
£400,000?
Blimey - I'd do it for half that!
Taxpayers will finally see some value for money out of the former goverment's ID card scheme. The cost of destroying the personal data collected under the ill-starred programme will be a mere £400,000, Home Office minister Damian Green revealed yesterday. The figure came in a commons reply to Paul Goggins MP, who'd asked what …
Surely that level of CESG approved destruction is reserved for equipment that has handled TS data? Surely a multi pass random data wipe, and incinerating the memory if you are really paranoid would be sufficient.
Alternatively I would like to offer my services with a bloody big axe at a fraction of that price. Hand grenade cos well that would be just as effective.
If you actually read any of the guidance you will see that the affect of aggregation means that although the individual elements may have a low or medium business impact as a whole they may havea higher protected marking.
Imagine the impact if the whole lot was found in skip? Huge, far more than if one persons name and address was disclosed.
They are called the Secure Sanitation Levels of compliance or SSLs.
SSL1 can be discounted, because it only covers eventualities of loss to the public purse of £1000. It involves grinding magnetic media to 25mm particles, but I don't think degaussing is required.
SSL2 compliance covers risk to an individual, or group of individual's, safety and liberty. This means complete demagnification of each disc in turn and then shredding to the BS8470 (known as 'Commercial best Practice') 25mm particles. I know this because this is what we use: it covers potential losses to the Public Purse of up to £10 million.
However, given the furore, they've probably opted for SSL3 compliance - normally reserved for Top secret data or the possibility of "substantial material damage to the national finances" - which means individual degaussing and on site rendering to 6mm particles.
We're probably talking about several rooms full of P9xxx-sized disc storage arrays. By the time they're finished, the shredders themselves will be in need of a fairly expensive overhaul.
This is how it ends, however - not with a bang, but with a sort of 'nom-nom-nom' noise.
"what the arrangements were for the data destruction, and what the cost would be."
Well, it's easy: you move all files to a single laptop, then give this laptop to a civil servant, and hey presto, noone knows what happened to it the day after.
Cost breakdown:
Brilliant idea: £100,000 bonus for whoever got it
Selecting a civil servant: £100,000 for picking a name at random (including purchasing of custom little pieces of paper specially ordered for this occasion, pens to write down names on the papers, and a platform hat from which a name will be pulled)
Laptop: £100,000 (including network cable, mouse, and 256MB RAM upgrade by a consultant, and security in te form of asking a number from 1 to 10 with locking of the machine after 10 unsuccessful attempts)
Civil servant selected: £100,000 bonus for the successfully losing the laptop in a public place)
TOTAL: £400,000 (before cost escalations due to inefficiency, over-capacity and incompetence)
REAL COST: about $40M + VAT + inflation
1. Download DBAN.
2. Boot servers holding data from DBAN disk. Select Write Zeros, single pass, and wipe.
3. Reboot DBAN disk, select Write Ones, single pass, and wipe.
4. Power off servers, remove HDDs, pay 20 college students £500 each to remove platters and chuck them in a woodchipper, £10k should cover the cost of the tools.
5. Send the IT hardware, with licensed OSs and some tech time, to lower-performing schools as free upgrades.
6.Give me £370,000 "consultancy fee.
There. I saved you £10k!
What about traceability, insurance and compensation if something goes wrong? How do you know the students aren't nicking the disks or reading the data from them (which you didn't even start to erase properly - 0s, 1s, randoms, repeat about 8 times.)
I may well know that my disk has been erased because I saw it happen, but I need a bloody good audit trail to show my employer.
After all what can it possibly take....
Get the hard drives, floppys, tapes, paper, memory sticks
Put them in the councils waste incinerator
Oooh look, whatever is left is so mangled and melted it is less use than a chocolate fireguard..
Cost? About 50 quid of diesel, a couple of hours of time and a friendly councillor.
Introduce disk drives to thermite, and call it a training exercise for the EOD team.
Cheap.
Fun.
Clears out old stores.
Cost, time and petrol for the EOD team to collect old stores, and ship away the slag afterwards.
Anything left awards is likely to be magentically unstable having been exposed 2500C.
£20,000 (generously) to destroy data
£380,000 to negotiate the hopelessly convoluted, labyrinthine and pointless bureaucracy to ensure beyond reasonable doubt that you DIDN'T leave it on train.
If that's what it is I'll take the ludicrous charge to finally put to rest one of the stupidest ideas of the modern age....
Given that it's a _government_ system and due process is far more important than cost, efficiency or time taken - and that they must audit each step, I can see it would work out something like this:
step 1. print out all the records
step 2. delete the next record on the list
step 3. verify each record has in fact been deleted
step 4. tick that entry off the printed list.
step 5. when all entries have been deleted, start deleting the ones off the printed copy. goto step 1
Any half-decent government administrator could turn this simple task into a job for life.
When they say destroy the data, that's exactly what they mean. They will have to gather up all the back-up tapes and irrecoverably destroy them, erasure is not enough for the impact level that ID Card data would have been held at.
Then there's the disk drives that will have to be securely erased, and the removed from their SAN trays and put through a specialised shredding device.
It is also probable that there's a whole host of other data stores that would need to be destroyed, like server boot devices and so on.
You would be surprised how much data can be recovered from an erased disk, even if you have overwritten in n times.
That's why it'll cost so much.
Oh yes and we mustn't forget the stupidly convoluted contract, but I think IPS probably has a data destruction contract in place for its systems, or its IT service provider should have.
Has no-one actually looked what is involved in the destruction of the data???
It's linked to from the main article (for the hard of thinking: http://www.theregister.co.uk/2010/11/08/government_will_shred_id_card_data/). Although, it still seems that £400K is a bit steep there's clearly a lot more involved than just putting a sledgehammer to some racks...
Personally, I'd be happy for the government to spend twice that amount to get rid of the NIR. A bloody good riddance!
really, just really!!!!!!!!!
so are they saying that everyone else (banks, councils, hospitals) are destorying there data in correctly..unsafely,,,.. When i worked for the NHS we paid £50 a unit for the HDD to be shredded and the machines recyled - why cant they jsut do that....?
Like some of the above have said, i suppose its the consultancy fees and the server is going to the 'destroying centre' in a limo with bodyguard and escort (police on, not the other)
£400,000 works out as:
* £30 per card. [13,200 cards were produced - http://www.theregister.co.uk/2010/06/08/id_card_numbers/ ]
* 6 man-years at the pay rate of an ordinary back-bench MP, with the MPs taking four days to erase each card. [The salary of an MP is £65,738 according to http://www.parliament.uk/about/faqs/house-of-commons-faqs/members-faq-page2/]
I appreciate it takes a bit more than
for i in {1..10}; do dd if=/dev/urandom of=/dev/hda bs=512; done
but, even so.
The Ex California governor proved in his films how difficult it can be to destroy malignant technology. Make sure *everything* from the server rack is dissolved in a massive crucible of molten steel.
Then do a brain wipe of the politicians/civil servants who dreamt up the crazy idea in the first place.
on an artist's time to take the debris and create an artwork that will remind future politicians what the British people think of this sort of nonsense.
I'd prefer it if the disk platters were left largely intact, so that one could tell the sign-ups that their personal data had been welded into an artwork, and if they didn't like that they shouldn't have been in such a rush to hand it over in the first place.
I suggest that the platters be removed from the HDDs and a prize issued for designing a sculpture made from them. It should be errected within site of Parliament. I've seen the way "artists" weld, and I'll garantee you the hash they make will render those platters unreadable while forming a lasting memorial for those whose data is still on those platters.
Maybe Liberty giving the finger. Suggestions should be sent on the back of a Guy Fawkes mask to someone other than me.
All of you "I'd do it for half that" types, just think: How much fuss would you kick up if this data destruction wasn't done properly? I mean, in 5 years time when it comes on the news that they can't account for all of the disks and tapes that were destroyed, because the audit trail was balled up, and they say something like "well, we're pretty sure we got all of them, but we didn't write it down properly." What would you say?
400 grand seems like a lot of money, but it's a load of disk and tape from distributed datacentres. Not simple to keep track of, in fact it'll probably be a full on project just to make sure that they know what they're deleting and don't miss anything. It'd be more complicated if the arrays and tape libraries were shared, which is highly likely.
What is really worrying about most of the posts is that people on this site are assumed to know a bit about computers - but obviously have no first idea about what is necessary to DESTROY data, thouroughly, permanently, and demonstrably.
Some of these people could be in charge of systems with sensitive data on, and they would just throw the discs in a heap and bash them with a hammer!
I just hope they neve get in charge of any of my data.
Seems crazy to me that these systems are destroyed.
Of course proper data sanitation is required if the systems are to leave the government's control and (reasonably) secure data centres; but I would have thought they could be re-purposed for another government project providing that the classification of the their new role was equal or higher to the data held as part of the ID card scheme.
£400k may be the cost to shred the drives; but how much was the purchase cost - money that the government will surely be paying out again for more storage?
This post has been deleted by its author
It does sound out of proportion to me.
I am part of a team that runs a large SAN environement holding sensitive data.
Given that there are 'only' 13,000 records, the amount of disk they could be spread over cannot be that great! Even taking into account replicated site and backups, it can't be that hard.
When we store backs and archived data, we store in destruction data order, then we just need to pull out the container with todays date on it, and follow process.
Simples!!
What about the photo booths that have been set up in all the main Post Offices. A friend was employed setting these up for the DVLA. Phase one was for renewing photo driving licences. Phase two was for the roll out of ID cards.
Destroying the data is simple
But as long as the hardware exists the plan can always be revived