There’s been plenty of speculation online amongst the politically ranty that the OBR analysis of The Budget yesterday was deliberately published early. It was not, neither as an act of malice nor as an attempt to profit from insider trading.
The OBR website runs on Wordpress. Analysis of what happened was that the post containing the report was published in advance, using a short URL format (probably automatically generated by Wordpress itself) which was guessed by the journalist and loaded into their browser in readiness, who expected to find a content not found page rather than the published page.
The identity of the person who published the document will have been known within minutes of the mistake, and will within hours have been put on suspension pending an investigation, which could result in being sacked. The investigation will determine whether the individual who clicked Publish did so out of laziness, under-competence, or because they were instructed to by somebody more senior in the organisation with a reputation for being grumpy saying don't argue with me just get the damn thing ready.
The usual publishing workflow for any CMS is author->editor->approver; depending on the nature of the content and composition of the team, individuals may hold multiple roles, eg an author may also have permission to approve, or an editor may have permission to approve, etc.
The mistake could have been somebody clicking publish when they thought they were sending it to the approver to publish, or it could have been a scheduled post that was accidentally set to publish two hours early. Or indeed plenty of other possibilities which are much more likely than somebody deliberately risking their career or their freedom on a prank.
For 99% of any organisation’s content, the simple publishing workflow is more than adequate, indeed for 80% of any organisation’s content the workflow process may even be overkill.
But for 1% of many — especially government or finance — organisations’ content, a mistake like this could in the absolute worst case scenario result in gaol time for the person making that mistake.
A simple solution to prevent future occurrences like this could be to make it like firing a nuclear missile, and have content that can be designated sufficiently sensitive that it requires two approvers to approve it before publishing rather than just one; this could be easily implemented as a plugin for open source CMS products like Wordpress, Drupal, or Umbraco, and easily built in to commercial proprietary CMSs. Whilst arguably this mistake was an intentional mistake (if you see what I mean) rather than an accidental mistake that a pair of firing keys being turned simultaneously might not have prevented, it would at least have given an opportunity for one or the other publishers to pause and say 'is this actually a good idea?', and for it to have been two individuals sharing the responsibility.
‘It was just one mistake’, you might say, ‘no need to overreact’.
But, as organisations move web publishing roles from dedicated web publishing professionals to add-ons to the jobs of people in other areas of the organisation, you can expect more mistakes. This indeed is yet another reason why this kind of work shouldn’t be farmed out to people who have other things to focus on which to them is more important.
Nobody should lose their job for a mistake The System should have stopped them from making. It’s the responsibility of people like us who design and build mission critical systems to protect people from their own lack of skill, knowledge, and diligence.