Feeds

How gov scapegoats systems for man-made errors

Dead pupil letter shows it is human to err

Top three mobile application threats

If you want to understand what is wrong with public policy when it comes to IT in the UK, look no further than the recent tragic case of the letter sent by a school to the parents of dead schoolgirl Megan Gillan, demanding that she improve her attendance.

It was one of those bleak and bitter accidents that inevitably occur from time to time, leaving sysadmins everywhere breathing a sigh of relief that on this occasion it was nothing to do with them.

Total error-free operation is not a realistic goal. Bugs do get built into systems, and no matter how perfect the system, they still need people to operate them - fallible people.

What could be avoided is the misleading aftermath: the spokespeople for official bodies running round and blaming the system, the reinforcement of the public myth that computers are somehow alien, given to working in mysterious ways quite beyond the ken of the average punter.

When we first read this story – a single paragraph in one of the broadsheets – the event was described as a "system error". Our instant reaction was that this was unlikely; most system errors usually turn out to have a very human origin.

However, the same story was elaborated upon in the BBC report of the event. Cheshire County Council confirmed that Megan’s school had been using Capita’s School Information Management Systems software (SIMS) to maintain her details. A spokeswoman for the Council was reported as saying: "Megan's name had been taken off the school roll when she died, and removed from the main school database.

"However, unknown to the school, her details had remained in a different part of the computer system and were called up when the school did a mail merge letter to the parents of all Year 11 students about their prom.

"The letter called up details of each student's attendance for the whole year to date and because Megan had been on roll in September, she was included."

So the system, for some peculiar reason, holds multiple representations of the same data? If true, that would be an accident waiting to happen.

Except, according to Capita, that is not so. After wading through their initial slightly woolly response, which committed them to a software change that would make it impossible to send attendance letters out to pupils who have left a particular school, we put it to them that the systems architecture implied by the above statement would make their system unfit for purpose.

They took the bait and politely, but firmly, explained that our conjecture was wrong. The system only contains a single data table for pupils' names and addresses. The issue was pretty much as outlined above.

We are still not totally convinced of the need for a software fix. We have since spoken to the Head of ICT in a school that runs SIMS, who was equally scathing of the idea that this was a "system error", pointing out that the software allows schools to set a deceased flag, after which, as far as he is aware, all communications in respect of a given pupil are automatically blocked.

If true, the danger of putting in a "fix" of the kind that Capita have proposed is that it adds to the complexity of the system, and increases ever so slightly the possibility of a real bug being introduced. It is cosmetic rather than necessary.

SANS - Survey on application security programs

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.