first?
"the fault of human error by one junior official" - but it was the fault of human error (assuming Gordie Broon is human), and he most certainly should be no more than a junior official.
The loss of the child benefit was a disaster waiting to happen and the Prime Minister was warned about inadequate data protection procedures years ago. Prime Minister Gordon Brown was told three years ago that weak data protection procedures governing the child benefit database made fraud or mistakes more likely and, if they …
I'd like to write "un-effing-believable", but sadly it is totally believable. Someone remind me how much has been spent so far. Is it £20bn, or am I confusing that spend with the other white elephant - the NHS spine - to which many GPs are refusing to upload patient files, for fear of data loss / breach of confidentiality.
Again and again we are lied to by this government. It would probably be the same with another government, but this one has shown how to do it badly and get caught over and over.
Its time that public accountability and transparency were made the highest priority.
The concept of having a government is that we (the people) choose people to make decisions on our behalf as it is a fairly specialist job requiring tough decisions.
Unfortunately that trust we have in these people (politicians as a whole) is almost non-existent any more because they prove time and again they are not worthy of it.
SO.. nevermind the prospect of ID cards or NHS database, can we trust them with anything? Not really, is there much alternative, not really without a while new system of government.
If you have nothing to hide then it doesnt matter if the government publishes all your bank details.
If you are not a terrorist then you should beg the government to publish your childrens details to everyone.
If you are not a criminal you should be queueing up around the block to stick your fingerprints and eye scans on a db so that you can get them doled out to everyone
Lets see these fools replace their fingerprints and retina's the way they are queueing up to replace their bank account numbers.
Instead of asking what we have to hide, rather ask what have we got to lose.
I was wondering why this article wasn't about Gordon realising that TNT were shite and lose stuff all the time? Certainly an on-time amazon delivery is as rare as rocking-horse poo... something which will surely resonate with Gordon.
Or that it was about how Gordon realised that EDS were both shite and overpriced - given the part they have played in pretty much every UK government IT balls up in the last 10 years?
Let's stop blaming the Civil Service. Two private companies are useless and therefore data has been lost.
This is just the tiniest tip of the iceberg.
The problem with the civil service data security is the lack of joined up thinking, coupled with over reliance on outsourcers whose main concern is their margin (i.e. providing the least service for the most money).
No data is safe in the hands of these people because they prefer to think of data security as being like putting a padlock on a garden shed, a process that hasn't changed significantly in hundreds of years, and which isn't likely to. Shed broken into? Get a better padlock. The unusual thing about the recent loss of disks was that because there was something physically missing, they actually spotted it.
My favorite was when the staff list from the child tax credit people was used to defraud them of a claimed £14million.
This is rife - Get used to it. All they have to do is keep their heads down for a week or so, until the press have moved on to something else, and carry on as before.
You should consider ALL data that you give to any aspect of the "civil" service as being completely in the public domain.
Do they care? No. They care about evidence of all this gross incompetence getting out, but not enough to do anything significant about it.
But Dai you seem to be missing the point, TNT don't get paid to deliver secure stuff just deliver stuff, cost of that loss is limited to the physical media... you can't blame TNT for the stupidity of the Government however crap they are at delivering your booky wook* from Amazon
EDS however should handle data in a secure manner, if they have any part in the data loss then they should pay, the fact that everyone had access to this data unencrypted leads me to believe that EDS should pay, but we don't know the full story... they could have advised and not been listened to...
Anyhow, just me 2p's worth, think I'll stay anonymous due to the fact I'd rather like a slice of the contractors pie that might come out of this debacle ;-)
* this isn't a plug, just happened to be what I ordered today and also sounded sarcastic.
At this rate, when everyone's details are uploaded onto the central Government ID database, the theft of those details will immediately become so easy and widespread that identities will become completely valueless. Think about it - at the moment, if you walk into a bank branch or stick your card in an ATM, the bank can be reasonably confident that you are in fact the account holder. There is a small chance that you will actually be an identity thief, but it's small enough - measurable in fractions of percentage points - that the bank can still hand over the money.
But at the rate at which the Government is losing our data, by the time everyone's complete identity is on a single government database, the banks will have absolutely no confidence that the guy at the ATM or cashier's counter is the account holder, because identity theft will have been made so trivial. They will have no option but to give everyone their deposits back and shut down in the UK until personal identity becomes meaningful again. The same will apply to credit agencies and, of course, government departments.
And so in trying to cement its grip on power, the government will destroy itself along with Britain's economic system. No banks, no credit agencies, no government - the UK will become Somalia and undergo a period of anarchy lasting several years. Eventually, a new, decentralised identity system will be built from scratch, and hopefully the billions of pounds worth of economic damage and hundreds of deaths that anarchy brought will cause people to say 'Never again'.
OK, so none of the above has the least chance of happening. But it's better than what will actually happen (unless we kick Labour out before they manage to get the ID scheme through), which is that identity theft will become more widespread, but not widespread enough for people to care - after all, the banks reimburse you for losses to identity theft, and people aren't intelligent enough to recognise that they'll recover their losses back from their account holders at some point. The UK will just become a slightly more mediocre place than it is already and another bit of the prosperity we deserve as a free-market multi-cultural English-speaking democracy with a relatively enlightened attitude to international trade will have been chipped away by the dinosaurs of oversized, high-tax, protectionist government. Given the choice I'd rather have the catharsis of a few years of anarchy, but that will have to be left to alternative history novelists.
To some extent I can understand a certain amount of shite taking place in large organizations.
However, when a problem occurs, I'd prefer to see the CEO (PM) stand up and:
a) Admit that a problem has happened while describing the actual magnitude of the cock-up without diluting it.
b) Provide the turth, the whole-truth and nothing but the truth to the share-holders (electorate/Parliment).
c) Explain in detail exactly how they plan to fix the problem (and related issues) and how they plan to avoid anything like it ever occuring again. A real plan overseen by professionals (not another set of CMA politicians)
d) Resigning in humiliation.
Alas, all we get is:
a) FEAR the Terrorists (We need all your information to protect you from them).
b) FEAR the Peadophiles (We need all your information to protect you from them).
c) FEAR the Organized Criminals (We need all your information to protect you from them).
d) FEAR the Illegal Immigrants (We need all your information to protect you from them).
e) FEAR the people breaking the speed-limits (We need all your information & ANPR to protect you from them).
f) FEAR everyone that looks different; but trust the government and our loving caring police force.
John Oaten, your reports are getting more and more depressing - keep up the good work.
I think I'll be moving to someplace that cares about Freedoms - like China; seriously, it can't be any worse.
Oooh that's a first, an EDS fanboi....
Come on mate, if they handle data that's covered by the DPA then they are at least partly responsible for the security of that data, I for one have many times told customers that they are stupid to extract unencrypted data from a secure system and they usually see sense... which is why I gave EDS the benefit of doubt that they had been overridden.
I'm not entirely sure you read what I actually wrote down before jumping in with both feet.
Let's not beat about the bush, if you were even a half-way competent DBA or Sys Admin you'd be in the private sector, it pays *much* better and there's a lot less meetings to discuss meetings to discuss meeting...
The idea that access to large informational databases like these storing unencrypted sensitive information that can be obtained by any idiot by writing a SELECT * FROM ALLYOURKIDSBELONGTOUS is so freakin scary I'd like to see some sort of total department mass clearout and prison terms for those whom have been so laughably lax when it comes to aspects of information security, peoples sensitive details and the laws which are set out to stop this kind of buffoonery.
It is not enough that the head guy resigns and gets a nice cushy post elsewhere a few weeks later. Every single manager at every level in that department with even a hint of IT involvement should be sacked for gross incompetence.
The saddest thing about this is that in my own experience from years working government contracts, not only is this saga entirely believable but I've actually come to expect incompetence, laziness and an almost pathological need to waste tax-payer moola. I once saw *my entire life’s worth of tax* in the form of around £750k worth of servers which sat in a council storage facility since the day they were bought because 'they were the wrong sort'. The cretin actually laughed while he told me, I wanted to kill him on the spot!
Every time I ever pay tax, I'm totting up how much of a fraction of a complete waste my money will be put towards and it makes me f'in angry as hell.
I thought it was data records that went missing, not child benefit.
If a private company loses data like that, the government would be slamming them, and saying they should have encrypted the data. Pot - kettle - black...
Tories and Labour are as bad as each other - they don't give a sh*t about the public, as long as they can fill their own pockets.
... and they have the audacity to complain about other nations and the institutional corruption that is both accepted and expected within them.
Yup, it makes me sick everytime I go the local council office (forget the national government) to see the officious unaccountable pratts running the place.
They waste OUR Money on riddiculous, moronic schemes - usually to undo something equally riddiculous from the previouos year just to clear their department's budget!
Huge amounts of personal/private data flying around with no concept or implementation of security.
@Presumably, by government logic, this is another argument in favour of ID cards
Perhaps Security professionals should start advocating the moving of all our money out of banks and back into our mattresses to keep it safe.
IF the data was encrypted, there would immediately be a police enforced legal requirement placed upon the pertinent government department to provide the key to that data. This way, without having a key to unlock the data, the data is obviously safe because there is no key to unlock the data. Perfect Political Logic !!!
Unfortunately, as most self respecting El Reg readers have already spotted, this leaves us with disks full of totally open, free-to-read data. But then, that's why none of us works in government.
Zem, my mattress, says he's quite sufficiently stuffed already ;-P
1. The News of the World (aka News of the Screws) forsaking its usual subject matter,
2. The Grauniad quoting the News of the World (that must have made its readers wince),
3. Brown still standing there like the sheep that knows you can see it, but if it looks at you sideways it can pretend you're not really there, and so it feels safer.
Welcome a new champion - The News of the Screw-Ups.
We have a reason for optimism.
Sorry those were the ones from 2000..
Replace select with:
select * from child_benefit cb, bank_account b, bank_account_passwords p, home_addresses h, schools c, legal_guardian lg, dvla.home_address, police.known_aliases, childprotectionregister.info ....
Replace burn command with:
cat profit.csv | rot13 | rot13| dd of=/dev/cdrom
A new layer of encryption has been added for greater security.
I have a sinking feeling that this is the rule rather than the exception for the civil service. Lots of petty little line managers jealously guarding their patch and obstructing any move to change the practices of the office.
I too can see even EDS putting layered access into the system spec, it's pretty much standard operating procedure, but being knocked back because it cost too much. Or required retraining. And I doubt I'm the only one who can imagine the one and only login being HMRC and the password being "password"
My first ever work experience program even had user specific content so whoever logged on had their data automatically sorted, and the boss had access to the whole thing.
Surely the way to find who has the missing disks is to persuade the anti-virus vendors to include a fingerprint for the escaped files in their daily updates, together with a flag to phone home when they find it. Microsoft could do the same with tomorrows' Patch Tuesday updates.
Data loss. It's surely their SOP.
In a Beeb article http://news.bbc.co.uk/1/hi/northern_ireland/7138408.stm it seems the DVLA has lost 2 discs as well. Only 7,000 records though.
However, I do wonder whether it's important any longer as the scope of the data the HMRC lost on their discs near enough covered everything.
Probably a good idea to sign up to this campaign http://www.no2id.net,
if there's any chance whatsoever of obviating the inevitable distribution of all information that makes us, *us* within the systems we rely upon day in, day out.