The German Chaos Computing Club starts from the standpoint that everyone's data has been lost, stolen or resold by now, and therefore suggests to politicians that it makes more sense to regulate the use of such data.

The fuss in Britain about data loss, the least reliable and controllable of the sources, seems to be a passing storm in the wrong teapot.

... but they need to ensure that directors of involved company are prosecuted as well as individual employee(s) directly responsible. It is directors who setup policies and approve budgets - both of which have profound security implications.

or will they just find some scapegoat at the bottom and blame them instead? it's a way forward but is it really a solution? Sadly I can't think of a better solution rather than, corporates will continue to make themselves blame free...

I thought we'd already established that it was a USB flash drive, not a memory stick?

As for the notion that it is the department's fault, that's mostly bollocks. Whilst the department could easily have disabled the use of USB drives, the external contractor was under an obligation (in the contract which they signed) to keep that data secure. It is entirely their liability.

Can you imagine that 66m ID's going missing ?

I would only support the ID cards IF (BIG IF) the home sec and the prime minister will be proscuted if the data should go missing or lost.

Ask them the same question and now see if they are willing to go with the ID card system ?

More shit by a different party, meaningless rubbish

"knowingly or recklessly"

Why would someone "knowingly" cause the loss of data?

Thats already illegal, its called "theft"

"Recklessly?" Loosing something isn't reckless. Its only human to "loose" things. Whats "reckless" is having an infrastucture that allows that data to pass offsite.

Which gets us directly to who should take the blame... And we know that those people are above the law.

So, again, this is just meaningless words. The people asking for the bill would not be beholden to it if they ever got in charge. And the people responsible for the current fuck ups would put you in jail before they ever faced a judge

Home secretary Jacqui Smith has denied that the loss of the data was due to failures by her department. "This was data being held in a secure form, but was downloaded on to a memory stick by an external contractor," she said. "It runs against the rules set down in the contract that we had with the external contractor."

If the system was secure they wouldn't have been able to do it in the first place unless of course what they have actually done is stolen the information in which case we will see prosecutions.Our government seems fond of passing the blame to other people when infact it is totally there responsibilty the way in which the said data is handled how many more times should this so called minister be believed that she is capable of tightening up the system..........when infact the situation is getting worse.

mines the one with the usb sticks in the pocket

Sorry, you've only confused the poor woman further.

I don't believe that she fully understands the terms 'downloaded' or 'secure'.

Allegedly.

These things seem to be only coming to light when a known copy of the data is reported lost. However they seem to fail to recognise the issue with having copies of this data moving around on portable media (DVD, CD and USB devices). The issue is data leaking, not the loss of an USB stick. I'll bet these cretins think that because e.g. 10 USB sticks went out, and 10 came back at the end of the day, there can have been no data loss. Ditto with the infamous missing 'in the post' data - if it had been handed in by a member of the public I'm sure they would have breathed a sigh of relief that 'no data had been lost'.

How bereft of imagination are both the Tory party and some of you numpties.

Is that the only response to anything we don't like - prosecute someone? Does that engender respect or a culture wherein we can learn from mistakes?

Sure, let's blame someone - anyone? - and make them pay - that'll ensure that next time a mistake gets made, we find out about it in a timely and open manner.

It is possible to restrict access to USB ports. I guess your system isn't as secure as you think. How much did it cost me, the taxpayer? I'm sure if I'd have purchased this system I would have got a better deal and maybe even some security.

Your department is responsible for holding this data, the data was lost yet it's not your responsibility? How does that work then?

Grow some bollocks and admit when you're wrong, it would be rereshing to see this quality in a politician. And while you're about it Jacqui, grow a fucking brain too.

Mine's the one with the memory stick in the pocket containing details of all of my company's customers which is for sale to the highest bidder because I won't be fucking prosecuted for it.

In my time in the military, I noticed a practice which it wouldn't surprise me if it still persisted. When you got a contractor in to work on a project, you could go to the security people and ask them to approve a direct line to the contractor so that they could access data. The security people would gnash their teeth, and start writing security policies, and if you were really lucky, 6 months later you would be ready to connect them. By which time, everything they needed had been burnt onto CD ROM and shipped to them. But, the shipping contract was handled by someone else, so when you said the contents were sensitive and had to be shipped accordingly, they got thrown in the mail bag with everything else. The policies suck. In trying to stop hacking attacks on the government networks, they are allowing all the data out the back door instead.

Now, compare that to a bank (which is where I currently work). Banks have lots and lots of sensitive data, and they actually employ a lot of ex-military security types. But they also have a good dose of common sense as well. When I need to work with a contractor, I can get a line set up with them almost instantly. I might have to give them one of our machines at their end to use, but it isn't hard to get it authorised. If I want to connect to someone big, like an exchange, I can have the line up in no time at all. Most of the time is spent making sure the connection is resilient to outages, and the security stuff is boiler-plate. Yes, you need excellent security to stop some scrote coming over your firewall and stealing everything, but these days, that security should allow you to do all the things you still need to do, without resorting to disks in envelopes.

The person who lost the data was 'breaking the rules'. So obviously the system isn't really insecure, because that person shouldn't have been so naughty.

All we have to do is make sure that the naughty people are spanked, and then the system which lets them spray confidential data all over the landscape will be perfectly and absolutely secure because they'll know not to do that anymore.

I know this is off-topic but I see this abuse of the English language in almost every thread and Gordon Prya is one of the chief offenders.

WHEN SOMETHING IS LOST THE TERM IS 'LOSE' NOT, I REPEAT, NOT 'LOOSE'.

It's really very simple.

LOSE not only means to be defeated in a game or battle or some similar event, it also means to misplace something to the effect that that thing, object, abstract or otherwise cannot be found.

LOOSE means something that is not tied or stuck or held down tightly, or something that, in all probability, could be tighter.

Paris because I bet by now she could be a bit tighter.