Feeds

How gov scapegoats systems for man-made errors

Dead pupil letter shows it is human to err

Combat fraud and increase customer satisfaction

If you want to understand what is wrong with public policy when it comes to IT in the UK, look no further than the recent tragic case of the letter sent by a school to the parents of dead schoolgirl Megan Gillan, demanding that she improve her attendance.

It was one of those bleak and bitter accidents that inevitably occur from time to time, leaving sysadmins everywhere breathing a sigh of relief that on this occasion it was nothing to do with them.

Total error-free operation is not a realistic goal. Bugs do get built into systems, and no matter how perfect the system, they still need people to operate them - fallible people.

What could be avoided is the misleading aftermath: the spokespeople for official bodies running round and blaming the system, the reinforcement of the public myth that computers are somehow alien, given to working in mysterious ways quite beyond the ken of the average punter.

When we first read this story – a single paragraph in one of the broadsheets – the event was described as a "system error". Our instant reaction was that this was unlikely; most system errors usually turn out to have a very human origin.

However, the same story was elaborated upon in the BBC report of the event. Cheshire County Council confirmed that Megan’s school had been using Capita’s School Information Management Systems software (SIMS) to maintain her details. A spokeswoman for the Council was reported as saying: "Megan's name had been taken off the school roll when she died, and removed from the main school database.

"However, unknown to the school, her details had remained in a different part of the computer system and were called up when the school did a mail merge letter to the parents of all Year 11 students about their prom.

"The letter called up details of each student's attendance for the whole year to date and because Megan had been on roll in September, she was included."

So the system, for some peculiar reason, holds multiple representations of the same data? If true, that would be an accident waiting to happen.

Except, according to Capita, that is not so. After wading through their initial slightly woolly response, which committed them to a software change that would make it impossible to send attendance letters out to pupils who have left a particular school, we put it to them that the systems architecture implied by the above statement would make their system unfit for purpose.

They took the bait and politely, but firmly, explained that our conjecture was wrong. The system only contains a single data table for pupils' names and addresses. The issue was pretty much as outlined above.

We are still not totally convinced of the need for a software fix. We have since spoken to the Head of ICT in a school that runs SIMS, who was equally scathing of the idea that this was a "system error", pointing out that the software allows schools to set a deceased flag, after which, as far as he is aware, all communications in respect of a given pupil are automatically blocked.

If true, the danger of putting in a "fix" of the kind that Capita have proposed is that it adds to the complexity of the system, and increases ever so slightly the possibility of a real bug being introduced. It is cosmetic rather than necessary.

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.