Please protect us from our own stupidity
It seems like the simplest thing. Compose an email message and then CC colleagues. But,due to a Ministry of Defence blunder, this simple action, built into pretty much every piece of email client software, has now put the lives of more than 250 Afghan interpreters at risk.
Following the decision to begin the withdrawal of military forces from Afghanistan, in June, the Government announced that local staff who worked for the UK Government in Afghanistan, including many who worked as interpreters for UK forces in the country, will be eligible for expedited relocation to the UK under the Afghan Relocation and Assistance Policy (ARAP). According to The Times, an MoD official has been suspended pending an investigation into the data breach.
Clearly the MoD wanted to get the message out to the Afghan interpreters it worked with, but thanks to the innocuous CC button in email software, these people are now identifiable, and at risk of torture or execution. Most are likely to leave their homes to avoid being found. Their situation is dire.
Who’s to blame?
No doubt, Defence Secretary, Ben Wallace’s investigation will put the blame on a lack of training and due process being followed. But designers of email client software also have a duty. They cannot hide behind the excuse that they cannot anticipate every situation in which their software will be used. The fact that it is far too easy to send out a mass email is something every organisation should be concerned about.
An email address is personally identifiable information, covered by data regulations like GDPR. Thus, revealing it through the CC mechanism is a data breach. While a car accident is usually the result of driver error, to reduce serious injuries, the car maker is expected to build automobiles in a way that makes them as safe as possible. Similarly, while every use case for email client software cannot be anticipated, software providers designing these applications need to take into account the “what-ifs”. Accidentally CCing everyone is not exactly an unlikely user error scenario.
Good software is supposed to be easy to use. “Intuitive” is one of the buzzwords software providers like to use when describing usability and user experience. How good is a user experience if the user is having to think about whether what they are doing will inadvertently cause a data breach, which may directly or indirectly lead to someone being harmed? It is about designing software around human stupidity. Please provide guard rails on email clients to protect us from the common mistakes we are all likely to make.