Thursday, 21 June 2012

A taxing post

When is security insecure?

Having contacted the tax office to enquire about something, I was greeted by the obligatory security questions. Now this is my first time at contacting the tax office for over three years, so I am somewhat shocked that they have developed security questions to keep me from my data.

As the security questions proceeded I was asked for an address I used to live at, now, I am not sure about you, but I tend to forget where I use to live, as I am now living somewhere different. So being asked to recall an address I lived at some years ago including postcode is not a security question it is a memory test.

I of course failed.

So the twenty minute wait, that I had to endure to get to speak to someone from the tax office is now compounded by the fact I cannot actually talk to anyone without knowing all my previous addresses off by heart.

I understand the need for security, but we are rapidly becoming a society in which we are locked out from our own data due to crass security measures that are imposed upon us in "our interest". Nobody consulted me on the questions they were going to store, so I do not know to this day whether the information they hold is correct, if it is not, then I might never be able to access my own data.

So this again begs the question, if someone steels your identity, and accesses your tax office office records, how does one stop them changing all your details so that you are locked out forever?

I now have to trawl through paperwork to find the address where I use to live, and then will be asked another asinine question to which I do not know the answer and have to make even more calls.

I note that each time I call I have to pay for the call, so I am paying for my failure, or is it there's?

Thursday, 17 May 2012

Depersonifying technologies – Healthcare ICT failures...

A call to a mobile phone was recently received from a north London hospital.  The call was an automated call, stating that an appointment had been made for a person at a time and location.
As this happened to someone I was with at the time of the call, I think it is important that this is illustrative of many ICT failures within the NHS and many other businesses.

Let’s look at some of the core problems of which I see three main issues. 

  1. The call was automated and therefore the receiver could easily assume it is a crank or spam call from some sales company in a distant country.  This means the receiver of the call is unlikely to listen beyond the five to ten second rule.
  2.  The call was from a hospital about a hospital appointment.  This, to me, and I am sure to many others, would be considered personal information, yet no attempt was made to ascertain that the caller (the automated caller) had actually got the correct person.  No attempt was made to see if the person on the other end of the phone was capable of taking the call. Were they hard of hearing? Were they driving in a car? Were they on a building site?  The auto-calling system assumes too many things about the receiver of the call.  I still think that the basic of getting the correct person is the most important though.  To me not doing this breaches all areas of confidentiality.  What if the call had been a private matter which they did not want their partner to know about?  What if their child picked up the call?  When you start thinking on this line the whole system is too ridiculous for words.
  3.  The caller informs the receiver of an appointment. This is fair enough, apart from the fact that the receiver no longer lives in London and although on repeated occasions has informed the hospital concerned, and the people at the hospital have noted that she moved two years ago, she still gets appointments.
This point is a really important one.  It shows a wealth of failures in the NHS ICT systems. 

a)      The system does not allow the receiver of the call to respond to the message.  It basically tells the receiver of the appointment.

 b)      The computer systems at the hospital are such that although the person’s has told the hospital on many occasions she has moved the hospital system to not allow her records to be taken off their system easily.

 c)       This calls into question whether the said hospital has passed her records to her new hospital or if they are still retaining them due to a computer error or human error.

d)      The time and money spent on getting an automated system that does not work well is not saving the NHS money it is costing them money by making the NHS look stupid to the general public.

The most concerning thing is that the NHS is a health organisation and one that should provide the potential patient with confidence and a feeling that they are being cared for. But none of this comes through using an automated electronic voice that provides no real connection of two way communication with the patient. 

It seems this one thing is illustrative of a greater decline in the inappropriate use of technology to  be used where real people would do a better, more personal and efficient job.  I have little doubt that the response to this is that a computer can dial thousands of numbers and book millions of things in a fraction of a second.  Perhaps... So what?? 

In business, you are only as good as your reputation.  If a telephone system means your reputation suffers this is more costly than the savings accrued through its use.  If a system is so inflexible and cumbersome that it cannot all for two-way interaction then the organisation needs to consider if it is the correct system.

This harks back to an old argument of quality versus quantity. I suspect that often computer systems are used for quantity and economy without thought to the quality.  The implications for EHRs and shared systems is worrying if this example is anything to go by. Certainly, the  message from this hospital seems to fail on so many levels, the hospital and the NHS should rethink using systems like this.

Since posting this the hospital have contacted us over four times about different missed appointments and each time are told that we have moved some years before. The cost to the health authority must be ludicrously high and the health records that should have been transferred to the new health authority are clearly still at the original one. This is a simple thing that has cost the HA a lot of money and could be easy to solve.  So why haven't they?

Tuesday, 28 February 2012

the importance of survivability

I was at the hospital the other day, as an outpatient. 

The hospital was brand new with state of the art technology throughout. After following the obscure route to the department I required, I was greeted by a queue.  Not a big queue, but a definite queue, all the same.

The person behind the reception desk, who was by herself, explained to me and the other people in the line that the computer systems were down, as they were constantly integrating the old and new systems,  consequently unless we knew the consultant we were seeing it might be a wait.

The wait did in fact happen and the line started to move out of the department into the adjacent corridor.

It made me think that there are some serious implications of a hospital system going down. 
  1. When the system went down, there was only one person left to do the job of three or four.  Certainly with a computer system the job was a one person job, but without it more staff were required. This meant the computer was saving money for the NHS as long as it was working.
  2. It is critical that a hospital computer work, in this instance, there were two other terminals with old databases which could be manually searched for the information but things such as the time of appointments and other key information was missing.  This made me realise the importance of a survivable system for hospitals but also for all places of work where information time is money.
  3. The third issue is that of redundancy, without the back up computer systems the wait would have been a lot longer.  The fact that there was redundancy of information meant that the hospital did not grind to a halt but managed to limp along.
As we progress into the 21st Century, it is important to realise that if it is digital it is transitory in nature and can easily be destroyed, manipulated and  lost. Without hard copy we are all at risk of losing important things as more critical information about our lives is put into digital format.

Sunday, 12 February 2012

the dependability issues of caller identification in the digital age

I recently did a Soapbox piece for Telecare Aware ( on security of information in relation to telecare operators and I think that this is something that needs to be addressed more widely.

Recently, I received a call from the bank about a matter that they wished to gauge my opinion on.  Fair enough, you might think, but before they could do the questionnaire, they needed to go through the obligatory security protocols.  The first of these, like the previous post was "are you Mr" "what is your date of birth"..... etc.  Now, correct me if I am wrong, but there is a fundamental security issue with adopting this approach.

Firstly, there is no way for the caller to verify it is really me without me providing them with personal information which they must already be in possession of to verify this. (dependability problem number 1)

Secondly,  I must provide my personal information prior to them being able to provide theirs. In fact, their ability to identify themselves effectively is dependent on me identifying myself to them satisfactorily. This is because they cannot provide any of the personal information about me to me without breaking their code.  They could provide the odd number from my account, but so could anyone who has my bank account details, such as anyone I have given a cheque to or paid by card or any one who knows someone at a call centre that does the work for a bank or utility company / online shopping company etc. (dependability problem number 2)

In other words the details they are likely to provide are already, possibly, out in the public domain for those who want to get them.

This leads to the third issue. If the information they can provide is not unique to me, how can I guarantee their authenticity?  The simple answer is that I can't, in fact no one can actually truly guarantee beyond doubt that they are talking to the person they think they are talking to without visual confirmation. dependability problem number 3)

Thus we arrive at stalemate. Clearly the caller from the bank knows I am who I am, as they have called me on my mobile phone.  I do not sound like a child (hopefully) and I, in all probability am the person they are to contact.  Clearly, exceptions could occur, but this is always the case, but these are cases of more serious fraud.

Thus, we need to design a system of  authentication which allows the caller to identify themselves to the called,  without the current security breaches that are enforced.  One method would be a password system such as the one to log into the bank.  Another is a an app that the caller could use on their phone to authenticate the call from a bank or some other body.  The app would not be too difficult to do provided the companies are able to give up the numbers they use to call on, but most have a system where the caller number is withheld.

So, we have  to go back to the drawing board.  We need to rethink telephone communication and the security implications of caller identification.  If we do not, then we put ourselves at risk, as the respondents, who are forced to provide personal data to a virtual voice who does not and cannot identify themselves to the same standard as online users experience. (dependability problem number 4)

We hear a lot about hackers and scamming but the security in place by major companies is neither usable or effective for the either party nor is it secure.

Thursday, 5 January 2012

Eons of experience but a major security data protection flaw – Time to put their energy into their debt recovery systems.

Over the Christmas festivities, a bill arrived and due the impending celebrations, it was, like many other things at this time of year, overlooked. Finally, after the celebrations were complete my mind returned to things business and I, like many others, started to go through old post and outstanding issues. One of these was a bill from Eon , which I paid on the last day to pay.

Next day, I receive an automated telephone message from a company apparently identifying itself as ‘Buchanan Clark & Wells’. I have never heard of this company, but the message was clear, it stated it was not selling and was from the aforementioned company. It provided me with a telephone number and a unique reference number and insisted I call this phone number and give the reference number.

Out of curiosity, I did this, and was greeted by a vaguely pleasant person who asked me for the reference number and my name.

Now this is where things became problematic.

I, of course, would not give my name, as I pointed out they had sent me a telephone message, provided me with the unique reference number and asked me to call, they should know who I am. It would have been unwise to provide my name or any other details because they could then potentially have my name, my telephone number and any other details I gave, which could be enough for some form of identity fraud. This is especially the case, as I still had no idea who I was calling or why I was suppose to call them. The voice message left gave none of this information. I also had no knowledge that this company was legitimate and that the telephone number was actually theirs!

Of course, this is where personal data protection comes back to haunt us. It is the law in the UK that no information can be discussed with a third party over the phone without the relevant parties identifying themselves. The woman on the phone identified herself as from ‘Buchanan Clark & Wells’, but as I have already stated this meant nothing to me and could have been a switchboard in India similar to the Microsoft scam which is still doing the rounds in the UK. For all I knew, she could have been in a council flat in Glasgow raking the money in from innocent callers who returned the call. I had no way of checking the authenticity of the company or the call unless I put the phone down, Googled ‘Buchanan Clark & Wells’ or the telephone number they provided. Honestly, how many people are going to do this and why should we be expected to do this. Surely, the onus should be on them not us, the consumer!

Due to the lack of ID and I being unable to verify the authenticity of the call I had no choice but to finish the call as the woman could not provide any further clues apart from the word Eon and Buchanan Clark & Wells. This simply is not sufficient to instil trust from an automated telephone call.

Therefore, there are a number of issues that need to be addressed here:
1) The telephone message could have been received by a child, surely this is against all protocols and should be illegal. Where does that leave the consumer? Is the consumer at the mercy of the energy provider or do they have rights to opt out of this abuse? Is the message logged down somewhere as having been received or will it be resent until the client contacts the agency?
2) Why did they not rely on a human voice to do the work and cut out the middle machine? I would certainly feel better talking to a real human.
3) How do we get through security issues to do with phones, if the third party cannot provide information to you to satisfy your own internal security concerns? If Eon had said to me that there was a security word they could use that would be unique to me then this might have helped.
4) How can ‘Buchanan Clark & Wells’ be allowed to use such poor security as this is open to abuse and replication by unscrupulous people. The obvious scam is to just dial a number using an automatic dialling machine and provide the same unique number to all callers and the same false telephone number and identify yourself as Imagonna Scamunow and I am sure that many people, like myself would return the call out of curiosity. For the scam to succeed the person on the other end of the phone has to suggest that the caller owes a utility company £X,000 and that they are a debt recovery agency. This could be followed by an insistence that this bill is paid instantly or immediate legal action will follow. Most people, I am sure would, without thinking would provide their name, address and credit card details.
5) How can the Legal Ombudsman allow companies to use such poor practices and condone a potential obvious security flaw?
6) How can we, as consumers, use the power of our money to show companies like Eon and ‘Buchanan Clark & Wells’ that their shoddy work practices are unacceptable?
7) How can we get the law of third party caller identification and data protection reviewed to be in line with today’s needs for security and information, two concepts that might not go hand in hand.
8) What new systems need to be developed to provide consumer safety against this sort of scam. Potentially this could have worse ramifications than the Microsoft Scam.
9) Can we as consumers take action against the company, in this case Eon for endorsing such a blatant breach of all things credible to human rights and data protection?