Feeds

back to article How much of the EU's data will the UK lose?

"Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns …

COMMENTS

This topic is closed for new posts.
Bronze badge

How much EU data will uk,gov lose?

All of it.

0
0
Bronze badge
Coat

STORK?

I can't believe it's not better.

0
0

What if this was a bank, credit card company

What would the Government's action (through the FSA) be if we had banks saying that they could not guarantee the safety of their customers' data? It seems that while the government can get away with a close-enough-is-good-enough approach, they would not let private organisations get away with the same.

Is it time that all of this work was managed by private companies? And no, I don't mean the government cronies at EDS - who, it would appear have trouble with a ZX-81, but companies who have already built their systems around the security of data - rather than what would appear to be a 'well, here's the data, now how do we secure it?' approach.

Nobody's perfect, and no system is bug-free. But surely it's time for a re-think?

0
0
Gold badge
Coat

@Captain Hogwash

Are you suggesting that STORK data might spread more easily?

0
0
Silver badge
WTF?

Please explain what the logon details were doing on the stick?

There is *no possible reason whatsoever* for that information to exist in plain ANYWHERE IN THE ***** UNIVERSE, and equally no possible reason for that information to exist outside of the login system itself and its backup(s), where it must be encrypted.

So if it makes it off-site and off-backup, SOMEONE ****ED UP BIG TIME and the contractor has some serious explaining to do, preferably including them being fired and fined large sums.

Well done Labour Government, you've just proved that you know nothing about security. Truly, less than nothing.

0
0
Coat

STORK?

I can't believe it's not encrypted

0
0

Hmmmm

I wonder if it's possible to get kicked out of the EU for being a danger to yourself and those around you?

0
0
Black Helicopters

What is the relevance...

Of the "Information on your fingertips" picture? Is this image officialy linked to STORK?

Does STORK plan to provide personal eID identification via fingertip scanning (either biometric or by the introduction of a chip / barcode?)

Or is this image just included for general scare-mongering purposes?

I cannot find any reference to it ior anything similar elsewhere on the net...

0
0
Alert

What a dumb question

The UK government is committed to excellence in every field.

So the answer is of course: All of it!

0
0
Silver badge
FAIL

Nothing to hide

Nothing to fear.

No, really.

You really can trust UK.GOV with your intimate details.

Really.

Honestly.

You can.

Sign up for you ID card now and we'll guarantee your biometric data will be secure.

For *AT LEAST* 5 minutes.

0
0
JWS
FAIL

Erm...?

I thought it had been agreed we were just going to pay Google or Microsoft to deal with all the UKs data, can't be any worse and you can actually go after a company if they f**k up.

0
0
Welcome

@JWS

Google or Microsoft - there's a question

Like trying to decide between Conservative and NuLabour - one you traditionally abhor, and the other you've rapidly learnt to loath...

0
0

Steve 70 Posted Wednesday 2nd September 2009 12:45 GMT

I wouldn't get hung up on the picture of a lady with a USB stick fingernail, data at your fingertips, etc ... I'm sure it's just meant to be lightly amusing. It isn't the logo for Project STORK. Unsurprisingly, that's a stork, flying through a ring of stars, and a painful attempt to explain the acronym -- Secure idenTity acrOss boRders linKed, plese see http://www.eid-stork.eu/.

0
0
Welcome

Nice to know

That HM.gov doesn't push any genuine responsibility in the direction of their chosen contractors, thus maintaining all the exemptions with regards to liability that HM.gov reserves for itself.

I for one hope that the project will be forced to change its name to STARKERS.

0
0
Joke

@ Mark Wlaker

"Like trying to decide between Conservative and NuLabour - one you traditionally abhor, and the other you've rapidly learnt to loath..."

Can't abide loaths....despicable creatures. In fact, you could say I loathE them.......

0
0
(Written by Reg staff)

Re: What is the relevance...

The lady in question is from a STORK brochure from last year, pic lifted by Reg editorial for illustrative purposes. So we didn't think of it, they did - draw your own conclusions.

0
0
FAIL

Poor Article

I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

0
0
Stop

In short: no

> But what about our poor unfortunate EU partners, with their quaint habit of keeping confidential personal and business data locked up where only the intended eyes can see it?

No, it's translated in their respective languages. This just means that you sad monoglot losers cannot find it, and therefore think it's cunningly protected.

0
0
Bronze badge

@Mark Walker

That's a low blow. Likening the Tories to Microsoft really isn't fair on the Tories.

0
0
Anonymous Coward

It's so damned easy

To prevent this stuff happening.

None of this data should ever be stored on anything that is remotely portable. If it doesn't take at least four men to lift it, don't put confidnetial data on it.

Of course, if you're gong to give away the login details to the big, heavy machines...

I'd recommend giving up the concept of confidentiality altogether. Why not? it is a almost a myth already. Let's just give up this strange sensitivity we have about our employment, medical, financial, criminal, etc records being visible to all. *Give* the whole damn lot to Google!

0
0
RW
Flame

Gordon Brown

Brownspeak: "It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information."

Setting aside my deep visceral distaste for Gordon Brown and his toadies and handlers, I still boggle at the utterly cavalier attitude toward data security demonstrated by this statement.

It's true you can't make any system 100% foolproof, but you can shut the door on the kinds of stupid mistakes that have, so far, led to significant data losses. But with GB and his cavalier attitude at the helm, it's hard to believe anyone working on uk.gov IT will take security very seriously at all.

The man is a fatuous gasbag, blustering his way past demonstrations of his profound ignorance. He is, in fact, a Dilbertesque pointy-haired manager writ large.

0
0
FAIL

The Acronym should be...

STALK - which is what creepy cretin control freaks with serious boundary issues do.

FAIL - by breaching the social contract.

Have a nice day all :)

0
0
Silver badge

@ The Light of the Silvery Moon

So you want think it's a civil servant problem, really? Which would be solved by selling the access of all that very private and very valuable data to private companies? You're aware that approx half the data losses were the doing of *private* contractors, right? Also, do you *really* trust Google and the like not to try and monetize your health, tax, etc data (after "suitable anonymisation" of course, like removing the last letter of your surname or something)?

0
0
WTF?

It beggars belief....

Every time i th I nk it cant get any worse than this they Decide to throw away any chance of not becoming a stat I stic On The id fraud Scales....

For f^&ks sake they cant even get a decent f*()ing acronym, what absolute rot is this!

"The European Commission launched the STORK (Secure idenTity acrOss boRders linKed)"

Even I can make up an acronym from an asine sentence - see first sentence! (Have popped in a few spaces to make it easier to spot).

Finally what an absolute tosh reason for all of this to be done "for us "it is not easy to access public services while working or living in another country". Who gives a flying f&*% about that when your entire life goes down the pan, because of some hairbrained scheme that exposes all your details to anyone!!

While Annoyed No Klepto's Ever Really Sure!

0
0

Big Irish Dave Posted Wednesday 2nd September 2009 15:55 GMT

Big Irish Dave

You say:

Poor Article

I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

----------

1. The UK government do have an appalling record as trustees of our data.

2. The Lisbon Declaration does mandate pan-European data-sharing and pan-European electronic identities.

3. The UK Government Gateway is our vehicle to satisfy the requirements of the Lisbon Declaration.

4. David Davis asked an important question.

5. Project STORK is designed to promote the Lisbon Declaration.

6. It is peculiar that IPS should be involved in leading Project STORK.

All of those are important points, undiminished by your devastating intervention.

I have tried out a number of counter-arguments for size but none fits because the fact remains that, in my mind, that USB stick was unencrypted.

That was the basis on which I wrote.

And on that basis I was wrong.

Our EU partners may well face risks by entrusting their data to the UK Government Gateway.

7. Given that it was encrypted, the loss of that USB stick is not one of them.

I do have an agenda.

I want the government to acknowledge the facts and to alter their plans accordingly when the facts dictate that they must.

In the case of the National Identity Scheme, the government seem to inhabit a fantasy land where the facts do not intrude.

If they are to be shaken out of that fantasy, I obviously must not make the same mistake.

In order to achieve that agenda, the power of 1. to 6. above must be preserved.

In order not to diminish their power, I must acknowledge 7.

Which I do.

This is a retraction.

With apologies to all concerned.

And with thanks to you for pointing out the mistake that no-one else has, in the nine months since I first made it.

0
0
Coat

STORK

spreads straight from the data centre

0
0
Silver badge

Ridiculous acronym

Secure idenTity acrOss boRders linKed... does that even make any sense in the first place? What the frigging frack is the "linKed" even there? Did they troll the dic for a word with a "k" in it, any word will do? Not to mention that there is no REASON* not to USE** SIABL as an acronym for this particular choice of words. I mean this *is* how acronyms are supposed to work after all.

*secuRe idEntity AcroSs bOrders liNked

**secUre identity acroSs borders linkEd

0
0

Not quite kosher?

So what timid loon decided to hand the data in rather than; zero out outstanding parking fines, tweak their tax code and any perform any other beneficial data modifications?

0
0

Big Irish Dave Posted Wednesday 2nd September 2009 15:55 GMT

Big Irish Dave

You say:

Poor Article

I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

----------

1. You say it, and so do the newspaper and BBC reports on the case of the Government Gateway USB stick lost by Atos Origin in a pub car park in Cannock. On that basis, I offered my retraction, apologies and thanks to you.

2. I then sent the following email to Jacques Erasmus, the Director of malware research at Prevx, the expert who advised the Mail on Sunday:

From: David Moss

Sent: 03 September 2009 14:25

To: XXXXXXXXXX

Subject: Attn Jacques Erasmus -- Cannock USB stick, Government gateway

Dear Mr Erasmus

I refer to the 2 November 2008 Mail on Sunday article,

http://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stic

k-secret-personal-data-12million-pub-car-park.html

For nine months or so I have been using this article in part to help my case

against the UK government's National Identity Scheme and on 2 September 2009

I had an article published in The Register,

http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/

Or rather abusing the MoS article as by some psychological trick I had

avoided noting that the lost USB stick was encrypted or forgotten it but,

one way or the other, the matter was wrongly settled in my mind that the USB

stick was not encrypted.

That is my entirely problem, my embarrassment, etc ...

But the question arises, was the USB stick "properly" encrypted, would it

have taken millions of times the age of the universe to decrypt, or could

you really have decrypted it in a sensible length of time? Were the contents

all encrypted or only some of them?

It would be appreciated if you would comment on these matters, either by

email on on the comments page of the Register article,

http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/comments/, or here

http://forum.no2id.net/viewtopic.php?t=29301, and quite understood if you

can't.

Yours sincerely

David Moss

3. And this is the answer:

From: Prevx Weblog

Sent: 03 September 2009 16:21

To: 'David Moss'

Subject: RE: Attn Jacques Erasmus -- Cannock USB stick, Government gateway

Hi David,

It's been awhile, but the memory stick was not encrypted at all (I did the

investigation). No files on the stick were encrypted and all the data was

easily visible, there was a password protected zip file, however the

password was somewhere in a text file in another directory.

However, if it was encrypted with the high grade encryption, it would not be

feasible to decrypt the data at all. It would simply take too long for

modern day computing equipment.

Hope this helps.

Regards,

Jacques

4. Big Irish Dave, I think that leaves you and me completely confused, and requires a "proper" journalist, not me, to try to establish the facts.

0
0
Flame

We have all ur data

Dear Surrender Monkeys:

We KNOW that you will not be able to secure your data and keep

some nincompoop from leaving a copy of it on a train, tram, cab,

or similar contrivance for any wandering wanker to pick up and view.

Please forward all your database to your kind best friend, Uncle Sam

for his immediate inclusion for those to put on the TSA no-fly list. Any

refusal will be considered an enemy act and treated accordingly.

We KNOW that you are all sheeple and willing to give all your personal

and private information to the government of you choice in order for them

to spend massive amounts of you dosh and then to ultimately fail in

using the data for anything but scam-bait.

0
0
This topic is closed for new posts.