oh no!
Quick! Put up Ed Vaizey / Reg Bailey's filtering device so we can't see it!
The UK's Office for National Statistics and Lockheed Martin are racing to check if hacker group LulzSec has got its hands on this year's census data. Such a massive data loss would be embarrassing even for a government with such an amazing record of data protection failures. LulzSec's Twitter page has no mention of the …
This post has been deleted by its author
This post has been deleted by its author
If you get fined a grand what will be funny about that? You might think you can argue your way out of it, but I doubt it. I'm pretty sure it's a strict liability jobby, so your only hope of getting out of the fine if you were prosecuted would be to prove you had filled in the form correctly and sunmitted it.
Arguing (as I suspect you would) that you didn't want your data to be compromised would count for absolutely zero.
You think so? If it is true, I bet the explanation will go something along the lines of:
1. We are sorry (this is an optional step depending on how bad the publicity is at the time)
2. We will make sure lessons are learned (if lessons were so effective they would all be genious by now)
3. It wasn't our fault
4. It didn't matter anyway because (insert implausible excuse of choice)
The end
It's quite startling that you automatically assume a single anonymous and unconfirmed post on PasteBin to be true. The funny thing is your use of the word "incredible". You know what that means right?
Actually that posting reads like it was composed by a 419 scammer. Some bizarre use of the English language there, could that suggest it wasn't typed by a native English speaker?
All hell is gonna break loose and there will be a media frenzy. I really hope not to be perfectly frank. All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet. They will see it as another reason to take away any privacy you thought you may have. Lulzsec needs to go down for the good of everyone.
There will be no media outcry if this is true, why should there be?
If you have nothing to hide you have nothing to fear.
What possible value could any body derive from the data? There'll be no information about any significant person on the database, I bet you! Yes, there will be lots of data on us proles but so what? It would be interesting to know what bits and how much of the data has been exposed - if it has. How was the data being held? Has the data been classified and what classification processes were used?
@"All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet."
They need to fix their appallingly lax data security rather than clamping down on everyone. But that would mean they need to blame themselves rather than seeking to blame everyone else for their failure to treat security seriously. But like all governments, they will never really want to blame themselves for anything, because in their mind, its always everyone else's fault.
Its a shame they take their own information security so much more seriously than public data security, as it would be interesting to know more leaks about what mistakes and underhanded deals they have been covering up. But like the MP's expenses claims shows, they keep their own data under very strict control. Shame they don't do it for our data, but it clearly shows where their real priorities are.
If they have, surely the government will have to actually do something about data security. No more half hearted measures, no more letting companies off with pitiful fines (if any), and proper hard hitting penalty clauses in contracts with companies who are being given our data by the government.
So everyone was legally required to provide data which has now (possibly) ended up in the wrong hands? Truly inspires confidence. The only positive I can think from all this is that it may trigger strong government intervention to stop this hacking group once and for all.
Wouldn't this sort of thing have national security implications?
We are forced to fill it in, to provide our details to our government. So why was this handled by an American company?
If this is true and the census info is available, then comparisons should be drawn with Sony, so expect a 'welcome back' pack and ID theft cover. HA, like that would ever happen, everyone involved (government, external agencies) should be held accountable with their jobs.
When will our government learn? Why was this data ever on an internet facing server? Surely this information is worth so much it should have been keep on a secure network.
I do hope that anyone with a "...nothing to hide, nothing to fear..." attitude to the census has had a bit of a rethink now -- what with the possibility of us all having credit cards and loans taken out in our names now.
I hope if it is true the people responsible for the decision to take all this personal information on the census are shot as the traitors they are -- after all the already gave us to a foreign company, and now they could have lost our names to every wannabe criminal in the world.
These people told us that we would give our details to a company in the US, or face imprisonment or fines. They told us that the information would be kept completely safe.
I was threatened with financial problems or, even, imprisonment to hand over my details to a US company for processing and whatever the fuck they wanted. Now, it appears, the thugs who demanded my data with menaces may have given it to everyone also.
The people who decided that it was necessary to demand personal details with menaces should be hung, drawn, woken up, and quartered.
Forgive me if I have only hatred for someone who gave my details to a foreign power for the opportunity to have a better career.
I think that all of the posters who take this statement at face value ought to read some of the UK government security standards. These definitely exist, and they were not written by people who are security illiterate. See http://www.cesg.gov.uk
The problem is that they are difficult to interpret, and are couched in terms that many IT people don't understand (they talk a lot about data crossing security zones rather than being securely stored), and sometimes it seems like there is no real world help in ensuring that a particular application or solution meets the requirements (government security auditors will often tell you that something is not compliant, but will not offer any advice on how to make it so, nor suggest security mechanisms during system design). Thus implementing a security solution often become an iterative process of attrition with the security people.
When I was last involved, it was even the case that some of the Infosec documentation describing what has to be done is classified as RESTRICTED, which does not help trying to implement what they say.
Generally, it is not a lack of standards that cause this type of data breach, it is implementation (often by companies contracted to supply services), or ignorance of the standards by individuals working on such data. Although there should be safeguards, it often only takes one person to make a mistake to put at risk complete datasets, especially if there is any external route in to the systems implementing the solutions.
You must have filled in a different form to me then. I filled in about a dozen questions most of which could already be gleaned from other public sources. My criticism of the census questions is more along the lines of 'What the hell are they expecting to learn from that?'
There was stuff on there that could be used for evil (DOB for instance) but very little that was 'invasive'. Or do you consider it a national secret that you have gas central heating?
So yeah - not good but hardly the end of the world.
Exactly what I was thinking.
The worst question on the census was something like , "how many kids do you have under 16 at your address and what's their names?", the rest was simply name address, how long have you lived at your address and do you travel to work by train, car or bus?!
The biggest annoyance to me is that all that useful info is now all in one place for the ad scumbags and telephone cold-callers, before they would have to have assembled it themselves from various public registers.
..that I am not praising the census. I think that, for what was asked, it was a fairly large waste of time and money. The previous one from what I remembered asked quite a lot of useful questions many of which could help with infrastructure planning.
Then again the infrastructure I see is generally badly planned and poorly maintained so perhaps it's better this way. At least it took up less of my time :)
"It actually read more like a benefit application form"
Indeed we can draw one of three conclusions from that statement.
1. You didn't actually read the census form.
2. You've never read a benefits application form.
or 3. You've never read either.
Actually there is a fourth, but I'm too polite to mention it here.
True, but you aren't legally required to provide your real name and address on Facebook - and if you do provide those details there are at least some privacy controls that can be used to restrict that data. This release on the other hand will be a mineable resource for evil doers and the evil do that they do do.