UK police are to stop searching for the missing child benefit CDs early next week. Chancellor Alistair Darling is to announce measures on Monday to prevent a repeat performance of the data loss, and will call a halt to the search. The search was downgraded last week from 47 detectives to 32. At the same time, a £20,000 reward …
Just following orders
I'd read in the newspapers that the junior had sent the CDs on the orders of several senior managers. If this is the case, then the junior shouldn't be attacked by anyone, but the managers who ordered him/her to do this.
God help us
"Darling is also expected to announce some kind of centralised system to reassure people that data lost won't be used for fraud. "
That's right, they'll stick the 25million names addresses and back details on a database, no doubt loaded on via 2 cd's sent 2nd class post.
OMG - last time I had anything to do with them they sent the bank details of every member of the house I was living in to me, complete with overdraft details.
If my boss told me to mail the Finance database backup tapes via second class post, or send the unsecured medical records for the entire student population of the school on a black CD to another dept, i'd report him to his superiours for Incompetance. These Managers should know how to operate properly, and if not then they shouldn't be in the job. I know for a fact my boss wouldn't ask me to do this, by the way.
This Junior hasn't got a leg to stand on, unless he was deliberately mislead.
Well, we know they can't find terrorists, although they can manage to shoot people who aren't terrorists.
So, now they've got an easier task, but it seems they couldn't find some CDs ether :-)
Perhaps they should be asked an easier one, oh I don't know, "Does anyone here know their own name?".
On a more serious note, they (the government) should stop using the police as a political tool, let them catch criminals, pay them more, give them better working conditions and show them more respect. Then we can ask more of them.
Yep, I'd also read somewhere that it was the Senior Managers that had:
1. Insisted on sending the full DB despite the request being for a subset of data;
2. Authorised the Junior to copy the DB onto the CDs;
3. Authorised the despatch via a courier - without requiring signatures at either end.
4. Done this at least 3 times, including the two occassions when the CDs were lost...! (What were they thinking? - third time lucky?)
So, naturally, in this professional, responsible, open, accountable agency, its all the Junior's fault. Lets roast his ass for Christmas so that he doesn't do it again (trust a Senior manager that is)
Experian will monitor data use?
aren't they more likely to start packaging it up and flogging it to the highest bidder?
I suppose it could just be a case of poacher turned gamekeeper. But I doubt it.
... woe there big man... lets have some sensible laws for them to uphold first.
Why the hell were all these police called in anyway. They're going to be no better looking behind desks than anyone else.
Again the government is spinning and passing the blame about in the hope everyone loses interest. Just like the F&M whihc each time they blame on the private vaccine lab before months later (today in the second case) admitting was down to their own failings.
@Just following orders
Gordon needs to attend a management course. There he will be issued with a teflon coat so that nothing sticks to him and also taught how to duck at high speed. It is common knowledge that managment is only responsible when things go well, and a key element of the course is how to take this responsibility and avoid the rest.
Hmm- someone has scared this junior HMRC person seriously
To be honest if I were this office junior I'd go totally public, and completely rubbish my bosses and HMRC for their procedures and for making a scapegoat of me. They've clearly managed to terrify him into silence by telling him he is going to carry the can for this unless he accepts their "protection".
The ethical thing for the junior to do is to tell his former bosses to fsck themselves, go on Newsnight and give them every sorry detail of the story.
could be worse
The same government organisation running the CSA could be asked to take over. Then we are all screwed.
The system is rotten to the core, some poor clerk gets scape goated for institutional stupidity. If it were private sector people would be fired, directors would be walking out. Gotta love the civil service and MP's
can't be trusted to look after people. (H&S, Whites can be targets of racism too)
can't be trusted to look after other peoples property. (Anyone who lives here)
can't be trusted to look after valuables. (Health, education, Law...)
can't be trusted to protect us. (underfunded Army, RAF, Navy, customs, police)
can't be trusted to organise efficiently. (CSA, MOD, HMRC, olympics,)
can't be trusted to spend other peoples money wisely. (tax payers money)
can't be trusted to be honest. (Now exempt from the freedom of speech act)
can't be trusted to act responsibly. (Dewsbury MP 150,000 in expenses)
can't be trusted to look after old people (limited heating allowance, tv licence)
can't be trusted to look after criminals (rapist walks free, all have colour TV's)
can't be trusted to after the nation (join the white house on his mad quests)
...And people vote for them to run the country.
And the "measures" will be...?
Spend a fortune on <insert name of vendor here>'s overhyped product?
PS: Security is a process, not a product.
@ Ash: the junior is NOT to blame.
Ash, I have said this repeatedly, the junior is NOT to blame. You must have missed the key story in this affair: NO PROCEDURES WERE BROKEN, despite officials initially stating otherwise (tha's also why they have stopped mentioning "breach of procedures" afterwards).
Yes, that's right, the Junior did NOTHING wrong.
The problem came from two issues:
(1) originally, internal gov post *was* secure, but then they outsourced it (i.e. degraded the containment) without adjusting the risk model accordingly;
(2) unlike the US there is no overall UK gov encryption standard, as far as I can tell that's because of a mix of political reasons and the desire of the MI services to snoop on anything that moves (which is, incidentally, very helpful if said service is repeatedly breached by spies, but I digress). Crypto is normally only handed out on request ('sponsored'), there isn't a default application.
Not only did the junior follow procedure (he used internal gov post, which is not supposed to be the same as a public letterbox), but if he had been actually required to encrypt the material he would not have the tools to do so.
Who is to blame? Well, who takes care of Gov security? Who should have spotted this increase in transport risk? Strange, isn't it, that we haven't heard a peep from the likes of CESG? They have been *very*, *very* quiet throughout this whole affair, despite proclaiming themselves to be the "National Technical Authority for Information Assurance" (I'm quoting their website here).
Nah, it's easier to blame some junior. His superior has already been given a new and cushy job in Cabinet Office (so much for "resigning" then) so the only thing left now is to pray every night that none of this data will be abused.
Everyone involved is secretely hoping the CDs have simply landed in a crack in a van somewhere so that it will eventually go quiet again, because the first report of abuse will REALLY make this story come back. And at that moment the danger is no longer theoretical.
BTW, it's actually easy to counter the resulting risk, just the volume makes it a larger task. But, as I expected, the Gov has chosen a method that only furthers their own goals without going near addressing the present risks. I won't help them this time - let them stew for a bit.
"if I were this office junior I'd go totally public"
IIRC, he was put under police 'protection' to prevent him from doing just that. They'll have to let him out eventually, though...
How does that stack up to selling the discs on the black market...
blah blah blah poxy title field
"Darling is also expected to announce some kind of centralised system to reassure people that data lost won't be used for fraud. "
HAHAHAHAHAHAHAHAHAHAHHAHAA HAHAHAHAGHAHAHAHAHAHA AHHAHAHAHAHAHAHAHAHHA AHAHAHHAHAHAAAA
On the point of underfunded military - I'm sure they'd have plenty of money if our government weren't fighting pointless, endless conflicts in foreign lands. I agree with all the other points though lol.
Anyway there really does need to be a non political department for IT that has representitives in all camps. Not just a guy selected by the PM with no team. Becouse honestly MP's and government departments have no clue, they're like middle management buying into every idea any snake oil salesman is pushing and spending our money on it.
IIRC, a simply typical id value x 25,000,000 resulted in an estimate of around £1.5 billion! (Maybe it was 1.5 million, then throw in a discount for bulk purchase, but regardless, it's still a shitload more than the reward!)
@matt and peter
Matt - "Well, we know they can't find terrorists, although they can manage to shoot people who aren't terrorists"
...give them their dues, theyve been professional enough this time around to not shoot people who arent CDROMS!
Peter - Great post, and you put the whole thing in perspective. This way the government get 22m people on a database that can then be "expanded" at a later date to cover biometric data, after all, how will they know its a legitimate person or an impersonator if the biometric data isnt there. Then the next stage is to add everyone else onto this database, for our own good, to prevent further fraud...
National ID database through the back door anyone?
My £0.02. Rip-off britain cost: £0.99. Actual Value: £0.00
we didn't find the CDs
We were asked to look in our pedestal draws (I kid you not).
Imagine the tiniest remote chance it was there - you'd hardly stand up and shout out "ooh ooh ooh, I've found them".
Most likely someone has found them and quietely shredded them.
Re: £20K reward...
They're CDs, surely you could both return the discs for the £20k and also sell the data on the black market, as often as you like?
@could be worse / Anonymous Coward
What you've neglected to note is that most people in this country did NOT vote for the government.
However an extensive policy of gerrymandering and election-based policies (i.e., the targetting of marginal seat constituencies with sweeteners paid for by everybody else) has allowed them to stay in power.
I think anyone finding them would probably keep quiet and just put them through a shredder.
What is really worrying about the whole affair...
...is that a "junior" had the access to this kind of data in the first place. In most large corporates I've contracted, where security is taken seriously, access to a complete financial dataset like this is restricted to senior, vetted managers. Only selected bits of the data is ever made available to "juniors".
All that said, it does appear more and more likely that the intelligence report on Iraq, may well have been complied by a cleaner at the MOD... :-)
As TNT were used, the government can claim back the cost of the missing package, plus delivery. Let me see. TNT are liable for the basic cost of the contents (i.e., two CDRs at 20p each), and assuming the delivery costs total around 60p, the government can claim a whole quid compensation.
That should bring some comfort to the people who are listed on the CDRs, shouldn't it?
Plastic mac donned --> exit
I doubt they have been taken by anyone with the knowledge of using them.
I mean in my room i had about 100 CD's with no real identifying marks on them and I have no idea whats on them so I just ditched them. Obviously didnt have anything important on for me to remember. So I think they have been destroyed somehow, or are in a pile somewhere where someone will say at a later date "destroy this crap who needs it".. obviously jokes on them as they are burning 20k :D
IT should be shot
I can't really believe that the government's IT dept. allows anyone with access to this sort of info to have a operating CD burner/usb stick/whatever on their PC.
Amazing that the clerk also wasn't aware of the implications of what he/she was doing.
I wonder why they didn't do the transfer by a electronic secure FTP/WebDAV/whatever file transfer method?
I'd kick their IT dept. - hard.
how many more times....
...does it have to be said that there are no missing CDs.
They were never created.
Usual excuse for forgetting to do something, must have got lost in the post.
Now with all the hoo-haa the person who never made the CDs can't admit that they lied about making them and even if they did, none of the conspiracy theorists would believe it anyway.
Nobody's raided my bank account (or anyone else's) yet, so I think it's safe to say we can move along. Usual opposition political point scoring and media hype story.
Many thanks; a nice summary of the *real* problems. Guaranteed to continue, it seems.
I know where they are
Lord Lucan and Madeleine McCann are using them as coasters while they take tea with Radovan Karadzic.
"Darling is also expected to announce some kind of centralised system to reassure people that data lost won't be used for fraud." Very significant wording here - it's not to ensure that data loss won't be used for fraud, which would be a sensible use of taxpayers money, it's to *reassure* people that it won't be, which is PR - essentially the taxpayer is paying so that Labour can have a chance at winning the next election. That applies to virtually anything the government does. Billions of pounds are spent to reassure us that:
- the NHS will take care of us when we're sick (in fact you go in with a cut on your arm and leave with two missing limbs after they were amputated due to MSRA)
- the police will stop you getting raped, murdered or mugged (in fact they're too busy harrassing motorists, tasering comatose diabetics and executing electricians IRA-style while lobbying politicians for the right to do even more of it)
- the army will protect us from foreign powers (when they're off acting as human shields for the Americans, the entire budget goes on solar-powered night vision goggles from BAE and its ilk, and if you are, to take a hypothetical example, kidnapped by a foreign power, thrown into a concentration camp and tortured day after day for years on end, the government will do f***-all because of the 'special relationship' with said foreign power)
- our children will receive a decent level of education (Blair's policy to get 50% of them into university only revealed that they'd all left school unable to read or write, not in English anyway)
- and so on and so on and so on.
I give up...
"downgraded last week from 47 detectives to 32", "£20,000 reward"
Do these idiots really not have the most basic clue? I despair. What will it take to persuade them that IT DOESN'T MATTER WHERE THE MEDIA IS - the media's irrelevant. The data is the important thing - and it must be considered to be compromised.
Perhaps scariest - what happens if/when they do find the CDs? Do they say "Oh, that's OK, then. The data's safe again"...? How many man-hours are being wasted on this farce?
Spin, spin and more spin.
"Darling is also expected to announce some kind of centralised system to reassure people that data lost won't be used for fraud. " I take it that "it's to be renamed the 'ID card database' as soon as we can feasibly get away with it" can be taken as read....
As for the alleged victim, there's a good reason why "I was only following orders" wasn't an acceptable defence at Nuremburg either. The first thing you need in order to put a Police State in place is for everyone (or at least a decent-sized majority) to follow orders without asking any inconvenient questions like "Isn't it a bad idea to put all this data in the post?", "Isn't it wrong to chuck bricks through these people's windows?" and "What are those nice, cheap lampshades really made of?". He deserves to be sacked. The only injustice here is that those who told him to do it also richly deserve to be sacked, but they probably won't be.
The mystery to me here is that, being a good little sheep, he wasn't promoted by the current junta. They need people like that to make their edifice of shite run smoothly.
CDs are worthless anyway
Wouldn't anyone with any knowledge to exploit the contents of these CD's just have copied them as the first thing they'd do. Return of the originals is a but pointless anyway, isn't it? Doesn't really reduce the threat of their exploitation much at all...
@ AdrianC - I give up...
Yup. Absolutely right!
But I think they DO know this. It's just the political mileage of being able to say "Oh, that's OK, then. The data's safe again". But you'd think *that much* would be challenged, wouldn't you...
<conspiracy theory mode?=ON>
Good point, well made :-)
@ Anothermouse Cow-hard: re could be worse
@ Anothermouse Cow-hard: re "And people vote for them to run the country"... naturally, because if you don't vote for a lizard, the wrong lizard might get in.
@ Matt: re @ me... all part of the service m8.
They're probably in an Aberdeen Sorting Office
Well, one of those temporary sorting offices they have that only open once a year. They did find a bag of post from last year a couple of days ago so I suppose that's where the data discs are located!!
it's the kids I feel sorry for...
...sat around the flickering fire on a cold winter's night playing, "eye-spy... with my little eye" and everytime the see "something beginning with "C" the police will burst in the window and shout, "where? where?"
I have them.
I ordered an acre of the moon and somehow these cd's were delivered instead.
I was going to return them but decided instead to use them as the geekiest kitcshest mug coasters ever.
"IIRC, he was put under police 'protection' to prevent him from doing just that. They'll have to let him out eventually, though..."
Weren't they trying to extend the length of time they can detain someone without charge??
It all starts to become clear!!
Parody novelty item?
I think we should all mark at least one cd with 'CSA Confidential Parent Data' and casually leave them all over the place.
Could be quite a big Christmas novelty item.
And remember some of the data
included the real and "new" names of people in the witness protection program. That data on it's own is worth a fortune. Stand by for a upping in the rate of random acts of senseless violence on seemingly ordinary Joes.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Thought your Android phone was locked? THINK AGAIN