Error in Headline
Just how screwed is
IT at the Home Office??
760 posts • joined 3 Sep 2015
Just how screwed is
IT at the Home Office??
I wonder how much of that coverage was down to EE. Doesn't look good for the much vaunted ESN; I bet the existing TETRA / Airwave coverage is significantly better.
From the article: Although the UK is leaving the European Union, compliance with the GDPR will still be mandatory for British firms that handle EU citizens' data.
All well and good, but will the GDPR be mandatory if the British firms are only handling UK citizens data? After all at that point British citizens will not be EU citizens. And will adherence to the GDPR apply just to data held on EU citizens with British citizens not enjoying the same protection or will it apply to both groups?
I can easily imagine companies that mishandle UK citizens data trying to wriggle out of any liability under the GDPR if they possibly can.
If this article is anything to go by 5G was dreamt up to provide a buzzword - rich environment.
they have deprived Talk Talk customers of their security and privacy by taking a copy of the information which they have no intention of returning
In turn I can see your viewpoint. However, if (a) takes something from (b) which in turn deprives (c) of something (in this case "peace of mind") then who is legally the "victim"? (b) or (c)? Why was (b) represented at trial and not (apparently) (c). Who gave evidence for (c)?
And is it possible to steal something ("peace of mind") that has no, and can have no, physical embodiment?
Next discussion: how many angels can dance on the head of a pin?
In the meantime I think the dog wants a walk...
For crying out loud, they did steal something :
In common parlance that is certainly true, but I suspect that what they did might not meet the legal definition of theft, which may not be quite the same as a dictionary definition.
Basic definition of theft. (1)A person is guilty of theft if he dishonestly appropriates property belonging to another with the intention of permanently depriving the other of it; and “thief” and “steal” shall be construed accordingly. (Theft Act 1968)
Now while there may have been no intention to return the copy of the data taken there is also the point that in taking a copy there appears to have been no attempt to deprive its owner (in this case TalkTalk) either temporarily or permanently, and IMHO that does make a difference.
But then IANAL.
You are, of course, perfectly correct. However, you omitted the obligatory <pedant> </pedant> tags.
...we should be pressing for the US prosecutors to present their evidence to the CPS so they can prosecute the man under the law he has grown up with.
While your post has received the upvotes it deserves for the overall sentiments expressed I would quibble slightly with the section quoted above; while he may well have "grown up with UK Law" he certainly seems to have ignored it.
IANAL but I am of the view that we have to be entirely certain about the reasons for possibly staying his extradition: is it because (a) he has AS; (b) because of a belief that he will harm himself if extradited, tried (and if found guilty) and punished in the US; (c) because any sentence imposed by the US Courts would be far harsher than one imposed by a UK Court for the same offence on the basis of the same evidence?
I would not be happy to find that his extradition was stopped purely on the basis of (a) or (b) because on that basis someone accused of a similar offence but without the supposed mitigation of being on the Autistic Spectrum, or without an expressed or implied risk of self harm or suicide might find themselves extradited regardless of any discrepancy between US & UK sentencing policy.
The Gary McKinnon case was now some time ago, and given that computer misuse is hardly likely to suddenly stop I am of the view that HMG really ought to come to a settled policy covering cases of this kind and make that policy publicly known; if the US doesn't like that policy then so be it. IMHO (and again IANAL) the UK should refuse to extradite for any offence if the sentence is likely to be greatly different to that in the UK, even if all the other qualifying reasons are present.
At the same time it ought to be made abundantly clear that being on the Autistic Spectrum or threatening self harm will not be acceptable defences or pleas in mitigation in a UK Court. I wonder in cases like this if "the accused" would be willing to be found "unfit to plead" with all the implications of such a determination.
I have just had a quick look at the National Rifle Association * website** and while their "news" summary box does not include anything about this data escape there is an item about a "Met Police Firearms Licencing Survey" with a link*** to a survey company's "questionnaire". Although clearly badged for the Met it is not clear to whom any completed survey form will be sent. To be fair there is no requirement to provide any personal information but there is space for names, email addresses and telephone numbers to be "volunteered". OK; that is not as bad as revealing postal addresses, but it does suggest that the Met is not really thinking about "security" at all.
may have a serial offender on the loose...
* The UK NRA, that is.
PS: the survey is clearly in hot pursuit of an "inclusiveness" award.
@ Steve Davies 3: Why would anyone sign up for that sort of deal?
You and I as individuals probably wouldn't, but as a company you are in the happy position of knowing that it's your customers that will be paying it for you.
"It is true that we fire people when they don't meet our ethical or performance standards...
Talk of ethical or performance standards doesn't fit well into a company that abuses live medical records. Perhaps he should fire himself.
Alternatively "Ah, this is obviously some strange use of the word ethical that I wasn't previously aware of." (With slight apologies for misquoting Douglas Adams.)
What about the numbers? Why are the 25,000 shotguns in London? How many have shortened barrels and live in the back of Ford Transits?
Although I suspect that you are just being mischievous you might care to note that shortening the barrel of a shotgun is a specific offence; it can be done by a (registered) gunsmith in carrying out a repair but otherwise its a complete no - no. You might also care to note that getting an SGC or FAC is incredibly difficult if you have any hint of criminality in your record.
As to What about the numbers the most significant one would be the incidence of theft of legally held firearms, which I believe is incredibly low. I'm not saying it doesn't happen but AFAIK it is not a significant problem in the grand scheme of things.
"in pursuance of maintaining public safety or the peace" is so vague, that this and almost anything else can be justified by it.
Try as I might I cannot see how public safety is in any way "maintained" by handing out bulk details of perfectly legal firearms owners to people who have no business having it. It has increased the risk to public safety because the opportunities for theft have now been increased.
As a "justification" for the action it seems incredibly flimsy.
The Firearms Team will say they only gave it to another division of the Met for an approved purpose and didn't know it was going to be sent to a third party for the mail-outs.
They very well might say that, but it prompts the question "approved by whom". I wouldn't mind betting that the approval process didn't involve a Data Controller; if it did then there ought to be a vacancy for such a post before long.
While referring FAC (or SGC) applications to the applicant's GP is perhaps understandable (to find out if there are any "health" reasons why a certificate should not be granted) there remains a concern in the shooting fraternity that a marker on medical records at a GP's surgery is itself a security risk, given that all and sundry within the practice have access to the records and there is no means of knowing if any of them might be tempted to pass the information to others who might make malicious use of it. Needless to say these concerns have been ignored.
By any standards this looks like an epic blunder on the part of the MET, but I'd be astonished (and pleased!) if any meaningful disciplinary action resulted. In one sense it doesn't really matter; the damage has been done and cannot now be undone.
kmac999: 80 mile range is the school run or commute to the train station, neither of which requires a 'luxurious' vehicle.
Entirely true, but to expand on a point in my previous post (apologies for the adjacent posts!) I'm far from certain that such use would be particularly wise in the winter. Quite apart from the vehicle occupants being cold (somewhat undesirable in itself) how is a purely electric car with limited range going to provide a draught of warm air to keep the windscreen clear of frosting (inside and out) and have enough power available to operate a rear window heater?
To make matters worse normal respiration generates a lot of moist air which will freeze on the inside of the windscreen very easily, particularly overnight. I know that having a window slightly open can help but who is going to do that in the middle of winter in an unheated vehicle?
Can any all - electric car owner enlighten me (us!) on this point? I genuinely don't know how this problem is managed.
Oh, and your range is dependent upon the outside temperature. In winter it drops considerably. They don't tell you that.
And I daresay the inside temperature drops as well. I suspect they don't tell you that either.
I also wonder if the "80 mile range" is continuous running; what is the range is under stop - start driving conditions? After all, acceleration requires more power than running at a steady speed and regenerative braking won't recover all of that additional demand.
Well, somebody had to.
I was going to until I saw that you had beaten me to it.
But I was going to say "AGA Khan't".
Doctor Syntax: The various treaty changes should have required approval by referenda requiring substantive majorities of the sort which wasn't required by our recent advisory referendum.
Two points: Ireland rejected a treaty change and were told to go away and repeat the exercise because the EU didn't like the result. IIRC a similar rerun had to be held somewhere else in the EU for similar reasons, possibly on a different occasion. Very democratic.
On the topic of "substantive majorities" (which I take to mean "super majorities") I am deeply uneasy; using the recent UK referendum as a model, let us say that "leaving" had required not less than 55:45 as a majority, but had actually achieved 54:46; "motion not carried". So the UK would have remained within the EU despite an actual majority wishing to leave; to me that seems a recipe for widespread unhappiness or worse. The bigger the specified super majority the greater the "unhappiness" is likely to be; an excellent way of pissing off the wider electorate. I am of the view that specifying a super majority is little short of gerrymandering; why run with an outcome that clearly does not have the support of the majority of the voters?
nijam: Not that I'm disagreeing with your general point, but in any other context, that would have been phrased as "... driven by big-business and self-serving pressure groups...".
Sadly that seems to be a problem irrespective of where the government actually resides and the process by which it got there; another excellent way of pissing off the wider electorate.
What is your own experience with the EC, Commswonk? (Point of order; it isn't an "EC" any more; it has morphed into the EU.)
Living in it. I find your enthusiasm for the EU model of governance deeply disturbing; on balance I do not think that model has served the UK all that well, although the "recipient countries" probably benefit quite handsomely. While I would never claim that the UK model is perfect, it has imperfections that I can live with more comfortably than those the EU embodies.
The point that I was making was that it is intellectually dishonest to complain about any perceived lack of democratic credentials on TM's part without applying the same critical comments to the EU, and I stand by that point.
Democracy? When was Theresa May democratically elected as Prime Minister?
Whilst not directly elected, a general election is a pretty good proxy for it. And to be fair, she was elected the head of the tories, something like 30 people got to vote, wasn't it?
The parliamentary conservative party voted: just over 300 MPs, who are themselves elected by the voting public.
TM's democratic credentials as PM may not be perfect, but they are a lot better than, say, Jean Claude Junker's. Given that any anti - EU / pro - Brexit comments tend to attract a lot of downvotes I cannot avoid concluding that a large number of people don't mind being more or less governed by the EU Commission of which he is President, allegedly "elected" (IIRC) by the EU heads of Government, totalling (at the time) 28 in number. I find that a trifle odd given that he is completely beyond the reach of any national electorate.
That should ensure a crop of downvotes...
"This is yet another serious example of the need for us to upgrade and better safeguard our city's technology infrastructure. It's a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind."
It also illustrates why we need more dollars from taxpayers
At least it wasn't Turkey Twizzlers TM
But only one of those problems is real.
Are we to conclude from your statement that you believe that a Threat Assessment is only valid after the perceived threat has actually happened?
Oh dear... you might wish to consider the adage that "the price of freedom is eternal vigilance".
For obvious reasons, just because government says it shall be so does not mean the aviation regulators agree.
Trouble is that the 2 "authorities" are addressing different problems; the government came out with its edict on the basis of a perceived terrorist threat whilst the regulator came out with its decision based on the fire risk posed by Lithium - ion batteries.
I am willing to accept that both instructions are correct in terms of the problem each is seeking to address; it's just that the two "solutions" are (obviously) mutually exclusive.
Might be worth stocking up on popcorn while the two sort it out between them. If they can...
4. You never get the best quality from the lowest bid. (And the others..!)
old woman Otto is a bear -- you are accused of heresy on three counts -- heresy by thought, heresy by word, heresy by deed, and heresy by action -- *four* counts. Do you confess?
I once heard tell of a well - known broadcaster (NNNPD) that outsourced the maintenance of the broadcast equipment at one of its locations. Not long after, just as the local news was starting, something in the programme chain failed and the studio 'phoned the maintenance men who had, of course, been TUPEd. "We''ll deal with it first thing in the morning". "But you used to provide support within minutes" "Yes but the contract states that we now have a 12 hour response time". (Or something similar)
I now have an inexplicable urge to go and put my WotW CD on...
(Cries of Ooo - Laaa in the background)
A range of 20 m, becomes a range of very little at all if you have an old house that actually has some thick internal walls instead of a modern build house with more plasterboard than wall.
I'll second that. While I have no real need for a wifi connection Mrs Commswonk does* and we have found that it will work well in the next room (one single brick wall), adequately in the room across the hallway (two single brick walls) but not at all in the kitchen or anywhere beyond (three single brick walls). I am opposed to PLT because of the HF radio noise that it generates so I have avoiding going down that route. I even splashed out on a BT wifi extender but have been unable to find anywhere to plug it in part way along any of the possible "routes" between router and target areas, so that scheme was a waste of money - albeit not that much.
And that house isn't "old"; it was built in the mid to late 1960s.
* If buggering about with an iPad counts as "necessary".
@ Jeffrey Nonken:
Wow, a downvote for the guy who tried to bring facts into the discussion.
If it wasn't for the fact that you are a badge holder I'd be tempted to say "you're new here, aren't you?"
Is this a problem I should openly admit to? or am I normal within the group of El Reg readers.
This is obviously some strange usage of the word "normal" that I hadn't previously been aware of.
(With apologies to the late Douglas Adams.)
risk of lethal electrocution
Um... <pedant> that is tautological. Electrocution is by definition lethal; "lethal electric shock" would be permissible, but "lethal electrocution", no.</pedant>
Time to apply the electrodes to the original author...
Liberal Democrat Leader Tim Farron described the revelation as "a colossal blunder". He said: "People may have been wrongly sent back to prison because of this government's sheer ineptitude. A review is urgently needed to ensure this doesn't happen again.
While the government might rightly be castigated for outsourcing anything to G4S / Capita / Serco I cannot for the moment see how faulty tags can be laid at the government's door.
Another review might be urgently needed to ensure that Tim Farron doesn't happen again either.
I may have to find my tin hat as a matter of urgency...
@ Ivan 4:
Is there some law that requires all those aspiring to be politicians to not have any idea about
technical things of any sort?
Edit: The answer is no because there doesn't need to be. When they all turn up having no worthwhile knowledge of how the world really works anyway why would you need a law to enforce the requirement?
@ John Smith 19:
And BTW IIRC in London police routinely carry tasers, pepper spray and telescopic batons. Yet this officer is killed by a man with a man stabbing him with, what a 6 inch blade before man is shot by armed officer who happens to be close by.
Partially true.The not true bit is the fact that the Officers on duty at Westminster "guarding" the Houses of Parliament are not thus equipped. As I understand it the way they are kitted out is - in part at any rate - determined by MPs and Parliamentary Security Staff, not by the hierarchy of the MPS; it is arguable that their presence is more ceremonial than anything else.
In any case the speed at which this attack took place may have made the effective use of any of the listed weaponry somewhat uncertain.
@Pompous Git: "The big killers, particularly over the last 100 years have been governments executing their own citizens. The ratio is well over 1000:1."
Do you mean "statutory executions" or something else? AFAIK the UK Government does not pick people at random and execute them; terrorists do. Where people are executed (or were in the case of the UK) it was as a consequence of being found guilty of an offence for which execution was the specified penalty. (OK; there have been miscarriages of justice where innocent people have been executed, which is possibly one of the reasons that other sentences now apply.)
Other governments (no names no pack drill) may have been rather less discriminating in those they select for execution but to lump those together with (for example) the UK is either careless, mischievous, or perhaps deliberately misleading. The article was about a stance taken by the UK Government, and no other. Could you perhaps clarify your figures by providing details of (a) statutory executions, (b) "random" executions, and (c) killings by terrorists. The add (d): serious injuries caused by terrorist action.
There seems to be a growing body of opinion that Google, Facebook and the like are behaving as though they see themselves as being beyond the reach of national laws and anything that serves to remind them that they aren't is OK with me.
In the interest of balance I ought perhaps to have included that fact that I doubt if the UK is any better. Bits of Corporate Britain don't seem to have over much difficulty arranging meetings with the Chancellor of the Exchequer and / or other cabinet ministers; I greatly doubt if the Taxpayers' Alliance gets the same priviledge.
And ignoring our elected representatives is even easier, both individually and collectively.
Will Rogers got it right, and he died in 1935:
Lobbyists have more offices in Washington than the President. You see, the President only tells Congress what they should do. Lobbyists tell'em what they will do.
America has the best politicians money can buy.
There are plenty more in similar vein, but it's simply too depressing...
...all Three needs to do is to make cell smaller, and add cells to were there is none.
Two points: firstly there is no magic switch to make a cell (i.e. its coverage) smaller*; secondly without additional spectrum adding cells might be something of a challenge.
* It's not entirely impossible, but network design isn't based on dotting cell sites anywhere that takes the designer's fancy; their individual locations and performance have to be integrated into some sort of coherent whole.
I work for a company that uses open source software, but the algorithms I write determine weather or not you get that all important first interview for a job.
I find your involvement in such a project to be deeply disturbing, given that you have used the wrong "whether" twice.
I sincerely hope your algorithms don't discriminate against people who can't spell correctly, or use the wrong version of words that sound the same, e.g their / there, its / it's, your / you're and so on.
Ah yes homonyms; I knew there was a word for them.
"With one bound he was free..."
They have the attitude that their time is worth X, and no one else's time it worth anything.
Shakespeare got it right over 400 years ago: The first thing we do, let's kill all the lawyers
( Henry VI, Part 2, Act IV, Scene 2.)
Top Tip... Buy yourself a laptop. Don't let anyone else use it. You could even consider using encryption...just a passing thought.
And FFS don't lose it.
The original article mentioned that information about something like 250 people was involved; I have no idea what a barrister's caseload is like but that seems like an awful lot. From this it follows that some of the information was no longer "current" and should have been archived somewhere else and deleted from the PC (or any other personal device).
I also find myself wondering if barristers - being largely if not wholly self - employed - are also required to be Data Controllers as defined in the DPA. Is the data "theirs" or does it belong to the chanbers in which they work? Do the various chambers have an appointed Data Controller who is supposed to have overall charge of the information processed through the the chambers concerned?
Having skim - read the referenced guidance note for barristers I have to say that I found it a bit wooly; too many "shoulds" and not enough "musts". That said the document goes to some trouble to say that its standing is not entirely to be relied upon, so to speak.
To me this incident highlights the fact that material handled by barristers (and almost certainly solicitors as well) is not being as closely controlled as it really ought to be; there are too many opportunities for confidential material to slip through the net because nobody really knows whose net it is.
Under the agreement 32,000 staff will be transferred from BT to work directly for Openreach, with all BT brands to be removed from the network provider.
On the face of it this means that all Openreach vehicles will have to be reliveried to get rid of anything that looks like "BT".
Guess who'll finish up paying for that... and how.
The plural of anecdote is not data.
Now that is simply brilliant.
"Current Culture Secretary Karen Bradley has said little publicly about the TV Licence since her appointment last summer, though she reportedly summoned BBC director general Tony Hall to explain why Capita's salesmen were being promised cash bonuses of £15,000 a year in return for finding 28 non-licence fee payers per week."
If she really did ask that then I hope Tony Hall responded along the lines of "that question is for Crapita to answer, not me".
Yes; Fusil Automatique Leger IIRC.
And a much better firearm firing a much more effective round as well, but the fashionable thinking of the day thought it it had too long a barrel for the Battle Taxis of the time...
A TalkTalk spokeswoman said... “We take our responsibility to protect our customers very seriously."
I don't believe anyone actually says it. I invite fellow commentards to try the following:
Imagine yourself to be a TalkTalk spokesdrone; now try actually saying the above. You will find your mouth automatically forms itself into "laugh" mode and your abdominal muscles will go into spasm as you force yourself to suppress the laugh. Advanced participants should imagine being in a room with other people who (knowing what you are going to say) are stuffing handkerchiefs into their mouths to avoid giving themselves away by guffawing in the background. Imagine them bent double with mirth. And they are probably having a bet on whether or not you will get through the sentence without laughing yourself. There is probably a chart on the wall with the total number of bogus apologies issued that week as well.
This is why we launched our ‘Beat the Scammers’ campaign, helping all our customers to keep themselves safe from scammers,,,
Perhaps this "campaign" should have been the subject of an Internal Memorandum rather than published advice for customers...
For better or worse, Uber is doing what it must to survive in a hostile environment.
You do realise that your statement could be used by anyone who breaks into houses to steal whatever takes their fancy, or mugs people in street robberies to steal their wallets / purses; "You can't touch me I'm trying to survive in a hostile environment."
You are giving permission to anyone who doesn't want to conform to regulatory constraints an excuse to ignore them just because they feel like it.
Disruptive technology and business models are what we need to move the world forward. That way lies anarchy. It might seem "fun" for now but carried to its logical conclusion the results could be quite messy.
Would you really want it to get this bad?
or any turf war between competing interests, irrespective of the exact "theme"
Will it report if the toilet roll is installed incorrectly with the loose end at the back?
Unexpected item in the bogging area
Semani said he has seen a recent number of bizarre IoT devices such as a proof of concept for a pregnancy test that tweets the results, and a connected toilet paper holder that lets the user know when they are running low on bog roll.
If stories like this can appear on 3rd March I dread to think what April 1st will bring.
...there was no IT and businesses operated by having people doing things with pen and paper, or manually operated machine tools or whatever. People are, of course, a revenue cost. Then IT came along and a lot of people were replaced by hardware of one sort or another, and revenue costs probably fell but to achieve that a capital cost had to be incurred. That might not have been too painful, because it could be seen in advance that the capital expenditure would be offset over time by revenue savings.
I suspect that much modern IT expenditure does not necessarily bring with it revenue savings going forward*. As a result it's all capital expenditure with operating costs remaining just as they are.
So at MBA level it's a question of "You want to spend how much?" on an IT upgrade / modernisation / expansion, followed by postponing the decision until the next next meeting, at which the decision is postponed until the next meeting, and so on. Sometimes a lot of time will be saved by postponing the decision until the next financial year.
Similar logic applies to decisions to out - source; the capital expenditure falls elsewhere even if the revenue expenditure rises to meet the out - sourcing company's monthly bills. They, of course, have to cheese - pare as well - not a happy scenario for the "principal", even if it is concealed from its direct gaze; all sorts of promises will be given about service levels and so on but all that happens is that the capital versus revenue argument is moved elsewhere, i.e. the out - sourcing company.
* Sorry about that; I should have resisted the temptation.
Biting the hand that feeds IT © 1998–2017