequate measures in place for updating and accuracy checking.

Thus, the police may register individual details on STIC after an offence has been committed. Registration should include not only suspect details, but those of the victim as well, and the records should be updated with the outcome of any court decision. "Innocent until proven guilty" works under French Law as well.

Unfortunately, CNIL report that not only are updates very seldom applied – but that on occasion victims are mistakenly registered as suspects. Overall, CNIL identified an error rate of 83 per cent on STIC records: not all errors were as serious as those suggested above; some were. This is "staggering": it also has major social consequences, since – anticipating the UK’s own law on Safeguarding Vulnerable Groups 2006 by three years, the French passed a law in 2003 which extended the role of STIC to checking the (criminal) records of anyone applying for a wide range of jobs – especially in the security field. Sounds familiar?

CNIL’s estimated 1m hired or fired "by mistake" include victims recorded as criminals, and suspects whose not guilty verdict was never added to the database. The single comfort for French citizens lies in the fact that unlike our own vetting base, STIC inflicts its damage through the simple mechanism of mis-recording actual verifiable data.

It will be left to EDVIGE to implement the second feature of UK’s new checking system – which is to add in allegations and accusations, irrespective of the accuracy of either. ®

New hybrid storage solutions

More from The Register

next story
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.