HMRC have published some media spin to try dampen down the furore over their special categories for Westminster Politicians and Celebrities, which tries to divert attention from the inadequacies of their back office systems,
See our previous blog article:
HMRC tax record security only for a minority of the privileged, but not for the rest of us for some background and Obvious Questions about this.
HMRC Online Services - secure and safe to use
Some newspapers and broadcast media have claimed that HMRC's online filing systems are not secure because Members of Parliament and a small number of other taxpayers cannot use the Self Assessment service.
This is completely untrue. A small minority of taxpayers, including MPs, cannot currently use online services because the additional internal safeguards on their records mean that their taxpayer reference numbers are not recognised on the authentication system.
This therefore has nothing to do with the security of our online services. HMRC online services use the highest levels of encryption generally available and authentication processes similar to online banks.
The security of the encrypted web session segment of the online tax return workflow process was not in question ! It is what could happens to everyone's tax returns once they are within HMRC shared infrastructure of back offices, internal postal courier and internal electronic networks, accessible by large numbers of low paid staff, that is the problem.
Focusing on just the encrypted web front end, and not examining the whole end to end workflow, is deliberate media manipulation by the HMRC spin doctors, which, unfortunately, may well bamboozle some of the mainstream media journalists and editors.
By adding an extra digit to the tax code of people in these Celebrity / Westminster Politician special categories, and, perhaps also to categories of people who are actually at more risk of physical danger if their home addresses are revealed, HMRC are making things less secure not more so.
If the various Poynter / Hannigan / Thomas and Walport / Burton and other Reviews, bother to look into the depths of the voluminous Ventral Government Departmental Standard Operating Procedures and Security Procedures, they will see, that it is standard practice to make sure that sensitive data does not stand out when it is being transported along common office or electronic network infrastructure, along with allegedly less sensitive data or documents.
This even extends to instructing, say, British Telecom, not to specially label data cables in their exchanges, as carrying Central Government Departmental data.
This is a common sense approach to reducing the risk of casual snooping or opportunistic thievery by internal staff who have potential access, if they make an effort, to specially marked or easily identifiable "juicy" VIP or Celebrity documents or data records, or highly Protectively Marked Material,
These HMRC special categories should be abolished, on the grounds of equality and actual security.