Government loses 15m people's personal data

[Brucelles]

In the private sector, banking particularly, the degree of security is usually proportional to the value of the data to an outside party and the cost to the owner. When I worked in Abu Dhabi we assumed that the mos likely criminal to break our systems would try to steal a single, average sized, transaction. That's 200 million dollars. For that we assume that at least 10 conspirators would consider theft worthwhile, and plan security accordingly.

In this case the potential value to a thief is 25 million * the average product of an identity scam. Probably more than a quid a person, so perhaps 200 million pounds. The cost to the loser is not the same as the benefit to the thief in this case. A junior guy has resigned, and Gordon is getting some stick. Perhaps there will be a cabinet resignation, who knows? It depends on how deep the poo pile gets. However, if anyone does lose their cabinet post they will still be an MP and probably get shifted back in the next reshuffle. So the cost to the losers is peanuts. This probably explains why the crown jewels were mailed to "The Occupant". No-one expects to be punished for this, so no-one cares.

[nichomach]

Well, yes and no....

Nail. Head. Bang. I agree entirely with the above post; the increased level of data aggregation and data sharing between different arms of government is something that I've been banging on about for some time. Last year I was telling anyone that would listen that the legislation allowing increased data sharing would lead inevitably to security breaches. The government simply don't have any idea how to handle sensitive and/or private data anymore. The comment above that a policy is as insufficient to secure data as a keep out sign is to deter a burglar is absolutely on target.

Further, this notion that the whole thing boils down to a "junior official" is utterly misguided; said junior official's actions are the inevitable consequence of the environment in which they work. FWIW, I posted the following on the Beeb's Nick Robinson's weblog after he trotted out that canard:

"While I agree that the security and integrity of data is the responsibility of everyone that handles it, from the postroom up, what this incident betrays is a culture of corporate indifference to and neglect of security, and that goes right to the heart (and the top) of management.

The data, we are told, was copied by a junior employee. A junior employee should never have had access to a dataset that extensive; that they had is a policy and management decision. They should never have had the ability to download the data that they had access to to removable media like CDs. That they had was again a management and policy decision. That data should never have gone to the NAO without being stripped of personally identifying data. That it was allowed to was again a management and policy decision. It should never have been transmitted in any medium without being strongly encrypted. That it was...you get the idea. And it should never have been burned onto a couple of CDs and shoved in the internal mail like a memo about where to book the Christmas do. That it was...etc. If it was transmitted at all, it should have been by secure electronic link.

The government have been warned by the IT industry and security practitioners time and time again of the dangers of unrestricted information sharing. They have been told time and time again of the absolute necessity for sensitive information to only be transmitted via secure means, and that it should be encrypted. Time and time again they have cavalierly brushed aside such warnings and gone on in the same utterly incompetent and lackadaisical fashion through bungle (lost laptops) after bungle (Standard Life details).

Yes, the employee who sent the data is at fault, as is the courier company, but their actions are the inevitable consequence of the culture in which they operate; the same culture in which the potentially disastrous National Identity Register and its accompanying piece of plastic are being implemented.

Unless and until government (of whatever stripe) takes seriously issues of data protection and privacy; unless and until they lose the culture that says that anyone in government has a divine right to see whatever data they want, they will keep staggering from botch to bungle and back again, and the citizen will continue to suffer the consequences of their institutional incompetence."

I was feeling a bit grumpy about the whole thing...

edit: The sad thing is that I don't think this will stop the National Identity Register; I think the Government will probably get away with the "junior official...lessons will be/have been learned...NIR is completely different absolutely secure system" bull****. To be clear, I don't actually have a problem with an ID card as such (I carry a driving license after all), I have a problem with the massively invasive, hugely aggregative, impossible to secure database that's going to underpin it.

[iranu]

I fully agree with Saracen and Nichomach.

I currently have access to all the material property data for an entire multinational engineering company. It's worth tens of millions. Could I ever download the lot or a significant proportion? Nope. The database won't let any user do it. It's such an antiquated system I don't think there is more than one person who understands it enough to be able to do it! It should be a top priority for the company to modernise it (and that's going to cost and be a major headache). The company guard this data simply because it's so valuable to them and their competitors. Anyone who has access to sensitive data is put through a security course so they are aware of the dangers and act accordingly.

This security lapse does suggest a lackadaisical culture.

What I can't believe is why it wasn't possible to filter out the sensitive data on cost grounds. Who the hell designs a data base that doesn't have a sort/filter function? Surely there had to be some sort of user requirement that would have stated that data would have to be manipulated for NAO (and other) purposes.

These types of databases also have such a wealth of info in them that I would think that they would be used for all sorts of statistical analysis so must incorporate various tools.

Anyone got any experience?

[Saracen]

..... The company guard this data simply because it's so valuable to them and their competitors. Anyone who has access to sensitive data is put through a security course so they are aware of the dangers and act accordingly......

That, in my opinion, is a fundamental part of the problem.

Companies guard their data because they know that not just does it have value to others (like our bank and personal data does) but that if they lose it, it could well be financially disastrous, either in terms of getting sued or in terms of lost business. So they take security seriously. And any competent security professional will know that staff training, and getting them to understand security procedures and their importance, is critical because without it, written procedures have little or no value, and even with it, written procedures to control valuable data are not adequate. That's why I've been banging on about this junior having the access to do it, let alone the inclination. If he doesn't have access, he can't ignore procedure.

But it's the arrogance of government that they don't feel they have to take serious precautions with OUR data, because if the worst happens (as it just did) some pleb somewhere will take the can and those elected to run things (and be responsible for them) will put on a contrite face, say "oops sorry", announce a review and go back to their snout-in-trough lifestyle as if nothing important had happened.

Even the HMRC Chair that resigned will, according to the news last might, be on full pay until his early retirement starts .... and his civil service pension kicks in.

So wow - he REALLY fell on his sword, didn't he? He presides over this travesty, does the "honourable" thing, resigns and gets to sit on his incompetent butt at home while still being paid a substantial salary by you and me.

I thought this affair was a farce before but now it's going into the realms of the utterly ridiculous .... if that news report is true.

[Saracen]

.
.
.
.
.

************************************************************************



I have just spent the last three quarters of an hour editing and removing posts from this thread, because people have seen fit to do what they had been asked, twice, by me as an Admin not to do, which was to not discuss BNP issues in here. Wasting my time because what I asked, twice, not to be done has been done anyway does not put me in a good mood.

So let me make this clear, and for the third and final time.

This thread is NOT about the BNP.

If anyone wants to argue about that, create a thread for it.

Secondly, having created that thread, anyone who argues about it will do it WITHOUT insults. I will NOT put up with people referring to other members in overtly insulting ways. One particular insult broke board rules both about swearing and insulting other members. IT STOPS NOW. If it doesn't, people will find their posting privileges revoked.



HEXUS believes in freedom of expression, but we also believe in moderating threads, so that the discussion is about issues, not insults. If you resort to insults, any chance of rational debate whistles out the window. If anyone wants to advocate BNP policies, as far as I'm concerned they're free to do so ..... but not in my thread on something else.

However, I suspect you will get a robust reaction. That reaction, however, WILL be about the issues and not about insulting the poster.


Just so we're clear, this is not a polite request. It is a requirement. Ignore it at your peril, because if I have to waste time deleting a load of posts again, I won't restrict my response to deleting posts.




************************************************************************


One more point, and in a very different tone. I've deleted quite a few posts which were not breaking any rules, most notably one from tiggerai. There was nothing wrong with those posts, and it is no reflection at all on those posters. They were deleted simply and solely because they were part of the flow that made no sense when some earlier posts were deleted. Included in that category were a couple of posts or part of posts of my own.

I have simply cleaned all parts of any reference to the BNP out of this thread ... and if I've missed any, I'll get them later.

[Saracen]

Oh, and please don't react or respond to the above post in this thread either. Stick to the thread subject, please.

[charleski]

Name
Address
Birth Date
NI number
Bank Account details

This is information that everyone voluntarily gives up to their employer, and more besides. Have the people in your employer's personnel dept been vetted? Does MI5 monitor their activities? No? Have you seen the secretaries in HR arriving at work in a Mercedes? Then be worried.

[santa claus]

Saracen has made a number of articulate, intelligent and interesting posts in this thread. However, this remark:

snip.....and go back to their snout-in-trough lifestyle.....snip

is not befitting his otherwise eloquent contribution. If the thread is being 'cleaned up', is this not a comment that is inappropriate and should be removed too please?

It is understandable that people are incensed about the potential compromise of such a large batch of data, but Government Ministers hardly spend their every waking moment in Vegas or swanning around on luxury yachts; they are working hard to sustain a successful economy for nowhere near the rewards achieved by some sports/media people. Please, keep it real.

[Saracen]

Saracen has made a number of articulate, intelligent and interesting posts in this thread. However, this remark:

.........

is not befitting his otherwise eloquent contribution. If the thread is being 'cleaned up', is this not a comment that is inappropriate and should be removed too please?

Inappropriate why?

We rarely edit or delete or suppress opinions, except in rare and specific circumstances, such as for legal reasons or clear rule breaches.

I have not "cleaned up" opinions, and that is an opinion of many, even most politicians.

I have cleaned up two things :-

1) Discussion of BNP policies because that is not what this thread was about, and if the post that veered off down that route had been retained, we'd have ended up with this thread about the BNP and associated issues. That is always likely to be a contentious subject and it's one that people are quite welcome to discuss - just not in this thread.

2) Insults against members.

That remark, while perhaps not entirely tolerant, is a genuine opinion of the nature of a large part of our political class, who in my opinion, do have their snouts firmly in the public trough. Many of them have little or no actual experience of the real world, yet they seek to run it. Many (on both sides of the political divide) have no qualifications for telling us how to run our lives, yet they are very well paid, and vote themselves very healthy pensions, and VERY healthy expenses that serve well to disguise their total remuneration from the apparent salary, which isn't exactly spartan in the first place.

Unless any members of our government are members here, and care to complain, then it's not an insult on a member, is it?

However, if you feel that it's inappropriate, you're welcome to RTM it or to contact another Admin (or David) about it. That, incidentally, is the appropriate way to make a complaint, not a post in a thread.

[TheAnimus]

Name
Address
Birth Date
NI number
Bank Account details

This is information that everyone voluntarily gives up to their employer, and more besides. Have the people in your employer's personnel dept been vetted? Does MI5 monitor their activities? No? Have you seen the secretaries in HR arriving at work in a Mercedes? Then be worried.

No but most companies take this VERY seriously, as they are directly liable for any damages caused by this information getting into the wrong hands, not too mention the information commisioner would come down hard on them.

[chrestomanci]

Name
Address
Birth Date
NI number
Bank Account details

This is information that everyone voluntarily gives up to their employer, and more besides. Have the people in your employer's personnel dept been vetted? Does MI5 monitor their activities? No? Have you seen the secretaries in HR arriving at work in a Mercedes? Then be worried.

This sort of misses the point.

The problem with large goverment databases is the fact the so much data is agregated together, and lots of people have access, so the chances that someone will be incompetent or dishonnest are almost certain.

If you work for a large company, Employer's HR department might contain personal details for 10,000 people, and have 10 people working there. This reduces both the risk that someone misuses the data, and the value of that data to any fraudster if it gets out. Also, any well run large company would have internal controls on the HR data to limit what can be done with it.

In the case of this latest government blunder, the internal controls failed, and in my view that is the real problem. The computer systems should have been designed so that it would be impossible for anyone junior to dump the entire database to removable media, encrypted or not. (Not at least without digital signatures from three very senior staff with top secret clearance, and a clear audit trail that they have done it.)

What should be happening is that normal staff would not be able to get load than a few hundred records at once, and the system would limit searches to achieve this.

[Saracen]

No but most companies take this VERY seriously, as they are directly liable for any damages caused by this information getting into the wrong hands, not too mention the information commisioner would come down hard on them.

Judging from his initial remarks, the information commissioner may well come down hard on HMRC, or on the junior responsible. He commented that the breached looked likely to be an illegal act. Obviously, in his role, he has to have evidence to act, and that'll take some time. But if and when he does, it'll be interesting to see if he goes after individuals for breaches, or the organisation or management for the procedures and access controls - or lack thereof.

I'm actually a bit surprised that he said as much as he did, that early in events.

[charleski]

the nature of a large part of our political class, who in my opinion, do have their snouts firmly in the public trough.

Is this not a topic for another thread? Or do you think this thread also concerns your serious, yet entirely unjustified, notions of public corruption?

If you have information to substantiate your charge against the civil service, then present it. If not, then please stop spreading calumny.

[charleski]

This sort of misses the point.

The problem with large goverment databases is the fact the so much data is agregated together, and lots of people have access, so the chances that someone will be incompetent or dishonnest are almost certain.

If you work for a large company, Employer's HR department might contain personal details for 10,000 people, and have 10 people working there. This reduces both the risk that someone misuses the data, and the value of that data to any fraudster if it gets out. Also, any well run large company would have internal controls on the HR data to limit what can be done with it.

Saying it's only 10000 at risk is fine if you aren't one of the 10000. Yes, a centralised database carries inherent problems, and it makes life easier for those who want to use the data for nefarious purposes. But this is data that we voluntarily give up to people that we have no reason to trust more than we would trust the government. If this data places us at risk, then there are problems with the entire financial system.

[Saracen]

Is this not a topic for another thread? Or do you think this thread also concerns your serious, yet entirely unjustified, notions of public corruption?

If you have information to substantiate your charge against the civil service, then present it. If not, then please stop spreading calumny.

Where did I talk about corruption?

Politicians take credit for anything that goes right in their department. Gordon Brown has done so in the speech he made about this very thread subject. Yet when it comes to responsibility for the departments they run, all of a sudden it's not their fault (which directly, is probably true) but it IS their responsibility.

This thread concerns politicians who are well-paid, very well expensed indeed, and with extremely good benefits all paid for by the public, yet they duck and dive the moment anything goes wrong. That's not corruption, and I didn't say it was. And yes, it's part of the broader picture of this thread.

And I'll say this one last time as well - if you want to complain about my posts do so to another Admin, not in this thread.


Oh, and I'm talking about politicians and the trough, not the civil service, most of whom are hard-working individuals, often under trying circumstances.

[santa claus]

There is no point further diversifying an interesting thread. If you are comfortable with the comment, then let it remain (not much I can do about that although I had hoped for a reflective, not defensive, response from a moderator). In my view your comments have become no less political than those you have removed from the thread.

Don't get me wrong, there is great value in your earlier postings, but the generalisations about Ministerial ineptitude and remuneration are unsubstantiated and, well, just unfair.

Government Ministers work hard, make difficult decisions and depend on delegated authority in their respective Departments. I should imagine that it is very tough at the top Saracen. Presumably, it is a prerequisite that it must be lonely.