back to article Will Darling's data giveaway kill off ID cards?

Anti-ID card campaigners believe that yesterday's admission by Chancellor Alistair Darling that the government has lost records and private information relating to 25 million people could be the nail in the coffin for the ID card project. A spokesman for campaign group NO2ID said: "It's inevitably good news for our campaign …


This topic is closed for new posts.
  1. TeeCee Gold badge

    To answer the question, No.

    In the paper:

    "Alistair Darling said that the biometric identifiers that would be entered on to the ID database would make such blunders less likely."

    So they're trying to spin this as a *positive* thing for the ID card database. Yet again the Government proves that between Them and the Real World there's a yawning chasm filled with bullshit.

    Can we have an icon of Gordon Brown nailed to the cross with his bollocks on fire and being pelted with rotten fruit please? To save effort, just set it up and I'll come and take the picture for you.

  2. James

    But they're secure....

    ... because they contain biometric data (according to Mr. Darling on the BBC news this morning). But even that looked like a fudge.....

    I'm not sure why he believes that biometric data would make an ID card database more secure. Do politicians live in a parallel universe where technical reality rarely intrudes?

    Hopefully this whole issue will focus on the entire spectrum of security of personal data held in any large database, anywhere by anyone.

    I don't trust any organisation to be able to make personal data secure. I now expect that my data WILL be lost, leaked, stolen at some point.

    Sigh ! !

  3. Pete Silver badge

    it's all available anyway

    Given that the banks, utilities and other companies all have offshore call centres and outsourced data centres our personal data is readily available to the staff who work in these places. I'd be surprised if NO call centre staff, on a few dollars a day, don't make extra cash by jotting down customer details when they take calls.

    Likewise datacentres in low-wage countries will have all this stuff in their databases and on backup tapes. This is all in places where UK data protection laws don't apply.

    At least with ID card data, there's no financial records or bank account info present.

  4. Anonymous Coward
    Anonymous Coward

    government spin

    we need to have databases with more information stored on us to protect against the leaks of databases of government information ... oh look, I've gone cross-eyed

  5. AndyB
    Black Helicopters

    ID chopping block

    Perhaps if Government ministers (including, and particularly, the PM) and their 'usual suspect' IT contractors offered up their necks as surety for the ID card database a few more of us might believe their hype about its security and infallibility.

    So how about it, Gordo? How about you, and your entire cabinet offer to resign and call a General Election if a single, solitary, ID / biometric passport database record gets 'lost' and/or ends up in the wrong hands?

    How about if the clowns who will actually build this database offer to compensate the taxpayer to the tune of, I don't know, say, £1M per lost record.

    I mean, its going to be totally secure, isn't it. So there would be no risk of Gordo making a trip to Buckingham Palace if he made such a pledge, is there? Totally risk-free, then. And a sure fire way to boost the public's confidence in ID cards.

    Not going to happen though, is it.

    Wonder why?

  6. Dave

    Hang on a second...

    Didn't they already do this with pensions data not long ago?

    Well hey, look at that, it's even in the related stories! (Thankyou Reg)

    They didn't think to maybe... 'be careful' with those CDs to avoid any

    more embarasment?

    Who are these 1 in 4 who trust the gov and are they retarded?

    I was shocked, despite being a cynic anyway, to hear that they actually shuttle our personal info about on CDs.. with private couriers? Imagine if at the end of the day, a bank manager left the vault open, walked out, didn't set the alarm, left the front door open.. you expect some money to get nicked right?

  7. Cameron Colley

    Re: But They're secure...

    [quote]I'm not sure why he believes that biometric data would make an ID card database more secure. Do politicians live in a parallel universe where technical reality rarely intrudes?[/quote]The answer is, of course, that he doesn't believe that -- but his marketing department told him that a large proportion of the voting morons ^H^H^H^H^H^H public will.

    It is the job of our governments to become elected, and stay elected until it's not longer profitable, or their arrangement with the other party means they have to hand the country over to them. These people couldn't care less about anything but their off-shore bank accounts.

  8. Anonymous Coward
    Anonymous Coward


    ...aren't stored in a binary form in a database then Mr Darling? They are magically immune from theft in some as yet unspecified way that the 25 million records weren't?

    Is it that he's as thick as a plank or does he think the rest of us are?

    No2ID chaps - get yourselves over there and register eh?

  9. Danny


    Some people will never learn. Using biometrics for identification is a fatally flawed concept. A compromised password or bank account details is hassle but they can be replaced at the drop of a hat and normal life resumes. If the biometric hashes for your id are stolen what do you do? Get a new id? New fingerprints? Iris? Humm. Thought so. And it only has to be compromised once by some minimum-wage flunky...

    This compromise demonstrates that no government department is fit to hold this data regardless of how much they promise to look after it.

    Go and read Bruce Schneier's books (and others) for the grisly details.

    I can only think that some chums of the current and previous Junta are setting up a big fat IT gravy train and they've seduced enough ministers into the ridiculous notion that it will somehow make the world a safe and happy place.

  10. this

    The Solution

    "...national database can be made rock solid." hmmm..let me think...

    Yes! That's it!! Make it so rock solid - that absolutely no one can access the data!

    That would cost a lot more though, extra development, testing etc. but it would certainly be worth every penny.

  11. Jim Cosser

    Gave mine

    Glad the No2ID campaign called the pledge in. Also a godsend taking paypal :o)

    Maybe they will help look after/limit our data.

  12. Hollerith

    rock solid -- yes, @The Solution

    I agree that 'rock solid' means 'encased in rock. Or concrete. Just like radioactive waste! Safe as safe can be...

  13. Graham Dawson Silver badge
    Black Helicopters

    @At least with ID card data, there's no financial records or bank account info present.

    Ahh, but you neglect that an ID card scheme would inevitably become *the* single means of identification for all financial transactions of any kind. It already is in countries with ID cards; open a bank account? Need your ID card. Make a large money transfer that needs a special permission? ID please... setting up a new credit card? Can we see your ID please? Claiming your pension... got your ID card with you sir?

    You get the idea.

    If someone breaches the ID system once it's in place they will not simply have your bank details, they'll have your entire life. You will be screwed in ways that are not imaginable to even the continental systems, because those at least have the virtue of admitting that the card only identifies the holder as the one holding the card, and they don't keep all your identifying details in a single, easily manipulated central location.

  14. A J Stiles
    Dead Vulture

    Only one solution

    There is only one solution to this problem, and it will involve spending a lot of money.

    We need a Ministry of Information Technology, with the power to demand Source Code on pain of banning sales of product. We need to move the entire public sector to an Open Source-based infrastructure, so that government IT projects will be much less likely ever again to go over-budget or behind schedule -- Open Source means no lock-in to a single vendor and therefore no single-point failure. If too many deadlines are missed, the whole project team can simply be replaced. We need to set up a secure alternative TCP/IP network (I'd love to say make it IPv6, but I'm realistic) isolated from the public Internet, just for government use. We need more local offices (so in the worst case, numbers of records going missing will be counted in thousands or hundreds, not millions) -- and we need to limit the total amount of data stored.

  15. Andrew Baines Silver badge
    Thumb Down

    NHS Database

    That'll be next.

  16. Anonymous Coward

    Did anyone watch Newsnight?

    This fiasco *SHOULD* kill off the ID cards project once and for all (and the NHS Spine and the Children's database), but it won't.


    Because ministers are too stupid and too pig-headed to listen to experts.

    Watch the Newsnight interview at:

    (Choose Latest programme, it starts about 15 minutes in)

    One one side Ross Anderson from Cambridge University, probably Britain's leading expert on the subject of computer security, on the other, Jane Kennedy, junior minister at the Treasury.

    She is clearly told there is no way to follow government proposals to routinely allow access to millions of personal records by tens of thousands of people and guarantee security. No ifs, no buts, it can't be done. She disagrees.

    Professor Anderson gives a list of expert reports on the subject of security that the government has ignored. Kennedy just blithely carries on as if he wasn't there.

    The real problem is that we have a government that believes when ideology hits reality, reality has to be rebranded.

  17. Anonymous Coward

    don't trust em.

    All your data in the governments (safe) hands? i don't think so.

    they'll either use it to f#@k you over, or loose it so someone else can.

  18. Britt Johnston

    Who wants a national ID database, anyway?

    I suspect that politicians want answers, and administrators keep saying it isn't easy, we have no accurate data for comparison, so please give me a better database.

    I am not yet convinced that politicians really want one, except for the department head who gets the spend for a sexy project.

    Once their staff get one, they will want it optimised for ease of use and applicability, not security. They'll still be unable to answer many tricky questions - like when will they lose their first files - but will take any reasonable m.t.b.f. approach to get it.

  19. Anton Ivanov
    Black Helicopters

    Just the opposite

    If anyone needed to push for ID and national database that would have been the means. I will not be surprised if the disks were assisted to be lost

    1. If there is national biometric ID you cannot get any service just by stealing data. You have to get an ID first which may end up being difficult because your new identity details will not match the old ones in the database.

    2. If there is a national database there is no need for such transfers

    So frankly, if I wanted both of these to happen in a hurry I would have organised this data loss at first opportunity.

  20. Tom

    What I'd like to know

    Ignoring the impossibility of making the ID system useable and secure what I'd like to know is just what they think the moneys going on cos it certainly isnt software and computers. Or if it is the suppliers should be shot for incompetence/theft.

  21. Richard

    If you've nothing to hide, you've nothing to fear

    The government is doing its level best to ensure that [Amount to Hide] tends towards zero.

  22. Anthony

    Help Me To Help You

    Hi, my name is Ngiveme Nmoney, I have recently come into possession of some information that could make us both very wealthy.

    However I need to cover the costs in setting this up, please send $5000 ( £5000 ) to pobox13 Nigeria and I will get back to you when I'm ready to move on this.

    Please avoid using the words "child" "benefit" or "cds" in any correspondence on this matter.

  23. Aristotles slow and dimwitted horse


    Since when does 2000 people surveyed out of a population of around 65,000,000 equal two thirds of that population. Even extrapolating this number out makes this survey another crock of rubbish from CA.

  24. Mike Bunyan

    Use Facebook

    I think the UK government would save a lot of cash and embarrassment by using Facebook for personal information about everyone in the UK. It's far more useful than any database I have seen created by government and it is 'public' thereby saving the embarrassment of loosing it all.

  25. Anonymous John

    All your data

    is belong to us.

  26. Anonymous Coward
    Anonymous Coward


    I think No2ID should find the official who sent the CDs out, and offer him or her a big fat reward from all the £10s they are collecting :-D

    (Wasn't someone they managed to infiltrate into the system was it ?)

  27. Anonymous Coward
    Anonymous Coward

    Re: Inaccurate

    No offence, but I don't think you get statistics. 2000 is easily enough for a statistically significant result; my only concern would be how the samples were chosen, which we aren't told (it should be a random sample of the population, but surveys are rarely anything much like that because of the inconvenience of getting a truly random collection of respondents). Mind you, 75% of the British population distrusting the government with their personal data, particularly after the recent leaks, is not a surprising number in my opinion. Are you suggesting that it's implausible?

    In my opinion, the ID database wouldn't have to be compromised for my data to get into the wrong hands. I'd be required to hand my personal data over to thieves and criminals in order to get the card issued in the first place...

  28. Mr Chris

    @Aristotles slow and dimwitted horse

    Do you not understand how statistical sampling works? Once you've got a statistically significant sample set (and I understand 2000 is on the correct side of that line) you can indeed extrapolate that up to the full population, with a good degree of accuracy.

  29. Anonymous Coward
    Black Helicopters

    RE: But they're secure....

    You ask: Do politicians live in a parallel universe where technical reality rarely intrudes?

    Well, duh: of COURSE they do. These are the people who believed in "liquid explosives" and Iraq having WMD which could be deployed against the UK in a matter or minutes remember.

  30. Dabooka
    Black Helicopters


    I have people at my work now saying if they had an ID card it's stop anyone fradulently using the stolen information if they did get it. People are idiots.

  31. Anonymous Coward
    Dead Vulture

    @ Anton

    "If anyone needed to push for ID and national database that would have been the means. I will not be surprised if the disks were assisted to be lost"

    You may be right, but *if* the Government tried this and were actually amenable to logical argument, you could counter each of your points:

    "1. If there is national biometric ID you cannot get any service just by stealing data. You have to get an ID first which may end up being difficult because your new identity details will not match the old ones in the database."

    This will only be true where the ID check actually goes to the centralised database to check what the card carries against the central record. Most of the transactions that this system is proposed to support will not do so, so the advantage of having a central store is slender to vanishing. Defeating millions of pounds of benefit fraud at the cost of billions of pounds is not a clever plan, no matter the mustelid disguise measures the Government might try and palm us off with.

    "2. If there is a national database there is no need for such transfers"

    1) As it stands there is no permission for such transfers to take place, yet such transfers occurred.

    2) In an ideal world, yes, each department will have secure access to the sections of data it needs from a centralised repository. The Government have already backpedalled from centralising the data, choosing to allow various bits of access to existing databases. It is a certainty that there will be occasions where people can't get at the data they need held somewhere else and a helpful junior will do something outside regs.

    3) The Government does not only transfer data between its departments. Recently, data was lost en route to Standard Life. Are you imagining that *third parties* will have access to the Government's Whole Life Dossier? Cos that's even scarier.

    All this presumes that a Government might actually listen to reason rather than being driven by blind ideology.

  32. Pete
    Thumb Down

    So Secure *rofl*

    Makes me smile this. I moved from a major high street bank to a more ethical one. Before I even received my 'plastic' the account had been screwed for £250 - inside jobby I thought, the bank declined to comment. Maybe data integrity is easier to achieve than human?

  33. Simon Greenwood

    Re: Use Facebook

    I've said it before and I'll say it again: there is all ready one database whose card is carried by or is accessed by a large proportion of the population. It keeps of track of your buying habits which it shares with its clients in return for low value credits. Step forward the Nectar card. Make it compulsory and most of the issues will be dealt with. By Sainsbury's.

  34. AndyB
    Black Helicopters

    Re:Just the opposite


    "1. If there is national biometric ID you cannot get any service just by stealing data. You have to get an ID first which may end up being difficult because your new identity details will not match the old ones in the database."


    And what are IDs if not data? Just because a record represents a fingerprint, iris scan or other biometric data doesn't preclude it from being 'lost' or misappropriated.


    "2. If there is a national database there is no need for such transfers"


    You don't work in IT, do you? Are you, perhaps a politician or senior management who thinks data moves around by magic? Just because there is a national database doesn't mean all of the data is in one place. Databases can (should) be distributed, you know. And how is a Government minion in Edinburgh going to access the data if the database is in London without data transfer?

    Yes, I know we are talking about electronic transfer, here. But because of the way this system will be used there will be, literally, thousands of terminals to read and verify ID cards and handle your personal data. Each and every one a target for organised crime.

    Data sat in a database is useless. For data to be useful it has to be transferred. When data is transferred it is vulnerable.

    And, of course, the ID database(s) will need to be backed up. The backup media, even if not physically transported can still be copied and/or stolen.

    And no matter how secure you make the technology, the weak link will always be the humans using it. Compromised UK ID cards would be of *enormous* value to both organised crime and terrorist groups, so you can be absolutely sure they will throw their, not insignificant, resources at the task. Anyone can be 'bought' if the price is high enough. Would a system administrator being paid £30K-£40K would turn down an offer of a few £100K, or more, to make a copy of a backup? Most might, but it only takes one with a large mortgage arrears.........

  35. Charlie


    Will Darling? Doesn't he play rugby or something?

  36. Anonymous Coward

    @ AndyB

    You don't work in IT either do you? With the lack of knowledge you exhibit, please tell me you don't, or at least not in a secure environment.

    1) Why should databases be distributed? Should just be 2 data centres, a live one and one replicated for Business Continuity.

    2) A terminal verifying an ID card wouldn't need to receive ID record details, just a verification YES or NO from a service interfaced to the database. In fact, the biometrics will also be stored on a chip on the card, so in most ID verification use-cases the data never leaves the terminal, the card software just returns a YES or NO - a bit like how chip-and-pin works, the pin is on the card, the terminal only calls the database to verify the amount of the transaction and not the pin, the pin doesn't get transmitted anywhere.

    3) Database backups can be automatically encrypted to prevent them being of use if they are lost or stolen. Indeed, individual columns in tables in databases can be specified to be encrypted so that they're meaningless without properly authorised access.

    4) You're right about financial incentives being the most common way to enlist inside help with fraud. That's why any security clearance for government data centres includes a financial background check. Those with "large mortgage arrears" need not apply.

    You don't work for HMRC by any chance do you? :o)

  37. A Non


    It's hard to know whether to laugh or cry. The cabinet insists we should trust them to manage everyone's life through a National Identity Register. Meanwhile HMRC has mislaid discs containing the names, dates of birth, national insurance numbers and bank details of 25 million British people — more than seven million families.

    The package was sent in the state's internal post — and was neither recorded nor registered. The value to organised crime of the information on the two "lost" discs is incalculable — but certainly runs into hundreds of millions of pounds. The government, of course, blames junior officials for a failure to follow protocols.

    But it simply should not be possible for junior staff — or the chancellor himself — to collect or copy such details in one place. That it is, is a direct result of the government's obsession with centralised databases and its contempt for citizens' privacy.

    Something positive may come of it, though. With your help, NO2ID can use this a clear illustration of the real danger in state control of personal identity to defeat the ID scheme quickly.

    The news comes just as NO2ID is raising desperately needed funds for a legal challenge to the database state. We have contacted all 11,000+ citizens who pledged to contribute £10 to a legal defence fund. If you didn't join that pledge, it's not too late to help.

    If you're one of the 25,000,000 people who have already been exposed by the government, please help us make sure that this never happens again. If you're one of those lucky ones whose private information hasn't been lost in the internal post, please help us keep you safe.

    To win the fight we don't just need funds for legal action. To keep up the pressure and battle the government's publicity machine costs money. If you haven't joined NO2ID already, or if you haven't given to our general funds recently, please do so now. Thank you for your support.

  38. A J Stiles

    @Simon Greenwood

    The trick is to have several Nectar cards, held in a variety of names, and always pay in cash (there's a HITW machine in or near almost every Sainsbury's). One card can be used only for buying booze, another only for buying tampons and cat food, and so on. You get the discount, but they don't get any meaningful "personal details"!

    The data will be skewed even more if you share the cards among a group of people, passing one on every time it attains a £2.50 voucher.

  39. David

    Rubbish government IT record

    The government`s record in IT has always been rubbish - probably due to the idiots who don`t understand the first thing about it. Ministers and MP`s don`t live in the real world anyway and this latest breach only confirms my opinion that their ID card scheme is totally flawed and I shall be resisting as much as I can to avoid having one.

  40. John Thorn
    IT Angle

    Too much power

    It's wrong to blame a junior clerk. The problem is that organisations have stumbled into a situation where too much computing ability is placed on every desk. Someone handling tax returns doesn't need a CD/DVD writer on his/her desktop - nor a USB connection that allows data transfer to flash memory to take away. Even in an organisation as big as HMRC the number of people (other than the tecchies who can't access live data (can they?)) with this sort of capability should be in single figures.

    Maybe a FOI request asking how much of this sort of kit is in HMRC??

  41. Voice of reason

    When will people realise...

    ... that their purpose in life can be summed up as follows:

    1) Work to contribute to the country's GDP.

    2) Work to pay Taxes.

    3) Consume goods and services in order to contribute to the GDP, pay taxes and provide work for other people to enable them to do 1, 2 & 3.

    4) Procreate in order to provide the country with more people to do 1, 2, 3 & 4.

    You're a Waged Slave with little more freedom than a Broadmoor inmate.

    You're locked in a futile cycle of wasting the best part of your life working to earn money to spend on mortgages, cars, gadgets and other rubbish that, thanks to advertising and our wonderful capitalist society, you'll never be satisfied with.

    Having an ID card or not won't change any of the above.

    The sooner you accept this and get back in line, the happier you will be.

  42. Paul

    I want to know what happened... all the previous disks, since this appears to have been a common practice.

    Probably just thrown in the skip or sitting in someone's unlocked desk drawer.

    There must be hundreds of them by now!

  43. Anonymous Coward
    Anonymous Coward


    @Anonymous John - It's "all your data ARE belong to us", pffft. ;)

    Other than that: I heard some bloke on Radio 4's PM program today saying that this means that we _need_ ID cards, because it's not possible to chop off your fingers and replace them with ones that have the potential victim's - totally missing the point that anyone with a Digital camera, PCB kit, some superglue and gelatin can make a fake fingerprint.

  44. Mark

    @Mr Chris

    On a sample of 2000, you would get accuracy for the entire population (given that it is a random sample, though we already know it excludes children...) of 100/sqrt(2000) percent. Or about 2%-3% your 99% confidence limit would be 3x that (6-10%).

    So a 58% response of number 2 could be anywhere from about 50% to about 65%.

    Oh, and if the idea was infallible and government recognised identity, then have the ID card as a PGP signed digital representation of the picture on that card:

    1) Have the piccy encoded and signed with the public key at the government end.

    2) The picture is stored along with the digital number resulting from #1

    3) Scanner reads the picture and digitises it.

    4) Signs it with the key on the card and gets a number

    5) Does the figure match the one on the card?

    a) Yes: Kosher.

    b) No: Illicit.

    6) Level 2, send the picture's key from #4 to the central authority

    7) Does the government machine agree with the key and name pair?

    a) Yes: Still valid

    b) No: Invalid (maybe reported stolen or rescinded)

    No need for any biometrics, the only one being a picture that can be recognised by the unaided human if there are problems in the network, and no need to contact the government machines unless there's a need to do a better check.

    'course that is less costly, so less money available for those companies who may want to hire ex-ministers.

  45. Anonymous Coward

    ok, ok...

    ... Can we stop the no2id wank-fest right now please? All those tossers should piss off to new zealand or wherever it is they keep threatening to go. But i bet they're all too fat and / or stupid to get in. I don't need my "freedom" protecting by self-important pricks like you lot.

  46. Andy Billington

    Yes Minister .....

    "if you put data into a database, you're going to want to take it out". (Hopefully not by putting it on a cd and leaving /selling it in the local).

    Yes Minister, Series 1, Big Brother. (except for the bracketed bit obviously).

    Another thing I remember from my fave analysis of UK government, which sadly is becoming more and more true each week goes by, its something that I really wish our current politicians had the self-respect to honour:

    "it happened in your department, you are deemed therefore to have been responsible. The only honourable course therefore is for you to resign".

  47. Anonymous Coward
    Black Helicopters

    IT people out there?

    presumably most readers are :-)

    Most - well, many - of you must have worked in reasonably secure or sensitive environments. One of the commercially sensitive places I worked - private sector - took the view that customer data was stored on PCs accessible from _trusted_ IT desktops (not end user, they were rightly also worrried about bofh sysadmins). So: all CD writers etc were disabled, floppy drives (ok, it was 8 yrs ago) were physically removed, and all USB ports were blocked. Surely that should just be normal for any organisation that handles personally sensitive data, especially when people are compelled to provide that data to a non-answerable entity? (If it is answerable, we will see criminal charges under Computer Misuse or Data Protection brought against the responsible supervisor and disclosure of the identity of all responsible for making sure that supervisor carried out their obligations; if no such actions that is proof the govt feels it does not have to answer to same standards it expects of others).

    next we'll be hearing that the security services have lost laptops ... oops.

    or that departments supervised by HM Treasury have lost data .. oops.

    or that the Treasury have been underwriting loans to the tune of £b but won't underwite losses that may directly be incurred because of government faults ....

  48. Lee


    ..didn't they use P2P to transfer the data - it's much more secure than the post.

  49. Anonymous Coward
    Anonymous Coward

    Government grifters

    Everybody has missed the point here.........

    If we didn't give them the money in the first place, they would not be able to make a f**k-up of giving a very small proportion of it back!

    Honestly, we all give them around 75% (conservative estimate) of our money and it gives us back a subsistence level pittance (benefit?), and spends the rest on their fact-finding missions (Ken’s gone to Delhi!), banquets and useless civil servants.

    After 60 odd years of this crap, the gap between rich and poor, by their own admission, is still growing, excuse me, but wasn’t the purpose of the "farewell state", to narrow this gap.

  50. Duncan Hothersall

    @ Government grifters

    What a moronic comment. Every assertion false, and every conclusion wrong. I think you meant to visit the Daily Mail website. You're welcome.

  51. Mr Larrington
    Thumb Down


    "I don't need my "freedom" protecting by self-important pricks like you lot."

    Who else is going to protect your freedom? The Government?

    Nurse, quick, my sides!

  52. Vulpes Vulpes

    Can anyone shed any light

    on the fact that someone in HMRC allegedly said that the data had to be burnt as-is (ie including all the Bank related goodies) because it was too expensive/technically difficult to strip out only the stuff the NAO wanted to see?


    Select Name, NIN, whatever from bigdisk.peeps

    WTF are they on about?

  53. Anonymous Coward
    Anonymous Coward

    All your data are belong to us.. no make that.. everyone

    As a senior member of HMG, I would just like to point out how important it is that we do NOT understand anything about computers; this means we can easily make utterley absurd statements about our computers while still sounding convincing and genuinely believing what we are saying.

    We have an active training programme for all government ministers - currently we have just finished training all the treasury ministers - to ensure that any proper understanding of the way computers work is completely eliminated.

    George Parr

  54. AndyB

    @Anonymous Coward

    You really don't understand what you are talking about, do you?


    1) Why should databases be distributed? Should just be 2 data centres, a live one and one replicated for Business Continuity.


    A database without which the entire country will grind to a halt based on a simple live+backup structure? OK, they *may* do it that way, but the ensuing chaos when the main site goes down and the backup won't come up would bang several nails into the Government's coffin lid. We ain't talking about a piddling little ecommerce site, here.


    2) A terminal verifying an ID card wouldn't need to receive ID record details, just a verification YES or NO from a service interfaced to the database. In fact, the biometrics will also be stored on a chip on the card, so in most ID verification use-cases the data never leaves the terminal, the card software just returns a YES or NO - a bit like how chip-and-pin works, the pin is on the card, the terminal only calls the database to verify the amount of the transaction and not the pin, the pin doesn't get transmitted anywhere.


    And what about the terminal used by clerks and officials to input/view/edit data? If the biometric verification is performed 'on-chip' then the system will have no way of identifying a forged ID. In other words, unless the biometrics are *centrally* verified, they are vulnerable. If they *are* centrally verified, they are vulnerable. Or, to put it another way, just like biometric passports already have been, biometric ID cards *will* be compromised, and that means the data they are protecting will be compromised.


    3) Database backups can be automatically encrypted to prevent them being of use if they are lost or stolen. Indeed, individual columns in tables in databases can be specified to be encrypted so that they're meaningless without properly authorised access.


    And backups can be made that *aren't* encrypted. We are back to that underpaid sysadmin and his mafia payoff again. Or even a run-of-the-mill cock-up like the one that just occurred.

    Authorised access. Are you kidding me? That means *nothing* at all. All you need is the access credentials of an 'authorised' person and you can read the lot. People leave passwords on bit of paper, they leave their smart cards lying around. People can be bought. People are stupid. You can encrypt away to your hearts content but it only takes one person to be forgetful / stupid / corrupt and all that encryption is worthless.


    4) You're right about financial incentives being the most common way to enlist inside help with fraud. That's why any security clearance for government data centres includes a financial background check. Those with "large mortgage arrears" need not apply.


    Are you *seriously* that naive? We are talking about the people (the Home Office) who employ illegal immigrants as security guards, here . And while 'background checks' may show up a mortgage arrears, there are *plenty* of ways to owe (very nasty) people a *lot* of money that *won't* show up on any background check. And people can always get into financial shit *after* they have started work too.

    It is virtually impossible to implement a system like the national ID register that will be administered, at varying levels, by, literally, thousands of people and make it totally secure. Personally, if it were competently built, I'd give it, at most, 5 years after it goes live before it is compromised.

    Knowing the underpaid and overworked people that will be building the system I would hazard a guess that its security will be totally blown long before it goes live, however.

    And, underlying all of that, this whole pile of shite is going to be run by HM Goverment who, time and time and time again have shown that they are totally clueless when it comes to information technology and have shown time and time and time again that they, *absolutely* cannot be trusted to keep our personal details secure.

  55. Anonymous Coward

    @Only one solution

    Your post really cracked me up. Good to see that the fabled British sense of humour is still alive and kicking. The best part : "I'd love to say make it IPv6, but I'm realistic" (yes, because the rest of your post really is easily feasible - whereas IPv6...). That one would have made John Cleese proud, it would. Nearly peed my pants.

    Oh, wait. You were actually serious ?

  56. Andus McCoatover


    <<"...national database can be made rock solid." hmmm..let me think...>>


    That'll be Northern Rock. Solid. Sound as a pound.


  57. David Pickering

    biometric id cards

    fu*king rediculous

  58. Darren

    ID Cards

    What's the point of ID cards now, there's enough fake data out there now for anyone to be cloned. When the abbey was bought by Santander and my records transferred over to the Santander system, they changed my name, screwing up every direct debit and standing order I have, bascially erasing me from history. The goverment has now lost enough data on me (as I have children), for someone to be open or do pretty much anything in my name.

    So what if the data is protected by military grade encryption, so what, a 5 year old has probably already worked out the password, or even worse, the dumb-ass at the goverment office probably wrote the password ON THE CD!!

  59. Voice of reason

    @Mr Larrington

    I refer you to my earlier posting, you don't really have any freedom to lose. You're just part of the machine. Get over it.

  60. andy rock

    Will Darling?

    isn't he that rugby player who was romantically linked to Princess Di?

    bah-dum tissshhh!!

  61. Anonymous Coward

    @ AndyB

    I suggest you go read-up on current enterprise class database software functionality, particularly the notion of Hot Standby databases in DR scenarios, Advanced Security options, audit event triggers and Secure Backup.

    Plus, if it was that easy to tamper with data on smartcards, how come nobody has been able to change the pin on a chip-and-pin bank card yet? It works the same way, it's the smartcard software on the chip that verifies the PIN. Once the PIN has been used by the card to identify the user, the bank is then called up to verify that the card is valid and there are funds to cover the transaction. If it was just a database lookup to check the PIN, the bank I work for would have implemented mag-strip-and-pin ages ago.

    There's so much scare mongering and bullshit spouted about this, I just give up.

    The only thing that concerns me about the ID card implementation is the cost / benefit case for implementing it. Will it save more money than it costs? Can I get a job on the project and cash in? Other than that, I really don't care.

  62. AndyB

    @Anonymous Coward

    Ah, you work for a bank. That explains a lot.

    Of course banks have an absolutely outstanding record on security, don't they?

    I actually get eMails from my bank (genuine ones) asking me to log on to my account and providing a useful link to do so. Basically they look like phishing emails. In the light of the phishing problem banks *should* cease all email to their customers and broadcast that they will never email you as widely as possible so that their customers will know that *any* email purporting to come from their bank is a scam.

    Do they do that? Not a chance!

    So chip and pin is secure, is it? Try doing a quick Google for "chip and pin security"

    A lot of stuff there, isn't there? And a lot of it by people who appear to know their stuff, too.

    And you don't have to change the pin on a genuine card. Creating a forged card that will validate against *any* pin would suffice.

    This makes interesting reading:

    Then you have to take into account the difference in scale. A compromised bank cards allows the crook access to a single account. A compromised ID cards will allow wholescale identity theft. The 'thief' will be able to do anything that requires the use of an ID card in the victim's name. That includes crime and activities associated with terrorism.

    This makes the forging / cracking of ID cards several orders of magnitude *more* valuable to criminals and terrorists than cracking a mere chip-and-pin debit card. That means they will put several magnitudes more *effort* into circumventing them. Can you *imagine* the black market value of forged UK ID cards?

    And the other issue with ID cards has a direct relationship with chip-and-pin cards. If a chip and pin card is compromised then the burden of proof is now placed on the customer to prove it. This is almost impossible to do as, as you believe, chip and pin is 'infallible' (even though it has been demonstrated that they are not). OK, so you get ripped of as in the Watchdog article and your bank account gets cleaned out. Nasty, but not the end of the world.

    Now assume a similar thing happens to your ID card. The 'authorities' have a similar delusion about the security of these cards to banks have about chip-and-pin. This is nicely demonstrated by the rhetoric of various Gov't ministers. So someone produces a fake ID in your name and uses it in the course of a crime or act of terrorism. There you are, up before a judge and jury all of whom believe in the infallibility of the ID card system. What do you think your chances are of walking free?

    And stop using the 'boffin' icon for 'Janet and John' postings, it's very misleading.

    And you can't take anyone who posts as an AC seriously, anyway.

  63. Pete Silver badge

    @ Can anyone shed any light

    The reason it was "too expensive ..." is that the IT operation at that location is outsourced (I think someone said to EDS?). What that means in practice is that HMRC and EDS have a contract to provide the bare minimum of support for the most money they could squeeze out of the Govt. (Hint: EDS stands or falls on their negotiating skills, Govt. is only spending other people's - i.e. ours, money. They can always get more off us if they run out).Sooooo, when HMRC needs something done that's not in the contract, it's like a licence to print money so far as the outsourcer is concerned: they can charge what they like for it. In fact that's usually how they all make their profit.

    So when NAO requested extra data, (a job that would take maybe 20 mins to extract the data, 20 more to encrypt it and 2 * 10 min to burn CDs, then 5 mins to write a Jiffy bag address, i.e. about an hour) the outscourcer probably started a project: Assign a P.M. (1 man-day), Write a procedure (2 m/d) have it agreed in a meeting (3 m/d), approved up the heirarchy (5 m/d), tested (4 m/d), then: cancelled, re-instated, modified, budgeted, re-modified, postponed, resourced, and finally implemented (say 20 m/d) for a total effort of 35 man-days at say £500/day = £17.5k. If you'd wanted the data encrypted add (say 10 m/d for password agreement, transmittal, strength-testing, security approval, validation, re-issuing when it got lost) another £5k.

    Although I have not personally worked with either organisation, I would not be shocked if I had underestimated these figures by a factor of 2 - a good project planner can always double the cost of a piece of work.

  64. teacake


    "Plus, if it was that easy to tamper with data on smartcards, how come nobody has been able to change the pin on a chip-and-pin bank card yet?"

    I have. Just put the card into a cash machine and choose the option marked "Change PIN".

    Mine's the grey duffle coat with the mittens on a piece of string running through the sleeves.

  65. A J Stiles
    Gates Horns

    @Vulpes Vulpes

    It's all Bill Gates's fault.

    The first part of the problem is that Windows has made it easy for idiots to use computers just well enough that they don't know how badly they are doing it.

    You or I already know how to put together a database query, SELECT fields FROM table WHERE condition; grandmother, eggs. But there are people out there, who call themselves IT experts, when all they really know is that if you reboot a computer running Windows then whatever was wrong with it is likely to go away. You or I also know that a deterministic state machine is not supposed to behave in that way, and if -- when -- it does so, something is very wrong with it, something that nobody is prepared to let anyone attempt to fix.

    Such an incident would never have happened in the days before computers, because there would in all probability have been only one copy of the data -- it would be easier to transport people to where the data is kept and have them make their own notes than to transport the data to the people. And it wouldn't have happened in the days of mainframes and terminals, because you needed to know what you were doing with those things.

    Windows has made it possible for complete idiots to use computers. And in turn, we've ended up with complete idiots using computers. New, shiny features are added to distract your attention from the real issues.

    The second part of the problem is that "Security", as far as Microsoft are concerned, just means making it hard to make and use pirated copies of software and media -- they have designed Windows under the assumption that applications, movies, music &c. have a higher intrinsic value than users' own data.

  66. Anonymous Coward
    Black Helicopters


    If ID card data were to go "amiss" crooks will have EVERYTHING including our DNA. There are a lot of powerful people in the underworld with connections to scientists, our cells could be cloned using "dolly the sheep" technology. These cloned cells will be used to cover up crime scenes and make you the guilty one.

    Ok I know very far fetched, probably a couple of years a way - but NOT impossible!!!

  67. AndyB

    @ AndyB

    Yep, come to think of it, you're right - we're all doomed.

    Everyone's chip and pin cards have been cloned and we're all getting ripped off every day of the week.

    Same thing will happen with the ID cards, we'll all end up in prison when our identities have been stolen.

    Note to self: Stop posting on El Reg, it's a waste of time.

  68. andy rock


    "Note to self: Stop posting on El Reg, it's a waste of time."

    Ah, the Slashdot effect!

  69. andy rock

    @andy rock

    "Ah, the Slashdot effect!"

    i should point out that i don't mean the sudden influx of traffic rendering a server incapacitated, i mean a website that used to be good turning shit.

  70. Brian Squibb
    Paris Hilton

    have no fear

    ... the database probably contained 25million entries for P.Hilton, D.Duck, M.Mouse - can we trust them not to have sent the test database?

  71. Giles Jones Gold badge

    @NHS Database

    The NHS database has encryption and scrambling technology built in, you have to request clear text information and this is all audited.

    The data is downloaded over an N3 connection, there's no shuffling data around using CDs.

  72. Stephen Jenner

    @Duncan Hothersall

    Regarding conclusions:

    1; Well certainly one person has missed the point....agreed not everybody.

    2; Do these government agencies make a mess of distributing what we give them or not? I will not bother to answer that one.

    Regarding assertions:

    1; Yes Mareken has gone to Delhi, on a fact finding holiday (er mission), where there will be banquets. The top bods have all just been for lunch in Lisbon and dinner in Brussels in one day, oh yes and they simultaneously lightened their massive workloads, by signing away the rest of their competences to yet more civil servants. Still I s'pose it leaves them more time to go on vital fact finding missions in Bali and the Maldives.

    2; Yes.... I agree, the 75% bit was wrong, however I did qualify it by saying that it was a conservative estimate. In reality, it is nearer 90% before death, they take another portion, when we die.

    3; The assertion that the farewell state was about destroying the economy, resulting in everyone being more or less equally destitute may not have been the purpose, but it was the result. We have been paying for Attlee's folly ever since. And... yes the gap between the very rich and those of us who used to be fairly comfortable but now almost destitute (apart from our £1m houses) and the genuinely destitute, has continued to widen for 60 years.

    I suggest you get back to those tits Mombiot and Hitchens etc. at the Grauniad where your fantasy social democracy will assuage your fear of reality.

    The only assertion you made, was that I read the Daily Mail, which was wrong, I look at the pictures in Viz magazine, it is far more informative than any (so-called) newspaper.

  73. Anonymous Coward
    Anonymous Coward

    And the Police

    Sadly, the woeful lack of IT expertise by government functions includes the police.

    My local police keep their 'evidence' on local PCs (presumably in MS Word documents). They don't even use version control, let alone encryption. An off-duty pc once tried to frame me for a driving offence. The statement he wrote was apparently 'lost' when his PC crashed, so he just wrote another - different - one several months later. There was no audit trail whatsoever.

    I can't see how ID cards will somehow enable us to trust these kinds of people.

  74. Anonymous Coward
    Black Helicopters

    Re: And the Police

    "I can't see how ID cards will somehow enable us to trust these kinds of people."

    Just the opposite, IMHO.

This topic is closed for new posts.