A classic ‘information security’ case-study is unfolding as the redacted censored facsimiles of MPs’ expense claims are finally made public. Comparing what we know some of the receipts said with what the censors thought we should not be allowed to see communicates far more than the data could do on its own.
In some cases the message is simply surreal, as this piece by Martin Rosenbaum illustrates: for instance, apparently we are allowed to know that Tony Blair has a Siemens dishwasher, but details of which model it is have been doubleunpublished… despite the fact that that information had already been released in a 2008 FoI disclosure of the same receipt.
In other cases it is less benign. For instance, it is now established (through the Telegraph leaks) that Margaret Moran MP claimed for dry-rot treatment on a house which was impractically distant from her constituency: the redacted version of the receipts would have allowed that fact to remain concealed. The Fees Office explains this, with some justification, on grounds of security – but there clearly also needs to be some mechanism for preserving accountability where that is the very detail which could reveal abuse of the system.
The classic ‘information security’ solution to this classic problem would be to rely on a trusted third party, able to see and act on the data in question while protecting it from inappropriate public disclosure. The question is, can the parliamentary admininstration come up with a viable candidate for that role?