Prosecute those who design leaky data systems say IT pros
BCS urges government to adopt legal sanctions for badly designed data systems, for Investigatory Powers Bill
85 percent of IT professionals say it should be a criminal offence if a professional designs and implements a system to store website history, and fails to appropriately protect access to that data through the use of “good practice in information security”.
Such a law would probably also affect IT service providers and integrators, if the government adopts it in imminent legislation.
Research was commissioned by BCS, The Chartered Institute for IT, and the organisation is now urging the government to fully explore whether “reckless disclosure” of the public’s data should be included as a criminal offence in the proposed Investigatory Powers Bill presented by the Home Secretary.
David Evans, director of policy at the Institute, said: “The criminal offence around misuse of data outlined in the Bill is welcome, however we can and we must create systems which by default protect against misuse.
“In an area of critical national importance, it would be reckless and inexcusable for individuals to design data systems which created unnecessary risks to the public, where those risks could have been prevented through known techniques.”
The survey also revealed that 76 percent of IT professionals “disagreed” or “disagreed strongly” that in order to protect national security, companies should weaken or defeat their own security measures to provide authorities with access to content that has been encrypted.
Evans added: “As an organisation with a Royal Charter and purpose to Make IT Good for Society, I want to see society as a whole debate the role technology has in protecting against crime and issues of proportionality.”
For its research, the BCS commissioned research which questioned 440 BCS members.
@AntonySavvas