The first thought I had when I heard late yesterday morning of the government’s loss of sensitive personal data was this should be the death blow to the government’s expensive, intrusive and insecure personal data computer scheme with ID cards. I encouraged the Opposition to make that the main point for the future coming out of the Customs and Revenue disaster.
In a way the loss of Child Benefit data sums up this government. Its systems are intrusive and costly, yet they do not work properly. The very people who should be protecting us and our personal details are the most cavalier with our identities and our personal safety. It is this government which presides over hospitals where infection is so common, this government which fails to control our borders and keep out criminals, and this government which now loses the bank accounts, addresses and identities of every family in the country.
Why on earth should the public trust the government to hold all the crucial data about us on one central identity computer? Why should we believe next time they will look after it better? Why should we believe they will be able to control the numbers and details of our data on such a system, when they have issued many more National Insurance numbers than there are workers in the country, and when passport forgery or false issue is all too common?
ID cards have become a NuLab soudbite, the answer to every criticism of their lamentable record at keeping our borders secure and dealing with serious crime. We all know if they carry on with them they will arive late, massively over budget and unable to do the jobs they are said to be able to do. ID cards will not keep us safe. They will cost us more, make all the law abiding have to fill in yet another intrusive form, and allow the government to carry on running the borders and the criminal justice system badly.
Let’s hope there is a silver lining to the black cloud of yesterday’s news – that even this government now udnerstands the British people will njot put up with more of their money beign tipped down the ID drain, and will ot trust this government to put onto one massive computer disc all the details fo everyone in the country just feady for fraudsters and terrorist to steal it, hack into it or be sent it in the post.
November 21, 2007
How do we know that similar breaches have not occurred in other government departments which hold personal details? It is highly likely that they have as there appears to be a complete lack of administrative competence throughout government.
Reply: see my latest post.
November 21, 2007
Here's hoping….
November 21, 2007
I could hardly believe my ears when yesterday on TV a junior spokeswoman, sent out to take the flak, said that the Labour governments loss of personal data enhanced the case for ID cards! After hearing this I began to wonder if these two discs might not have been lost 'On purpose' to strengthen the calls for more stringent ID? With this government anything is possible!
November 21, 2007
There will be some interesting Nigerian business propositions on the way for many people if the parcel is not found down the back of the seat in the van.
Why was high grade encription not used instead of the post? I use it most days to check my bank account.
Pure blundering at the highest and lowest levels.
Oh no! Where's my Tesco card?
November 21, 2007
Tony Makara: "Why was high grade encription not used instead of the post? I use it most days to check my bank account."
Why wasn't high grade encryption used (full stop)?
I mean it is not as if they have to buy it from Microsoft, very sophisticated public key encryption (Phil Zimmerman's PGP, God bless him!) has been avaliable FREE for at least ten or eleven years. This was the program the US government classified as munitions and tried to have Zimmerman prosecuted for making freely avaliable.
For people who are serious about protecting their personal details the tools are avaliable and have been for quite some time.
I have in the past had cause to correspond with the IR through their secure gateway. It all sounds very secure but all that money 'invested' in security has at a stroke been wasted.
The rightfull guardian of an individuals privicy is that particular individual. The government is simply not to be trusted, if I didn't think they were malicious, I know they are incompetent.
November 21, 2007
Mr Darling was on GMTV this morning (21 Nov) claiming that this debacle made the case for ID Cards even stronger than the casual tissue of lies that this government had previoulsy dreamed up.
No surprise there then!
November 22, 2007
Having worked in many, many private sector call centres, including utilities and banks, and having worked in sensitive areas of the public sector, I thoroughly concur that the current data protection bureaucracy does not keep people's data safe.
For a start the 'security questions' that private companies ask are not all that secure. Many set up password or pin numbers, but as soon as you say you have forgotten it they reset the password/pin number and revert to asking questions such as 'name', 'address', date of birth'. Considering it is usually irrate ex-partners and their cohorts that try to sabotage these things, it is next to useless.
The public sector, in my experience, are even worse. They ask flimsy security questions (if any) before releasing personal information and unlike large private sector bureaucracies do not seem to have semi-secure system of passwords for dealing with each other.
Then there is confidential waste. I can't remember ever been instructed on a company's (or public sector departments) confidential waste procedures as part of any basic data protection training anywhere. In fact when you raise this question in the ritual office clearout you can be seen as a 'troublemaker'.
As for storing 25 million peoples personal details on a CD, not encrypting it, and losing it in the internal post, you couldn't make it up really could you?
November 23, 2007
David Blunkett, the world renoun authority on Id and data security, has a letter in the Times today.
http://www.timesonline.co.uk/tol/comment/letters/…
Would you kindly check Mr. Blunkets entry in the register of members interests to see if he has any relationship with Entrust the data security company?
There is a rumour that Mr Blunkett is in recipt of remuneration from Entrust, the US data security. If true do you think he should say so? Do you think he is really an impartial person to pronounce on IT security issues?
Is he actually representing his constituents on this issue, or more likely (if there is a connection between Blunkett and Entrust) his own and the interests of Entrust?
Reply: The Register shows him as Chairman of the International Advisory Committee of Entrust (