The BBC website has a rather shocking article today. The title is “UK’s families put on fraud alert” There is a brief lead-in, pretty well guaranteed to induce paranoia in anyone who might be on the Child Benefit database, warning them to check their bank accounts, on the authority of a government minister no less.
Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.
The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people. (from the BBC article)
Blimey. 25 million people’s personal details fit on two disks? And these disks holding very personal information were getting sent to the National Audit Office? Slight aside while I wonder why? More of this vaunted “joined up government” in action? I assume that bit in the Data Protection Act about information only being used for the purpose for which it’s gathered is just too quaint for today’s new information society?
Doesn’t this infinitely foreseeable event call into question the whole ID card madness yet again? How long before the records held by the multi billion health service computer, the passport office, the criminal records bureau, the tax office, the humongous national DNA register or the vehicles and licence authority also go AWOL? How much easier will it be for everyone’s personal information on the vaunted unified national identity database to disappear at one fell swoop?
(Note to self. Stop posting questions.)
This is, as you say, equally predictable and terrifying. I wonder if the Information Commissioner will prosecute the entire government over the DPA breach?
As for the file size, assuming each family has a single line record, I can see 25 m of them fitting on two disks easily.
The article said that the 2 discs were password protected, and that they had been sent via “HMRC’s internal post system operated by the courier TNT”
So it’s not like they were in a jiffy bag and popped into the post box.
However. the package was neither recorded nor registered and breached HMRC’s own guidelines.
Given the level of carelessness here I wouldn’t be surprised to find that the password protecting the discs was “password” or “sesame” or “swordfish”
If you think this balls up will derail the ID process I fear you will be disappointed. Expect politicos to claim this fiasco was a learning experience that will tighten procedures and security.
StewartP
I am sure you are right. I don’t think anything will derail the ID process.
I suppose I might have a faint hope that enough of these 25 million people might suddenly stop thinking that a unified identity database isn’t “inevitable” and “a weapon against terrorism” and all the other tosh that I hear.
big bubble over what CAN happen? there r people responsible 4 that,so called IT ‘experts’ who r earning great money to avoid that. And u feeding public with 13-18 years ‘hackers’ – gimme a break. Government – our money spent on irresponsible people,who should be blamed and replaced as first.
Gotta say that the password protection on these CDs is most likely meaningless. The password would be needed when the Government’s software reads the data off the disc. If the data isn’t encrypted then it would not take too much to write a piece of software to circumnavigate the password entirely and go straight to the data. Essentially we have two open books with 25 million peoples’ data. It’s a complete farce.
Also on the topic of security, ID cards will be a complete joke, and the rewards for a ciminal gaining access to them huge. Not only are biometrics horribly insecure (see Ben Goldacre), but the central database, if we look at past government IT projects, will most likely suffer at least one major leak.
When will Labour snap out of this delusion that they should be trusted with safeguarding our data? They have shown themselves time and time again to be untrustworthy and incompetent.
xanderG
You are absolutely right.
As if just having a password will make much difference if the data isn’t encrypted. lol.
t will only really present an obstacle to opening the disks in the original program. It is unlikely to prevent other methods of reading the text.
With almost no knowledge, I can think of a good few ways to do that very quickly using easily available software: Bin/hex readers; brute force password cracking, etc
Someone with high level programming skills, who stands to make make millions from a successful extraction of the data would have no difficulties whatsoever.
(Unless a fiendishly cunning and uncrackable password like “sesame” was used, ofc.)
Great bad science link, too, thanks.