Lessons from a recent Judicial Review case on IT security and the LSC tendering process:

Similar documents
Palabora Copper REQUEST FOR PROPOSAL SUPPLY AND DELIVERY OF BEARINGS AND ACCESSORIES RFP.PC.2017/18 PART 1 PROPOSAL INFORMATION AND CONDITIONS

Policies and Procedures Handbook Procedure No.: T.2 Illinois Institute of Technology Date of Issue: 7/11

REQUEST FOR PROPOSAL

CALL FOR APPLICATIONS FOR THE SELECTION OF MEMBERS OF THE TACHOGRAPH FORUM

PRE-HEARING DECISION ON A MOTION

Our firm only processes the data that is required for the preparation, implementation and completion of the case in question.

12042/16 MGT/NC/ra DGE 2

IN THE HIGH COURT OF NEW ZEALAND CHRISTCHURCH REGISTRY CRI [2015] NZHC 775 ANDREW NIKORA NEW ZEALAND POLICE. N A Pointer for Crown

Note: it is a criminal offence to give false information in this application.

RSPO PalmTrace - Book and Claim Terms and Conditions

RENEWAL FORM AS A PRODUCER OF BATTERIES AND ACCUMULATORS FORM E YEAR 2017

Learning Objectives. Become familiar with: Elements of DWI offenses Implied consent Chemical test evidence Case law

CUSC Modification Proposal Form CMP270

Service Delivery Strategy

Section 1 Scope of application

JUDGMENT OF THE COURT (Sixth Chamber) 9 June 1994 *

GENERAL TERMS AND CONDITIONS OF EINDHOVEN AIRPORT PARKING FACILITIES Ryanair

Supplementary advice to the Transport and Industrial Relations Committee

OPTION I. Pay the Fine

DEREGISTRATION FORM AS A PRODUCER OF BATTERIES AND ACCUMULATORS

PLEASE NOTE Legislative Counsel Office not Table of Public Acts

Understanding design patent practice through the Jaguar Land Rover case

Village of Schiller Park Automated Red Light Enforcement Program

Major Customer Connections. Preliminary Enquiry Form Embedded Generation > 30 kw

Village of Lombard Automated Red Light Enforcement Program. OPTION I. Pay the Fine

Abu Dhabi Department of Transport Application Form Non Objection Certificate (NOC)

Driving with Medical Conditions

JUDGMENT OF THE COURT (Sixth Chamber) 2 June 1994 *

Response to. Ministry of Justice Consultation Paper. Driving Offences and Penalties Relating to Causing Death or Serious Injury

Before: DISTRICT JUDGE SKALSKYJ-REYNOLDS EXCEL PARKING SERVICES LIMITED. -v- MR IAN LAMOUREUX. Case No. C3DP56Q5 Solicitor for the Claimant:

QUESTION / CLARIFICATION

Caveat Venditor e-tendering Systems and the Problem of Genuine Mistakes

Low Emission Zone Vehicle Registration Form

Land Transport Rule Traction Engines [2008]

INTERNATIONAL COURT OF APPEAL (I.C.A.) of the FEDERATION INTERNATIONALE DE L'AUTOMOBILE

CITY OF PORTSMOUTH PURCHASING DEPARTMENT PORTSMOUTH, NEW HAMPSHIRE. Annual Fuel Bid - #01-18 INVITATION TO BID

INDUSTRIAL HAUL AGREEMENT

REVISED REQUEST FOR QUOTATIONS FOR PRINTING SERVICES Food and Nutrition Technical Assistance Project III (FANTA)

Parking Terms and Conditions

COMHAIRLE CONTAE DHÚN LAOGHAIRE - RÁTH AN DÚIN DÚN LAOGHAIRE RATHDOWN COUNTY COUNCIL

Aamco Transmissions v. James Dunlap

Request for Proposals: (1) 2018 FORD TAURUS SEDAN SE (1) 2018 Ford F-150 XL Regular cab 4x4 (2) 2018 Ford F-150 XL 4x4 Crew Cab 4x4

Motor Vehicle Law. Motor Vehicle Law approved. (2015, Union Parliament Law No. 55) (7 September 2015)

#14. Evaluation of Regulation 1071/2009 and 1072/ General survey COMPLETE 1 / 6. PAGE 1: Background

BEFORE THE CANTERBURY REGIONAL COUNCIL. Act 1991 AND. of Plan Change 3 to the Waitaki Catchment Water Allocation Regional Plan

IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT. No Non-Argument Calendar. D.C. Docket No. 1:16-cv CC.

Every Disclosure Document issued by a Franchisor Member pursuant to the Code shall comply with the following requirements: -

Decision Blaze Energy Ltd. Application for an Exemption under Section 24 of the Hydro and Electric Energy Act.

Dublin Airport Chauffeur Code of Conduct Dublin Airport Chauffeurs Code of Conduct. Dublin Airport Parking

Commercial Driver s License Drug and Alcohol Clearinghouse Frequently Asked Questions

Minnesota Public Utilities Commission Staff Briefing Papers

Electrovaya Provides Business Update

RMS CONDITIONAL REGISTRATION SCHEME HISTORIC (CRS-H) RULES FOR MEMBERS. Mustang Owners Club Australia (N S W) Inc.

Notice regarding the Competition Law Treatment of Vertical Agreements in the Motor Vehicle Trade 1

MINUTES. OF THE 1st MEETING TYPE-APPROVAL AUTHORITIES EXPERT GROUP - TAAEG * * *

Road Transport (Safety and Traffic Management) (Driver Fatigue) Regulation 1999

Citation: Steeves v. Arsenault & Keough Date: PESCTD 55 Docket: SCC Registry: Charlottetown

Electric Vehicle Charging Station Incentives PROGRAM HANDBOOK

Patrick Wruck Commission Secretary

CASE No. 35 of In the matter of

711. USE OF VEHICLES ON SCHOOL BUSINESS

Application for a Taxi Driver s Licence

IN THE DISTRICT COURT OF APPEAL OF THE STATE OF FLORIDA FIFTH DISTRICT

INTERNATIONAL COURT OF APPEAL (I.C.A.) OF THE FEDERATION INTERNATIONALE DE L'AUTOMOBILE (F.I.A.)

MAINE LEMON LAW SUMMARY

LIIKENNEVIRTA LTD GENERAL TERMS AND CONDITIONS FOR THE CHARGING SERVICE

University of Leeds Car Parking Terms & Conditions

NOT DESIGNATED FOR PUBLICATION. No. 112,523 IN THE COURT OF APPEALS OF THE STATE OF KANSAS. STATE OF KANSAS, Appellee, STACY A. GENSLER, Appellant.

GREATER VANCOUVER SEWERAGE AND DRAINAGE DISTRICT BYLAW NO. 307, A Bylaw to License Commercial Waste Haulers

Alcohol & Substance Abuse Information. Please complete the following six pages. Sign all forms where highlighted in yellow

Addressing ambiguity in how electricity industry legislation applies to secondary networks

USAACE & Fort Rucker Preventative Law Program. Alabama Lemon Law

DRIVER FACT SHEET GENERAL QUESTIONS

SAKHALIN ENERGY INVESTMENT COMPANY LTD. INVITATION TO TENDER

MINIMUM REQUIREMENTS FOR PLACEMENT ON ROTATION

216B.164 COGENERATION AND SMALL POWER PRODUCTION.

Secretary of the Senate. Chief Clerk of the Assembly. Private Secretary of the Governor

Request under the Freedom of Information Act 2000 (FOIA)

THE EMPIRE DISTRICT ELECTRIC COMPANY P.S.C. Mo. No. 5 Sec. 4 1st Revised Sheet No. 23

NOTICE 379 OF Under section 15 of the Fire Brigade Services Act, 1987 (Act No. 99 of 1987), I, Lechesa Tsenoli, hereby intends to-,

Risk Control at United Fire Group

Wheeling charges, Banking charges & Cross Subsidy Surcharge for Solar Power Generators

Page 1 of 5. 1 The Code Administrator will provide the paper reference following submission to National Grid.

User Agreement For Transfer To/From Other Financial Institution (A2A) Transfer Service

Electric Vehicles and the Environment (EVE IWG)

Los Angeles County Metropolitan Transportation Authority Permit Parking Terms and Conditions

September 9, Ms. Kimberly D. Bose, Secretary Federal Energy Regulatory Commission 888 First Street, N.E., Room 1A Washington, DC 20426

SENATE BILL lr1706 A BILL ENTITLED. Vehicle Laws Manufacturers, Distributors, and Factory Branches Prohibited Acts

SENATE BILL 803. (1lr0342) ENROLLED BILL Judicial Proceedings/Judiciary

Attention: Mr. Patrick Wruck, Commission Secretary and Manager, Regulatory Support

To complete the process for a net metering interconnection, please follow the steps below:

SYNOPSIS OF PROPOSED GEORGIA DEPARTMENT OF PUBLIC SAFETY RULES CHAPTER TRANSPORTATION NETWORK COMPANIES AND TAXI SERVICES

July 15, In Ford s letter of May 2003 to law enforcement customers, Ford stated:

SSEFITAPP 2012_08_07 v2.1. FeeD-In TArIFF APPlICATIon ForM

Strange DINKY Made in Bulgaria Posted by RVREVO - 27 Apr :27

Case 4:16-cv Document 1 Filed in TXSD on 09/26/16 Page 1 of 7

ISLE OF WIGHT COUNCIL

MINISTRY OF TRANSPORT, INFRASTRUCTURE, HOUSING, URBAN DEVELOPMENT AND PUBLIC WORKS

ibusiness Banking Application Form Welcome to ibusiness Banking Need help completing this form? Adding an Additional Company to an existing Group

[non-binding translation] Trading Rules of the BX Swiss AG

Transcription:

Lessons from a recent Judicial Review case on IT security and the LSC tendering process: David Lock QC 1 This Note seeks to draw the attention of Legal Aid Practitioners to the outcome of a recent Judicial Review case, and to draw their attention to the potential consequences for legal aid practitioners involved in tendering for LSC contracts around IT security issues. The facts in R (M & Co) v Legal Services Commission. This case concerned a sole practitioner in Birmingham, Ms M who tendered to renew a small Family contract with 25 NMS in the current contracting round. She completed the PQQ successfully and then completed the ITT using the LSC s BravoSolution computer system. However, the day after the ITT was submitted, someone accessed her account on the BravoSolution computer system and changed the submission to indicate that she did not have an office in the relevant procurement area. Ms M has had an office for 20 years and still has an office. However that answer meant that her tender was non- compliant and it was subsequently rejected by the LSC. Ms M commenced Judicial Review proceedings to challenge the refusal by the LSC to reconsider their decision on the grounds that it was at affected by third party fraud. During the proceedings the technical computer information was provided by the LSC from the BravoSolution computer system. Expert computer evidence commissioned by Ms M (not by the LSC) confirmed that the changes in question to the ITT were made by somebody accessing the BravoSolution account from a home computer system to which a former employee had access. At this point it remains unclear whether the changes to the ITT were made by the former employee or somebody else using that ISP address. 1 David Lock QC and Louise Corfield of No5 Chambers (dl@no5.com) were counsel for Ms M in the case.

However it was clearly established that, whoever made the changes, it was not Ms M or anybody who had her authority to access the BravoSolution computer system. There were also issues in the case about the ease with which the password could be changed using the Forgotten Password box which then sends an email with a new password to the email address provided by the Applicant Organisation (which in turn raises issues about the data security of the given email address). Despite those facts being established, the LSC continued to defend the case which came before Mr Justice Bean on Friday 15 March 2013. At trial the Judge gave a strong preliminary indication on the merits and, faced with that indication, the LSC consented to an order to quash the decision to refuse Ms M a contract and agreed to reconsider the decision on the basis of the information provided in the genuine ITT. There was also provision for part of Ms M s costs to be paid by the LSC. The outcome of the case. This case was therefore a rare example of a successful Judicial Review against the LSC on a tendering issue, although it is perhaps unfortunate that no written judgement was provided indicating how the courts would deal with a case where a decision of a public body appears perfectly valid on its face but, unknown to the public body, has been affected by third party fraud. The lessons emerging the case. There are a number of issues which emerged from the case which may be of interest to legal aid practitioners. 1. The LSC see the BravoSolution username as being personal to an individual and not to the Applicant Organisation. There is provision within the BravoSolution etendering computer system for individuals to be registered and provided with their own username and password in addition to the login details and password for the Applicant Organisation. These statistics provided in the case

suggest that less than 20% of tenderers register any Applicant Users in addition to the Applicant Organisation. However, whilst this is not entirely clear from Information for Applicants document, the LSC interpret the User Agreement to provide that the initial username and password are not a username and password for the Applicant Organisation but are individual to the named person who is registered on the system. The LSC interpret the terms of the User Agreement to provide that this username and password are personal to that individual. 2. Disclosure of the username and password is a breach of the user Agreement. The LSC s case in M suggested that disclosure of the username and password by the original registrant to anyone constitutes a breach of the User Agreement. Any breach of the User Agreement results in automatic disqualification. It follows that every secretary, assistant or other individual at the firm needs to be registered as part of any LSC tender process and needs to be provided with their own username and password in order to login to the BravoSolution computer system. If a secretary is provided with a partner's username and password in order to complete part of the ITT, this may be considered by the LSC to be a breach of the User Agreement and thus may lead to automatic disqualification of the tenderer. The fact that 82% of applicants only register one username and password (or mistaken assumption that this refers to the Applicant Organisation rather than an individual within the Applicant Organisation) suggests that this might be widely misunderstood. The message from this case is therefore that an individual who registers on the BravoSolution computer system must not disclose their registration details to anyone else within the Applicant Organisation and that every single individual who has anything to do with a tendering process needs to be separately registered on the BravoSolution computer system in order to avoid a breach of the User Agreement. 3. Removing the registration of an Applicant User.

Another issue which emerged from the case was that whenever a person who is registered on the BravoSolution computer system leaves the Applicant Organisation or becomes in any way a person who the firm cannot rely upon (because for example there are suspended on disciplinary grounds), an application must be made to BravoSolution to have their username and password removed so that they cannot access the computer system. If the tenderer does not do this and there is any malicious use of the BravoSolution computer system by that individual, the Applicant Organisation will be bound by the changed tender. 4. How is responsibility allocated for fraudaulent use of the BravoSolution computer system within the User Agreement? The fourth issue from the case concerns paragraph 5.7 of the terms of the User Agreement. This provides: The Applicant shall be responsible for any unauthorised, false or fraudulent response to any invitation to participate in a procurement that is submitted using one of its Applicant Users ID and password The LSC has confirmed that this standard term which was not discussed with any legal aid practitioners before it was inserted into the User Agreement. Its effect is that the tenderer is deemed to be responsible in law for any fraud on the BravoSolution computer system committed by a third party, whether the tenderer is at fault in passing on a username and password or not. The wording would also appear to place responsibility for such a fraud on the tenderer even if the fraud was committed by an employee of BravoSolution or the LSC. The width of this term may be something that the LAPG wishes to take up on behalf of legal aid practitioners with the LSC. There were interesting arguments in the M case as to whether this clause fell within the scope of the Unfair Contract Terms Act 1977 and/or whether it was enforceable at law following cases such as Thornton v Shoe Lane Parking [1971] 2QB 163 but no decision was given as to whether this term was enforceable (and the concession by the LSC in the M case cannot be taken as an admission that the term is not enforceable in other cases). The outcome for Ms M.

The LSC have yet formally to confirm that Ms M has been granted a contract because the most that the court can do is to quash the decision and direct the LSC to make a new decision. However the issues raised in this case emphasise the need for legal aid practitioners to be vigilant on IT security issues when completing tenders. David Lock QC

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback