Spreadsheets, really?
They are using spreadsheets to manage this information?
Can, worms, open.
MI5 wrongly collected subscriber data on 134 telephone numbers as a result of a software error, according to interception of communications commissioner Sir Paul Kennedy's annual report. A spreadsheet formatting error caused the service to apply for data on the identity of telephone numbers ending in 000, rather than the …
The shocking thing is not that the error wasn't noticed - but that they used a spreadsheet, a tool that easily allows errors such as these.
While it is not surprising for an Olympic agency to use Excel for a database of all cultural events, I would have expected MI5 to have the third best CRM system in the country (after GCHQ and MI6).
Whaddya mean?
Everyone in .gov.uk knows all about databases..
1. Important managers qualifying for MS Office Pro get Microsoft Access on their laptops
2. Microsoft Access is a database
3. Microsoft Access is a useless version of Excel that doesn't do colours, fonts or calculations
Paris - because she has a higher IQ than the aggregate of the entire UK Civil Service.
> MI5 wrongly collected subscriber data on 134 telephone numbers as a result of a software error .. A spreadsheet formatting error caused the service to apply for data on the identity of telephone numbers ending in 000, rather than the actual last three digits ...
This is what happens when peoples only exposure to computing is Microsoft Office. When they get into employment they can't think outside of the Excel/Word paradigm ...
It was only a couple of years ago, while analysing another, less secure government department's ludicrous 40 million a year bill for two ICT systems, that I concluded that all enforcement systems are essentially an XRM solution and nothing else.
Having proved we could reduce the cost of their IT by at least 80%, naturally, at that point, I believe (but am not certain,) the two companies involved sent in their principal contract negotiators.
Not withstanding that the department (who shall remain nameless,) should have its CIO sacked, I cannot see why Microsoft's on premise Dynamics system, hasn't been agressively sold into the pizza express north bank massive.
@MI5 also acquired data on the histories of 927 internet protocol addresses without authorisation from a sufficiently senior officer, of GD3 rank or above. This was due to an "incorrect setting on the system used by the Security Service," according to Kennedy,
Unlikely - the operatives were probably doing their own "research" and did not want to be bound by red tape, in fact they are probably allowed some scope to do so outwith "guidelines".
If we could query the excuses given and dig deeper we would probably find that like they have almost free access to query what they like.
MI5 admit making 1,061 mistakes in 2010.
While TalkTalk are busy intercepting private/confidential communications for all of their 4m subscribers, and engaging in man in the middle/replay attacks using kit supplied by Huawei.
While Vodafone are busy intercepting private/confidential communications for all of their 0.6m customers, and relaying it to the USA for a replay attack using kit supplied by Bluecoat.
Experian Hitwise are covertly processing the private/confidential communications of millions of UK internet users too.
And Mike Galvin of BT is advocating involuntary mass communications interception to fulfil Ed Vaizey & Reg Bailey's mad national communications censorship 'for the children' amibitions.
And I didn't bother to mention Phorm.
MI5's failings, while sinister enough, are almost irrelevant to the extent of illegal mass communications interception in the UK.
You could be forgiven for thinking it was MI5's job, as a counter espionage organisation, to stop it.
A naked lone figure crammed into a 4' x 4' x 4' steel barred enclosure blindfolded and gagged with cockroaches crawling all over him hears a door open and footsteps approach. The door to his diminutive cell opens, he is hauled out and a voice says, "Terribly sorry old man. Seems to have been a bit of a bugger-up down in files. Would you mind awfully signing this release promising not to sue and we will have you on a BA flight back to Luton within the hour. Economy, of course. Budget is a bit tight if I'm honest. Oh and here is your phone. Sorry about the gaffer tape. The back rooms boys were a little over-enthusiastic doing their examination."
Population of UK:
-- -- 61,840,000 (approximate)
-- -- -- -- Source: World Bank, World Development Indicators
Snoop Requests:
-- -- 552,550
-- -- -- -- Source: Sir Paul Kennedy
Doing the math, presuming One Snoop Request Per Person
-- -- 61,840,000 / 552,550 = 111.92 (approximate)
This means that if authorities are requesting just one "snoop request" per person (which may be the case, if UK law allows for "open-ended" requests; I don't know, because I do not live in the UK), government minders have their collective eyeballs watching approximately 1 out of every 112 residents (about 0.9%).
If multiple snoop requests are initiated per individual, say 5 per person on average, then that still means at least one out of every 560 people is on the snoops' radar.
Buggers the imagination, that does...
This post has been deleted by its author
Some parsing and simple checking "is right (phone-num) 4, 000" or "is right (phone-num) 4, 0000", 'last 4 end in zeroes', right (phone-num) 4" or the like againts the first parsing and subsequent parsings of the phone number.
A simple linked table would enable use of a detail table which would display the likely-erroneous numbers, and then a clicking on them could further produce relationally-linked persons of the same surnam, first name, city, state, workplaces, and so on to help sleuth out the possible ACTUAL person of interest.
Even if/though hexed cell (excel) can do this, spreadsheets have NO business being used as databases. Even a simple relational database such as Lotus Approach can handle this, in a more sane presentation if it is allowed to log in to the main or a working datatabase subset. Approach lacks some enterprise features, but if the user is in a steril environment, using a machine lacking access ports and having tamperproofing and alarmed cabling, then a simple database tool with not internet access installed from a known-clean source could have been used.
Even outside of MOD/DOD usage, spreadsheets sometimes SUCK. Using excel instead of a real database is why an employer of a friend of mine sometimes doesn't get invoices out or overlooks some for months and quarters on end.... Imagine a cleaner cashflow and reconciliation efforts if excel were dumped and left to financials ANALYSIS and not payrol/invoicing.