Home page
Avoiding data protection fiascos

There would appear to be many techniques and IT systems design methodologies which can help reduce their cost and raise their security. In this article we outline some of theses.

The concept to product cycle

The concept to product cycle is the whole process between the conceptualization of a solution to a problem and the operational status of such a solution. According to Hector McNeill, Director of SEEL a British R&D group, there has been a serious dumbing down of the conceptualization process:

"Most new systems being imlemented are customizations of existing commercial system models. Many of the software design systems remove the programmer from a considerable amount of code writing. It is not an exaggeration to state that if one showed the code generated by a design system to the programmer doing the design, many would not understand the code. The situation is one where people are designing, willy nilly, to a default proprietary standard promoted commercially by about four very large software companies."

Economy

"Most of the big names in software solutions use this standardised approach with authoring systems generating code and basing new systems on customisation of existing systems should reduce the costs of each new system. This does not happen because of a practice of over-specification resulting in there being a standard base charge to which is added design effort resulting in a tendency for systems to be progressively more expensive. It is quite common for systems houses to knowingly over-spec in order to be able to charge out intellectual effort hours, some 80% of which have already been paid for by existing or former customers."

Step by step is faster and cheaper

Amongst the standards developed at SEEL there are a set geared to reducing costs of development and shortening the concept to product cycle. At the same time these standards emphasize higher standards of security for data. Two basic building blocks in these systems development standards include:
  • ISPS-Internet Systems Prototyping Services
  • CFA-Critical Functional Analysis
According to Hector McNeill,

"Internet Systems Prototyping Services or ISPS was developed to help clients take informed decisions. It is a pre-project demonstration of proof of:
  • systems concept
  • designer/implementer capability
"Such an approach, based on a demonstration of a prototype, removes the client from the over-bearing dominance of service provider sales department propaganda. Many of the over-costed projects involve large IT companies who are not geared to responding to specific needs at the sales stage so clients have to take decisions on the basis of assumed competence. ISPS is the provision of a working model of the concept which not only demonstrates feasibility it already demonstrates that those who created the prototype can build such an operational system. With today's scripting languages, sophisticated online prototypes can be demonstrated within days as opposed to months. Basically, if the concept is feasible it can be written down as can functional algorithms. By scripting these one ends up with a prototype. Potential clients do not have to take leaps of faith into a commitment to a development contract which is poorly specified and unproven."

"Where the project has particularly complex processing issues or very high security specifications then it is as well, at the ISPS stage, to introduce Critical Functional Analysis or CFA. CFA is a technique used to describe information processing systems in terms of critical paths of processing functions. Somewhat like supply chain design or critical path analysis, it provides a transparent means of identifying potential systems processing bottlenecks. It is used to select out combinations of required functionality which could represent challenges to successful implementations and risking failures or delays in meeting specified standards. In projects which do not include effective ISPS and CFA delays are probably inevitable leading to escalating costs. In the case of large systems, additional costs can be significant. One of the characteristics of British government IT schemes is their ambitious scale. Quite often one senses that politicians want to be associated with the hollow concepts of the first and the biggest without realising the risks of failure which has political consequences. On the other hand they are encouraged to some extent by the professional irresponsibility of the solutions providers who avoid exposing their true capabilities to their clients."

Personal data sercurity

On the question of personal data security a previous article has outlined some of the issues (see Data protection fiasco reflects democratic deficit) However McNeill has added some additional observations:

"When dealing with large government projects and systems providers there is a heirarchy of knowledge relating to the objective of the exercise and to capabilities in implementing a solution. The knowledge on the objective tends to lie with government but in reality, if this has an origin in policy propositions one normally finds the reports justifying the approach are poorly thought out and often partisan in that the report has built-in political party preferences. On the side of the solutions provider one often has analysts and programmers generating code but they do not understand the code but rely on the authoring system output being compatible with an operating system or interface specification. Quite often security is a matter of ticking an authoring system option to provide the resulting system with specific types of very well defined security options. Programmers and analysis who work at code level and do not use such authoring systems, can work out how to get round most security barriers. If they also have access to a powerful computer then the generation and testing of specific passwords can become a relatively easy process. This also covers encryption where a name or a password is used as the key to apply different types of well known encryption methods. This means, even without losing a CD full of data, many large systems are compromised in terms of security becasue they use very well known proprietary standards."

"A solution to this problem is to not make systems datacentric or centred on a database structure. The trick is to make the processors the access to the information which should be in disaggregated form. Conceptually it is like having a bag full of DNA. If someone hacks into that DNA they dont know if it describes an elephant or an ant. However if the processors hold the genetic codes they can re-create the data sets in the processing but never write that to a permanent holding state such as a disc. For different data arrangements to imply extra cost is slightly absurd when one is talking about a few seconds or minutes of memory accesses. In any case transferring data by CD should be impossible in a secure system and in any case transferring raw DNA to another system should not compromise the personal data since the receiving system should not be able to decode it. In really secure systems, compatibility is a bad word. Once one gets into the specificity of types of applications and the unique process code appropriate to each application things become very interesting because they generate a domain of non-standarised detail. This is why the approach to secure solutions is founded in an aspect of location-state theory which gives particular emphasis to the specificity and uniqueness of personal data. In the end it is non-predictable differences which provide a foundation for building a secure system. This is in marked contrast to the widely used generic configurations, standardised data management approaches and predictable, relatively insecure security devices."

Posted: 23rd November, 2007.