David Hartnett, director general of Her Majesty's Revenue and Customs (HMRC), admitted yesterday that the loss of the child benefit database was just the latest, and largest, giveaway of supposedly private data by the department. Hartnett told the House of Commons Treasury Select Committee that HMRC was aware of seven other data …
Still nothing to fear?
***Hartnett told the committee: "We introduced at that stage more stringent rules. We set out in 2006 to learn lessons in relation to security and to tighten things up."***
Obviously very different definitions of "learn lessons" and "tighten up" than most other people would use.
And, when these same people say that they will 'learn lessons' and 'tighten security' for the national ID database we all believe them, right?
Doesn't even raise an eyebrow, that news.
Mind you, we've all become so accustomed to the UK government being totally incompetent at its job, this sort of thing is no longer news, alas.
More interesting will be when they actually discover that things like SSH exist, rendering this whole comedy of "it's in the post" obsolete. Give 'em a couple of decades - after all, they haven't even got e-mail yet...
So who is going down for it?
If this was the private sector treating data this way someone would have already been locked up and sent down for it.
So come on Gordon Clown you should be going down for this.
I find it hard to believe that any lessons have been learnt or "more stringent rules" were applied; what did they do before? Give the data away with a box of corn flakes?
This government can't even get the basics right and yet the want everyone to have an ID card with everything stored on it. ID fraudsters must be licking their lips.
So you recon that in around 5 years time, they may get around to implementing a 56-bit DES encryption... Or perhaps they might just be getting around to implementing a Ceaser-Shift cipher...
@Still nothing to fear?
Of course they've tightened things up! Presumably ANYONE could have just walked in off the street and burned a copy - we just didn't know it and blithely assumed that no one could be THAT stupid. At least now it's been upgraded to "people who work for us".
In other news, I guess the ID cards verification process will involve giving a whole load of details and the IPS seeing if they can get money out of a bank using them.
We so need a "Where's the Blunkett-esque justification?" icon for these posts...
...there is a new ELER comic strip out.
Stepping up to the Plate
"after all, they haven't even got e-mail yet..."
Oh, they definitely have that, Oliver, for it is ubiquitous, but it petrifies them rigid like a spineless jelly because all their dodgy dealings are then so open to "viewing". So rather than clean up their snouts in the trough act and embrace all the new technology which moves us into the Future, they act like the dinosaurs that they are and prat about the media stage as if they are important in the great scheme of things whenever their actions codemn and expose them as charlatans even more, every day. They and their posturing are becoming anachronisms and a pathetic joke which is slowly destroying all of their credibility.
And what excuse Media has for entertaining their nonsense rather than fixing it, is a question worth asking. Probably definitely a lack of Intelligence and Creative Direction. It is not as if the BBC were not made aware of their role ..... http://www.ur2die4.com/rollofbbc.htm. Another systemic failure and gravy train.
Westminster, you have a problem ..... [amfM apologies to (Major)Tom Hanks... but a sycophant is a sycophant is a sycophant and a luddite is always one]
Committee lessons learnt hmm
In the 40s this country was aware of cryptographic systems, we built machines to decipher the ciphers for which we had no key. In the 50s we became even more involved in crypographic systems and (as the story i was told goes) a young 21 year old mathematician working for GCHQ/MI5 finally solved the key management problem. Which was, that for all our data was secure, two separate journeys had to be made, the first transported the key, the second the data itself.
When MI5 implemented what has since become the RSA algorithm (yes that's right you americans it wasn't Rivest Shamir Aldeman that developed RSA first, we did and kept it secret until the release of files in 2001/2, so ner ner) the problem of data security became non-existent.
So why, after our triumphant history of keeping things secret do we still seem to have issues with the transportation of data? when security is as simple as;
C = M ^ e mod N
There was a time that you would be proud to be british with our amazing british thinking (see Al Murray: http://youtube.com/watch?v=o4vPPBRyHew) we were ahead of the game for so long. Now our civil service is full of chimps trying to drive a car.
The real test of ID cards is when the Government screws up and YOU seeing if you can any money out of your bank..
To those "you have nothing to fear" idiots
Ha in your face! Nothing to fear eh?? Its now (well it always was to us privacy buffs) become obvious that the government is inept at security. They cant even manage to securely transport data from one location to another....internally! What makes you think that the government will be able to look after all the info that would be stored on ID cards?
Imagine the potential damage that could be caused from the release of the 25million records that they lost now, imagine if it held biometric data as well! It would (in theory at least) be possible for someone to clone your fingerprints and leave them at the scene of a crime (think of every sci-fi conspiracy movie you have ever watched; enemy of the state anyone?) in addition to knowing all of your most private data. ID cards are a good idea in theory, but as any security nerd will tell you, its only as secure as the weakest point. In the case of ID cards the weak point would be some silly public sector prat who thinks windows ME is a good stable OS, thinks encryption is something that happened in ancient Egypt and who is working for the government because no private sector company would employ such a numpty...
Nothing to fear? my a*se
They sold your data
Take a lesson from what goes on here in the U.S. They sold your data to marketing companies to BOOST the economy's consumer/swindle-ism.
You will get more junk mail and telemarking calls.
Support NEGATIVE GROWTH ECONOMICS!
It's the only viable humanity now.
Don Robertson, The American Philosopher
Give this lot a comedy award. I know things in government take time to get right, but this is now starting to sound like a recurring nightmare. After all, the Data Protection Act has only been around since 1984 (revised in 1998 to cope with a more wired world).
Lost in the post?
Does this mean they will believe me when I tell them my tax return got lost in the post?
I still insist that dealing with our DATA-lives requires levels of resposibility equal to piloting an airline. Only with aeroplanes capable of carrying millions at once!
And then I read the comments by Don Robertson, The American Philosopher, just as I was thinking what if Gov. depts. are raising vital extra cash by selling our data!
Now we know why...
the government wants to bring in Id cards - it's to replace all the data they've lost.
FFS - You couldn't make it up...
No, not the whole cock-up, but this bit:
"Hartnett replaced Paul Gray, who resigned as a result of the failures. Gray is now working for the Cabinet Office."
What the fuck do you have to do to get sacked these days? I mean, if I'd fucked up like that I'd be getting ass raped with a cactus by a guy called Bubba! But this lot, politicians and civil servants alike, seem to sail blithely on from overspend to catastrophe to God knows what, promoting each other and slapping each other on the back while pissing away our hard earned taxes.
It really is true - they're not even bothering to pretend anymore!
After the HMRC, next the DVLA
I heard on the radio, that the DVLA has accidentally given out over 1000 cases of personal information to strangers by mistake.
Correct me if I'm wrong, but I thought the DVLA routinely sold personal data, to the likes of supermarkets, so they can fine you for overstaying in their car parks.
"The real test of ID cards is when the Government screws up and YOU seeing if you can any money out of your bank.."
Hmm better question what happens when the money you with draw is not even yours. Some unknowing saps spends your cash.
FFS - You couldn't make it up...
You need to read two books, both by orwell.
Alas, the PTB seem to have read them as well, and use them as a template!!
To all my fellow-countrymen.........
........still living in the UK: Remember, a society gets the government it deserves. If you have a problem with your current crop of politicians, remember - you either elected them or failed to vote against 'em in sufficient numbers.
Perhaps it's time to fire the whole lot of them and replace them with... anything competent.
Of course, it's not just the UK. In Canada they're giving away passport application information just by changing the URL (so complete technical incompetence).
Government departments. Can't trust them. Can't shoot them.
Biometric data doesn't quite work like that, mate: they store a 'hash' based on your fingerprint/retina scan/whatever. That hash isn't the data (ie, picture of your fingerprint) itself, but each hash is unique to a dataset. The data (fingerprint scan, or whatever else) is fed through the hashing function, the nature of which Karl Lattimer highlighted: C = M ^ e mod N. The all important bit is the modulo (mod).
So no one is going to be able to place your fingerprints at a crime scene. That is science fiction.
Face facts - people make mistakes
I struggle to understand why people can't just accept that human error exists in every sphere of life but especially with low paid, poorly motivated staff. We will never implement the perfect set of procedures that are perfectly adhered to.
Better to make sure that when something goes wrong we are ready for it. The Fire Brigade does it. They spend much of their time educating us about fire prevention but they don't refuse to put fires out because somebody got it wrong. They are ready and they act.
In data loss situations, especially on trackable hardware such as laptops, it makes sense to have your up front procedures and encryption programs but these are only reliable until one goes missing (they do in their hundreds). When that happens it is better to track it using the comms infrastructures that exist, delete any sensitive data and produce a report that proves all sensitive data has been scrapped. That way nobody gets fired and individuals can rest at ease.
OK, so the thief gets a piece of tin that he can sell in the pub but who cares? It's so cheap anyway that you can buy a new laptop, reinstall the latest image with data and get on with life.
I think this is brilliant
It's the first step toward a more secure society. Remember: "If you have nothing to hide, you have nothing to fear." The Government is systematically ensuring that none of us have anything left to hide, ergo we will have nothing to fear, ergo there will be no reason for us to object to having to produce ID cards every five minutes or having half a dozen biometrics logged at the corner shop in order to buy stamps. Great!
Your analysis supports the view that the case for ID cards can't be made as the data can never be secured. The government claims IT CAN be perfectly secured.
Madness. Nothing to hide, nothing to fear? If I hear one more brainless sheep utter that phrase I might just spontaneously combust.
Oh, and the two Orwell books are Animal Farm and 1984. I think you'll find Big Brother is a shite TV program for morons.
So much for 'falling on his sword' then
I note with interest that Paul Gray didn't really join the dole queues as the person deemed responsible. No, he merely changed jobs, now working in a much cosier Whitehall office practically next door to a tube station and on top of one of the better pubs.
In short, NOBODY has in reality taken responsibility for this farcical state of affairs - a state of affairs we're all too familiar with this government.
All those disks the postman used to deliver
I mistakenly assumed they came from AOL. Looks like I've been binning the whole UK government database.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Human spaceships dodge ALIEN BODY skimming Mars
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know