Whistleblowers have come to us alleging spy agency wrongdoing, says UK auditor IPCO Three UK law enforcement agents blew the whistle about unlawful state surveillance to the Investigatory Powers Commissioner’s office – and one of those incidents was bad enough for the investigation to still be ongoing today. The investigation’s existence was revealed in audit body IPCO’s annual report for 2018-19, published ( …
On the basis of our two years worth of research (shortly to be published with any luck), almost the entirety of data protection compliance is conducted using templated or generic statements. Come to think of it, most corporate "compliance" is too. The basic argument seems to be "what's the least effort we need to expend to keep the regulator off our backs?". The actual intended purpose of compliance requirements doesn't seem to feature at all in decision making.
see also timesheets and travel authorisations etc.
Once the applicant has found a form of words that works, there is every incentive to use the "right answer" next time. The approver probably has many similar admin tasks, and may see their role as checking the form or process, not the truth or "proportionality" of the underlying facts behind it. That the form exists proves the applicant has thought about the matter , therefore due process has been done, therefore tick.
This research finding won't surprise anyone who has worked in a large organisation, I suspect. But good to have a study to conclusively prove it.
To be fair with timesheets and travel authorizations being mostly a 'write only' process is probably sufficient as it provides a paper trail and lets the submitted know there is a risk of being caught which is normally all that is sufficient to keep moral behaviour. It also means that if someone is caught there previous forms can be checked. After all what is the value to the business of someone fine combing every application - they are likely to be wasting far more time and expense (or worse still people avoiding doing something to invoke the process) than they protect.
Government and the publics legal rights however shouldn't be tracked on a basis of ROI as liberty is not something you can easily put a price on.
"In addition, an MI6 spy “engaged in serious crime overseas” which senior managers tried to cover up"
I mean, most countries consider spying on them to be a serious crime. So surely MI6 engages in serious crime all the time, as do all spy agencies? And they tend to cover them up as well. Unless they mean crimes other than those related to the job.
Report page 153, Annex C, "Serious Errors", investigation 4:
"For this particular IP, the last octet could be any number between 0 – 265. The TO had changed each of the 265 endings all to a zero."
Maybe not a serious error in the serious error, but perhaps indicative that whoever wrote this had no clue.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
