So I'm not feeling on top form today, but I'll get over it. I suspect that most of us do something like this from time to time. On last week's News Quiz, Jeremy Hardy said something on the subject. He was given a question about the latest loss of confidential data - "have you heard the one about the Cabinet Office Official who left top-secret intelligence documents about al-Qaeda on the train" sort of thing. His comment was along the lines of:
What sort of idiot would do something like that?
I would.
Being a bit of an old softy liberal lefty type I quite like Jeremy Hardy on the whole, although I don't agree with his opinions on some issues and I've found him a bit tireder and less sharp in recent years. But he was on good form on this topic, because what he said was basically true.
It's a lot of fun to have a laugh at the expense of other people who do spectacularly boneheaded things (hence the Darwin Awards) and I'm certainly not going to stop doing it. It's also right and proper that people take the consequences of their actions, especially when their idiocy hurts others - stupidity can be as damaging as deliberate malice, whether you're losing some confidential data which you should be taking care of, or running over a child in your car because you lost concentration after dropping one of the sweets you were eating at the wheel.
Having qualified Hardy's observation, he's absolutely right to point out that people oversimplify the world, dividing it up into two groups; the "stupid people" and the "not stupid" ones. Most of us consider ourselves to be in the latter group, in the same way that a majority of car drivers consider their driving ability to be above average. In fact most of us are a mixture of stupid and not stupid. If we're lucky with our genetics, education, upbringing, circumstances, peers, etc, most of the time, most of us do a reasonable job of getting through our lives with a reasonable degree of competence. But even if people are not stupid most of the time, they are fallible - either through being bad at a specific type of activity, or just having a bad day, when they mess up tasks they'd normally breeze through without effort.
This has consequences when thinking about bigger issues. Take the seeming inability of Civil Servants to look after our confidential data. Grumbling aboput how incompetent these people are helps to let off steam, and it's probably even true in some cases - I'm sure that there are some employees in any organisation as big as the Civil Service whose average position in the stupid - not-stupid spectrum merits the sort of appraisal I once saw in a Dilbert cartoon, which went something like this:
Junior employee: It says here that I have "a genetic predisposition towards sub-optimal performance".
Dilbert: It means it's not your fault.
But even if we were to fire all the employees who were really bad at most of the tasks they were supposed to do, we'd still be left with ordinary folk who might do a pretty good job 95% of the time, but spend their remaining time doing specific tasks which they're just not very good at, or haven't been properly trained to do, or literally bore them stupid, or don't have the time to complete adequately, or tasks they could do perfectly well on an average day, but are screwing up because they're stressed about being late because of the cancelled train, a row with the spouse, the fact that little Johnny keeps coming home from school in tears but won't say why, or the broken-down boiler which will cost more than the contents of the family savings account to fix.
In a big organisation, you do certain things to filter out people who don't have the skills to do the job well, but the big challenge is to design jobs, systems and working environments which are not just idiot-proof, but robust enough to minimise the effects of ordinary fallible people having a stupid day. And if things do go wrong - well, it's the more senior people in an organisation who have the power to hire others, organise them, dictate their working methods and how much time, training and support they get to complete whatever task it is they're doing, and they are generally well rewarded for their leadership skills. Strangely enough though, when disaster strikes, like Macavity, they're not there.
Kudos and fat bonuses for organisational achievement tends to defy gravity and flow uphill, but blame for massive cock-ups tends to follow the more traditional route to the bottom. Time and time again, we find it's the relatively junior trader who was responsible for the bad investment decisions which broke, or nearly broke, the bank, or the untrained school-leaver Junior Assistant Administrative Assistant who managed to lose the incredibly sensitive data that the organisation was holding. Never mind that the the junior trader's boss was quite happy to take the credit for the trader's performance when the figures appeared to be OK (and didn't really understand the complex deals he was doing, if truth be told), or that the manager of the kid who posted the sensitive data shouldn't have let him have it, or asked him to put it on a disk in the post.
These are extreme examples of blame-shifting, facilitated by the differences in power in hierarchical organisations, but it's also part of human nature to attribute defects we can't bear to own up to, such as stupidity, prejudice, cruelty and dishonesty to other people, rather than acknowledging that we are all fallible. Especially in today's world of self-esteem-worship, relentless self-marketing, and omnipresent PR, we're all too likely to glibly think:
What sort of idiot would do something like that?
I wouldn't.
Which makes us feel good about ourselves, but doesn't address the basic problems. A concrete data-loss related example. I'm wholly against the idea of ID cards and their associated database. The fundamental reasons are that I don't feel they are needed, they provide no substantial benefits to citizens and they burden people with unwarranted costs and intrusion into their daily lives. There are many subsidiary reasons why I think they're a bad idea, one of the main ones being the inability of Civil Servants to keep the databases they already run secure.
The data breaches which have already happened were often the result of somebody having a stupid day. But when Ministers and senior Civil Servants focus on finding and firing the junior culprit, they are often diverting our attention away from the real problem. Any system that big and that complex is bound to leak. Some databases are necessary - there are good reasons for having databases of vehicle drivers or needing a database to administer child support payments. Computer systems can be made more secure, the number of people who have access to them can be limited and people handling data can be recruited, trained and monitored more efficiently, but ultimately mistakes in big and complex systems are, for the foreseeable future, inevitable. The best anyone can hope for is to minimise the number of mistakes and limit their impact.
The implication that all we need to do is find the idiots and fire them is dangerous nonsense - it implies that such systems are perfectible and that once we, the Government, have ironed out the few local difficulties we've had due to one-off acts of stupidity by idiots, we can go on to build bigger, better and more secure databases for any project which takes our fancy. And, lo, these databases really will be secure, because by then we will have eliminated all of the idiots from the system and the technology's getting better all the time, we've learned some valuable lessons , biometrics, blah blah, blah....
I say there will always be idiots in any system. Sometimes they will be just like you and me. It's possible to reduce the chance that an idiot will cause harm, but no complex system can be completely idiot-proof. So do your best to keep the data you collect to the minimum needed to do the job, keep it as secure as you can, don't share it if you don't need to and try to share it in a secure way if you really must share it. And don't hoover up any more sensitive data unless you absolutely need to But the thinking behind the creation of a brand new National Identity Database (or set of shared databases) of unprecedented size and complexity, at enormous expense, seems to be something like this:
well y'know it might stop terrorists ... well no, actually we never said it would stop terrorists, but it'll probably help us to keep track of all those pesky immigrants and asylum seekers and sew up the Daily Mail vote ... I mean, protect our borders ... or it could stop identity theft, because there are bad people out there who want your sensitive data, but if you give it to us we'll put it somewhere really nice, where it really will be 100% safe, because we sacked all the idiots who lost all your other data ... er, sorry about that ... but this new system's fully protected by biometrics and stuff ... and I'll bet it'll make it a lot easier to open a bank account...
What sort of idiot would come up with something like that?
0 comments:
Post a Comment