I agree with Mike Howse from the BCS that personal data loss must not be tolerated, and that automated enforcement may be required to address part of the problem.

But we should be careful not to underestimate the institutionalised behaviour and cultural issues associated with change in government departments.

The vision of the cost savings and productivity gains of a paperless office has caused many government agencies driven by regulation to concentrate their efforts on electronic records management, and neglect the management of physical information carriers such as paper records or discs.

In fact, under Tony Blair, the government put a mandate on the whole of central government stating that by 2004 all newly-created public records will be electronically stored and retrieved.

It is telling that the resulting approval scheme for records management systems run by the UK National Archives included the management of paper records and markers for physical data carriers as an optional module.

Now, five years after the main hiatus to implement electronic records management systems, we see important data being lost because physical data carriers were not managed as a corporate competency.
So are we really that shocked at the spate of government data losses?

David Oates, Tower Software

I really do not understand the government's obsession with providing access to computers for children (Government aims to bridge digital divide, www.computing.co.uk/2207285).

I do not think spending money to provide "the highest levels of embedded technology in classrooms in the EU" has improved the education of our children, as recent figures on school achievement have shown.

And why should low-income families expect to have high-speed broadband and computers in their home for free? According to schools minister Jim Knight, it is not fair if they don't.

Well it is not fair for them to live on baked beans and not have a car. Is Jim Knight going to provide those things also? Has he not heard of free computing in schools and libraries?

M Spencer

What is up with people in the UK - why are some so precious about ID cards? (The surveillance society).

Here in Belgium people have to carry ID cards by law, and I have never heard anyone have an issue with them. If ID cards help prevent and solve serious crime, what is the problem?

Bill, submitted on the web

If I reported all the e-crime I encounter, the Welsh Hi-Tech Crime Unit would be overwhelmed (UK divided on e-crime strategy).

Each day I receive attempted frauds claiming to be from all the well-known banks; Nigerian scams; illegal prescription-only drugs; and a few lame-brained attacks on my system.

Occasionally I fill in their forms with false data or sometimes I paste in code and try to exploit buffer overruns. Sometimes I send them my terms of access to my email address which allows excessive counter-attacks without further warnings. Mostly, though, I ignore them.

Michael Mordechai

We will probably see other acquisitions because all the big players are afraid to miss the "next big search thing" (Microsoft deal heralds further consolidation). In most cases, though, they will be buying technology based on the same principle - keyword recognition.

You can add arcane semantic or linguistic algorithms and invest in taxonomies, but you will still have to give a system an exact definition.

But what if the keyword is misspelled? Will the engine work in this case? What if you do not know exactly what you are looking for, but just have a vague notion?

There are other solutions that deal with this problem by imitating the work of the human brain - we do not look for keywords, we look for patterns.

This sort of system means no need for dictionaries that list most common misspellings, no need for inverted indexes, Boolean operators, and taxonomies. Just type in a stream of misspelled consciousness, and the system will find the match.

Such queries will make most search engines catatonic with confusion.

Yegor Kuznetsov

I have an observation on the quality of coding from HM Revenue & Customs (HMRC).

The former Inland Revenue supplies a PAYE calculator on a CD-Rom. Adding a new starter today, I completed uploading her profile and received a warning message: "This employee is beyond retirement age".

I was confused, as she is only 50. I went back to the previous screen to check her year of birth - it should have been 1957, but I had not mistakenly put in 1947, thus making her 60, but 1057, thus making her 950 years old. HMRC really does want people to work beyond 65!

Keith Appleyard

I totally agree with David Anderson's comments (We risk being left in last place, Letters blog, letters.computing.co.uk) - future broadband investment in the UK must be taken up by the government if we are to keep pace with our competitors.

However, like the rest of the UK infrastructure that badly needs updating, it will probably not appear until too late, or not at all.

Mike McNamara

I planned to study computing at Masters level in 2003 but made a swift U-turn when I discovered the level of sexism and ageism in the industry (Women in IT are scarce and underpaid).

I thought it would be a waste of time as a woman over the age of 40 to bother to pursue a career in a young, male-dominated environment.

That is the reason I have not entered the IT industry. They would not employ me, even if I were the best.

Despite everything, I am looking at it again and came across your article while researching the market. Now I discover this "great shortage" in the UK and people who matter are now calling for more women to enter the field. Just what are my prospects?

J Brown

It is typical of the Business Software Alliance (BSA) to come out with these comments and supposed research (IT piracy costing UK billions).

The BSA makes no attempt to counter mass piracy of this kind in the same way that the Federation Against Software Theft (Fast) does. If the BSA concentrated more on these mass software piracy markets instead of destroying a business because it did not have all the paperwork for those licences, there would be a chance of stopping the pirates.

As a software trade organisation, the BSA should also concentrate its efforts on making licensing simple, instead of letting its members push off complex agreements and licences for sometimes simple off-the-shelf products, creating an administrative nightmare for IT departments and a waste of precious resource.

Ben Rattigan

Further to your article, Local government not keen on shared services, local authorities unsure about central government plans to develop shared administration systems to cut costs need look no further than the successful projects already achieving efficiencies.

Take the examples set by Blackpool, Fylde and Rochdale councils, which have taken the innovative step of sharing the hosting of a fully integrated revenues and benefits system; or Barking & Dagenham and Havering councils, which have rolled out a shared, flexible mobile working system in social care.

These authorities make significant savings while improving performance and investing in new and more reliable systems.

The biggest challenge facing local authorities is to deliver more for less, knowing budgets will continue to be cut every year to 2010.

Shared services will fast become the route for local authorities to meet their service commitments without raising taxes.

Building effective partnerships takes time but local authorities need to show their commitment now by partnering with technology suppliers with an understanding of how the public sector works, who can be objective about costs from the outset and be flexible and open when circumstances change.

Tony Barron, Anite Public Sector

It is typical of the government to think that more law reduces crime, the same flawed logic that would suggest taking  cops off the beat and promoting them to chief inspector will solve crime (Too many cooks will spoil ID fraud broth).

What is needed is fewer people pontificating about what we should do about IT crime and more people actually tackling it.

From the few comments I have read on the subject of "low level" IT crime, such as not paying for something on eBay, it is not taken seriously by the police and in this particular example eBay itself would be expected to chase down the villain. Similarly, if you walk into a local police, station the response that you get will tend to be better if the sergeant at the desk happens to be a computer hobbyist, as far as I can deduce.

Until the police are properly resourced and trained to take IT crime as seriously as "normal" crime then not much progress will be made. This probably means at least one properly IT-trained computer crime officer in every major station and a management structure to co-ordinate them.

Robert McCord

It is obvious why students are averse to studying IT-based subjects at university - there are no suitable vacancies for graduates. The only IT jobs are for skilled individuals with three or more years' experience.

Take myself, for example, a 48-year-old graduate with a 2:1 BSc Honours in computer studies. I was recently offered a position with a software company and as a result gave up a career spanning many years because I was hoping for a career change.

Biggest mistake I ever made. Within seven days of starting, I was "called for a meeting" to discuss why I was slow picking up the technologies being used. I was dumped in the middle of a specialist application of which I had no experience, on top of which I was expected to learn four technologies I had never used. My skillset, or at least I thought I had a skillset, learned while studying for my degree, had no bearing at all in a commercial environment, my employer did not want to spend any time training me, and complained bitterly if I asked anyone else for help.

Within another two weeks I was given a letter stating that I faced dismissal.

The letter was given to me at 5pm on a Friday evening, with the disciplinary meeting set for 9.30am on the Monday morning - not even any time to prepare or seek any sort of legal advice. Fortunately, I was still a member of a union from my previous employment and was able to get some advice on the Sunday morning. I managed to postpone the meeting after contacting the union, who represented me.

Needless to say, I no longer work for the software company involved, my job finished three days before the Christmas break.

Am I looking for another job in IT? I doubt it very much. After six or more years paying and studying for a degree, I now feel I have wasted years of my life, not to mention thousands of pounds on a degree that I will have no use for.

I have managed to get another job, but with more hours and less money than my previous jobs. Do I have a bitter taste in my mouth? You bet I do.

People want to know why students are not studying IT? It would make me laugh if it wasn't such a bad joke.

Anonymous

I recently worked for a large consultancy firm on a government project. At least half the consultancy team were foreign staff on short-term visas, renewed on a rolling basis - every few months the staff were sent home for a few weeks then flown back on fresh visas (Are work permits for IT professionals being abused? Employment matters blog, peterskyte.computing.co.uk).

None of them had especially rare skills that could not have been sourced within the UK - I knew UK developers with these skills who were out of work at the time.

Some of these foreign staff were very good, others were inexperienced or just plain incompetent. But it did not matter because they were all on Indian salaries plus tax-free UK expenses, while being charged out to the client at the same rate as the few UK contractors on the project - which was itself about twice the actual rate paid to the UK contractors - so the consultancy was making a vast profit on them.

It was more profitable for the consultancy to bring in foreign workers to cover for their incompetent colleagues, than to hire an experienced but more expensive UK developer to replace them.

Meanwhile, the government client was barred by Treasury rules from hiring its own contract staff directly, even though it would have been much cheaper and more beneficial to the project than paying inflated rates for poor quality foreign staff on revolving door visas.

And the bone-headed government isn't even making any money on tax revenues from these deals, because neither the foreign staff nor the consultancy companies pay much in the way of taxes.

Name withheld on request

Bryan Glick is right to point to the facts behind the recent spate of public sector data breaches, which so many have failed to do when busy playing the blame game (Don't blame it on the database, Editor's diary, editor.computing.co.uk).

The focus now needs to lie on using the lessons learned from these occurrences to improve public sector data management for the future.

While your article looks to electronic personal identity management as a way forward, public sector bodies still need to encourage a culture where information management lies at the core, and where information is valued, nurtured and used and shared appropriately. We also need to remember that no technology is perfect, especially where human interaction is involved, and therefore more failsafe processes need to be put in place when dealing with ID-sensitive information.

While restoring public confidence may be a key objective for the sector amid the torrent of media speculation, I believe that the sector is working to implement more efficient and stringent information management processes to ensure that heightened data security is achieved.

Peter Dorrington, SAS UK

The recent disclosures of data losses at NHS trusts, hard on the heels of a series of similar fiascos, must have prompted many to question the security of the new NHS patient records system (HMRC fiasco places data protection under the spotlight).

The decision to assume patient consent to transferring their records unless they opt out has already been the subject of much comment. Less has been written about the deceptive and coercive tactics being used to try to prevent patients exercising this right.

The new system is being sold as the Patient Summary Record, which will contain such routine details as
vaccinations and current medication. The literature accompanying the opt-out form does mention that further information might be added in due course, but nowhere does it state that the decision has already been made to transfer all patient data eventually.

The next tactic is to create fear, uncertainty and doubt. The leaflet warns that patient care may be affected if hospitals are unable to access the record without pointing out that this is exactly the situation at present. Finally, the patient is required to hand the form to the receptionist personally: you cannot post it and a relative is not allowed to take it for you. Too bad if you are bed-ridden.

The new GP's contract has resulted in a shrinking in the time surgeries are open out of hours and there must be many who, like me, simply cannot get there without taking time off work.

Ian Bavington

I've read through this story several times (Bill Gates outlines his vision for the next digital decade), even between the lines, but I still cannot find Gates making reference to the future being shiny, overpriced and as functional as a wet haddock with a small iPod forced into its mouth. iPhone reference? I think not.
However, Gates is stating the obvious. What happened to the days when he used to predict and propose as opposed to spieling about obvious "Web 2.0" tech horizons? Come on, we know that rubbish, tell us something.

JT, submitted on the web

The Mafia probably has enough data on each UK citizen by now that the government could buy it to cut the cost of the ID card scheme, or simply outsource the project to them (PM re-commits to ID cards).

Martin, submitted on the web

Current ADSL broadband can offer a maximum speed of 24Mbit/s at its absolute best (Government broadband summit). The only cable provider is Virgin Media, after taking over NTL. Although this will meet most home users' needs, it will not do for medium-sized and large businesses in the years to come.
It is no longer a case of the UK beginning to fall short of the international network community - we already are. A lot of countries are already serving two, three and four times the speeds we are seeing in the UK.

Unfortunately, I think this situation will continue to  escalate, as I imagine by the proposed year 2012 the connection speeds will, again, be greatly increased in other countries. Action is needed before we fall even further behind the rest.

David Anderson

We need IT people, no wait, we need business skills, no wait, we need maths and science skills, no wait, we need interpersonal skills. We don't need programmers, no wait, we need programmers (Review 2007: IT skills and careers).

Pick a message, please. Here is my message Ð myth: computer science is not just sitting in front of a computer all day. Truth: yes it is.

Western corporations are sending these jobs to third world countries. Even if you manage to become employed in a technical field, you will face a lifetime of wage competition from workers in developing countries.

If you are a student, don't bother. Just train for business or finance and then  sit around and complain
because "we cannot find  IT skills".

Sam, submitted on the web

I was blown away by the comment about the UK's poor record of project delivery (Reporting project progress, Denise Plumpton's blog, computing.co.uk/blogs).

I have been looking into Prince2, and that comment would seem to fly in the face of its accomplishments and effectiveness. But methodologies are not necessarily the culprits. As the article states, reporting project progress is certainly an issue, and standard progress reports are the greatest
offenders.

One way to help with this problem is through the use of project blogs. They do not necessarily need to be formal - and that can be their strength. But in the context of a diary, a blog can point out with great clarity "what we were thinking" or "what they were thinking" at any point. And any stakeholder can contribute.

A project blog can complement other more formal systems for managing and monitoring. I am working with a large client right now helping to implement just that.

John Reiling

A few years ago I ran a project to assess the leading edge of share trading. One supplier had "seen the future", having some of the best minds working on an impressive trading system. It was all very clever stuff and promised to save institutions millions of pounds in trading. But it failed to get off the ground because they failed to bring together enough parties and transactions to form a viable, liquid market. Hence, whatever savings arose because of the whizz-bang system were obliterated by the poor prices.

Rumour had it that this venture cost its investors upwards of $90m (£46m). This does not mean Project Turquoise will go the same way (Turquoise takes on the City), but it is a salutary reminder that putting in the IT system is the easy bit.

Rob Sucher

It is the fault of the databases (Don't blame it on the database, Editor's diary, editor.computing.co.uk). If they did not exist there would be no problem. Just because it is convenient for the government to hold these massive databases and "we spend more time online" does not justify them.

And "electronic personal identity management" is just mumbo jumbo. Nothing is inevitable and the public ultimately, or at least in a democracy, should decide if these massive databases exist. The public is becoming more aware of the fallibility of these systems. The main justification for such databases is the huge profits to be made by the IT suppliers and consultancy firms.

In the case of the NHS and ID databases, they must be scrapped regardless of the loss of face to the government and its cronies. One only has to look at the list of applicants for ID contracts - arms suppliers and all - to know something is amiss.

Peter Stearn

So on the one hand everyone is crying out that there is a shortage of people studying IT at a high level and that this will damage UK competitiveness in the future.

On the other hand, IT graduates have higher rates of unemployment than any other subject (Employment rate rises for IT graduates). I would advise anyone thinking of studying IT at university to think again.

Name withheld on request

Muggers will carry the Barclays PINsentry devices with them to validate a PIN obtained from victims under the threat of violence (Safety not in PIN numbers, Letters blog, letters.computing.co.uk).
No chance of fooling the mugger if they have their own portable muggermatic-PIN-verifier device (aka PINsentry to you and me).

Sales pitch: As a bonus, the muggermatic-PIN-verifier can be used out of sight of those pesky CCTV cameras that point at ATMs and shop terminals. No longer must you take your victims' disclosed PIN on faith.

Muggers should not leave home without the handy muggermatic-PIN-verifier as with a valid PIN you can extract up to £750 per day from cash points. Get your muggermatic-PIN-verifierªfrom Barclays now while stocks last! Thanks Barclays.

Rob, submitted on the web

I had stopped downloading my music illegally because of web sites such as Pandora (Pandora to halt UK service).

This narrowmindedness from the royalty collectors  is beyond belief. I would hear new music on this service and then buy it. As a result of the shutting of Pandora, I will be returning to my nasty old downloading ways to sample new music.

Stevie, submitted on the web

I suspect it will be a long time before "super users" become a reality (Super
users replace programmers).

Even in the Marks & Spencer example you cite, the use of Business Objects requires access to data through setup, configuration and programming - by programmers.

I found some research where the super user is described as "this mythical figure who is difficult to find, immune to technological constraints and aware of legal loopholes - but often a marginal figure whose power is greatly exaggerated". Sounds about right to me.

Iconax, submitted on the web

I think "super user" is the new term for "let one person do everything, it's cheaper" - that is, cheaper in the short term, until the first bugs start to appear (Super users replace programmers).

What will a super user do when a bug appears, what application programming language is he going to use and will he make a good practice of it? What about relational databases and SQL? Object-oriented programming? Web design?

I propose that as users are promoted to "super users", we should be called "super programmers". That sounds fair to me.

Lazaros, submitted on the web

It is easy to single out the government for criticism following the report that it has spent £2bn on unsuccessful IT projects since 2000. While it is a huge amount of money, this level of IT disaster
afflicts organisations across all sectors.

As a nation we have a litany of high-profile, high-priced project failures - some in the public eye, some behind closed doors. So what is the common thread? All too often, the problem stems from an attempt at a new start, which is not linked to the massive infrastructure that already exists.

Ripping out the old tried and tested systems to be replaced with something new ignores the huge investment that the government, for example, has already made in its IT infrastructure.
Those who are successful IT leaders in government - and there are many - are invariably the ones with the vision to exploit the systems they have in place. This needs to happen more, otherwise the spectacular IT failures rather than the best practice successes will continue to dominate the headlines into 2008.

Jim Close Software AG

As an IT consultant, I had cause to submit a request to a customer's broadband supplier to have them permit SMTP relay for the customer's own domain name.

I was contacted recently by the customer's managing director to take part in a conference call with the supplier's caller who "is accessing our server at the moment". The forceful "get her out now" response of mine resulted in the supplier saying "OK, I'll undo the changes I have made and hang up".

The managing director was naive for having permitted this security breach, and having downloaded and installed the remote access software the supplier asked them to do, and dealing with the fallout of the whole episode.

But what concerns me most is the fact that a major telecoms firm - or any other supplier - feels it is justified in asking for remote access to a customer's computer facilities in the first place. Readers be warned.

Steve Moss

Barclays has sent me the new PINSentry device which is supposed to make online banking more secure (Barclays banks on two-factor authentication).

Imagine my surprise when I inserted my debit card into the new gizmo and typed in my PIN, only to be greeted by the message "PIN is correct" for about two seconds before it displayed the authentication number that I need to enter on the web site.

So well done Barclays. Now if a mugger tries to sneak a peek at the number as I enter it, and then later mugs me and steals my wallet, he can have three attempts at cracking my PIN in the safety of his own home without the need to go to a cash machine to try various PIN codes and risk being caught or losing the card to the ATM.

All Barclays had to do was to not display the message "PIN is correct" but simply give a false authorisation code if the PIN was incorrect. Then if that incorrect code was used on the Barclays web site, they could simply ask you to try again.

Name withheld on request

I am surprised that heads of IT are concerned about offshoring IT jobs to cheap labour countries (Stemming the tidal effects of offshoring, Sandra Smith's blog, sandrasmith.computing.co.uk).

There are plenty of skilled workers who are unemployed and have been replaced by cheap labour - good or bad.

Yes, in the near future there will be less skilled IT expertise, but whose fault is it? Is it management, accountants or government who allow organisations to recruit employees outside the country of origin?
If heads of IT management are truly concerned they should stop and prevent the short-term cost saving - if any - of offshoring.

Amanada Yusuf

I am amazed at the naivety of the views expressed in the article "Super users replace programmers" and in particular the comments from the IT director at Marks & Spencer.

As an independent IT consultant specialising in retail systems, perhaps I should be pleased from a selfish point of view that there will no longer be any permanent development staff. To imagine that the ability to use a package such as Business Objects to enquire on data suddenly qualifies a super user to develop complex systems is unbelievable. 

While I recognise that pure development projects are in decline with user IT departments, the requirement for skilled development staff is just as vital, but the role has changed.

Development, analysis and design skills are required to integrate financial, supply chain and point-of-sale systems in the retail environment. A decision may even be made to use offshore facilities to perform some of this development. This does not then mean that no development skills are required in-house to support, configure and enhance such systems.

For the 90 per cent of IT activity which typically cannot be performed by user departments, key decision-makers should be focusing on architecture, systems analysis and configuration skills required to develop the "glue" between a business requirement and a hypothetical business solution.

They also need to ask themselves how these people are trained and develop these skills; a background in software development is key to these roles.

After all, would finance departments outsource annual audits to a stock control clerk with spreadsheet experience?

Nic Manfield

Why is it that when a new process is examined to make things more beneficial to the consumer there is a delay? (Faster payment scheme slows down)

It is absolute nonsense in this day and age that I have recently had to make a payment six days before the monies are due in the receiver's account.

The banking system needs an overhaul in this area, and the Northern Rock fiasco is a reflection of the banks' greed and that they have got their just desserts. It is our money anyway, isn't it?

Dave Murray

Peter Wheatcroft's article is a good pragmatic view on how service management - please note "IT" has been dropped from that title -  should be approached, and the more guidance available to organisations the better the results will be (Crack the code to providing good customer service).

However, I must disagree with his statement that ITIL "promises a much richer set of standards". ITIL is not and never has been a standard in the same way as we recognise the term, for example, ISO standards.

ITIL is "best practice guidance", "a framework", meant to be "adopted and adapted". This in essence is the inherent strength of ITIL - that it is not prescriptive and that it supports and is supported by the other recognised quality management standards and initiatives.

It allows organisations to adopt best practice, and by adapting it to meet their requirements turn it into "a service that is a means of delivering value to customers by facilitating outcomes the customer wants to achieve" - a straight quote from ITIL V3 guidance.

David Jones

Your letter from Al Lawrence cannot go uncontested (Computer says no, Letters blog, letters.computing.co.uk). We all know that keeping software patches up to date is the only way to stay more secure .

In reality things are far from ideal, as anyone at the coalface will tell you. How many times do the security downloads render working machines into a heap of gibbering rubbish? We have all lost servers after reboot only to have the problem fixed in the next update cycle.

So we now all have a well-practiced caution on this automation after many lost days, a jaded opinion akin to trying to patch a colander so it doesn't leak.

But much more important is the small programmer who spends his waking hours creating an excellent piece of software that sells to a limited niche market. How is he supposed to test every patch and change from Microsoft for its bloated operating system before his software is sent out?

Security issues are on every page along with lost data issues. One wonders if we should start again with an operating system that is closed first, and not try to be backward-compatible on every release.

Let's admit our early attempts have gone wrong and that it's time to move on from the "Ford Model T" stage of computers.

We have the hardware power, let's think again about the software from the ground up and not add another layer to the foundations of sand we created when we did not know any better.

Phil Geeson

Developing cyber weapons does not require the massive infrastructure usually associated with conventional arms (Nato chiefs to decide on cyber warfare policy). A couple of PCs and a couple of smart programmers, and you have all you need to create a cyber weapon.

Advanced data weapons have unique capabilities that make their detection and elimination much more difficult than conventional viruses and trojans.

As with the conventional arms race, countries with significant defence spending have taken the lead in the cyber arms race.

But that trend is changing rapidly. In the past few years malicious code with advanced features has been created for less than $3,500 (£1,762). We are witnessing the emergence of cyber arms dealers. And the cost of  cyber weapons are in the range of poor and developing countries.

Kevin G. Coleman