How much EU data will uk,gov lose?
All of it.
"Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns …
What would the Government's action (through the FSA) be if we had banks saying that they could not guarantee the safety of their customers' data? It seems that while the government can get away with a close-enough-is-good-enough approach, they would not let private organisations get away with the same.
Is it time that all of this work was managed by private companies? And no, I don't mean the government cronies at EDS - who, it would appear have trouble with a ZX-81, but companies who have already built their systems around the security of data - rather than what would appear to be a 'well, here's the data, now how do we secure it?' approach.
Nobody's perfect, and no system is bug-free. But surely it's time for a re-think?
There is *no possible reason whatsoever* for that information to exist in plain ANYWHERE IN THE ***** UNIVERSE, and equally no possible reason for that information to exist outside of the login system itself and its backup(s), where it must be encrypted.
So if it makes it off-site and off-backup, SOMEONE ****ED UP BIG TIME and the contractor has some serious explaining to do, preferably including them being fired and fined large sums.
Well done Labour Government, you've just proved that you know nothing about security. Truly, less than nothing.
Of the "Information on your fingertips" picture? Is this image officialy linked to STORK?
Does STORK plan to provide personal eID identification via fingertip scanning (either biometric or by the introduction of a chip / barcode?)
Or is this image just included for general scare-mongering purposes?
I cannot find any reference to it ior anything similar elsewhere on the net...
I wouldn't get hung up on the picture of a lady with a USB stick fingernail, data at your fingertips, etc ... I'm sure it's just meant to be lightly amusing. It isn't the logo for Project STORK. Unsurprisingly, that's a stork, flying through a ring of stars, and a painful attempt to explain the acronym -- Secure idenTity acrOss boRders linKed, plese see http://www.eid-stork.eu/.
> But what about our poor unfortunate EU partners, with their quaint habit of keeping confidential personal and business data locked up where only the intended eyes can see it?
No, it's translated in their respective languages. This just means that you sad monoglot losers cannot find it, and therefore think it's cunningly protected.
To prevent this stuff happening.
None of this data should ever be stored on anything that is remotely portable. If it doesn't take at least four men to lift it, don't put confidnetial data on it.
Of course, if you're gong to give away the login details to the big, heavy machines...
I'd recommend giving up the concept of confidentiality altogether. Why not? it is a almost a myth already. Let's just give up this strange sensitivity we have about our employment, medical, financial, criminal, etc records being visible to all. *Give* the whole damn lot to Google!
Brownspeak: "It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information."
Setting aside my deep visceral distaste for Gordon Brown and his toadies and handlers, I still boggle at the utterly cavalier attitude toward data security demonstrated by this statement.
It's true you can't make any system 100% foolproof, but you can shut the door on the kinds of stupid mistakes that have, so far, led to significant data losses. But with GB and his cavalier attitude at the helm, it's hard to believe anyone working on uk.gov IT will take security very seriously at all.
The man is a fatuous gasbag, blustering his way past demonstrations of his profound ignorance. He is, in fact, a Dilbertesque pointy-haired manager writ large.
So you want think it's a civil servant problem, really? Which would be solved by selling the access of all that very private and very valuable data to private companies? You're aware that approx half the data losses were the doing of *private* contractors, right? Also, do you *really* trust Google and the like not to try and monetize your health, tax, etc data (after "suitable anonymisation" of course, like removing the last letter of your surname or something)?
Every time i th I nk it cant get any worse than this they Decide to throw away any chance of not becoming a stat I stic On The id fraud Scales....
For f^&ks sake they cant even get a decent f*()ing acronym, what absolute rot is this!
"The European Commission launched the STORK (Secure idenTity acrOss boRders linKed)"
Even I can make up an acronym from an asine sentence - see first sentence! (Have popped in a few spaces to make it easier to spot).
Finally what an absolute tosh reason for all of this to be done "for us "it is not easy to access public services while working or living in another country". Who gives a flying f&*% about that when your entire life goes down the pan, because of some hairbrained scheme that exposes all your details to anyone!!
While Annoyed No Klepto's Ever Really Sure!
Big Irish Dave
You say:
Poor Article
I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.
----------
1. The UK government do have an appalling record as trustees of our data.
2. The Lisbon Declaration does mandate pan-European data-sharing and pan-European electronic identities.
3. The UK Government Gateway is our vehicle to satisfy the requirements of the Lisbon Declaration.
4. David Davis asked an important question.
5. Project STORK is designed to promote the Lisbon Declaration.
6. It is peculiar that IPS should be involved in leading Project STORK.
All of those are important points, undiminished by your devastating intervention.
I have tried out a number of counter-arguments for size but none fits because the fact remains that, in my mind, that USB stick was unencrypted.
That was the basis on which I wrote.
And on that basis I was wrong.
Our EU partners may well face risks by entrusting their data to the UK Government Gateway.
7. Given that it was encrypted, the loss of that USB stick is not one of them.
I do have an agenda.
I want the government to acknowledge the facts and to alter their plans accordingly when the facts dictate that they must.
In the case of the National Identity Scheme, the government seem to inhabit a fantasy land where the facts do not intrude.
If they are to be shaken out of that fantasy, I obviously must not make the same mistake.
In order to achieve that agenda, the power of 1. to 6. above must be preserved.
In order not to diminish their power, I must acknowledge 7.
Which I do.
This is a retraction.
With apologies to all concerned.
And with thanks to you for pointing out the mistake that no-one else has, in the nine months since I first made it.
Secure idenTity acrOss boRders linKed... does that even make any sense in the first place? What the frigging frack is the "linKed" even there? Did they troll the dic for a word with a "k" in it, any word will do? Not to mention that there is no REASON* not to USE** SIABL as an acronym for this particular choice of words. I mean this *is* how acronyms are supposed to work after all.
*secuRe idEntity AcroSs bOrders liNked
**secUre identity acroSs borders linkEd
Big Irish Dave
You say:
Poor Article
I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.
----------
1. You say it, and so do the newspaper and BBC reports on the case of the Government Gateway USB stick lost by Atos Origin in a pub car park in Cannock. On that basis, I offered my retraction, apologies and thanks to you.
2. I then sent the following email to Jacques Erasmus, the Director of malware research at Prevx, the expert who advised the Mail on Sunday:
From: David Moss
Sent: 03 September 2009 14:25
To: XXXXXXXXXX
Subject: Attn Jacques Erasmus -- Cannock USB stick, Government gateway
Dear Mr Erasmus
I refer to the 2 November 2008 Mail on Sunday article,
http://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stic
k-secret-personal-data-12million-pub-car-park.html
For nine months or so I have been using this article in part to help my case
against the UK government's National Identity Scheme and on 2 September 2009
I had an article published in The Register,
http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/
Or rather abusing the MoS article as by some psychological trick I had
avoided noting that the lost USB stick was encrypted or forgotten it but,
one way or the other, the matter was wrongly settled in my mind that the USB
stick was not encrypted.
That is my entirely problem, my embarrassment, etc ...
But the question arises, was the USB stick "properly" encrypted, would it
have taken millions of times the age of the universe to decrypt, or could
you really have decrypted it in a sensible length of time? Were the contents
all encrypted or only some of them?
It would be appreciated if you would comment on these matters, either by
email on on the comments page of the Register article,
http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/comments/, or here
http://forum.no2id.net/viewtopic.php?t=29301, and quite understood if you
can't.
Yours sincerely
David Moss
3. And this is the answer:
From: Prevx Weblog
Sent: 03 September 2009 16:21
To: 'David Moss'
Subject: RE: Attn Jacques Erasmus -- Cannock USB stick, Government gateway
Hi David,
It's been awhile, but the memory stick was not encrypted at all (I did the
investigation). No files on the stick were encrypted and all the data was
easily visible, there was a password protected zip file, however the
password was somewhere in a text file in another directory.
However, if it was encrypted with the high grade encryption, it would not be
feasible to decrypt the data at all. It would simply take too long for
modern day computing equipment.
Hope this helps.
Regards,
Jacques
4. Big Irish Dave, I think that leaves you and me completely confused, and requires a "proper" journalist, not me, to try to establish the facts.
Dear Surrender Monkeys:
We KNOW that you will not be able to secure your data and keep
some nincompoop from leaving a copy of it on a train, tram, cab,
or similar contrivance for any wandering wanker to pick up and view.
Please forward all your database to your kind best friend, Uncle Sam
for his immediate inclusion for those to put on the TSA no-fly list. Any
refusal will be considered an enemy act and treated accordingly.
We KNOW that you are all sheeple and willing to give all your personal
and private information to the government of you choice in order for them
to spend massive amounts of you dosh and then to ultimately fail in
using the data for anything but scam-bait.