In which I download databases.
Up until Monday, we hadn't had any of our data lost by the government (as far as we knew). We shouldn't have been one of the 25 million lost due to being child benefit claimants, or one of the many other breaches. Some of the breaches are potentially very serious should it fall into the wrong hands, for example, the list of military applicants, of prison officers, or (and think of the children!) families with young kids.
However, Monica may have been among the three million lost on Mondays.
It does annoy slightly that they always call it 'lost', this can imply that the issue is that government no longer has the information. This isn't the problem - it's 'duplicated, then lost'. The issue is that people who shouldn't have the information ultimately acquire it.
Having the entire population on one big database is not a way to improve security. It's a big target for identity theft, and recent history shows that it cannot be kept totally secure.
Having said that, the 'losses' that have happened have been rather silly. Lots of data transported without strong encryption, often when there was no need to transport it. It shows a general carelessness that is not befitting anyone claiming to be worthy of trust with this data.
You can take this survey to find out how likely it is that the government has treated your information shoddily.
You hand over your personal details to councils, hospitals, employers and businesses all the time. But these institutions don’t always keep that data safe. In fact, since HMRC lost its entire database of child benefit claimants last year, high profile data losses have hit the headlines with worrying regularity. But how does this affect you and your family? Click here to find out how likely it is that a government department or corporate entity has been losing your data recently.
Industry and Government want to aggregate and share more and more of your personal data. Schemes like the National Identity Register, ContactPoint and the Intercept Modernisation Programme are just the tip of the iceberg. But data insecurity is inevitable if large datasets are stored centrally and accessed by hundreds of different people. Data loss can lead to identity fraud and harassment for anyone affected. It is also likely to further complicate or even threaten the lives of those who are fleeing abusive relationships or on witness protection schemes. And that’s without even getting into the debate about how data sharing and aggregation can change the relationship between citizen and state [.pdf].
Once you’ve taken the test, please share the link - http://www.openrightsgroup.org/dataloss/ - with friends. And if you learn of other incidents that should be added to the questionnaire, then please add them to our list of UK privacy debacles, which feeds into the questionnaire.
Thanks to Sam, Glyn, Casey and Rowan, the Open Rights Group volunteers who conceived and realised this project. Finally, please note that the application does not record users’ responses or IP address. In fact we don’t store any user data, which means there is no danger of us losing or leaking anyone’s personal information.
So, the Government has managed to lose a USB stick containing the details of tens of thousands of criminals. We should not focus on the fact that this is the data of criminals - that will be of little concern to many - but instead look at what's happened here in terms of data protection. Once again it has been possible to copy records en masse, save them to removable media unencrypted and walk out with them.
This does not breed confidence in the future security of the ID database - a massive bonanza for identity theft if it got into the wrong hands.
It simply should not be possible to export large amounts of data without a high clearance.... and such clearance should only be given to people who have been drilled until their ears bleed about safeguarding that data. In particular, if on usb, it is attached to a lanyard and doesn't leave your neck until it is wiped. Even then, the data should not be on any removable media unless encrypted (and this should be automatic to prevent the human-error factor).
More to the point, if the data has to be moved from A to B, what is the problem with an encrypted ssh tunnel from one system straight to the other? What's wrong with 'dropping' fields which are not needed at the receiving end before sending?
These data losses indicate a massive systemic failure in the design of government systems, a carelessness with the data with which they're entrusted, and a laissez-faire attitude at the highest levels. Just as the loss of the child benefit discs was not the fault one one low-level civil servant, this should not be pinned on the unfortunate who dropped the usb stick (though they should know better). This should be viewed as a failure of design - people should not have been able to do this, even if they were trying to be malicious.
It's just another case which demonstrates the flaws behind the concept of an ID card database, which if ever compromised would be the biggest boon to identity theft ever seen.
Following the recent case where the bank details of 25 million were lost, Jeremy Clarkson was of the opinion that it was a fuss over nothing. He published his bank account details in his newspaper column.
But Clarkson admitted he was "wrong" after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.
The most surprising thing about the story was the phrase Clarkson admitted he was "wrong"
As I've said before, it's not the fault of the underpaid guy who physically performed the act of copying the data, it's the fault of those higher up who designed a system which was capable of having all 25 million records copied in one go at the click of a button.
On a related topic... ID cards...
(Update: No2ID report this story.... I, along with probably countless others, emailed it to them, so it's no surprise to me!)
Regarding the recent data leak:
The Conservatives say the crisis is down to "systemic" errors at HMRC - but the government insists it was the fault of low level civil servants.'
Rubbish - why was it possible for a low level civil servant to download the entire database in one go and burn it to CD? (i.e. the potential is there to steal it).
A low level civil servant should only be able to view a record at a time, and not export the records at all. This is trivial.
I still can't believe that they thought it'd be too expensive to drop sensitive fields.
'the NAO wanted only limited child benefit records but was told in an e-mail from a senior business manager in March that to remove more sensitive information was too costly and complex.
Please correct me if I'm wrong, but this should be trivial for any well set up system. In the commercial 'filemaker' system, one can choose which records to export. If, as is more likely, the database was SQL, one could make a copy of the database and then drop unwanted tables, or fields. For anyone managing an IT system, this should have been trivial.
Someone who is responsible for decisions on such a large and costly database really should be able to manipulate that data easily.
For the record, the SQL syntax (after about 15 secs of research) is:
ALTER TABLE <table_name> DROP <field_name>
DROP TABLE table_name
Methinks the 'it was too expensive' excuse is just so much baloney.
Update: qwghlm has a post on this too.
This includes bank details for 7 million families, national insurance numbers and so on. The information was sent, by unrecorded delivery, through the post. This is information worth millions, if not billions, in the wrong hands.
The records include parents' and children's names, addresses, dates of birth, child benefit and national insurance numbers and in some cases, bank or building society details.
And then they wonder why I don't trust this government, or any government, with all of my personal information on a centralised ID database?
On the bright side, the discs are 'password protected'. That's all right then, dictionary brute force attacks have almost never been shown to work....
In other news, last week the Information Commissioner’s Office asked the UK to criminalise severe data breaches. Good job for the powers that be that this hasn't happened yet!
Even if this was the mistake of some underling, the fact that the systems were so lapse that this information could be burned to CD is a massive problem.
Update: The banks are advising that people don't need to phone them and say 'give me a new bank account number'. They would say that, it's a lot of work - but on the precautionary principle, there is no reason not to do this. In fact, if my bank said there was no need, I would respond by saying 'if you won't give me a new account number, I'll move my account'.
Update 2: Don't accept 'ID card database would be safe as it's protected by biometrics' - this is so much tosh, the biometric info is just another record in the database.
Update 3: No2ID now has this story