More MOD data goes AWOL

This week’s data-loss story is a Ministry of Defence hard drive that’s gone AWOL. Another example of the UK government’s seemingly bottomless commitment to freeing up access to its data, by distributing it at random around the globe.

Ministry of Defence, that was.

An investigation is under way into the disappearance of a computer hard drive which could contain the details of about 100,000 Armed Forces personnel.

And when it says detail, it means unencrypted detail:

There may also be some personal information including bank and driving licence details, passport numbers, addresses, dates of birth and telephone numbers.

Of serving members of the Armed Forces. Does information get much more personal? It’s not as if that sort of data would be any use to enemies in the ongoing TWAT. (*heavy sarcasm*)

How much confidence does that inspire in the security of the information they’ll have on us mere civilians, when the ID-card scheme includes us all? (*Rhetorical question*)

A commenter said in the Independent

The MoD didn’t lose this data, EDS did. Nobody cares about data that isn’t their own. If this data had been handled in house and the work not outsourced it wouldnt have been lost

EDS is the MOD’s main IT contractor. Here’s their web page.

.. as an HP business group, EDS delivers one of the industry’s broadest portfolios of information technology and business process outsourcing services to customers in the manufacturing, financial services, healthcare, communications, energy, transportation, and consumer and retail industries, and to governments around the world.

The About us page has US contact numbers. It seems to have been written by someone from a Dilbert cartoon. Everything they do is “innovative” and their

highquality, cost-competitive services are provided from the optimal mix of onshore, nearshore and offshore locations.

This determinedly shore-heavy focus may refer to their “related companies”(part-owned companies) which include companies based in the UAE, India (workforce:28,000+ ), the USA and other unspecified locations. One provides “Benefits, Payroll and other HR Administration services to more than 34 million active and retired employees from its client organizations.”

On the 8 September, 2008, prison officers were disturbed about EDS’s loss of their personal data, to the point of threatening a strike.

At that time, Computer Weekly pointed out that EDS already had something of a track record in the data-loss area. The Burton Review Report, published in April 2008, looked into an earlier loss of MOD personnel data, in which EDS were involved.

One of the themes emerging from the Strategy for Transformational Government (2005) was the increased emphasis on sharing services, particularly in information and infrastructure. The Armed Forces have been early pioneers of this approach, through a range of Private Finance Initiative (PFI) and Public Private Partnership (PPP) contracts. (from page 4, Burton Report)

Hmm. Need look no further for the culprit methinks: the whole processes for giving out PFI and PPP contracts.

You might assume that the UK must be desperately short of cash, if it’s prepared to hand over its most crucial information to any company that offers to undercut government employees, while providing a better service and still making a profit. (Well, it must sound convincing to UK governments,) But, it seems that the UK government has a bottomless pit of money for bailing out banks, so shortage of cash can’t be the reason.

If you are interested in looking up the track record of other private companies that keep public data, datalossdb.org could fill in an obsessive hour. Type the name of your chosen PFI company and see what turns up.

Yet another reason…

This is a good BBC read that might convince a few people that the information technology involved in setting up national database systems isn’t going to be intruder-proof.

My precis:

Basically two policemen moonlighting as phone crackers etc for a private detective agency that provided tech interruption services to a toxic waste company to carry out surveillance on local planners and environmentalist opponents. (Plus the hiring guy’s wife when they were getting a divorce .)

The guy put on BT overalls and attched the devices to BT lines. Noone batted an eyelid obv until BT found its customers were getting ripped off for phone time.

You couldn’t make this stuff up…. etc 🙂