MI5 wrongly collected subscriber data on 134 telephone numbers as a result of a software error, according to interception of communications commissioner Sir Paul Kennedy's annual report. A spreadsheet formatting error caused the service to apply for data on the identity of telephone numbers ending in 000, rather than the actual …
They are using spreadsheets to manage this information?
Can, worms, open.
Indicative of the desire to go on more fishing trips.
5% year on year growth.
Icon says it all.
You really couldn't make it up.
Luckily none of the 134 was tracked by an armed squad of assasins and terminated with extreme prejudice on a London Underground train.
Maybe they did....
Yet another govt. department using a spreadsheet for database work
The shocking thing is not that the error wasn't noticed - but that they used a spreadsheet, a tool that easily allows errors such as these.
While it is not surprising for an Olympic agency to use Excel for a database of all cultural events, I would have expected MI5 to have the third best CRM system in the country (after GCHQ and MI6).
re: Yet another govt. department using a spreadsheet for database work
Everyone in .gov.uk knows all about databases..
1. Important managers qualifying for MS Office Pro get Microsoft Access on their laptops
2. Microsoft Access is a database
3. Microsoft Access is a useless version of Excel that doesn't do colours, fonts or calculations
Paris - because she has a higher IQ than the aggregate of the entire UK Civil Service.
They do ...
Its really the third behind MI6 using an Open Office and GCHQ with Vi-si-Calc.
Hey - don't have a go at the civil service or we'll go on strike!
I wonder if they kicked the wrong doors in too.
See this is a legal problem. It's all these damn rights. If only the law let them listen to everyone, then such mistakes would not be, err, a mistake at all.
"spreadsheet formatting error"
lol ... probably one of the interns from Oxbridge!!!!!
MI5 using spreadsheets?
> MI5 wrongly collected subscriber data on 134 telephone numbers as a result of a software error .. A spreadsheet formatting error caused the service to apply for data on the identity of telephone numbers ending in 000, rather than the actual last three digits ...
This is what happens when peoples only exposure to computing is Microsoft Office. When they get into employment they can't think outside of the Excel/Word paradigm ...
@Yet another govt. department using a spreadsheet for database work #
It was only a couple of years ago, while analysing another, less secure government department's ludicrous 40 million a year bill for two ICT systems, that I concluded that all enforcement systems are essentially an XRM solution and nothing else.
Having proved we could reduce the cost of their IT by at least 80%, naturally, at that point, I believe (but am not certain,) the two companies involved sent in their principal contract negotiators.
Not withstanding that the department (who shall remain nameless,) should have its CIO sacked, I cannot see why Microsoft's on premise Dynamics system, hasn't been agressively sold into the pizza express north bank massive.
through the mist
@MI5 also acquired data on the histories of 927 internet protocol addresses without authorisation from a sufficiently senior officer, of GD3 rank or above. This was due to an "incorrect setting on the system used by the Security Service," according to Kennedy,
Unlikely - the operatives were probably doing their own "research" and did not want to be bound by red tape, in fact they are probably allowed some scope to do so outwith "guidelines".
If we could query the excuses given and dig deeper we would probably find that like they have almost free access to query what they like.
552,550 requests for communications data during 2010
"John Smith? But we've got 461 customers called John Smith".
"No problem - give me the data on all of them".
Oh please, pull the other one.
MI5 admit making 1,061 mistakes in 2010.
While TalkTalk are busy intercepting private/confidential communications for all of their 4m subscribers, and engaging in man in the middle/replay attacks using kit supplied by Huawei.
While Vodafone are busy intercepting private/confidential communications for all of their 0.6m customers, and relaying it to the USA for a replay attack using kit supplied by Bluecoat.
Experian Hitwise are covertly processing the private/confidential communications of millions of UK internet users too.
And Mike Galvin of BT is advocating involuntary mass communications interception to fulfil Ed Vaizey & Reg Bailey's mad national communications censorship 'for the children' amibitions.
And I didn't bother to mention Phorm.
MI5's failings, while sinister enough, are almost irrelevant to the extent of illegal mass communications interception in the UK.
You could be forgiven for thinking it was MI5's job, as a counter espionage organisation, to stop it.
I thought the Reg article on this made it clear that BT was AGAINST this - and not supporting it ?
Thanks to the NOTW phone "hacking" we now have a going rate for illegally listening to telephone calls, so where do we go to find if we were affected, and if so, how quickly can we expect the cheque?
All data destroyed?
Surely they mean all data locked away for 6 years to comply with DPA
Meanwhile in Uzbekistan...
A naked lone figure crammed into a 4' x 4' x 4' steel barred enclosure blindfolded and gagged with cockroaches crawling all over him hears a door open and footsteps approach. The door to his diminutive cell opens, he is hauled out and a voice says, "Terribly sorry old man. Seems to have been a bit of a bugger-up down in files. Would you mind awfully signing this release promising not to sue and we will have you on a BA flight back to Luton within the hour. Economy, of course. Budget is a bit tight if I'm honest. Oh and here is your phone. Sorry about the gaffer tape. The back rooms boys were a little over-enthusiastic doing their examination."
Curse you, Excel!
Population of UK:
-- -- 61,840,000 (approximate)
-- -- -- -- Source: World Bank, World Development Indicators
-- -- 552,550
-- -- -- -- Source: Sir Paul Kennedy
Doing the math, presuming One Snoop Request Per Person
-- -- 61,840,000 / 552,550 = 111.92 (approximate)
This means that if authorities are requesting just one "snoop request" per person (which may be the case, if UK law allows for "open-ended" requests; I don't know, because I do not live in the UK), government minders have their collective eyeballs watching approximately 1 out of every 112 residents (about 0.9%).
If multiple snoop requests are initiated per individual, say 5 per person on average, then that still means at least one out of every 560 people is on the snoops' radar.
Buggers the imagination, that does...
Shock News. Interception commissioner reports something *slightly* critical about MI5
Only *slightly* of course.
Everything A-OK otherwise.
? Buttle ? Tuttle
You know the outcome.
i think it would be a better thing to say all our communications are intercepted its just whether they then use this information......
Peanuts and monkeys
I saw some IT jobs advertised on the MI5 website a couple of years ago. Salaries started at about 19K for work in London, for graduates with a few years experience. My Russian wife commented "This is why we can buy them so easily".
"Wrongly collected"? "Software error"?
Will the victims be notified and get apologies and compensation?
Or is our rulers' attitude just "don't worry, it turns out you had nothing to hide anyway"?
A handful of rules would have prevented this...
Some parsing and simple checking "is right (phone-num) 4, 000" or "is right (phone-num) 4, 0000", 'last 4 end in zeroes', right (phone-num) 4" or the like againts the first parsing and subsequent parsings of the phone number.
A simple linked table would enable use of a detail table which would display the likely-erroneous numbers, and then a clicking on them could further produce relationally-linked persons of the same surnam, first name, city, state, workplaces, and so on to help sleuth out the possible ACTUAL person of interest.
Even if/though hexed cell (excel) can do this, spreadsheets have NO business being used as databases. Even a simple relational database such as Lotus Approach can handle this, in a more sane presentation if it is allowed to log in to the main or a working datatabase subset. Approach lacks some enterprise features, but if the user is in a steril environment, using a machine lacking access ports and having tamperproofing and alarmed cabling, then a simple database tool with not internet access installed from a known-clean source could have been used.
Even outside of MOD/DOD usage, spreadsheets sometimes SUCK. Using excel instead of a real database is why an employer of a friend of mine sometimes doesn't get invoices out or overlooks some for months and quarters on end.... Imagine a cleaner cashflow and reconciliation efforts if excel were dumped and left to financials ANALYSIS and not payrol/invoicing.