Well, well, well. The official review of the leaked Budget documents that circulated last Wednesday ahead of Rachel Reeves’s fiscal statement has been published – and its findings are significant. It transpires that the ‘inadvertent’ error that led to the OBR report going live ahead of time was a result of IT weaknesses. But more than that it has emerged that the ‘worst failure’ in the organisation’s 15-year history had, er, happened before: back in March, with the release of their economic forecasts for Rachel Reeves’s Spring Statement. Good heavens…
As the Chancellor was preparing to deliver her Budget, eagle-eyed observers spotted that the online PDF version of the OBR report was reachable by swapping out ‘March’ in the URL for the Spring Statement with ‘November’. The slip-up was first reported by Reuters, with the review into the leak showing that the document was downloaded by someone an hour before Reeves was due to speak in parliament – on their 33rd attempt. Talk about persistence, eh?
The error arose thanks to two configuration errors in the OBR’s website, with a WordPress plug-in creating a public link to the report which bypassed the website host’s ‘hidden until publication’ protection. Eleven minutes after Reuters first reported the mistake, the Treasury alerted the OBR – but thanks to high website traffic, neither staff nor the web developer were able to remove the document at first, or pull the entire site. Eventually the PDF was renamed and then removed at 12.08pm. Astoundingly, this wasn’t the first time something of this nature had happened – with the review finding that someone had accessed the Spring Statement early too. Crikey!
The review, conducted by ex-spook Professor Ciaran Martin, concluded that the entire publication process depended on one external web developer, with the OBR relying on a WordPress site meant for use by a small organisation. There had been no real focus on the website’s security and, as has now been made clear, no one had checked whether the pre-publication protections actually worked. As such the probe has recommended that the OBR site should be moved onto a more secure government platform, alongside a ‘deeper forensic examination’ of past economic forecasts. And, rather damningly, the investigation notes that the budget watchdog’s mistake had ‘inflated heavy damage’ on its reputation – for which its leadership should be held responsible. Expect heads to roll…
Comments