Feeds

back to article Senior officials now in frame for HMRC data fiasco

Senior officials were involved in the decision to post the UK's child benefit database on unencrypted CDs, it emerged overnight. Sir John Bourn, head of the National Audit Office, said decisions were made at a higher level and that the NAO asked for the data be "desensitised" but this was rejected on grounds of expense. Her …

COMMENTS

This topic is closed for new posts.

Page:

Black Helicopters

If they did not have this data breach they would have had to create it

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards."

As expected.

If they did not have this data breach they would have had to create it. Now they have the best argument in favour of a national database and ID cards. They can even make them voluntary. If you have an ID and you are on the national database you have nothing to worry about. If you do not...

I bet that if we dig further we will find someone even above the "senior manager" pushing for this.

0
0

Do we know what it is yet?

Have we found out the file format and what form the password protection took (and how the password was communicated) yet?

I have to say I am surprised that removing some fields from what is presumably a text file or Access database does not seem an insurmountable problem to me, but in this exciting, outsourced, friction-free world in which we live running an AWK script over a text file is probably a £10K call-off on a contract.

0
0
Anonymous Coward

Shhhh, don't worry, be union...

"the disaster actually strengthened arguments in favour of ID cards."

here's a few observations :

1) how not to secure my data .com

2) MSFT security -- not

3) more humans = less security

and

4) let's form a committee to hire a big consulting company to spend big money to reinvent the wheel

0
0

The joys of outsourcing

No doubt whoever runs the HMRC system charges £5k for a custom SQL query that any decent PFY could do in 20 minutes, given sufficient liquid incentivisation...

0
0
Coat

Good...

"A junior official from the Child Benefit IT department has reportedly been suspended and sent to a nearby hotel with a minder in order to protect his or her identity."

As long as 1 in 25mil peoples identity is safe. When do we all start getting our own minders?

0
0

@Anton Ivanov

<quote>If they did not have this data breach they would have had to create it.</quote>

And what makes you think that this wan't a contrived Security Breach for this reason????

0
0
Go

Letter to My MP

When this story broke I wrote to my MP asking for a bunch of details, including the file format and the current password protection policy.

I'll forward onto El Reg any info I recieve

0
0

Irony

"A junior official from the Child Benefit IT department has reportedly been suspended and sent to a nearby hotel with a minder in order to protect his or her identity."

First impression: They lost 7.5 million of our identities but the junior official's identity is protected by letting them stay in a hotel with a bodyguard at the taxpayer's expense. Brilliant.

Second impression: I'm not actually at all vindictive about the junior official in question, since we all know it was neither their decision nor their fault. Some people might not be of the same mind but I can't imagine anyone wanting to commit actual physical harm to them. What the minder is really there for is obviously to make sure they don't spill the beans to the media about who was actually responsible. Now that is, quite frankly, downright creepy. If it was me I would be saying "Fine, if you're going to sack me, sack me, and get your goon out of my way so I can start looking for a new job."

0
0
Ian

I agree with the unions somewhat.

The government is trying to offload the blame to "junior" staff. My question is, why if they were handling 25 million records were they junior staff?

The very fact is, no one at junior level should be expected to handle that amount of data of that importance so regardless of who was at fault it's still senior staff to blame for putting junior staff in that position in the first place.

0
0

It beggars belief that they couldn't extract just the stuff the NAO wanted

without it being "too expensive".

I think we need a technical explanation for why someone couldn't just grab the fields the NAO needed.

Heck, I can buy a CD-ROM on the high street with names & addresses from the electoral roll, and that must be a comparable number of records.

Select Name, NIN, anything else of no interest to Russian mafia boys

from BloodyHugeDisk.Claimants

Telling us they couldn't strip out the innocuous stuff without calling in Arfur Andersdone (with a silly accent over the second "d") and paying them big wonga sounds like a gormless bluff.

0
0
Flame

What's worse - losing it or selling it?

The government has been selling our details to outfits little better than criminals for several years and continue to maintain their right to do so.

Don't believe me? All you have to do is set yourself up as a parking enforcement company, sign on with the SIA (Don't worry - they won't do any checks on you. They didn't on those 5000 illegal immigrants, did they?)

After that, all you do is collect a few likely looking car registrations and send them with a cheque to the DVLA. They'll give you the registered keeper name and address for a fiver a time. Sweet.

0
0
Alert

David Craig will have a FIELD DAY with this

He just about predicted that crap like this could and would happen in his book "Plundering the public sector". He was so right all along.

Go David!

0
0
Flame

eh?!?!?!

"Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards"

did he now?

fucking how's that, then?!?! i love the way he can just come out with crapola like that and not have to actually back it up with facts or even theories. at the end of it all, they didn't take appropriate steps with sensitive data. it should have been crypted to buggery, 4096 bit stuff. delivered by armed guard, if necessary.

GRRRR!!

0
0
Unhappy

How hard can it be?

"the NAO asked for the data be "desensitised" but this was rejected on grounds of expense"

How hard is it to run PGP over a file before sticking on the CDs?

Well, it would take the education of senior politicians - which can be hard.

More importantly it would take educating senior politicians that MS tools and (laughable) security are not all they're cracked up to be - and since MS bunged the British Library £100 million ( http://news.bbc.co.uk/1/hi/technology/4402442.stm ) that's *very* hard indeed!

0
0
Unhappy

Tell the Truth

If the chancellor is telling the truth - that only one junior official was to blame - that is much more worrying that the Tories' version.

How is that a junior official has access to the entire database, can copy it onto CD and, presumably, put it in his pocket (rather than the post) and take it home to sell to anyone he wants to? With no audit trail or management oversight. If this is what happened, heads should roll.

If a senior official was involved (which is likely) the chancellor is lying or misinformed and even more heads should roll, including his.

Poor old Steve McLaren looks like a hugely successful mastermind in comparison with this sorry lot.

0
0
Anonymous Coward

It's an access database

Having worked with government departments for many years I would bet my right testicle on the fact that it was an access database which was being used as a local copy for that office's use. We all know how secure they are...

0
0

@It beggars belief that they couldn't extract just the stuff the NAO wanted

From a technical point of view, the operation is very simple

However, as mentioned, if IT is outsourced, this sort of one-off is not usually contractually defined, so you have to launch the procedure for non-standard work, which is normally slow and painful (in my experience it almost always involves having to explain what you want to non-technical people as a first step) and leads to all sorts of farcical situations, or gets bypassed

To be fair to the outsourcer, if it's not in the contract, why should they do it except following contractually agreed steps and getting paid for it, same as any other contract?

0
0
Unhappy

Meanwhile in the private sector

Working in baks for many years, if a similar incident had happened, even of 1/100th of the magnitude, they'd be frogmarching everyone that had his figerprinted on this f-up out of the building with a binbag, and not a lot of sign of full pay and hotel rooms.

0
0
Unhappy

Poor Sod

I'm glad people are now starting to think about the only victim in this fiasco. The poor guy or gal who sent it out on the 18th of October. Was this or was this not the last day of the postal strike? Seems to me that internal unregistered post was the only option available on the day.

"Has a minder in a nearby hotel" - suicide watch more like.

0
0

This corker is circulating round our office...

Kirsty Young's next guest on Desert Island Discs is Alistair Darling. However, the programme will be shorter than usual because he has lost four of the eight records

0
0
Coat

What really happened

From the bbc story:

“He said the NAO wanted only limited child benefit records but was told in an e-mail from a senior business manager in March that to remove more sensitive information was too costly and complex.”

Right. Costly and complex – it’s a database right – so a simple query could have been written – may have taken time to run if it had to pull out all that information – actually the query might have been pretty complex given that im hoping the table structure was set up properly with all the correct joins and normalisation etc (though I wouldn’t hold my breath). Also – 2 cds? Whats that - about 1.6GB of data? Sounds a bit small for 25million records considering when I worked in the hospital the database I used that held the data for the patients that had been seen in the hospital – considerably less than 25 million I might add – was sitting at around 2GB when I left.

Im also assuming that they will have information officers whose job it is to respond to requests like that – who may be familiar with a little known application called crystal reports.

Though what happened probably went something like this:

Scene 1 - HM customs & revenoo office, basement where the IT people are kept

Non-Existent High Level Civil Servant (NEHLCS): “Ho there laddo! A mate of mine at the Audit Office,old school chum actually, jolly good sort [insert long winded anecdote about old pull-my-finger Smythe]… Well he asked for a bit of information that we have. I’ll have my secretary send you the details shouldn’t take a clever lad like you long eh?”

Scapegoat: “Umm… well maybe. Depends what it is they are looking for. Oh and could you sign the authorisation for me to access the data please as well – you know.. for the security audit thingy we are supposed to do…”

NEHLCS: “Well he did say its dashed urgent. No need to bother about that security tosh now – don’t worry I will do it later. You just get that info he wants and send it over to them toot sweet.”

Scene 2 – 20 minutes later

NEHLCS: “Well laddo have you managed to get that info I asked for?”

Scapegoat: “Umm… Just writing the query now. Its actually quite complicated because…”

NEHLCS: “Argh! Non of your technical mumbo jumbo! I don’t understand that rubbish anyway! Can you not do it faster?”

Scapegoat: “Not really boss. It all takes time, and because of the amount of data it will take a while to run when it is ready anyway”

NEHLCS: “Bugger. He did say he needed it soonest. I know,” (Self satisfied smile)”Send it all.” 

Scapegoat: “Umm… All of it? Are you sure? I don’t think that we are allowed to do that…”

NEHLCS: “Nonsense! We are the Government! We can do what we like – it is just sharing information anyway. Will be a lot easier when we have that big central database” (Scapegoat shivers and turns pale) “Stick it all on a cd and send it down to them. Let that git Smythe get the stuff out of it himself. Always was a lazy bugger.”

Scapegoat: “Umm… send it how? And it will take time to burn it onto cd anyway”

NEHLCS: “The post you daft sod! How else! Actually better use that courier service we use – stick it in their bag – royal mail are probably on strike again. Ruddy socialist slackers!”

Scapegoat: “Recorded delivery right you are”

NEHLCS: “Oh no! we are trying to save money here. It will be fine in the normal bag”

Scapegoat: “Riiiiiight….lf you could just sign this form saying that you have authorised a copy of the ENTIRE SYSTEM….”

NEHLCS: “No time! Of to see the minister for a few ummm… policy thingies. Pop it in the post there is a good chap.”

Scene 3 – A month later

NEHLCS: “You there! What happened that bit of data you sent to the Audit office! They haven’t got it yet!

Staffer: “…”

Scapegoat: “Umm… actually that was me. I posted it like you asked”

NEHLCS: “Well they have no record of getting it. Where is the tracking slip”

Scapegoat: “….”

NEHLCS: “Well?”

Scapegoat: “you instructed me to send it by normal mail”

NEHLCS: “…”

NEHLCS: “Send it again – This time recorded delivery. Those buggers at the Audit Office probably lost it.”

NEHLCS leaves basement

Scapegoat: “Boss. The boss had me do something and it stuffed up so now im telling you – we’ve lost a copy of the database.

IT Boss: “*@!£%^&*&I*UO(*U”

0
0
Black Helicopters

How did they fit all the data on 2 CDs

Ok, so nobody has yet specified whether the were "ordinary" CDs or not. But you'd have to go some to fit 25 M records onto 2 CDs. Rough calculations seem to suggest that each record would have to be between 50 and 160 bytes ( this is back of the envelope stuff ).

Presumably, since it wasn't encrypted, it also wasn't compressed so a small record with name, address, NI number, DOB, bank details might be :

fred bloggs,23 the road,truro,cornwall,tr5 4tr,ab123456b,020304,12345679,010163

That's 79 bytes - many records would be bigger than this and that's just CSV ( no allowance for file format /separators etc ).

Did they /really/ get all the data on 2 CDs ?

On a less cynical note - don't they have the intarweb in Govt ? If someone wanted a gig of secure data off of me I'd fire it over a VPN or something ( after encryption ! ).

There's no chance these muppets will /ever/ be able to run an ID card scheme securely !

0
0
Flame

Utter Toss

Obligatory speculation : CSV file, zipped with password. This is very, very common when shifting bulk, high value, personal data to/from outsourced functions or external organisations. Sad, but true*. But who knows how these muppets go about things.

Not so speculative part : Additional expense ? For unticking two fields (sort code, account number) in the database table export wizard used to dump the CSV (or whatever format) file ? At worst, setting up a duplicate query with those fields removed ? Fuck off. And there simply isn't any way it would have been much more complicated than this** no matter what's on the back end. (And it will be SQL Server or Oracle, I'd guess Oracle 'cause HMRC (or their outsourced pixies) have some experience in Oracle data warehousing)

I've seen this done (and done it myself) a hundred times, and I don't recall it ever being a chargeable extra.

Definitely not speculative : If a "junior official" is in a position to make such decisions, and access such data without some managerial supervision, then whatever else the gov might claim, HMRC really do have *serious* systemic problems with their IT, security and management processes, this is beyond question.

Grr!

*In which case your whole 'security' policy is largely predicated on the integrity of the physical transport process.

**OK, it's a little more involved in Oracle with no third party tools, but come on, it's what ? Seven lines of sqlplus ?

0
0
Alert

Hmm

"That's why we don't like seeing work off-shored. It raises all kinds of security issues about sensitive data and the worry is that it could get into the wrong hands."

I may be from 'daan saf' but Tyne and Wear is hardly off shore!

Anyone else think the 'unions' are just using this to bolster their own self importance?

0
0
Paris Hilton

@Joe McGrath

The easily could of used DVDs. They probably wouldn't know the difference.

0
0
Anonymous Coward

It's bound to happen again.

HMRC has for years been cutting staff and costs, for one reason or another. It has been for years the practice to de-skill tasks so that they can be given to poorly paid and badly trained temporary staff or E grades.

This whole process has been driven by successive chancellors, such that now most of the people who are qualified to do it have too much to do.

Knowing many people in HMRC, tells me that most staff are though demotivated, surprisingly, conscientious and hard working. That HMRC works despite its management, not because of it, and that they despise their politically appointed senior management and their advisors who know nothing about the practicalities of running HMRC. So in that they are probably no different to the vast majority of us who work in large organizations.

Why will it happen again, well, the politicians will insist on a knee jerk reaction, rapid changes to procedures which will be implemented by a new management that knows nothing about the business. With luck people will be trained, but the training won't be kept up because of cost, and so on it goes.

The general standards for handling sensitive data in government are actually very good, and easy to understand and far better than anything you see in the private sector.

0
0
Thumb Down

Excuse me?

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards."

What, so the Gov't can send even more of our personal data around the country in a completely unsecured manner?

Also, what kind of screwed up database system have the HMRC got running, that simply removing the fields that they don't need from a data dump involves a prohibitively high expense of time and manpower???

Most (Microsoft) Office monkeys could do this in Excel, let alone the kind of over-priced Oracle-type monster that they've got, so why can't... wait, nevermind.

0
0

Really not that difficult...

... To filter the data.

[sql]

begin tran stripoutconfidentialdata

select ninumber from bigconfidentialchildbenefittable

commit tran stripoutconfidentialdata

[/sql]

Export to CSV and encrypt.

That will be £10,000 consultancy fee please...

0
0
Stop

Elaborate, Darling ?

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards. "

I'd be very interested to read how he could elaborate on this one. El Reg to call him ? Worth the cost, IMHO.

Even in my banana republic, the press would collapse from laughter on this one ...

0
0
Silver badge
Black Helicopters

What!!!

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards."

He's a bigger muppet than he looks if he thinks anyone is going to swallow that line.

0
0
Stop

Shooting yourselves in the foot

I also have a lot of sympathy with the union position and I don't like off-shoring of sensitive data, but when the unions come out with statements like this:

"That's why we don't like seeing work off-shored. It raises all kinds of security issues about sensitive data and the worry is that it could get into the wrong hands."

Didn't the big fucking irony alert go off in their minds?

Now their opponents can simply argue that an Indian data centre might lose the data, but it'll definitely be cheaper.

0
0
Anonymous Coward

What a load of tripe

Without knowing what exactly was on the CD's (suspect probably DVD's, but we all know how good the media are at reporting what the actual facts are, but don't let the facts get in the way of a good story), I honestly don't know what all the fuss is about in regards to Identity fraud.

Given how much information you have to provide now adays, information in general circulation is relatively easy to come by, but when fraud has it's rewards it is generally because people don't follow process, and get lazy.

Now, ok, in this case some data has gone missing. I suspect that someone is going to come back from holidays and go, oh, oops, what I am I spose to do with all these DVD's I have three copies of. Probably not the smartest way, to have transferred the data, and well, suspect that they were too lazy to bother encrypting the data. But really, the hype over this is just stupid.

0
0

Credit checks ...

Given that all of us who are on the Child Benefit records have now been advised to check and recheck our statements and credit history, are HMRC going to cover the cost of getting credit reports from Experian and Equifax for everybody affected? Only fair, I would say ...

0
0
Anonymous Coward

Are outdated policies to blame?

I've worked as a contractor for several government agencies, and I've seen this thing plenty of times.

I am allowed to send restricted data (which I assume this data is classed as) through the Royal Mail without any encryption required- simply because the Royal Mail is a 'trusted' organization and the Government must support it.

Laughably if I want to send confidential data (the next security level up from restricted) it can still be sent unencrypted through the mail but must be secured inside two envelopes. No, seriously, that's it- possibly when thieves open the first envelope they get confused and think its a game of pass the parcel...

I assume that the internal mail system of the HMRC is also 'trusted' and that the data is only restricted so technically no-one from the IT side has done anything wrong.

If someone was to use the freedom of information act to request the HMRC's policies on handling and transferring different security levels of data they could confirm this... *nudge nudge*

0
0
Flame

It's an access database

what toss.......

thats the problem with so called clueless"IT experts" , read "the reg" and think that they are Alan Turing and Bill gates rolled into one! -

"it was probably an access database"

id like to see a access database loaded with 2m million anythings and then still be able to export it to disk!

its probably same guy making this statemnt, who drew up the scurity and file and data transfer policy - stuff it in a jiffy bag and courier it up the M1 gov'nor...

otherise, well its either that or get a ad-hoc request through the GSI.

as for the lowgrade uncivil servant, he was probaly just following procedures - why dont we see a senior uncivil servant or a minister taking a jump of waterloo bridge?

0
0
Anonymous Coward

Plus ca change

It seems to me that despite the outrage that we all feel about this incident, absolutely nothing is going to happen to put it right. The government will sit tight and wait for the fiasco to blow over unless public pressure is so great that they're forced to do a U-turn. Are we there yet? Nope. So nothing's gonna change.

I've never wanted to chuck a rotten tomato at a politican before but right now Mr Brown deserves an entire truck load.

0
0
IT Angle

In response to anonymous coward

Really? I wouldnt have thought of that. Thanks for clearing that up.

0
0

A little boy did it, but we grabbed him

because we thought he'd run away, and that nasty Press gang would find him and make him blub up and implicate us big boys.

Is anyone counting how many government ministers are trotting out this preposterous story about "self-empowered" junior officials? My guess is they would have tried to pin it on the office cleaners had it involved anyone other than the NAO.

0
0
Silver badge
Unhappy

What is this "Junior" Official's job

A lot of commentators are asking why a junior official had access permissions to the entire database. Perhaps because that is his job?

I suspect that his role is to support a database application. He may have amazing technical skills and years of experience, but because it's a hands on role, he's "junior". Senior staff don't get there hands dirty, they go to meetings, think about blue skies, rub shoulder with politicians and issue instructions like "Send all our data through the post on a password protected disk because encryption software and secure networks are too expensive" and "I want it done by lunchtime!"

Would you really want to give such clueless senior civil servants full access to the data?

0
0

"Senior officials now in frame"

I never thought anything else.

The NAO didsn't contact him direct and say "Oi mate, bung us a copy of the entire database on two CDs", did it?

0
0

Shock ! Horror ! Still on eBay with NO bidders ! Hurry !

bung the magic phrase into eBay:

The Missing 2 disc special edition

and you can see the cunning CD swiping swine have disguised 25 million kiddie benefit claimant addresses as a Ron Howard / Tommy Lee Jones / Cate Blanchett double DVD injuns 'n' redemption romp.

Special edition, indeed.

0
0
Silver badge

Did my ears deceive me?

Last night's Newsnight said that the NAO asked for anonymised data, but the Revenue refused as it would be too much work for their IT support run by...

...EDS!

Also, are we sure that Alistair Darling isn't a Marxist out to overthrow the capitalist system? In just a couple of months he has completely destroyed the nation's trust in banking, something generations of Trotsykites had never managed.

0
0
Stop

What the hell is a "Junior Official"???

Brown and Darling are taking full advantage of the public’s ignorance when it comes to the workings of the civil service. Their use of the word “Junior Official” is highly misleading. I’ve worked in the Civil Service since the late 80’s and I’m not entirely sure what a Junior Official is – it’s not on any pay scale I’ve ever read. I can only assume they meant someone who is not a Senior Civil Servant (SCS). If this is true, of the ½ million civil servants in the UK – 4000 of them are SCS. That means 99.2% of ALL civil servants are “Junior Officials”. The wording has clearly been used to give the impression of an office junior – an incompetent temp. And in this case, and what is more worrying, a rogue one. This is very misleading. It is simply not possible for an individual to act independently and download an entire database from the Child Benefit system (a “live-load run”). This requires very special permissions from management. There is no way this individual is guilty of acting independently – it’s impossible. If he’s guilty of anything, he’s guilty of trusting that the courier service, TNT, would do their job. Nothing more. Hardly a sacking offense.

0
0

How they would filter out the sensitive fields

A few years ago a student friend had a summer job working with data that was either census or electoral register (I forget which now). His job, scheduled to last 6 weeks, was to go through the data finding households with more than 5 adults.

Being a computer science student, he realised that this could be done in a matter of seconds with an awk script, or similar. But if he had done that, he would have been congratulated and then fired since there was nothing else for him to do. So he spent the allocated 6 weeks doing it manually, as instructed.

This wasn't HMRC, but I imagine that the same sort of thing happens in most large organisations.

0
0
Anonymous Coward

Agreed, not access, not sql...

This is government - think mainframes, think generations older, think VME, IDMSX, COBOL!

All these "just write a query" idi0ts have no idea!

0
0

Reap what you sow.......

The Government is getting what it deserved - a level of service commensurate with the resources allocated. An analogy with monkeys and peanuts springs to mind. I used to be a civil servant, latterly in the old C&E and am well aware of the cuts in staff and the direct and indirect effects.

The joke is that senior management always meet the targets for cutting staff and at the same time produce an "Assurance" that the Revenue is being protected and that all is well. To do anything else would put a bonus at risk. The remaining staff have to carry the can for the top level incompetence.

0
0
Nev
Bronze badge
Coat

"Junior Official"

Isn't that the title given to someone who is subsequently found dead (under suspicious circumstances) and is later said to have committed suicide?

0
0

@Phil Endecott:

Why didn't he run the script, then just *look* like he was doing it manually & give them the info piecemeal?

0
0

@plus ca change

If enough of us got really worked up, we could chuck these toerags out. However, it requires that we actually do something other than puff impotently on websites such as this. As George Mikes said "Other countries have revolutions, the English have satire"

Or as the Governator put it in "Red Heat"

"Pud dee politishuns up against dee wall and shute dem"

James Belushi - "No; the lawyers wouldn't let us"

"Shute dee lawyers furst"

0
0
Boffin

re: How they would filter out the sensitive fields : Ssssshhhh!

"Being a computer science student, he realised that this could be done in a matter of seconds with an awk script, or similar. But if he had done that, he would have been congratulated and then fired since there was nothing else for him to do. So he spent the allocated 6 weeks doing it manually, as instructed."

Surely the correct approach in these situations is:

1. Write the script and run it

2. Spend rest of the summer getting paid to sit back, play Minesweeper or (if you're lucky) browse the web.

3. Hand in your results (and if you're feeling nice, the script) at the end of the contract, having been paid the full amount.

(For career bonus points, shave up to a third off the boss's expectations. They will be amazed, you will get 4 weeks pay for a day's work; the next guy still gets room to "improve" the process further still, everyone's happy, right? For geek bonus points, spend the rest of the summer benchmarking and optimising the code until it's mathematically impossible to tighten...

We've all been there, surely?)

0
0

Page:

This topic is closed for new posts.