Imagine you’re the UK Government in the middle of the biggest crisis the country has faced since World War II.
Imagine that more than 30,000 people in the UK have died after testing positive for coronavirus – the only nation outranking the UK in its death toll is the United States, with a much much larger population.
Imagine that over half the population believes that you, the UK government, took too long – compared to our European neighbours – to impose a lockdown.
Imagine that you have decided, like other countries, to develop a smartphone app that might help quickly trace recent contacts of anyone with the coronavirus. But, unlike many other countries, you are trialling a “centralised” model app, which requires the potentially sensitive data on a central computer server rather than the alternative, “decentralised” model proposed by Apple and Google, where information stays on people’s handsets.
Obviously calming people’s understandable privacy and security concerns about such an app is going to be an important factor to increase chances that a decent proportion of the public will download it.
So, who does the UK government appoint to head up the NHS COVID-19 tracing app?
None other than Baroness Harding of Winscombe. Perhaps better known to you and me as Dido Harding, the former CEO of TalkTalk.
Dido Harding, you may recall, was for a couple of weeks in 2015 a regular fixture on UK news reports as she attempted to answer technical questions about the “sequential attack” against TalkTalk, and struggle to clarify what customer data had been exposed, and whether it had been encrypted or not.
I got the distinct impression that she didn’t know what she was talking about…
It turned out that the people responsible for the TalkTalk hack were teenagers who had used a rudimentary SQL injection attack to steal customer details.
In my view, TalkTalk acted pretty badly before the hack (there had been a string of other data breaches involving the firm in the previous 12 months) and atrociously to defrauded customers who attempted to quit their contracts with the firm.
Astonishingly, Dido Harding tried to claim that TalkTalk’s security was “head and shoulders” better than the company’s rivals.
The ICO’s specialist technical team supported the enforcement team and found TalkTalk had failed to remove, or otherwise make secure, the webpages that enabled the attackers to access the underlying database. The investigation also highlighted that the database software in use was outdated. It was affected by a bug for which a fix had been made available over three-and-a-half years before the cyber attack but which had not been applied. The bug enabled the attackers to bypass access restrictions that were in place on the database. TalkTalk also failed to undertake appropriate proactive monitoring activities to discover vulnerabilities.
So why has the UK government chosen Dido Harding to lead the project?
The cynic in me wonders if they believe that should a cock-up occur, what better fall guy would there be than Dido Harding to take the blame?
💣 Dido Harding, ex-CEO of TalkTalk, now on board of Jockey Club
🐴 Jockey Club staged Cheltenham Festival in March. Attendance: 150,000
☠️ Calls for inquiry after spike of C19 deaths in Cheltenham: https://t.co/8Z32Z6UxWF
🤦️ Dido given Covid-19 'test and trace' head job. pic.twitter.com/1nB5NHr8bJ
— Graham Cluley (@gcluley) May 11, 2020
Health Secretary Matt Hancock says he can’t think of anyone better than Dido Harding to lead the project.
— Matt Hancock (@MattHancock) May 7, 2020
Further reading: Info on NHS Coronavirus app leaks out via Google Drive snafu