Lost details

Continuing on from my earlier post about the HMRC losing 25million personal records let me to the following questions:

  1. Who’s idea was it to send the disc via the post unregistered (which was also asked on the radio)
  2. Was this data encrypted, or at least, password protected.

As for 1, the press is concentrating its attention on the government, they do like a bit of bashing don’t they? But why has no attention been brought on TNT* the post office? The media appears to have accepted the fact that TNT the post office loses items and thinks nothing of it. The media does however write to say that when the HMRC posted a another copy of the CD’s via recorded delivery, TNT the post office managed to deliver this copy without an issue?

And for 2, the HMRC hasn’t mentioned in their letter of apology that the data was encrypted in any form. Had it been, and had been encrypted using strong encryption rather than a password protected zip file, then the likely hood of the details being used for obtaining money are very slim.

I also heard on the radio that the banks are urging people who have passwords containing date’s of births or names, especially their children considering these details are on the discs along with the bank details, then they should change their passwords immediately. Hold on, the banks already tell you not to use easily guessable details as passwords! If someone has your bank details, they can go to the records office for births, deaths and marriages to get names and dates of births! What idiot would use an easy password, oh Grant Shapps did having set his youtube password to “1234” (since changed), oops. On second thoughts, I can see why the government is so inept at security, damn. I can’t wait to see what mess the government makes with the national identity cards.

That brings me onto another gripe. During the interview on Radio 4 last night, the women (forgot her name, maybe some MP for labour) talked about the breach and what would happen with the National Identity Card, she claimed that the national identity card sheme is safe because it’s based on new technology and the Child Benefit works on an old computer system. Wait a sec, some employee posted CD’s containing the details via unrecorded post. The system could have been a quantum computer for all we know, the fact remains a member of staff didn’t follow procedure. The National Identity Card scheme will still have staff administering it, and there will still be the ability for this kind of error to happen in the future.

*Originally I had heard post office, but on later reading of the news I found it was in fact TNT that lost the discs.

Advertisements
This entry was posted in media, rant and tagged , . Bookmark the permalink.

4 Responses to Lost details

  1. Stu says:

    “The National Identity Card scheme will still have staff administering it, and there will still be the ability for this kind of error to happen in the future.”

    Yes.

    I hate it when people think that a new system will be better than an old system, when the problem with the old system is that no-one follows it.

  2. stymaster says:

    No-one follows it? Does that mean that there was a secure method and they used an insecure one instead? I’ll bet not.

    I’ll bet they’ve used insecure data transport thousands of times, and I’ll bet you they’re not the only ones.

  3. John says:

    There’s a less-insecure method of using recorded delivery, but that doesn’t guarantee that the item wouldn’t get lost. A better method would have been sftp over dedicated line between the two government offices. Or as the procedure that wasn’t followed dictates, the inspector goes to the benefits office and examines the data on a stand-alone machine in a secure room. The other department didn’t even want all the records or even the bank details from the benefits office, the benefits office calculated it was too expensive to filter the data so decided to send the whole lot with all details. Cost cutting gone wrong, again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s