Reactions to The Unsecured State

It has been an intense few months digging through the security failings of the UK Government’s websites and trying to responsibly disclose them. It culminated with a week of blog posts exposing the vulnerabilities - and an award winning hackathon project.

So what has been the reaction?

The Good

Privately, I've been contacted by people within the Civil Service who are working hard to make things better. I wouldn't exactly say they're overjoyed with what happened - but they're certainly pleased that external people are highlighting the problems.

I've sent highly detailed reports to people who should be responsible for these flaws. On the main, they've been very happy to receive them.

I've had one or two "interesting" conversations with people who think that I should leave well enough alone. They fear giving up power to central government. That's a legitimate concern, but when a site owner has demonstrated their inability to perform basic website security, I think it is reasonable to expect them to surrender responsibility to those who are more capable.

I am convinced that some sections of the state are treating this as a serious problem. They are working hard to make things better - it will take a long time, as is to be expected with a large organisation, but a change has started.

The Press

Computer Active NHS
The coverage has been fairly widespread - although not as I had expected. It's always temping to assume that other people understand the narrative vision you're tyring to accomplish. I thought that the abandoned websites would get more traction than it did - in the end it was the spoof Michael Gove post which really grabbed the public imagination.

Here are a selection of news sites that I've found talking about the stories.

And the Daily Mail. Although I won't be linking to them!

The Political

One frequent comment I got was that I should avoid putting political commentary in my technical blog posts.

  • It weakens the argument.
  • Some people will be reluctant to share the post.
  • My political analysis isn't as well developed as my technical analysis.
  • I risk alienating the people who are likely to help.

I see the validity in those arguments. There is certainly a risk that people dismiss the problem because I highlight a specific political opinion. That's a risk I'm happy to take. It is simply impossible to address these issues without exploring the underlying reasons why they have occurred.

I am a political person. The actions our politicians take do affect me. I am aware that my politics are probably not the same as yours, dear reader - but I see no valid reason not to include my political thoughts on blogs which involve politicians and the government.

It's not enough to point out that the Emperor has no clothes - I have to point out that his advisers are in the pay of fraudulent tailors and that his policies have directly lead to this disastrous situation. To do otherwise would do a disservice to the argument. We cannot analyse a problem without determining its cause and, when the government is failing to protect its websites, we must look at the political causes.

Politics is the art of making public choices, and we do not make an issue less political by denying that there are choices involved.

Technology is not neutral. Service design is not neutral. Decisions about priorities and resources are not neutral. There are some important questions facing the future government – any future government – about where digital goes next.


[T]hose debates are intrinsically political, because digital is political.

Stefan Czerniawski -

Final Thoughts

I'm sure I will be returning to this subject in the future. For now, I'm happy to leave it in the hands of those fine people within the state who I know are working hard to resolve this situation.

We have an opportunity to fix this mess - and I like to think that I've played a small part in the process.

Thank you for reading, I hope you have found it useful.

One thought on “Reactions to The Unsecured State

  1. Martin Hall says:

    As always love the technical part of the posts, however as you mention the political part can alienate. Not because I don't share the same views but because it makes perfectly reasonable post a very one sided one.

    For example not linking to DailyMail, Why even mention the site in your post?, It's only mentioned to make an anti right leaning statement and not a statement about them picking up on the failing of the IT management within the UK gov sector.

    Lastly there is no mention that the majority of the sites were not commissioned by this government but most likely under the last gov.

    Actually it's strange that I find myself writing the above as I'm also not a supporter of our current gov but would rather tech posts steered clear of political or religious views and stick to the main story. (you've managed one of the two at least)

Leave a Reply

Your email address will not be published.

%d bloggers like this: