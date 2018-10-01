AS THE CONSERVATIVE party conference got underway over the weekend, the government plan was to show steely competence in the face of brutally unforgiving conditions. Faced with this difficult challenge, the party prepared its run up, rose like a salmon and smacked head-first straight into the very first hurdle, creating an app for delegates that would hand out personal information like candy.

The head-slappingly stupid exploit - which has now been blocked - wasn't so much a bug as spectacularly poor design. To access their account, delegates just needed to enter their email address with no password required. Given plenty of the attendees are high-profile politicians with public email addresses, you should already know what happened next.

Michael Gove had his mugshot changed into a picture of Rupert Murdoch, his old boss at News International, while Boris Johnson had porn uploaded over the top of his picture. Although in Johnson's case, that could quite easily have been done by the former Foreign Secretary himself, in between column writing.

But more serious than the profile vandalism was the leaked data: anyone who used a publicly available email address risked having their mobile phone number leaked far and wide. The Conservative Party is now working with the Information Commission to put forward a full report covering the full extent of the problem.

Conservative party chairman Brandon Lewis dodged the question when asked by Sky News if he'd resign over the fiasco. "At the moment our focus is making sure that conference goes well, that the attendees have a really good conference, that yesterday we got that app sorted as quickly as we possibly can and we get to the bottom of exactly what happened and why it happened," he responded.

The one bright spot in all of this is that most public attendees won't have guessable email addresses. All the same, this should fill you with dread: these are the people that float using technology to solve the Irish border problem post-Brexit, and they don't even understand the importance of password security.

More to the point, they're also the people who want you to provide ID to access adult websites. If they can't be trusted to keep their own privacy in order, why the hell should they be better at protecting yours?

For now, ministers might be better advised to practice on less taxing problems. Like arranging piss-ups in breweries. µ