Comments on: Data protection?

By: Heather

Heather — Sat, 24 Nov 2007 16:14:08 +0000

xanderG

You are absolutely right.

As if just having a password will make much difference if the data isn’t encrypted. lol.

t will only really present an obstacle to opening the disks in the original program. It is unlikely to prevent other methods of reading the text.

With almost no knowledge, I can think of a good few ways to do that very quickly using easily available software: Bin/hex readers; brute force password cracking, etc

Someone with high level programming skills, who stands to make make millions from a successful extraction of the data would have no difficulties whatsoever.

(Unless a fiendishly cunning and uncrackable password like “sesame” was used, ofc.)

Great bad science link, too, thanks.

By: XanderG

XanderG — Sat, 24 Nov 2007 12:30:10 +0000

Gotta say that the password protection on these CDs is most likely meaningless. The password would be needed when the Government’s software reads the data off the disc. If the data isn’t encrypted then it would not take too much to write a piece of software to circumnavigate the password entirely and go straight to the data. Essentially we have two open books with 25 million peoples’ data. It’s a complete farce.

Also on the topic of security, ID cards will be a complete joke, and the rewards for a ciminal gaining access to them huge. Not only are biometrics horribly insecure (see Ben Goldacre), but the central database, if we look at past government IT projects, will most likely suffer at least one major leak.

When will Labour snap out of this delusion that they should be trusted with safeguarding our data? They have shown themselves time and time again to be untrustworthy and incompetent.

By: chaserrr

chaserrr — Wed, 21 Nov 2007 18:48:48 +0000

big bubble over what CAN happen? there r people responsible 4 that,so called IT ‘experts’ who r earning great money to avoid that. And u feeding public with 13-18 years ‘hackers’ - gimme a break. Government - our money spent on irresponsible people,who should be blamed and replaced as first.

By: Heather

Heather — Tue, 20 Nov 2007 23:53:23 +0000

StewartP

I am sure you are right. I don’t think anything will derail the ID process.

I suppose I might have a faint hope that enough of these 25 million people might suddenly stop thinking that a unified identity database isn’t “inevitable” and “a weapon against terrorism” and all the other tosh that I hear.

By: StewartP

StewartP — Tue, 20 Nov 2007 22:14:40 +0000

The article said that the 2 discs were password protected, and that they had been sent via “HMRC’s internal post system operated by the courier TNT”

So it’s not like they were in a jiffy bag and popped into the post box.

However. the package was neither recorded nor registered and breached HMRC’s own guidelines.
Given the level of carelessness here I wouldn’t be surprised to find that the password protecting the discs was “password” or “sesame” or “swordfish”

If you think this balls up will derail the ID process I fear you will be disappointed. Expect politicos to claim this fiasco was a learning experience that will tighten procedures and security.

By: TW

TW — Tue, 20 Nov 2007 20:40:18 +0000

This is, as you say, equally predictable and terrifying. I wonder if the Information Commissioner will prosecute the entire government over the DPA breach?

As for the file size, assuming each family has a single line record, I can see 25 m of them fitting on two disks easily.