20 years of mySociety 20 years of mySociety

TheyWorkForYou

Menu

ICT Policy

3. Questions to the Senedd Commission – in the Senedd on 30 June 2021.

Alert me about debates like this

Photo of Alun Davies Alun Davies Labour

(Translated)

5. Will the Commission make a statement on its ICT policy for the sixth Senedd? OQ56681

Photo of Elin Jones Elin Jones Plaid Cymru 3:35, 30 June 2021

(Translated)

The Commission’s policy is to provide secure and adaptable ICT services that allow Members, their staff and Commission staff to work efficiently and flexibly. By way of example, all users have the option to select mobile devices to support flexible working and Commission applications and information can be accessed via a cloud service.   

Photo of Alun Davies Alun Davies Labour

I'm grateful to the Presiding Officer for that. I was profoundly shocked to read section 2 of the policy, where it states very clearly that the Senedd Commission may without notice check and make and keep copies of all information, which includes, but is not limited to, telephone calls and any electronic communications, stored information, data sent, received created or contained within the Senedd ICT system. These are extraordinary intrusive powers that the Senedd Commission seems to have granted itself, and far more intrusive than would be available to either the police or the security services, if they were investigating criminality without seeking judicial approval. And, it appears to me, that this level of potential spying or snooping on elected Members, doing their work on behalf of the people of Wales, is wholly and completely unacceptable. I would ask this Senedd Commission to urgently withdraw this part of the policy, rewrite this policy, with the collaboration and cooperation of Members, and then we can have a policy that all of us feel a part of, and where we don't feel that we're being treated as criminals. 

Photo of Elin Jones Elin Jones Plaid Cymru 3:37, 30 June 2021

I can assure Members of this Senedd that they are not treated as criminals, neither does the Commission use any of this guidance for the purposes of spying or snooping, and I'm comfortable then in working with Members and Commissioners to give the reassurance, and to review this policy, if needs be, and, therefore, we can do that. But this policy is in place to both protect Members and, also, to ensure, if investigations of abuse of any kind or criminal behaviour have been undertaken by any Member or member of staff, that there is the ability to look into that information. But the ability to do that is done in light of restrictions that we have placed on ourselves, and it's not, in any way, any fishing exercise that can happen by the Commission. But, as I said, I'm perfectly happy, now that it's been raised in questions here, to provide any reassurance and to review, if necessary. 

Whoops! There was an error.
Whoops \ Exception \ ErrorException (E_CORE_WARNING)
Module 'xapian' already loaded Whoops\Exception\ErrorException thrown with message "Module 'xapian' already loaded" Stacktrace: #2 Whoops\Exception\ErrorException in Unknown:0 #1 Whoops\Run:handleError in /data/vhost/matthew.theyworkforyou.dev.mysociety.org/theyworkforyou/vendor/filp/whoops/src/Whoops/Run.php:433 #0 Whoops\Run:handleShutdown in [internal]:0
Stack frames (3)
2
Whoops\Exception\ErrorException
Unknown0
1
Whoops\Run handleError
/vendor/filp/whoops/src/Whoops/Run.php433
0
Whoops\Run handleShutdown
[internal]0
Unknown
/data/vhost/matthew.theyworkforyou.dev.mysociety.org/theyworkforyou/vendor/filp/whoops/src/Whoops/Run.php 
    /**
     * Special case to deal with Fatal errors and the like.
     */
    public function handleShutdown()
    {
        // If we reached this step, we are in shutdown handler.
        // An exception thrown in a shutdown handler will not be propagated
        // to the exception handler. Pass that information along.
        $this->canThrowExceptions = false;
 
        $error = $this->system->getLastError();
        if ($error && Misc::isLevelFatal($error['type'])) {
            // If there was a fatal error,
            // it was not handled in handleError yet.
            $this->allowQuit = false;
            $this->handleError(
                $error['type'],
                $error['message'],
                $error['file'],
                $error['line']
            );
        }
    }
 
    /**
     * In certain scenarios, like in shutdown handler, we can not throw exceptions
     * @var bool
     */
    private $canThrowExceptions = true;
 
    /**
     * Echo something to the browser
     * @param  string $output
     * @return $this
     */
    private function writeToOutputNow($output)
    {
        if ($this->sendHttpCode() && \Whoops\Util\Misc::canSendHeaders()) {
            $this->system->setHttpResponseCode(
                $this->sendHttpCode()
[internal]

Environment & details:

Key Value
type senedd
id 2021-06-30.4.371265
s speaker:26124
empty
empty
empty
empty
Key Value
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PHPRC /etc/php/7.0/fcgi
PWD /data/vhost/matthew.theyworkforyou.dev.mysociety.org/theyworkforyou/www/docs/fcgi
PHP_FCGI_CHILDREN 0
ORIG_SCRIPT_NAME /fcgi/php-basic-dev
ORIG_PATH_TRANSLATED /data/vhost/matthew.theyworkforyou.dev.mysociety.org/docs/section.php
ORIG_PATH_INFO /senedd/
ORIG_SCRIPT_FILENAME /data/vhost/matthew.theyworkforyou.dev.mysociety.org/docs/fcgi/php-basic-dev
CONTENT_LENGTH 0
SCRIPT_NAME /senedd/
REQUEST_URI /senedd/?id=2021-06-30.4.371265&s=speaker%3A26124
QUERY_STRING type=senedd&id=2021-06-30.4.371265&s=speaker%3A26124
REQUEST_METHOD GET
SERVER_PROTOCOL HTTP/1.0
GATEWAY_INTERFACE CGI/1.1
REDIRECT_QUERY_STRING type=senedd&id=2021-06-30.4.371265&s=speaker%3A26124
REDIRECT_URL /senedd/
REMOTE_PORT 49568
SCRIPT_FILENAME /data/vhost/matthew.theyworkforyou.dev.mysociety.org/docs/section.php
SERVER_ADMIN webmaster@theyworkforyou.dev.mysociety.org
CONTEXT_DOCUMENT_ROOT /data/vhost/matthew.theyworkforyou.dev.mysociety.org/docs
CONTEXT_PREFIX
REQUEST_SCHEME http
DOCUMENT_ROOT /data/vhost/matthew.theyworkforyou.dev.mysociety.org/docs
REMOTE_ADDR 18.226.93.22
SERVER_PORT 80
SERVER_ADDR 46.235.230.113
SERVER_NAME matthew.theyworkforyou.dev.mysociety.org
SERVER_SOFTWARE Apache
SERVER_SIGNATURE
HTTP_ACCEPT_ENCODING gzip, br, zstd, deflate
HTTP_USER_AGENT Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
HTTP_ACCEPT */*
HTTP_CONNECTION close
HTTP_X_FORWARDED_PROTO https
HTTP_X_REAL_IP 18.226.93.22
HTTP_HOST matthew.theyworkforyou.dev.mysociety.org
SCRIPT_URI http://matthew.theyworkforyou.dev.mysociety.org/senedd/
SCRIPT_URL /senedd/
REDIRECT_STATUS 200
REDIRECT_HANDLER application/x-httpd-fastphp
REDIRECT_SCRIPT_URI http://matthew.theyworkforyou.dev.mysociety.org/senedd/
REDIRECT_SCRIPT_URL /senedd/
FCGI_ROLE RESPONDER
PHP_SELF /senedd/
REQUEST_TIME_FLOAT 1732272144.1229
REQUEST_TIME 1732272144
empty
0. Whoops\Handler\PrettyPageHandler