Got to love it when...
the story titled 'UK.gov loses 29 million personal records' is right next to 'UK.gov to spend hundreds of millions on snooping silo' :)
UK government departments have managed to leak a total of 29 million personal records over a single year. In addition to the 25 million records spilled in the infamous lost child benefit CDs debacle, another four million records went astray in other stuff-ups, some of which have previously gone unreported. Since the HMRC data …
Probably some of those 29 million are the same record being lost again...and again and again....
It may only be about 25 million or say two out of every five people that have had their whole life completely ruined by HMG...er that'll be more ruined than the remainder. Since this HMG has ruined pretty much the whole country and every one in it.
Mine's the one with the escape plan from this 'quasi fascist control freak state' in the pocket.
Paris - cos she has better t1ts than the one's running the UK.
...in the country who have now had their details thrown to the wind by the incompetent bunch of chuffwits. I wonder if we'll see quite the same level of delinquency when it comes to counting votes in the next general election?
Still, it could be worse. That awful Clarkson fellow could be in charge for a start.
Initially, I wanted to write a little bit about how "The Party" and it's members will bullshit their way around this matter; but I decided that everyone else will cover that matter...
I'm more concerned about the type of metrics that aren't released.
Who has access?
Who's access is restricted?
Who has artificially elevated access?
How much access do the Police get?
How often do the Police abuse that access privilege?
How are local councils (mis)using accumulated data?
How many instances of CCTV misuse were there?
How many people with access to ANPR used it to track people?
How has this vast accumulation of Data stopped crime?
Just how much safer has this made us?
Losing Data is one thing - you can claim it is a one off event. You can claim that if it is misused, then that will be performed by a "criminal element", not insiders. Anyone with a rudimentary knowledge of security knows that most problems come from the inside.
in government IT continues to astound me again and again. It is genuinely not hard to implement, and considering the risks, it's easy, even, to justify some amount of funding to get it done.
Even light encryption would render most of these breaches mostly harmless, unless they fell into the hands of somebody with the right expertise and equipment.
You know those parking tickets, where a supermarket decides you're badly parked, and issues a fine, which the DVLA gives them your home address and such handing out private data in a civil matter that it has no duty handing out. They then send ever increasing threats of fines for the misparking. And quote with pride about how the DVLA is on it's side by giving them this private data?
Well in the window of your car put a sign "by accepting my business at your establishment, you accept that the maximum fine for misparking will be 1 pound, and that you will reimbursh any and all costs related to fines, clamping, enforcement, my time involved, that of my solicitors, and any and all recovery and other related costs. In the event that you refuse this contract you are entitled to refuse my business."
Photograph the sign with the supermarket in the background at least once to show they've accepted it (with a receipt aswell).
You could take it further, stipulate that the supermarket and it's agents agree not to obtain your home details from the DVLA under penalty of 100 quid fine, and agree that if they do so, you are entitled to obtain the home details of any and all supermarket staff it's officers and agents.
That's fair! Then the supermarket can refuse to serve you if you mispark, or serve you and get the 1 quid fine.
And it protects you from the DVLA and parking cowboys.
Questions worth seeking answers to:
Has any Senior Civil Servant or MP been:
b) sacked (without golden handshake/pension),
c) banned from being placed in a position of authority,
d) faced civil or criminal charges,
e) all of the above,
f) None of the above
As in most things, our wonderful government scores an F.
@Dai - There is no excuse, GOV is responsible for the data, and they should ensure all users comply / are responsible for the safety of the data.
@DVLA & Supermarket parking tickets - shop elsewhere?
@29million incidents of incompetance with electronic Data and IT - D.O.P.E will now doubt come out with a suitable excuse
(Department Of Pathetic Excuses)
The idea that anybody, on either side of the Houses of Parliament, has the slightest idea about data handling, information security &c. is ridiculous.
All we need do is look at their sent boxes for the stuff they've mailed to themselves to read later, or the attachments they've saved. Let alone the copies with researchers, leaked to the press...
They are, after all, our peers. We do get exactly what we elected - these aren't thought leaders they're populists and to think they behave any differently to the rest of the populous when faced with hard work is to set a different standard.
We all know that the reason data is mis-handled is that nobody can be a****d to do it right. Data security used to be easier because handling it was hard work and most security consisted of the person who would do the work saying "No", or "have you got budget?".
Now it is the work of minutes to get an extract and shut the ******* up rather than have to sit through interminable meetings and email threads climbing up through the organisation.
Once upon a time, when you had to have authority / budget in order to be able to mail stuff, when creating a copy was hard then you thought about what you were doing. Not least because photocopying a 100 page document was tedious.
I spend a significant amount of time responding to security / data handling questionnaires and the you can bet I'm the only person in the process that reads the questions and my answers.
Certainly once we're operational most people's reactions are to want the data sent to them regardless because they can't get PGP approved, nor an sftp site set-up. They don't want strong password controls because they can't remember them... as for their reaction when I suggest that a mail-out might be regarded as a change of purpose...
I fully agree, although the problem is not wholly and solely with the respective IT departments, (all the time anyway!).
I did a stint recently with a UK government organisation overseeing a large technology deployment. One of the challenges faced was trying to get the users to adopt encryption for removable media. This problem was exacerbated by the fact that the head of HR could not see the need for encryption!!
Needless to say i was gobsmacked and even though everyone in Technology was pushing for encryption none of the users would allow it.
Talk about the tail wagging the dog.
...this is the same government who, IIRC, released some kind of statement or had a spokesperson announce, after Hazel Blears' home computer got stolen, saying that all the confidential government data that was on the machine (and never should have been to start with, by the way) was perfectly safe, because Windows had a password on it.
Yes, the current government believes that it is impossible to crack a Windows password, despite there being hundreds of freely downloadable tools on the intarwebnets which will do just that.
If they are ignorant of that fact, which I would call pretty basic IT security knowledge, then how can they be expected to keep data safe?
Paris, because she's well aware of exactly how exploitable all of her security holes are.
Today's theme is One of Repetition and DeJahFoos. Check out the posts which got the most comments and do them again?
However in Seventh Heaven's Finest Rose Gardens, are the CAT5 dining on a well deserved Tuna fish supper dDelivered from Russia with Love, and they will not be distracted with handfuls of stale nuggets from passing strangers.
Money is what IT has been about and what the PupPeT Masters Is doing for IT?
42 Truly Entertain, does IT take Imagination to make the Servers Purr, for the CAT5 own their Masters, never the other way round -and such is their MuTuAIL Affection that this topsy turvy relationship is Tolerated and Moderated.
And Paris? -a Fine Feline in Great Cat-Calling Games.
If you loose your keys, you don't have them anymore and can't use them. HMG still has the records and can still use them, they have just shared them with members of the public. It is reasonable that government should share information with the public. Now come on, it is unreasonable to ask which members of the public they shared them with. If they had shared them with you, would you want the whole world to know? So just rest assured that HMG does not loose things and will never tell the world about the data it has shared with you.
It's just another failure to see the wood from the trees.
Don't take the data off the premises. Ever.
If it ever must be physically transported, then it should be treated with the importance it deserves, not stuck on a CD in an envelope and given to a courier.
But why should it?
Don't take the data off the premises. Ever.
The government doesn't.
@AC - Be fair chaps
[quote]Probably some of those 29 million are the same record being lost again...and again and again....[/quote]
May well be but, as it’s from a different department, there is, very likely to be, extra data from the records lost that will enhance better ID fraud based on all the previous data this government has decided to give away.
One might believe that this is a deliberate tactic to further the establishment of even more draconian rules that tout the necessity of an ID database so that any personal data “in the wild” can be matched against it in order to stop the terrorists playing out their destruction of the non-complicit with their view.
@Aetyr - Of course they lost it...
[quote]Yes, the current government believes that it is impossible to crack a Windows password, despite there being hundreds of freely downloadable tools on the intarwebnets which will do just that.[/quote]
Absolutely correct. And if you can't be bothered to seek the tools just boot up WinPE on a CD and the access the data without worrying about finding a password. I believe this doesn't apply to Vista though - but I will test that theory tomorrow.
@Jim - Re: Yet another reason against socialism...
[quote]Yeah, cos the private sector is so much better at keeping peoples details safe...[/quote]
The private sector may not be that much better, but as soon as a punter finds out that the company they use has screwed up they can change allegiances, within a few days. The same is not true for government - this is one of the myriad of reasons why allowing government the power over personal data is a complete nightmare and ultimately will lead to the destruction of our democracy.
I do wonder why there are so many Register news items that basically expose our current government’s “no nothing bonzo” strategy on decent IT, especially, when ultimately, it will lead to their downfall – it’s nonsensical; however, perhaps, this video (http://video.google.co.uk/videoplay?docid=3664960863576873594) may provide some kind of insight – but then again it may not. Who knows?
Also I wonder why The Register is not digging deeper; are their journalist too scared?
As you've probably read, the government's position on this is:
"We thought long and hard about the request to make Jeremy Clarkson the Prime Minister and in the end we put our thoughts down in a short film on YouTube. You can take a look here http://www.youtube.com/watch?v=cNy1w4DV5Hw"
Good to see them doing something useful with their time... still, the less actual "governmenting" they do the less harm they can do!
Seriously, though, Clarkson would make an awesome PM. Make everything go faster, make Britain far more patriotic over this once-great country (and specifically its cars) and cut a vast amount of red tape from Government. Probably end up with us in a recession from overspending on projects... but as we're almost there already what's the problem?!
Bizarrely off topic but what the heck..
>Photograph the sign with the supermarket in the background at least once
>to show they've accepted it (with a receipt aswell).
That doesn't show that they accepted it, otherwise you might as well write
out a bill of sale for the supermarket building and photograph that next to it.
Supermarkets very rarely prosecute their customers for parking, doing so just loses a customer so either, 1) The parking must be phenomenally bad, just do it better or 2) It's another organisations car park next to a supermarket. If that organisation is the council, it's government, and so is the DVLA.
Back on topic.
Why are they carrying all these laptops around with important data on anyway?
Can't they just take a précis? Or use a network connection at the other end?
In lots of organisations I've noticed that possession of a laptop is a sort of status symbol, when that happens it's just a security risk.
That would ring true no matter who was in government.
don't get me wrong, I'd love to see Our Dave as head honcho right now but I still wouldn't trust anyone far underneath him to do the right thing. Public sector employees don't change after an election after all.
Politicians are corrupts bastards who all need introductions to the real world or more preferably a chav tio get the right and proper deed done.
The general understanding in the IT.gov/Security community is that the CDs were almost certainly never posted - i.e. were lost inside the building and never made it to TNT. Its rather less likely they are "in the hands of criminal masterminds" than the Daily Fail would have you believe. Probably went in the bin and are in landfill.
Still careless and 'at large' though.
@Supermarket AC - DVLA get paid for giving access to Big Jimmy the Wheelclamper, that's why they do it (naturally).
"That doesn't show that they accepted it, otherwise you might as well write"
The parking person must have read it because it clear and in your window and they are at your car, they have the opportunity to refuse (tannoy you to leave the supermarket because your misparked, or tannoy you to correct the parking and pay the quid fine as per your contract terms). The purpose of the photograph is simply to show a judge it's there and clearly visible and readable and always on for a long time (i.e. opportunity to read it every time the car parking is checked) and a similar contract to the plaque they put up.
The aim isn't to protect you from ticketing harassment however, it's to show that parking is a civil problem and DVLA has no business releasing private confidential information without agreement. It holds that info in trust, a bank wouldn't release your account details just because someone claims you owe them money, so why should the DVLA.
By adding the term "you agree I can obtain the home addresses of supermarket staff... blah blah blah, DVLA blah blah blah to get the fine for your contract". It's to give a basis on which you can go ask for the DVLA details of the plates in the staff car park.
Good for the gander.
You're wrong, leaving a notice on your car doesn't automatically bind anyone who looks at the car.
If you can't see that the best thing for you to do is to try it.
>Good for the gander.
Duh, it's not their leaving a notice that binds you, it's your _act_ of parking your car there.
Like I said supermarkets rarely fine customers, either the car park belongs to someone else or you're properly abusing it.
As for the DVLA thing, are you sure they didn't ask a court for the address?
"You're wrong, leaving a notice on your car doesn't automatically bind anyone who looks at the car."
The *choice* part of my contract is where they make the choice between
a) Tannoy me to leave (i.e. ask me to leave the supermarket because I won't accept their parking terms, and reject my terms).
b) Do otherwise.
"Duh, it's not their leaving a notice that binds you, it's your _act_ of parking your car there."
The plaque forms an offer of a civil contract, they claim that by parking and not leaving it forms acceptance of the terms on that civil contract (leaving aside questions as to whether you read it). However I have not accepted that civil contract, I have offered my own terms. Those terms are reasonable (mispark = a 1 quid fine) and they have ample opportunity to reject my terms on many occasions.
"Like I said supermarkets rarely fine customers, either the car park belongs to someone else or you're properly abusing it."
No, it's common now. They use to employ a person to run the car park, who would tannoy you to say 'Y8364 THG has left the lights on", or "Y8364 THG is blocking a delivery bay can you move it please". Parking companies offered to do it for free, but only if they can issue fines. DVLA made it possible to get home addresses from the number plate for these companies (they even get a computer connection right into the DVLA records). A nice little earner.
The companies try to maximize the number of fines issued to maximize it's revenue, for the weakest of infringements with the minimum of collection fees. The contract with the supermarket sets the limits they can get away with.
Some do the clamping game (I read McDonalds carparks do this), they stick the fine on then clamp, or even a tow away. Perhaps McDonalds gets a cut of the revenue, I don't know.
"As for the DVLA thing, are you sure they didn't ask a court for the address?"
No sadly the DVLA makes it possible for any individual to obtain the car details on a disputed or false claim, and for the large parking scammers, debt collectors, credit card companies, all sorts of others, they can apply for direct computer access.
Government not only loses 29 million records, it hands out confidential info too via this DVLA route and many others.
That Leeds boy was prosecuted on terrorist info charges, part of the case against him was that he had the home addresses of some officials. But I can't help thinking, if he worked for a parking company he could just plug their number plates into the DVLA to get those details, HMGOV is so free and easy with info.
>The *choice* part of my contract is where they make the choice between
>a) Tannoy me to leave (i.e. ask me to leave the supermarket because I
> won't accept their parking terms, and reject my terms).
So for them to refuse your contract they have to seek you out and make a public notice, but for you to refuse theirs a note in your windscreen is enough?
It requires an act for a party to become bound to a contract, you've accepted theirs by parking. They haven't accepted yours just because you wrote it down somewhere.
Try it, you'd be guest of honour on Top Gear if it works, otherwise it'll cost you about 60 quid, plus costs.
Who's the supermarket? Sounds like they deserve a bit of bad publicity.
Normally I can fully accept that people are stupid enough to do really really stupid things.
But this is beyond stupid. This is *so* stupid that it makes me blubber at the mouth and, my subconscious creates possible scenarios with which to explain the event which dont involve everyone in all of levels of government quite seriously having special needs.
The idea that Britain is flooded with Russian spies who are exporting data as part of some plot to further destabalise our messed up society becomes *preferable* to the *slightly* more likely explanation that our country is being run by a bunch of dope-head, university drop-out scumbags high from the fumes of each others absinthe-ladenm piss.
Biting the hand that feeds IT © 1998–2022