Cop shop rapped for 'completely avoidable' web form blunder The London Mayor's Office for Policing and Crime is being rapped by regulators for untidy tech practices that made public the personal data of hundreds of people who filed complaints against the Metropolitan Police Service. According to the Information Commissioner’s Office, MOPAC made a "completely avoidable" webform error …
For a complaints logging database? Nah, just use the lowest-bid contractor for that system that we've been forced to implement but don't actually want ...
We used to have a paper-based system called the cylindrical receptacle, but those scrotes in Whitehall said it wasn't sufficient
"ensure there are no unintended consequences"
It's much more basic than that. Why was internal access to the data expected to be via the public portal? Surely it's a fundamental that internal and external access are segregated? Or are we once again falling foul of the output of web devs who understand nothing about even basic security? I suspect that the general misunderstanding of "agile" has a lot to do with it, is it's commonly interpreted as "tinker without planning" so nobody actually designs anything -- they just implement on the fly until it "works" and release it.
I see their "effective mitigation for the security issue" is to remove the online forms and instead ask people to email their complaints to ComplaintReviews@mopac.london.gov.uk. Fortunately emails are entirely secure in transit and storage. Plus, forwarding plain-text emails to the group, rather than making the group log in with 2FA to access encrypted database records with full auditing, is much more convenient.</sarcasm>
I once complained about a police car pulling out in front of me when I had right of way and only putting the blues and twos on after I had nearly crashed into it. I made it clear that I was a forgiving guy and wanted no more than someone to remind them not to do that.
The response was a letter telling me they had decided I wouldn't be prosecuted for the incident.
"Why the reprimand? MOPAC "acted professionally" throughout the investigation to tell the Met Police complainants about the screw-up. And MOPAC has since taken "remedial steps" including "awareness and training" around "permission forms.""
Would the Met Police accept that excuse, or even Khan's TFL, if you screw up and do a crime / drive in a wrong street and "act professionally" to deal with their complaint and then let you off? Doubt it.
No mention of people being sacked as if they are so incompetent how can they be left in post? Or be redirected to pick up dog shit/direct traffic as they're obviously not fit for first year CompSci-type jobs if that.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
