back to article How much of the EU's data will the UK lose?

"Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns …

COMMENTS

This topic is closed for new posts.
  1. James O'Shea

    How much EU data will uk,gov lose?

    All of it.

  2. Captain Hogwash
    Coat

    STORK?

    I can't believe it's not better.

  3. The Light of the Silvery Moon

    What if this was a bank, credit card company

    What would the Government's action (through the FSA) be if we had banks saying that they could not guarantee the safety of their customers' data? It seems that while the government can get away with a close-enough-is-good-enough approach, they would not let private organisations get away with the same.

    Is it time that all of this work was managed by private companies? And no, I don't mean the government cronies at EDS - who, it would appear have trouble with a ZX-81, but companies who have already built their systems around the security of data - rather than what would appear to be a 'well, here's the data, now how do we secure it?' approach.

    Nobody's perfect, and no system is bug-free. But surely it's time for a re-think?

  4. TeeCee Gold badge
    Coat

    @Captain Hogwash

    Are you suggesting that STORK data might spread more easily?

  5. Richard 12 Silver badge
    WTF?

    Please explain what the logon details were doing on the stick?

    There is *no possible reason whatsoever* for that information to exist in plain ANYWHERE IN THE ***** UNIVERSE, and equally no possible reason for that information to exist outside of the login system itself and its backup(s), where it must be encrypted.

    So if it makes it off-site and off-backup, SOMEONE ****ED UP BIG TIME and the contractor has some serious explaining to do, preferably including them being fired and fined large sums.

    Well done Labour Government, you've just proved that you know nothing about security. Truly, less than nothing.

  6. David Cherry 1
    Coat

    STORK?

    I can't believe it's not encrypted

  7. CD001

    Hmmmm

    I wonder if it's possible to get kicked out of the EU for being a danger to yourself and those around you?

  8. Anonymous Coward
    Black Helicopters

    What is the relevance...

    Of the "Information on your fingertips" picture? Is this image officialy linked to STORK?

    Does STORK plan to provide personal eID identification via fingertip scanning (either biometric or by the introduction of a chip / barcode?)

    Or is this image just included for general scare-mongering purposes?

    I cannot find any reference to it ior anything similar elsewhere on the net...

  9. Sabine Miehlbradt
    Alert

    What a dumb question

    The UK government is committed to excellence in every field.

    So the answer is of course: All of it!

  10. Eponymous Cowherd
    FAIL

    Nothing to hide

    Nothing to fear.

    No, really.

    You really can trust UK.GOV with your intimate details.

    Really.

    Honestly.

    You can.

    Sign up for you ID card now and we'll guarantee your biometric data will be secure.

    For *AT LEAST* 5 minutes.

  11. JWS
    FAIL

    Erm...?

    I thought it had been agreed we were just going to pay Google or Microsoft to deal with all the UKs data, can't be any worse and you can actually go after a company if they f**k up.

  12. Mark Walker
    Welcome

    @JWS

    Google or Microsoft - there's a question

    Like trying to decide between Conservative and NuLabour - one you traditionally abhor, and the other you've rapidly learnt to loath...

  13. D Moss Esq

    Steve 70 Posted Wednesday 2nd September 2009 12:45 GMT

    I wouldn't get hung up on the picture of a lady with a USB stick fingernail, data at your fingertips, etc ... I'm sure it's just meant to be lightly amusing. It isn't the logo for Project STORK. Unsurprisingly, that's a stork, flying through a ring of stars, and a painful attempt to explain the acronym -- Secure idenTity acrOss boRders linKed, plese see http://www.eid-stork.eu/.

  14. Richard IV
    Welcome

    Nice to know

    That HM.gov doesn't push any genuine responsibility in the direction of their chosen contractors, thus maintaining all the exemptions with regards to liability that HM.gov reserves for itself.

    I for one hope that the project will be forced to change its name to STARKERS.

  15. Jay Castle
    Joke

    @ Mark Wlaker

    "Like trying to decide between Conservative and NuLabour - one you traditionally abhor, and the other you've rapidly learnt to loath..."

    Can't abide loaths....despicable creatures. In fact, you could say I loathE them.......

  16. John Lettice (Written by Reg staff)

    Re: What is the relevance...

    The lady in question is from a STORK brochure from last year, pic lifted by Reg editorial for illustrative purposes. So we didn't think of it, they did - draw your own conclusions.

  17. Big Irish Dave
    FAIL

    Poor Article

    I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

  18. Marvin the Martian
    Stop

    In short: no

    > But what about our poor unfortunate EU partners, with their quaint habit of keeping confidential personal and business data locked up where only the intended eyes can see it?

    No, it's translated in their respective languages. This just means that you sad monoglot losers cannot find it, and therefore think it's cunningly protected.

  19. Frank Bough

    @Mark Walker

    That's a low blow. Likening the Tories to Microsoft really isn't fair on the Tories.

  20. Anonymous Coward
    Anonymous Coward

    It's so damned easy

    To prevent this stuff happening.

    None of this data should ever be stored on anything that is remotely portable. If it doesn't take at least four men to lift it, don't put confidnetial data on it.

    Of course, if you're gong to give away the login details to the big, heavy machines...

    I'd recommend giving up the concept of confidentiality altogether. Why not? it is a almost a myth already. Let's just give up this strange sensitivity we have about our employment, medical, financial, criminal, etc records being visible to all. *Give* the whole damn lot to Google!

  21. RW
    Flame

    Gordon Brown

    Brownspeak: "It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information."

    Setting aside my deep visceral distaste for Gordon Brown and his toadies and handlers, I still boggle at the utterly cavalier attitude toward data security demonstrated by this statement.

    It's true you can't make any system 100% foolproof, but you can shut the door on the kinds of stupid mistakes that have, so far, led to significant data losses. But with GB and his cavalier attitude at the helm, it's hard to believe anyone working on uk.gov IT will take security very seriously at all.

    The man is a fatuous gasbag, blustering his way past demonstrations of his profound ignorance. He is, in fact, a Dilbertesque pointy-haired manager writ large.

  22. Pete 8
    FAIL

    The Acronym should be...

    STALK - which is what creepy cretin control freaks with serious boundary issues do.

    FAIL - by breaching the social contract.

    Have a nice day all :)

  23. ElReg!comments!Pierre

    @ The Light of the Silvery Moon

    So you want think it's a civil servant problem, really? Which would be solved by selling the access of all that very private and very valuable data to private companies? You're aware that approx half the data losses were the doing of *private* contractors, right? Also, do you *really* trust Google and the like not to try and monetize your health, tax, etc data (after "suitable anonymisation" of course, like removing the last letter of your surname or something)?

  24. GhilleDhu
    WTF?

    It beggars belief....

    Every time i th I nk it cant get any worse than this they Decide to throw away any chance of not becoming a stat I stic On The id fraud Scales....

    For f^&ks sake they cant even get a decent f*()ing acronym, what absolute rot is this!

    "The European Commission launched the STORK (Secure idenTity acrOss boRders linKed)"

    Even I can make up an acronym from an asine sentence - see first sentence! (Have popped in a few spaces to make it easier to spot).

    Finally what an absolute tosh reason for all of this to be done "for us "it is not easy to access public services while working or living in another country". Who gives a flying f&*% about that when your entire life goes down the pan, because of some hairbrained scheme that exposes all your details to anyone!!

    While Annoyed No Klepto's Ever Really Sure!

  25. D Moss Esq

    Big Irish Dave Posted Wednesday 2nd September 2009 15:55 GMT

    Big Irish Dave

    You say:

    Poor Article

    I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

    ----------

    1. The UK government do have an appalling record as trustees of our data.

    2. The Lisbon Declaration does mandate pan-European data-sharing and pan-European electronic identities.

    3. The UK Government Gateway is our vehicle to satisfy the requirements of the Lisbon Declaration.

    4. David Davis asked an important question.

    5. Project STORK is designed to promote the Lisbon Declaration.

    6. It is peculiar that IPS should be involved in leading Project STORK.

    All of those are important points, undiminished by your devastating intervention.

    I have tried out a number of counter-arguments for size but none fits because the fact remains that, in my mind, that USB stick was unencrypted.

    That was the basis on which I wrote.

    And on that basis I was wrong.

    Our EU partners may well face risks by entrusting their data to the UK Government Gateway.

    7. Given that it was encrypted, the loss of that USB stick is not one of them.

    I do have an agenda.

    I want the government to acknowledge the facts and to alter their plans accordingly when the facts dictate that they must.

    In the case of the National Identity Scheme, the government seem to inhabit a fantasy land where the facts do not intrude.

    If they are to be shaken out of that fantasy, I obviously must not make the same mistake.

    In order to achieve that agenda, the power of 1. to 6. above must be preserved.

    In order not to diminish their power, I must acknowledge 7.

    Which I do.

    This is a retraction.

    With apologies to all concerned.

    And with thanks to you for pointing out the mistake that no-one else has, in the nine months since I first made it.

  26. Field Marshal Von Krakenfart
    Coat

    STORK

    spreads straight from the data centre

  27. ElReg!comments!Pierre

    Ridiculous acronym

    Secure idenTity acrOss boRders linKed... does that even make any sense in the first place? What the frigging frack is the "linKed" even there? Did they troll the dic for a word with a "k" in it, any word will do? Not to mention that there is no REASON* not to USE** SIABL as an acronym for this particular choice of words. I mean this *is* how acronyms are supposed to work after all.

    *secuRe idEntity AcroSs bOrders liNked

    **secUre identity acroSs borders linkEd

  28. YumDogfood

    Not quite kosher?

    So what timid loon decided to hand the data in rather than; zero out outstanding parking fines, tweak their tax code and any perform any other beneficial data modifications?

  29. D Moss Esq

    Big Irish Dave Posted Wednesday 2nd September 2009 15:55 GMT

    Big Irish Dave

    You say:

    Poor Article

    I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

    ----------

    1. You say it, and so do the newspaper and BBC reports on the case of the Government Gateway USB stick lost by Atos Origin in a pub car park in Cannock. On that basis, I offered my retraction, apologies and thanks to you.

    2. I then sent the following email to Jacques Erasmus, the Director of malware research at Prevx, the expert who advised the Mail on Sunday:

    From: David Moss

    Sent: 03 September 2009 14:25

    To: XXXXXXXXXX

    Subject: Attn Jacques Erasmus -- Cannock USB stick, Government gateway

    Dear Mr Erasmus

    I refer to the 2 November 2008 Mail on Sunday article,

    http://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stic

    k-secret-personal-data-12million-pub-car-park.html

    For nine months or so I have been using this article in part to help my case

    against the UK government's National Identity Scheme and on 2 September 2009

    I had an article published in The Register,

    http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/

    Or rather abusing the MoS article as by some psychological trick I had

    avoided noting that the lost USB stick was encrypted or forgotten it but,

    one way or the other, the matter was wrongly settled in my mind that the USB

    stick was not encrypted.

    That is my entirely problem, my embarrassment, etc ...

    But the question arises, was the USB stick "properly" encrypted, would it

    have taken millions of times the age of the universe to decrypt, or could

    you really have decrypted it in a sensible length of time? Were the contents

    all encrypted or only some of them?

    It would be appreciated if you would comment on these matters, either by

    email on on the comments page of the Register article,

    http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/comments/, or here

    http://forum.no2id.net/viewtopic.php?t=29301, and quite understood if you

    can't.

    Yours sincerely

    David Moss

    3. And this is the answer:

    From: Prevx Weblog

    Sent: 03 September 2009 16:21

    To: 'David Moss'

    Subject: RE: Attn Jacques Erasmus -- Cannock USB stick, Government gateway

    Hi David,

    It's been awhile, but the memory stick was not encrypted at all (I did the

    investigation). No files on the stick were encrypted and all the data was

    easily visible, there was a password protected zip file, however the

    password was somewhere in a text file in another directory.

    However, if it was encrypted with the high grade encryption, it would not be

    feasible to decrypt the data at all. It would simply take too long for

    modern day computing equipment.

    Hope this helps.

    Regards,

    Jacques

    4. Big Irish Dave, I think that leaves you and me completely confused, and requires a "proper" journalist, not me, to try to establish the facts.

  30. Anonymous Coward
    Flame

    We have all ur data

    Dear Surrender Monkeys:

    We KNOW that you will not be able to secure your data and keep

    some nincompoop from leaving a copy of it on a train, tram, cab,

    or similar contrivance for any wandering wanker to pick up and view.

    Please forward all your database to your kind best friend, Uncle Sam

    for his immediate inclusion for those to put on the TSA no-fly list. Any

    refusal will be considered an enemy act and treated accordingly.

    We KNOW that you are all sheeple and willing to give all your personal

    and private information to the government of you choice in order for them

    to spend massive amounts of you dosh and then to ultimately fail in

    using the data for anything but scam-bait.

This topic is closed for new posts.