Feeds

1m French out of work thanks to dodgy data - UK next?

Get vetted and go... on the dole

Security for virtualized datacentres

As the UK prepares to put in place its shiny new vetting database later this year, analysis of a similar project in France reveals a devastating degree of inaccuracy, leading to real hardship for a very large number of people.

A report (pdf) issued last week by CNIL, the French Data Protection Agency, reveals that as many as a million people have lost jobs – or didn’t get them in the first place – because of inaccuracies in the police STIC database (Systeme de Traitement des Infractions constatés, or "criminal record check system").

Police databases have been very much in the news in the course of 2008, following the creation, by decrees published on 1 July 2008, of two new intelligence databases, EDVIGE and CRISTINA.

The purpose of CRISTINA (Centralisation du renseignement intérieur pour la sécurité du territoire et les intérêts nationaux) is the "Centralisation of domestic intelligence for homeland security and national interests". Because CRISTINA is classified as being for defence purposes, its contents are deemed to be an official secret and details of what is held on it remain a mystery.

But that's not the case with EDVIGE, which provoked such outcry that the government backed down in November 2008, agreeing instead to bring forward proposals for a modified system, known as EDVIRSP.

Objectors to EDVIGE were horrified to learn that it would have gathered information on any person having applied for or exercised a "political, union or economical mandate or playing a significant institutional, economical, social or religious part as well as information on any person, starting from the age of 13, considered by the police as a "suspect" potentially capable of disrupting the public order".

Opposition was swift and brutal, with thousands of people demonstrating in over 60 cities. Faced with petitions and up to a dozen separate legal challenges, the French government decided to cut its losses and back down. While detail of what will be held in EDVIRSP is still not known, it is believed that it will specifically exclude information relating to people’s health or sexual orientation.

But what then of STIC? The CNIL report reveals that STIC, created in 1995, but only officially acknowledged since 2001, is accessed by the police approximately 20m times a year. That alone represents a massive degree of surveillance and checking.

However, CNIL's President described STIC as "more dangerous than EDVIGE", because of the huge number of errors that CNIL has discovered recorded in it.

STIC now covers approximately half of the French population – without any age limitation. In this one detail, our own vetting database compares favourably, as current estimates suggest that, in time, it will hold data on no more than half the UK’s working population.

In other respects, serious issues over the provenance of data illustrate all too clearly what happens when the government starts to collect data on its citizens without putting adequate measures in place for updating and accuracy checking.

Thus, the police may register individual details on STIC after an offence has been committed. Registration should include not only suspect details, but those of the victim as well, and the records should be updated with the outcome of any court decision. "Innocent until proven guilty" works under French Law as well.

Unfortunately, CNIL report that not only are updates very seldom applied – but that on occasion victims are mistakenly registered as suspects. Overall, CNIL identified an error rate of 83 per cent on STIC records: not all errors were as serious as those suggested above; some were. This is "staggering": it also has major social consequences, since – anticipating the UK’s own law on Safeguarding Vulnerable Groups 2006 by three years, the French passed a law in 2003 which extended the role of STIC to checking the (criminal) records of anyone applying for a wide range of jobs – especially in the security field. Sounds familiar?

CNIL’s estimated 1m hired or fired "by mistake" include victims recorded as criminals, and suspects whose not guilty verdict was never added to the database. The single comfort for French citizens lies in the fact that unlike our own vetting base, STIC inflicts its damage through the simple mechanism of mis-recording actual verifiable data.

It will be left to EDVIGE to implement the second feature of UK’s new checking system – which is to add in allegations and accusations, irrespective of the accuracy of either. ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.