I'd read in the newspapers that the junior had sent the CDs on the orders of several senior managers. If this is the case, then the junior shouldn't be attacked by anyone, but the managers who ordered him/her to do this.

Well, we know they can't find terrorists, although they can manage to shoot people who aren't terrorists.

So, now they've got an easier task, but it seems they couldn't find some CDs ether :-)

Perhaps they should be asked an easier one, oh I don't know, "Does anyone here know their own name?".

On a more serious note, they (the government) should stop using the police as a political tool, let them catch criminals, pay them more, give them better working conditions and show them more respect. Then we can ask more of them.

... woe there big man... lets have some sensible laws for them to uphold first.

Gordon needs to attend a management course. There he will be issued with a teflon coat so that nothing sticks to him and also taught how to duck at high speed. It is common knowledge that managment is only responsible when things go well, and a key element of the course is how to take this responsibility and avoid the rest.

To be honest if I were this office junior I'd go totally public, and completely rubbish my bosses and HMRC for their procedures and for making a scapegoat of me. They've clearly managed to terrify him into silence by telling him he is going to carry the can for this unless he accepts their "protection".

The ethical thing for the junior to do is to tell his former bosses to fsck themselves, go on Newsnight and give them every sorry detail of the story.

Spend a fortune on <insert name of vendor here>'s overhyped product?

PS: Security is a process, not a product.

Ash, I have said this repeatedly, the junior is NOT to blame. You must have missed the key story in this affair: NO PROCEDURES WERE BROKEN, despite officials initially stating otherwise (tha's also why they have stopped mentioning "breach of procedures" afterwards).

Yes, that's right, the Junior did NOTHING wrong.

The problem came from two issues:

(1) originally, internal gov post *was* secure, but then they outsourced it (i.e. degraded the containment) without adjusting the risk model accordingly;

(2) unlike the US there is no overall UK gov encryption standard, as far as I can tell that's because of a mix of political reasons and the desire of the MI services to snoop on anything that moves (which is, incidentally, very helpful if said service is repeatedly breached by spies, but I digress). Crypto is normally only handed out on request ('sponsored'), there isn't a default application.

Not only did the junior follow procedure (he used internal gov post, which is not supposed to be the same as a public letterbox), but if he had been actually required to encrypt the material he would not have the tools to do so.

Who is to blame? Well, who takes care of Gov security? Who should have spotted this increase in transport risk? Strange, isn't it, that we haven't heard a peep from the likes of CESG? They have been *very*, *very* quiet throughout this whole affair, despite proclaiming themselves to be the "National Technical Authority for Information Assurance" (I'm quoting their website here).

Nah, it's easier to blame some junior. His superior has already been given a new and cushy job in Cabinet Office (so much for "resigning" then) so the only thing left now is to pray every night that none of this data will be abused.

Everyone involved is secretely hoping the CDs have simply landed in a crack in a van somewhere so that it will eventually go quiet again, because the first report of abuse will REALLY make this story come back. And at that moment the danger is no longer theoretical.

BTW, it's actually easy to counter the resulting risk, just the volume makes it a larger task. But, as I expected, the Gov has chosen a method that only furthers their own goals without going near addressing the present risks. I won't help them this time - let them stew for a bit.

"Darling is also expected to announce some kind of centralised system to reassure people that data lost won't be used for fraud. "

HAHAHAHAHAHAHAHAHAHAHHAHAA HAHAHAHAGHAHAHAHAHAHA AHHAHAHAHAHAHAHAHAHHA AHAHAHHAHAHAAAA

On the point of underfunded military - I'm sure they'd have plenty of money if our government weren't fighting pointless, endless conflicts in foreign lands. I agree with all the other points though lol.

Anyway there really does need to be a non political department for IT that has representitives in all camps. Not just a guy selected by the PM with no team. Becouse honestly MP's and government departments have no clue, they're like middle management buying into every idea any snake oil salesman is pushing and spending our money on it.

IIRC, a simply typical id value x 25,000,000 resulted in an estimate of around £1.5 billion! (Maybe it was 1.5 million, then throw in a discount for bulk purchase, but regardless, it's still a shitload more than the reward!)

Matt - "Well, we know they can't find terrorists, although they can manage to shoot people who aren't terrorists"

...give them their dues, theyve been professional enough this time around to not shoot people who arent CDROMS!

Peter - Great post, and you put the whole thing in perspective. This way the government get 22m people on a database that can then be "expanded" at a later date to cover biometric data, after all, how will they know its a legitimate person or an impersonator if the biometric data isnt there. Then the next stage is to add everyone else onto this database, for our own good, to prevent further fraud...

National ID database through the back door anyone?

My £0.02. Rip-off britain cost: £0.99. Actual Value: £0.00

We were asked to look in our pedestal draws (I kid you not).

Imagine the tiniest remote chance it was there - you'd hardly stand up and shout out "ooh ooh ooh, I've found them".

Most likely someone has found them and quietely shredded them.

They're CDs, surely you could both return the discs for the £20k and also sell the data on the black market, as often as you like?

What you've neglected to note is that most people in this country did NOT vote for the government.

However an extensive policy of gerrymandering and election-based policies (i.e., the targetting of marginal seat constituencies with sweeteners paid for by everybody else) has allowed them to stay in power.

I think anyone finding them would probably keep quiet and just put them through a shredder.

I doubt they have been taken by anyone with the knowledge of using them.

I mean in my room i had about 100 CD's with no real identifying marks on them and I have no idea whats on them so I just ditched them. Obviously didnt have anything important on for me to remember. So I think they have been destroyed somehow, or are in a pile somewhere where someone will say at a later date "destroy this crap who needs it".. obviously jokes on them as they are burning 20k :D

Many thanks; a nice summary of the *real* problems. Guaranteed to continue, it seems.

Lord Lucan and Madeleine McCann are using them as coasters while they take tea with Radovan Karadzic.

"Darling is also expected to announce some kind of centralised system to reassure people that data lost won't be used for fraud." Very significant wording here - it's not to ensure that data loss won't be used for fraud, which would be a sensible use of taxpayers money, it's to *reassure* people that it won't be, which is PR - essentially the taxpayer is paying so that Labour can have a chance at winning the next election. That applies to virtually anything the government does. Billions of pounds are spent to reassure us that:

- the NHS will take care of us when we're sick (in fact you go in with a cut on your arm and leave with two missing limbs after they were amputated due to MSRA)

- the police will stop you getting raped, murdered or mugged (in fact they're too busy harrassing motorists, tasering comatose diabetics and executing electricians IRA-style while lobbying politicians for the right to do even more of it)

- the army will protect us from foreign powers (when they're off acting as human shields for the Americans, the entire budget goes on solar-powered night vision goggles from BAE and its ilk, and if you are, to take a hypothetical example, kidnapped by a foreign power, thrown into a concentration camp and tortured day after day for years on end, the government will do f***-all because of the 'special relationship' with said foreign power)

- our children will receive a decent level of education (Blair's policy to get 50% of them into university only revealed that they'd all left school unable to read or write, not in English anyway)

- and so on and so on and so on.

"downgraded last week from 47 detectives to 32", "£20,000 reward"

Do these idiots really not have the most basic clue? I despair. What will it take to persuade them that IT DOESN'T MATTER WHERE THE MEDIA IS - the media's irrelevant. The data is the important thing - and it must be considered to be compromised.

Perhaps scariest - what happens if/when they do find the CDs? Do they say "Oh, that's OK, then. The data's safe again"...? How many man-hours are being wasted on this farce?

Yup. Absolutely right!

But I think they DO know this. It's just the political mileage of being able to say "Oh, that's OK, then. The data's safe again". But you'd think *that much* would be challenged, wouldn't you...

<conspiracy theory mode?=ON>

Good point, well made :-)

Well, one of those temporary sorting offices they have that only open once a year. They did find a bag of post from last year a couple of days ago so I suppose that's where the data discs are located!!

...sat around the flickering fire on a cold winter's night playing, "eye-spy... with my little eye" and everytime the see "something beginning with "C" the police will burst in the window and shout, "where? where?"

included the real and "new" names of people in the witness protection program. That data on it's own is worth a fortune. Stand by for a upping in the rate of random acts of senseless violence on seemingly ordinary Joes.