'glitch' - LOL
That is all.
Norway's national tax office erroneously sent CD-ROMs crammed with the 2006 tax returns of nearly four million people living in Norway to national newspapers, radios and tv stations, news agency AFP reports. Although tax statements have been open to public scrutiny in Norway since 1863, the social security number of each citizen …
That is all.
"According to the tax authorities, the documents can only be opened by using a secret code and so damage may be limited"
He means it's a bunch of Excel files protected with a "pa55word"...
What? What the fuck is that nonsense. It seems to me that people from the U.S. are a bigger terrorist threat to Norway than the other way around?
I mean really, what are they going to do; redesign my kitchen with hideously uninspired furniture? Soak me in a steam bath for a while?
Christ on a tree - this is insanity.
Or a password cracker no doubt.
So UK.gov has been advising Norway on how to maintain the privacy of its citizens, eh?
"The latest tax blooper happened on the eve of a historic transatlantic pact between Norway and the US to share data about the private lives of its citizens. Travel plans, email addresses, mobile telephone numbers and even surfing habits will be made available to American security services in an effort to combat terrorism."
That's two countries I won't visit, then.
Plus, time to get a VPN to a foreign nation.
fashionable euphemism for complete fuck up by some incompetent
I'm actually sat in a meeting room with a load of Norwegians at the moment. I mentioned it to them, and to be honest, they don't really seem that bothered... Very odd. Very odd country though :)
It sounds like this information was given to a large number of people.
So do they know how many copies were sent out and did they get all of them back ? Also could the information have been copied before the the information was returned ?
If not then its only a matter of time before this becomes public! Remember encription is only of use if it can keep the information safe untill its of no use and I would not bet against all the existing encription being broken before I die!
How long do useually use a NI number for, I intend to use mine for the rest of my life.
otherwise it will try to out do Norway and send out CDs of personal info and share lots with the USA ... Oh, wait, damn - they beat me to it!
"the documents can only be opened by using a secret code "
in other words...a password. <smacks forehead>
And they're giving all this data and more to the yank spooks. The information war is in full swing and the public are losing and US Gov is most assuredly winning.
"...the documents can only be opened by using a secret code and so damage may be limited"
What's the Norwegian for "Password"?
Oi. Oi. Oi!
By " Secret Code", does he mean they're encrypted, or is he just referring to a "password", what do you think?
Given the average politico's grasp of tech, that'll be fine then.
"In 2002 the national tax office in Norway also shocked the nation when the financial details of all Norwegian taxpayers were published on the internet. Until then it was only possible to see other people's figures by applying in person at a tax office."
Put a checkbox on the tax return "It is OK to disclose my tax return information". Then if the majority decide they are NOT OK with you disclosing their tax return, you stop doing it.
I'm betting 90% would not want their tax return disclosed. Since Norway is a democracy you should not disclose it.
No doubt the newspapers will be managing somehow to blame poor old Gordo for Norway's data security woes in the morning...
MRSA down by 50% - I can see Barclays swooping in to bolster shares of MRSA to prevent a banking system meltdown.
At least we're still top of the tables in Europe for teenage pregnancy.
In the coverage I read, a variant of the old Norwegian excuse came out: it was a glitch/slip-up. The other variant when someone blatantly and royally screws up big-time (or does something criminally negligent) in Norway is, "Oh, there must have been a flaw in our procedures! We'll have to review them!" If the country had nukes and someone let one off for a fireworks display, the same excuses would quite probably get trotted out to the nodding media.
What is also screwed up about this case is that if there was a certain amount of sharing going on in the media companies concerned before the discs were returned, meaning that details may be "in the wild", unless very rich people get targeted by any subsequent, related identity theft, the investigations will probably get shelved within days because even though the perpetrators would be relatively easy to trace - the police would at least know where to start looking - I doubt that the law enforcement authorities will actually be bothered to even consider it worth their time getting any convictions. It's a bit like the Seinfeld episode where Jerry notes that unless the perp is actually on the distribution list for the police report, no-one is likely to get picked up for the crime.
"a historic transatlantic pact between Norway and the US to share data about the private lives of its citizens. Travel plans, email addresses, mobile telephone numbers and even surfing habits will be made available to American security services in an effort to combat terrorism."
So does Norway get confidential data about American citizens, or is it strictly a one-way agreement?
"to share data about the private lives of its citizens. Travel plans, email addresses, mobile telephone numbers and even surfing habits will be made available to American security services in an effort to combat terrorism"
Why on earth is Norway sharing details about it's Nationals with a foreign power?
I have also heard that the UK government is allowing US firms bid to operate the UKs next census - passing OUR details nicely into the hands of the Homeland Security neds.
It's about time that Europe woke up to the fact that the US is NOT the be all and end all of international relations. Why are our governments prostituting themselves to the US and gormless Bushy boy?
As an aside: How many people are killed worldwide by terrorism? In comparison how many people are killed by cars?
Why is there not a "War on Cars" then? Ahh - major US manufacturing industry.....
Now any one rem the film "SpaceBalls" with the code to the air window thingy was "1 2 3 4" hehehehehe...
Now i wonder if...... lol
Do you seriously believe that "democracy" means privacy, and protection from big brothers? Democracy is a failed system, it has given us “Abu Ghraib,” “Guantánamo,” “rendition,” “enemy combatant,” “water boarding,” and “enhanced interrogation”. Our present system doesn't give us any solution to the crisis of western society within the framework of capitalism. People who can't even pass primary school are allow to choose a leader, democracy is an idiotic system, and needs to be dismentaled.
The Norwegians are going to take all this private information and hand it over to the United States which is going to put it on an unsecure system that Gary McKinnon can hack into and see if there's UFO information, but all he's going to find is private info about Norwegians and any other country foolish enough to let the US have it.
that's about it, innit?
"Although tax statements have been open to public scrutiny in Norway since 1863, the social security number of each citizen remains highly confidential."
Stop right there! Nothing assigned *by* the system *to* the punter should ever be "highly confidential". If they want a highly confidential thingummy, call it a *password* and let the citizen choose it. If you can't bring yourself to do both of those things, then don't use it for any security-sensitive purpose.
Out of interest, do the authorities have the ability to revoke those "highly sensitive" items? Will they, for all affected people? Thought not. Highly sensitive indeed! Still, they aren't highly sensitive anymore and so they will have to fix the system. Some good may come of this after all.
Its easy to judge this based on our own anti-privacy, super secret & totally incompetent government. However Norway is much more transparent than the UK, almost all this information is available on line anyway. Including the prime minister's tax return, including details of his summer house and how much he spent at IKEA when he popped to Sweden.
Having their NI number aswell adds little value to this as if you steal someone's identity in Norway then you just as likely to be lumbered with their tax bill too!
The sheer idiocy of the "accidental" dispersal of sensitive personal information aside. What struck me was "to share data about the private lives of its citizens. Travel plans, email addresses, mobile telephone numbers and even surfing habits will be made available to American security services in an effort to combat terrorism".
So let me get this straight, dubya and his daddys farm boys are gathering information on Norwegians???? And Norway became a terrorist nation when??? I'd really like to know how on earth any of the twats in our (US) government can even begin to justify this kind of bull shit.
On behalf of sane and reasonable Americans every where I'd like to apologize on behalf of our government to the countries and their citizens who are being caught up in spectacularly misguided, over zealous, self serving, power grab they are disguising as a "war on terrorism".
Mine is the one with bulls eye on the back for when dubya sends his goons after me.
At the US government. I mean if your government is willing to hand over any thing America asks for look at your local government. We all know the US wont share, but why get mad at them. All they are doing is asking. You government could always say no or we w ant the same data . Getting mad at the US does nothing since its your government that sold you out
They plough the database fields and scatter, the good seed across the lands. And IT is fed and watered by GOD.s* almighty hands.
Ah the month of September, rolling (in?) the hay with the corn dollys and the delayed offering of gifts before the altar.
And I would have thought that Norway was more than capable of looking after its self / own, with it's fine array of Rich Natural Resources and Relational Databases.
*Global Operating Devices.
The core idea here is that your income (after deductions) is should be publicly available. Before it was available in thick books found at your local tax office. The officially legaly published list contains name, year of birth, postal code, income after deductions, tax amount paid.
At the day of publishing the news media would invade the offices and note down the numbers for the rich (?) and famous. Typically leading to news-stories like "rich oil tanker mogul does not pay more than 10 kroners in tax".
With the advent of the internet it was decided that the media could receive the lists by CD. The CD is encrypted with a 30-char password, which the media could download from a website.
The problem this time was that an additional field (social security number) was on the CD as well. (The news media discovered this when their import modules failed as the text file had a different layout.) When the government found out they took down the website distributing the key (protected by username and password). Problem is... the key has been the same since 2006...
In the end the 8 news media that received the CD has apparently given their CDs back and claim they have deleted all copies. They are naturally afraid that the contents will be disseminated as that would most likely result in a change in the law... which is definitively not what they want...
Paris due to the Paris-style-quality-assurance!
I hope no-one passed a copy to DVD Jon.
Why keep ANYTHING secret?
The social security number in Norway really isn't more than a unique ID. It is printed on every credit card, driver's lisence etc, and you have to give it up everywhere. The actual problem here is that some people actually think it still is a secret. By people I mean certain banks, most of the government etc. The simple solution is to make it public information. A unique static ID for every person in a country is a good thing, a unqiue static password that you can more or less guess isn't. Here is how it is calculated:
The number is 11 digits long, the first six are your birthdate. The last five are the oh so super secret number. The last two of those are nothing more than a checksum thingie, fairly simple calculation done with among other things a modulus 11 operation. There is no problem to that calculation on your own. The first three digits in the oh so secret part are running numbers on the people born on that exact date. The even numbers reserved for girls, the odd numbers reserved for boys. In addition it helps to know what century you are born in, 0-499 are reserved for people born in the 20th century, 500-750 are for people in the 19th century and 500-999 are for people born in the 21th century. (and yes, there is an overlap). So basically you are left with 250 numbers to choose from once you know the birthdate and gender.
Yes, it was a major cock up, but the harm done is really minimal. Perhaps the security now will increase since it can not be regared a secret anymore.
For those that wondered:
1. The norwegian word for password is passord.
2. The tax return lists have usually been published in the local newspaper for all citizens before the internet. The problem that occured when it was first published on the internet is that it was very easy to construct lists of it, thus make databases of it. So now it has been restricted a bit.
3. The CDs had everybody on it, with the exception of children that have not yet paid tax on their own.
4. Where is my coat? Has somebody taken my coat? It had printed my social security number on the back. It is 08..., ah, just ask any newspaper in Norway if you want to know.(or any US official)
"Perhaps the security now will increase since it can not be regared a secret anymore."
Indeed. Perhaps people will stop regarding the 11 digit code as full verification of an individual's identity when someone whispers it to them over the telephone.
Other hopes also include the Norwegian banks actually using properly exercised authentication mechanisms so that people don't have to publish academic papers describing "cryptographic weaknesses that may indicate security problems, protocol flaws facilitating man-in-the-middle attacks, and implementation errors facilitating strong insider attacks" as well as "severe privacy problems", and the aforementioned banks not lobbying for such mechanisms to become the national standard.