So, how long..
..until the hard drives show up on eBay, with all the data intact?
The IPS plans to order Thales and 3M SPSL to shred the hard disks and back-up tapes holding the personal information on the National Identity Register (NIR), according to a document released through Parliament's library. The document, CWIC-NIR destruction and equipment decommissioning, says that IPS will order shredding, …
..until the hard drives show up on eBay, with all the data intact?
..until the hard drives show up on eBay, with all the data intact and in plaintext?
we can't get 'em to shred Wacqui Jacqui and Meg "Hitler" as well.....
...to bad rubbish. Never wanted, never needed and thank god it's going.
there's a remarkable gap between announcement and execution. That is a bit of a weak point and indeed that leaves wide open the road to ebay.
Had the government actually deemed NIR data IL5 at the outset, and said so clearly, I think more than a few infosec professsionals might have felt slightly better about the whole misbegotten programme. Except, of course, an IL5 NIR would have been so expensive as to be impossible in the first place...
It was probably IL4 for the NIR, but the aggregation rules meant that the backup media was handled as IL5, and hence the IL5-level destruction standards for said media.
Just a guess. But I would not have expected the NIR data to be IL5.
how much carbon was used to make and then subsequently destroy all of this equipment? Would it not be more efficient to wipe it and use it for other government databases?!
..the disks can be 'wiped'. You'd be amazed how easy it is for forensics to recover data from 'wiped' disks (yes, even the us DoD wiped ones).
I once saw an demonstration where data was recovered from a disk that had been wiped multiple times (re-written, wiped, re-written, etc). Fascinating stuff.
Anyway - for this Impact Level (5) you really need to destroy it (shred).
No one counted it, because no one cares. Seriously, find something meaningful to worry about.
FOAD. Seriously. Just GTFO my internets and DIAF.
This shit is *important* and must die. Properly.
I used to work at a place where a chap called Roger used to grind all old machine room disks into metallic powder form using a huge grinder-disk-munching machine.
It was a practice known as "Rogering the disks" and is very much part of IT policy.
This data should be retained and put online on thesepeopleareidiots.com
There are so many opportunities to critise a government, here is an occasion they need to be congratulated. Some civil servants should witness the destruction of the data, then this can be consigned to history.
Scotland has been quietly developing the eCare system which makes the NIR look quite tame.
One of the main main justifications for gathering information is that it will protect children.
There is evidence that this set-up may be destined for further roll-out.
Read Kenneth Roy in the Scottish Review:
"'Scotland has quietly led the way in the national data sharing agenda with its innovative eCare programme,' enthuses a journal devoted to the exciting new world of information-sharing. The key word in that sentence is quietly."
Note to the Scots, if you don't like this kind of thing, you could always try not voting for nationalists and socialists. Just a thought.
If only there were a convenient, pithy, one-word shorthand to refer to nationalists and socialists...
Oooh, I know - zinas!
Aren't these the same people who are implementing a new internet data collecting database, in which every transaction you make is logged? Why would I congratulate them?
AFTER we have made and distributed multiple copies. Thx, bye
There was a question on Family Fortunes the other day, "Name something often left on a train."
I wonder what the top answer would be if the survey was carried out in 2011?
So the system wasn't even fully live and the staff were already breaking the rules on handling the data?
My dad was connected to this at the passport office in P'boro and will be duly mocked over Sunday dinner.
"I once saw an demonstration where data was recovered from a disk that had been wiped multiple times (re-written, wiped, re-written, etc). Fascinating stuff."
Do you have a source for this? I was under the impression that recovering usable data from a zero-written hard disk was an urban myth, and that even with the best equipment, there was only a 50% bit recovery rate (which would be useless). I'd be very interested to see evidence to the contrary though!
I asked an data recovery expert the same question (no names, but he was an expert witness in the Dr. David Kelly case). He said that no-one offers hardware data recovery commercially in the UK and he was dubious as to whether MI5 or MI6 could do it either. Wipe your data once and it's gone; although you have to beware of bad areas on the disk which have been marked as unusable by the OS and make sure you get any swapfile - so there is a small case for shredding, I'll admit.
Hardware data recovery to find the "ghost image" at the side of the main track was postulated years ago when areal densities were many times lower. Modern disks pack the data so tightly that they have to use probability theory to identify what the bit pattern is.
I won't be one of them.
Personally I'd be happy if the *whole* contents of whatever wet brained idiots volunteered for this lunacy to be dumped to the internet (I believe Wikileaks has some spare capacity)
I'd rather bury the collection of meglomanical civil servants and government con-tractors, along with the equally wet brained ministers and junior ministers that were persuaded it was *such* a good thing.
You can bet some of this vermin have been "re-assigned" to whatever the IMP is now being "Re-branded".
To think of all the pounds that will end up in the car crushers!
Government destruction means just that. A squaddy of security types accompany the discarded equipment to a favourite metal shredding outfit, featured on Discovery Channel, where their humongous metal shredder does it's evil to millions of pounds of equipment.
Enough to make a technician cry.
"Are you sure, it cost a lot to collect this and it will take years to do so again"
"well, maybe you are right. We'll make back-ups of the back-ups and then destroy the original back-ups and then all we will have remaining is the back-ups with the data in case we need it again"
"but we have to destroy it"
"we are, all the hardware is going to be trashed. We'll keep the data though"
The only reason that this is going to be discarded is because the information is out of date and the system used for collection is outmoded and out of date.
You can be sure that the police state has got all bases covered.
So we can look forward to this data ending up on a train or a land fill site when the drives were "lost" on their way to the shredder.
It's not often I read about something the government has done and I feel really happy about it, but this is it. Reading this story on the BBC earlier warmed the cockles of my heart and went some way to ... actually let's not get carried away.