A yawning gap
I could, you may argue I should, be focusing this morning on the raw politics of losing the personal data of almost half the adult population. Somehow, though, that is not what moves me.
Sure, this is another blow to a chancellor who will never again find the soubriquet "safe pair of hands" attached to his name.
Sure, it is another sign that ministers wake up each day wondering what will happen to them rather what they will make happen.
Sure, Labour MPs are beginning to wonder whether, in the words of one I spoke to yesterday, "we are beginning to look like the Tories in the mid-90s".
However, what interests me much more than any of that is the yawning gap that has opened up between what we're told about the protection of our personal data and the reality. What is clear to me is that the public would like to see the information they provide guarded like a dangerous virus in a lab (or, after the of this summer perhaps rather better than that). In reality, there is clearly a culture of casualness toward it which allows one man, apparently, to copy 25 million names and details onto two discs and chuck them in the post.
Forgive me if I'm misunderstanding something - I'm sure you'll respond if I am - but I fail to see the relevance of job cuts or unopened post or low morale at HMRC to this. Employees should know that data protection is sacred and if they don't there should be systems in place that ensure they alone cannot make serious errors. Instead I hear that after a previous major security lapse, missing data turned up months later in someone's desk marked something like "Nick's disc".
Tackling this won't be easy for politicians. What this case shows - as did the scandal about illegal immigrants becoming security guards and the foreign prisoners fiasco - is that making the government machine work is so much harder than passing new laws.
Will plans for ID cards be the victim of this scandal? Not necessarily and certainly not forever. This saga is, of course, a huge boost for the opponents of them. Assurances that biometric data cannot be duplicated will not be enough to silence that opposition. This brings us back to the raw politics. A weakened government faced by doubts about its competence may conclude that the fight for ID cards is not a fight worth having.
POST PMQs UPDATE, 13:00 GMT: Much joy among Labour MPs that their man survived unscathed at PMQs. One Labour whip quoted joyfully the Guardian's Simon Hoggart who that David Cameron was not so much shooting fish in a barrel as "harpooning" a porpoise in a bath. Despite this, the whip said, the Tory leader missed the bath.
Why?
Well, Gordon Brown delivered three crucial things before the Tory leader could even get to his feet: an apology, an explanation (procedures had not been followed) and an announcement (even more reviews into data protection). But before Labour gets carried away, I pass on this view from the Tory camp: that given the public's real anger about this, David Cameron chose to be seen not playing party politics by linking this fiasco with other recent ones. There was never enough ammunition today to deliver a killer blow. Time will tell whether the impact of this story is a long-term corrosion in the belief in the government's competence.
Comments
There should be an immediate vote of no confidence in her Majesty's Government.
This is incompetence on an unprecedented scale by a governmnt that claimed it wanted to provide a vision for the future as it had already proved itself to be competent.
I'm afraid the government has proved itself to be totally incompetent over an extended period of time. As for the vision; my vision shows a government incapable of directing its oown departments on a repeated basis. Itdoesn't matter if its the health service, education, HMRC or the Treasury there is widespread incompetence and complacency at every level.
Anyone who saw Liam Byrne appear on the Politics show last week trying to wriggle off the immigration hook by claiming he didn't bring the figures with him becasue he wasn't asked would realise this. What didi he think he was going to be questioned about? He's the Minister.
Nobody can seriously believe the Government can now go on. They have got to resign, en masse. It is time that honour was restored in politics to set an example otherwise they can't expect a single one of us to do anyhting other than follow their example of incompetence, irreverance and lack of accountability.
Dear Nick,
This is just plain sheer incompetance and , a coverup
"Why did it take so long to be spotted, March of this year is 9months hence, so there has to be more to this than meets whats been stated."?
"Is it he fact the government did not want the NAO, to investigate the tax credit system, and the billions lost on that">?
"Data protection is sacred" - spot on! The good folks at watchdog showed a few weeks ago how easy it was for them to open bank accounts and credit cards just from the few details people offer up on facebook / myspace etc (name, address, date of birth). Identity thieves must see these Government database, seemingly as leaky as the Titantic, and be rubbing their hands in glee!
Generally with political stories I wake the next day and think 'aw well it could be worse.' But today I just feel slightly religious 'God have mercy on us whilst this lot are in power!'
Let's hope so!
On the contrary, Nick - a minister was on Newsnight last night basically saying: 'Oh, no - ID cards are completely different and there will be no problem with them..'
They don't live in the real world at all, do they..?
The fact is a lot of people in Britain are stupid.
Well written as ever. I just suspect this has been going on for decades anyway - in paper rather than on disks. It's only now that we're starting to pick up on this. Either way, I don't really see how anybody can legitimately blame Darling for this or call for his resignation.
Whatever the electorate want will be irrelevant. This government takes no notice of common sense input. After all, the members of the government are not affected by life as we, the general public, are.
If ID cards are on the agenda, then the government will push ahead Expense is no object - as has already been proven in so many cases over the past ten years. From recent events, it would appear that security is not a high priority either.
Absolutely. The first astounding operational failure was that a a junior officer had sufficient access to the database to download the information to CD in the first place and this is very worrying because so much of our personal information is being centralised on databases. The second, just as bad, was the unreliability of government couriers which should be expected to be able to deliver sensitive information securely - the civil service has to send a lot of the stuff around the country.
It was quite reasonable for a junior officer to assume this was an easy and secure way of sending data to the NAO and certainly a lot more efficient (cheaper) than inviting an auditor to HMRC's offices for a couple of weeks. But it should not have been possible to do.
(PS Job cuts and ramming together two previously separate departments mean that senior officers have new things to think and worry about so management oversight is reduced. No direct connection but risks increase.)
This is another case of the government and in particular the civil service believing that having a policy in place (data protection in this case) will solve everything. There was the same issue with c-defficile infections and the 90 deaths in Kent, there was a policy and set of procedures that weren't followed and the worst thing possible happened, people died.
Nick, your comment "..that making the government machine work is so much harder than passing new laws" touches to the core of what is wrong with this government.
Most governments fall into the trap of believing that legislating for something or other will 'make it so'. This New Labour government has fallen for this belief to a self-delusional degree.
The answer - for all governments - is to do less. But, this, of course, runs counter to all their controlling, interfering and micro-managing instincts - especially with Captain Brown at the helm (And in the engine room. And in the galley. And in the head. etc...).
You've got the nub, Nick: Employees should know that data protection is sacred and if they don't there should be systems in place that ensure they alone cannot make serious errors.
How could someone even have access to all that data? If someone could download it and lose it, they could also download it and sell it... and may have already done so.
Nick,
With respect, you ARE misunderstanding something. You said "there should be systems in place" etc. "Systems" can never completely protect data because systems can be by-passed.
The point is that in the case of compulsory ID cards, the data should not be there in the first place, i.e. we should not waste billions of pounds on a flawed and repressive scheme which is simply a licence from the government for a citizen to be on the streets, which will not do anything to protect us and is guaranteed to fail.
It is now your chance to ask Gordon Brown if he will resign if data is compromised if the compulsory ID scheme is introduced.
To my knowledge, prior to the illegal attack on Iraq, no journalist asked Tony Blair if he would resign if WMD were not found.
Alistair Darling must be at a loss for Words!
Alistair Darling may emerge from both crises with his reputation enhanced.
Suppose the Northern Rock crisis is closed without loss of any taxpayer or depositors money and perhaps some interest better than the yield on Government Bonds? This is quite likely at present but by no means certain. Suppose that the missing benefit CDs turn up in a pile of undelivered mail and that the lesson learnt is for governments to have fail-safe data storage systems in future? That too is not unlikely either.
It is far too early to suggest that the errors of others - Northern Rock directors and the shareholders who elected them, and complacent senior civil servants - will undermine Darling. Nor is it sufficient to blame politicos for the appointment of dodgy people. Civil servants are not selected by Ministers.
People gain reputations for dealiing with unexpected events in an effective manner. Just as scribblers can earn or lose credibility by how they report those events.
What irks me is that the middle and senior managers at whose door the blame for this surely lies are these days on an extremely good remuneration package which, with their ultra generous pension, is better than most in the private sector.
It will be interesting to see who else's heads roll (if any!) If this were the private sector there'd be a few.
I'm glad though at quite some cost that the National ID card is most likely as dead as the proverbial dodo.
You're right about the issues of mergers, cuts and low morale. These are fundamentally not the issue. Someone failed to follow even the basic procedures in place and this is the result. The next issue of CrimeWatch should make good viewing ;-)
Hi Nick,
I agree with you, I think this episode and others that have come to light recently show the scant regard that the public sector has for our personal information. To me it smacks of laziness and incompetence.
The government's answer - more procedures! All the procedures in the world are of no use if staff can even contemplate putting confidential data disks in the post.
But it goes much deeper than this. Any organisation that has CD burners lying around, that allows staff to take data home on laptops (and then lose them by the dozen) is clearly disfunctional and utterly clueless about its responsibility to the country and its people.
And Nick, it doesn't just put ID cards under the spotlight. It puts all attempts to centralise data into question. Can we trust a centralised NHS database with our entire medical history?
Is this the same inept and incompetent Civil Service who is going to be in charge of the database that contains all our personal details when we are supplied with a new Passport and ID Card? Even though we will have payed a small fortune for the privilege? Not on your Nellie, matey!!!
Nick,
The question of encryption here seems vital, and it's not something that is being brought up properly by a largely technologically illiterate press.
So far by the reports I have read, the Government has refused to comment on if the files were encrypted or not, instead simply saying they are 'password protected' - but the difference is night and day.
Most password protection schemes are trivial to break even for an amateur, whereas encryption is almost impossible, even for well funded agencies.
The Guardian had a comment in its lead story earlier today about how it understands the files were not encrypted, but that seems to have disappeared now.
Can you ask questions about this?
Quite apart from the catastrophic loss of the data, surely something does not quite add up ?
According to NAO, there are about 7.4m families with between 13m - 14m dependent children in UK.
The lost data is reported to contain details of 25m people claimed to be on the child benefit register.
Can someone explain how this can be?
Luckily I'm not directly affected by the most recent scandals, I don't claim benefits and I don't have a mortgage.
However, what is beginning to concern me is the apparent ease at which the government has assured savers in the Rock that their money is secure and that mistakes because of the data losses leading to fraud will also be covered.
This is where my taxes are going? Not being spent where they are needed but being ploughed into covering up the government's mistakes whilst also being used to create ever more maddeningly complex systems for ID cards, NHS records and so forth.
"we are beginning to look like the Tories in the mid-90s". ?? Beginning? What *are* they smoking? Where is the way back? Answer there is none. Lost it. Large. They are now dead men walking as all David Cameron needs to do is publicly refuse to believe them about anything...
How did such a junior employee have the authority/security clearance to :
(1) Access data on such a massive scale ?
(2) Have the capablilty to download and save it locally to his personal work computer ?
(3) Have access to writable CDs in the workplace ?
(4) Have the capability of writing the data to a CD ?
(5) Not realise that what he/she was doing by mailing it encrypted, or not, was completely reckless
This suggests a complete breakdown of workplace data security, practices and procedures. What has caused this ?
This is just another example of the Government’s irresponsible attitude to personal data.
The question I would like to hear asked in the House is:
"If the Government is so concerned about people’s personal data, can the Chancellor explain why Bank transfers, pensions benefits etc, from the Government always show the full National Insurance number on the bank statement? "
Credit card receipts don’t show the whole number. Bank transfers from the Government don't need to either.
You have hit the nail on the head. Job cuts, morale, etc are irrelevant. Its clear that a culture of complacency and/or arrogance about the protection of sensitive information is the real problem.
As a serving Civil Servant, I would like to state it is highly unlikely that a low grade Civil Servant received the request directly and just downloaded the information onto a disc. Not sure what systems are in place at HMRC but in my Dept, while we have access to the raw data as part of our job function, we are unable to download any portion of it onto any kind of disc. In fact, the CD-ROMs on our PC's are disabled and we are not allowed to install any software or even screensavers that are in any way personal as part of our security measures.
Surely if this request came directly from the National Audit Office as alleged then this request should have gone through at Ministerial or higher management grades and then fed down to the appropriate level after being cleared. I don't for one second believe that an ordinary foot soldier would have done this, as security of data is drilled into every one of us.
And yes, mistakes are made but this is not a mistake. This is a colossal failure.
I'm glad though at quite some cost that the National ID card is most likely as dead as the proverbial dodo.
You're right about the issues of mergers, cuts and low morale. These are fundamentally not the issue. Someone failed to follow even the most basic procedures in place and this is the result. The next issue of CrimeWatch should make good viewing ;-)
Should this find its way into the wrong hands, it could be quite likely criminals would soon end up with people's bank details, date of birth and, quite scarily, their mother's maiden name.
I was going to make a comment but then I thought "I just can't be bothered."
I'm a former 'Goverment Security Cleared' IT Security Consultant put out of business (or was I in disguised employment?) when the Government introduced the ill conceived IR35. I haven't worked in IT since 2001.
If I posted a comment like "I told you so!" it would apply to so many Government System Failures I couldn't begin to make you a list.
So at the risk of sounding gleeful - "I did tell them so." and yes, "I still can't be bothered."
Leave it to the professionals to resolve. I think most have gone overseas to be replaced by .... well, the rest will be history! And that history will be written by the Government.
im a government employee and I couldnt give a dam as I dont get paid enough to care ,they keep on downgrading and expecting lower grades to carry out important work that was once deemed a much higher grade which is most likely what happened in this case..
Also things like this will happen when you privatise what was once an internal postal system with civil servants delivering the mail etc is now anybody delivering it after being privatised.
Hi Nick,
Will you please ask if the chairman that fell on his sword to save the government minister (oor wee darling), is getting a big pay-off and full pension transfer that he would have if he sayed the term?
Although 90 poor souls have not been killed by a hospital bug, this is on a par of incompetence with the recent HHS chairman that resigned but someone had the good sense to stop her pay-off - same principle Nick. Please press this issue.
Ta
The situation as described by the chancellor is absurd. If a low level civil srevant can
a) recieve a valid request for data b) reinterpret that to be a completely different set of data
c) access the whole data set d) download the complete data set to a removable storage medium
e) get that out of the building
All without senior authority or the alarms going off then their is very little data security.
I wonder if the same low level civil servant can upload and change data as well.
Any Financial director of a large distributed organisation could tell them how their systems are wrong.
You are correct in your assumption that ID cards are almost certainly dead in the water - the only good thing that has come out of this fiasco.
Robin (#1) is also correct in that there should be a vote of no confidence, but that just will not work. Labour tried this several times when the Conservatives were in power. MPs don't want to lose their jobs. "Honour" does not come into it.
It is not hard to see what has gone wrong. A Government obsessed with targets has forced senior managers in all departments to take shortcuts, or at least force their own subordinates to take shortcuts.
What is needed is an independant audit of all Government processes, with the auditors given free rein. It might produce a few more shocks, but in the long run it might restore some credibility to Government departments.
The chair of HMRC has resigned, but as i understand it, as long as teh revenue can shoe due diligence with respect to ensuring staff ar trained in Data Protection legislation, then it is the individual who is found to be at fault.
One could argue this is a criminal case of negligence, what has happened to this 'junior official'? I don;t want a witch hunt, a public naming naming and shaming, for fear of lynching, but surely we are entitled to know their fate.
What is their defence for what has happened, and if it is a sound defence, then perhaps the revenue truly has become the next govt dept 'not fit for purpose'.
I am at a loss as to how this can happen, the name and address of every child in teh uk, along with DOB; am i alone in my major concern that this is a peadophiles passport, a child smugglers dream, these children have no say on whether this data is taken and recorded, and now as some of the most vulnerable members of our society, the government has left them open to abuse.
Let me reccomend that as a society, we not only look inwardly to protect our finances, which to me is a secondary issue, but make sure that we band together to ensure the safety of this nations children.
For the first time in my life time I bow my head in shame for our governments failings.
Oh Robin, enough with the knee-jerk fit of scandalised outrage. Resignations 'en masse'? Possibly even more ridiculous than the HMRC fiasco itself.
The security breach is indeed something to worry about, but I think that the effect of the 'crime' - i.e. the identity theft issue - is far greater than the crime itself, and that's where the focus should now lie. ONE junior employee send CDs via the INTERNAL POST, to another department, and either forgot or didn't think it necessary to have the deliverey recorded. This is stupid, not heinous.
Time to get over it, and make sure that contingency plans are established in the unlikely event that the discs fall into the wrong hands.
GB is really at fault - he has run HMRC from the top down for 10 years, if they have a culture of contempt for tax payers information (and therefore tax payers full stop) it is because he has instilled it.
He harps on about plastic bags and all the time his darling (HMRC) is road hauling disks and data about for no good reason.
Sorry to get techy here but there have been safe electronic means to transfer data over secure lines for over 2 decades. EDI (Electronic Data Interchange) and SFTP (Ssh File Transfer Protocol) are two examples used widely in finance and insurance industries for many years - this isn't some super expensive technology - in fact SFTP is an open source free standard, think of all the plastic bags Gordon could protect, not to mention tax payers money and personal information.
Hi Nick,
The real horror is that a junior clerk can get at all that info to put it on disc. Think of how many blackmailable or just unethical/overspending 'junior clerks' there must be in HMRC.
Mistakes will be made, so systems (eg manual and automated access controls) should be in place to limit the damage, and even better NOT COLLECT IN ONE PLACE the most damaging information.
My primary worry about ID cards is the theft/loss of information that would make it very difficult for me to distinguish myself from an impostor.
I don't expect perfection from human-operated government departments/agencies, so the lesson they should finally take from this is to avoid the danger by avoiding collecting the information.
It's one reason I won't travel to the US: I don't trust the TSA not to lose my data and biometrics when they lose equally sensitive data about their own staff.
Rgds
Damon
The incompetence of people is not something any government can legislate for. Ok, so ultimately the Chancellor was responsible in a distant line report kind of way. But when you have agencies that are set-up to be independent because centralisation doesn't work, apparently, he cannot be responsible for that, surely.
There's no doubt, however, that the government is on an unlucky streak at the moment. I don't share the incompetent argument put forward by the Shadow Chancellor. Clever words is no substitute for real policies and action.
Harold Macmillan's oft quoted 'events dear boy events' are certainly biting them time and time again for now. But there is time to pull it back IF the government gets back to governing and not just managing failure.
I saw the labour spokewoman on newsnight last night and she just did not understand that it should not even have been possible for ANYONE to have copied all of that data on to removable data (CD or whatever medium they use). All she bleated on about was that we have a system in place and someone didn't adhere to the system.
Nick it doesn't inspire any confidence when a person with this level of intellectual ability is in charge.
The expert on the programme was quoting to her the various recomendations that had been made to this government about the dangers of storing all of the data in one database but they have totally ignored them.
WHAT A BUNCH OF IDIOTS WE NOW HAVE RUNNING THE COUNTRY!
I think Nick has made the right point here, as did Ross Anderson (I think) on Newsnight last night.
How can a computer system which allows a junior official complete & unfettered access to the entire database be considered secure in any way?
What other access do these "junior officials" have? Can they add, edit & delete data as well as copying it and burning straight to a cd?
How many people (like me) are thinking of contacting the HMRC's data protection officer to complain about the insecure manner in which my data is/was held?
And don't even start on ID cards! This assurance that "Biometric Data cannot be duplicated" is pure unadulterated ignorant horse excrement. Slap the word "Biometric" in front of the word "Data" to try and make it sound more technical is almost comedy if it wasn't so pathetically condescending.
I'll spell it out for the civil servants (and ministers): if it's data, it CAN be duplicated. Otherwise, how would it be copied onto your fabled database in the first place?
Well said Robin, the whole lot are useless. Lets give power back to the Conservatives, they never lost any sensitive information they just sold it for a few brown paper bags full of money!!!!
You're right, Nick, that there is a significant chunk of this that is non-political, and that the mailroom stuff is irrelevant to this data loss.
The underlying issue is the unprecedented ways in which data is used in government...and more is planned. It is an inevitability of the digital environment rather than a conscious political decision. A new culture and attitude towards data governance is needed. At the British Computer Society we have been worried about this for some time, and have a working group looking at what is needed; not from a technology point of view, but an organisational one. Our group is headed 'Trustworthy e-Government'.
Regardless of which government is in power, we will see the same issues arising. Whether there has been a political failure is not for me to say, but there is something deeper than the politics going on here...
Agreed, this is a pretty bad state of affairs (speaking as a father and someone whose data has been lost). But I challenge anyone working in the private sector to say, hand on heart, that data protection is treated as a top priority in their organisation such that they are confident that they are fully in compliance with the data protection legislation. Go into any meeting, anywhere, and mention data protection and watch the yawns.
All organisations process sensitive personal data - employee billing, underwriting information for insurance schemes, info gathered for anti-discrimination purposes and so forth, and I wonder whether or not every instance of this data being processed involves the levels of encryption etc that people are baying for. Those throwing stones should check the building materials of their residence.
I watched the debate yesterday. I thoght Edward Leigh’s contribution gave an interesting nugget of information which has been widely overlooked. See the extract below from Hansard (my emphasis added):
Mr. Edward Leigh (Gainsborough) (Con): I am grateful to the Comptroller and Auditor General and to the Chancellor for briefing me this morning. May I just make one or two things clear from the CAG’s briefing? He requested this information—the national insurance numbers—to create a sample to enable him to carry out the audit. It is clear that the CAG specifically asked that all personal details, bank account details and all that sort of information should be removed before this was sent. That is the most important thing. The National Audit Office simply asked for the national insurance numbers; this had nothing to do with personal details.
To labour(!) the point a little, it is clear that had the HMRC oik stuck to the request as issued by the NAO then even when the CDs went missing little or no harm would have been caused.
As usual a great summary. I think your point about casualness is spot on and in some areas of Governemnt this culture seems to prevail. Changing this is vital but no doubt the efficiency agenda, job cuts, etc. will compete against the drive to change attitudes.
What is concerning is not just that sensitive information was sent out in this way, but that a junior employee had easy access to it. If confidential information is increasingly centralised by the Government, and countless members of staff of its agencies can easily access it, the prospect of that information remaining sufficiently secure appears pretty slim.
Nick -can you find out if the data was encrypted? Nobody has actually said that it was - "listen even if dodgy people got it, it's encrypted so it's going to be very hard to get the information off these discs" - which makes me think that it wasn't... This is important. Because if losing the data is bad (and it is SOOOOO bad words fail me), the encryption issues says something more about whether government understands the basics of data security.
I've got to say I'm still in a state of disbelief on this.
Beginning to look like the Tories in the 90's? This shower of incompetents make the Tories look like paragons of virtue. Yes there was a run on the pound in '92 cost £3.4bn - run on the banks '07 - £24bn and counting.
Ministers are there to set policy - civil servants are to implement policy. However it is also the ministers responsibility to ensure and monitor that the implementation takes place, to ensure that the systems and checks have been thought through and are coherent.
None of this Labour government has run anything before - none have real business backgrounds - all of them are former policy and union hacks, journalists, lawyers and union officials. Is it any wonder that none of them know how anything works in the real world.
Maybe Her Majesty should have a quiet word with Gordon Brown and ask the fundamental question during their next weekly visit - are you and your cabinet upto the task of government?
I think we all know what the answer is ...
My wife was asked three months ago to contact the pension office to sort out her up coming retirement, sadly we were told can you phone back in a month, then can you phone back in three weeks and now can you phone back in December, I said I've had enough what is going on, and he said all hells is break. That was three months ago and now it's coming to our notice, not weeks but months. My wife has been told look sorry please please we have so much trouble can you give us time.
God this is from \ GOVERNMENT.
I think it is time for a change to allow Labour to take a long hard look, because right now I not vote for them.
Mr Brown, I'll give you the lowdown on the thorny issue of ID cards.
1. I will not allow you to take my personal biometric data.
2. I will not pay for an ID card.
3. I will not carry an ID card.
ID Cards = Poll Tax II.
It's not just this government that is incompetent with IT, but all governments.
I understand that the only information requested by the audit office was N.I numbers. Instead of this all banking information was copied and posted. Not once but twice. It is my understanding that this secure information is not permittted to copied or removed, and any government official needing to refer to it, would need to visit the office in question.
Well that sounds fairly straightforward to me.
I am therefore inclined to believe that this breach of security is simply down to time saving and short-cut tactics by both parties. If the discs had not gone missing I doubt any of us would have ever been informed.
I had an enjoyable argument a couple of weeks ago with a friend of mine in which I made clear my opposition to the introduction of ID cards. My friend remained unconvinced, but I shall be certain to re-ignite the debate next time I see him. The government has proved yet again that it is incompetant to deal with all the data it claims it needs and if this doesn't illustrate the pitfalls of its ID card proposals, then I don't know what will. Who's to say some junior government official won't accidently email the whole ID card database to one of his friends after pressing the wrong button on his computer. The government should stick to the basics - I'll run the risk of getting blown up before I carry a card I don't want or need.
Like Nick I am mainly concerned with the complete lack of security involved in this.
Surely, these data should be protected in such a way that it is impossible for anyone to simply 'copy the data onto a disc'. If the National Audit Office require access to the data, why cannot the appropriate people login to the central computer server and access the data in that way? Computer security can be such that only 'authorised access' is permitted.
The same question occured to me when a laptop containing large amounts of personal data was 'lost' in the summer. Again, what was this data doing on a laptop? Surely if an individual needs to access any sensitive data from somewhere other than the office, it is much better that they should have to login to the central server, go through proper security procedures and then be able to get what they need.
I don't personally blame the individuals concerned, or even Alister Darling. It is the designers and implementers of the computer system that are really at fault. To have created a system that allows anyone to copy huge amounts of sensitive data is, in my opinion, nothing short of criminal. We deserve better.
Everyone who works in IT security knows that the weak point is not the system but the user. The point at which the user interfaces with the system is vulnerable. This is why, for example, criminal gangs looking to steal credit card details don't target the computer systems. They target the worker drones in the call centres who are paid £9k per year, and they offer them £100 per card number they steal.
The latest fiasco and the ongoing debacle over every single IT system the government has ever put in place tells me that there is nobody in a senior position with even the remotest grasp of technology. They are the wrong generation - too old to grasp the nuances.
This isn't just the case with government, though. Every business, with old, confused men at the top listening to sharp young men at the bottom, suffers in the same way. It is a rare environment indeed where those at the top have the confidence and courage to trust the knowledge of their IT department.
I imagine the job cuts do play a part if a junior official was not only given responsibility for this, but also the authority. Why else would a junior official have access to the entire database, let alone clearance to download it all and burn it onto disk? Surely this sort of privileged access should only be available to inspectors and above. It raises major questions of the people who set the access rights for user names and passwords, those who sanctioned it, and those responsible for the training and the understanding of IT, both at the junior level and the levels of those who delegated the responsibility.
Either way, it is clear that the problem is not simply a matter of "instructions and procedures" not being followed.
As your blog post suggests, all this leads to a further question; is this sort of ready access to our information mirrored in other Government agencies? After all, in an age of increasing job cuts in the Civil Service, we now know the price that those savings are costing us.
This government has forgotten that its job concerns the protection and welfare of actual people.
It has convinced itself through its own scheming and rhetoric and dissimulation that whatever leaden diktat it chooses to deploy is beneficial, just because it pretends so to itself. It is a government of farce and fantasy concocted by lickspittle halfwits on the make.
Any spiv in a shiny suit and a convincing patter can fleece the political monkeys and mandarins of taxpayers' money, as long as they pretend that the inevitable IT project they are peddling will control and hobble the population. They get away with this because we are governed by intellectually and psychologically challanged misfits who have never held down proper jobs, but are mistakenly convinced of their own abilities.
The weakest link in this current chain could be regarded as the office junior who sent the discs. It is actually the ministers and civil servants who are too slow witted to see that all systems fall down from these small errors.
I agree with the poster above that this utterly discredited and universally hated government should be ousted as soon as possible. The only problem is that, unless people start to form a new party, the alternatives are no better.
The best hope is that Gordon Brown and all his pantheon of charmless, oily, incapable and discredited cohorts and henchmen resign and form a circus troupe or travelling end-of pier pantomime company.
Do not, however, trust them with running any associated whelk-stall.
Losing highly sensitive information concerning 25 million British people. You couldn't make it up...
It has been claimed that the files on the disk were "password protected" and are therefore safe. However, password protecting files doesn't automatically mean that they can't be read by outsiders. There is strong encryption available and there is also "mickey-mouse" encryption. For example, the password protection used on MS-Word documents is comparable to the lock on a cheap suitcase ie easy to circumvent. In contrast the protection provided by a strong encryption algorithm (such as AES-256 or Serpent-256) is comparable to storing your data inside a bank vault within a bank vault within a bank vault.
Speaking as an IT worker who has worked in the area of information security, I am aghast that the HMRC data wasn't encrypted before being sent. It is standard procedure to do so whenever sensitive data is involved.
There is high-quality, easy-to-use, FREE disk encryption software downloadable from the web (eg TrueCrypt) that could have been used. It wouldn't have cost these people a penny to use such software! Furthermore, encryption software is designed to be easy to use, so the level of IT skills required is low. Frankly, the HMRC have simply no excuse for what happened.
If the data had been encrypted (a trivial process taking a few minutes at most) then the current political crisis simply would not exist. When data is encrypted using a strong encryption algorithm (eg Twofish-256) and the password to unlock it is sent separately, nobody has any hope or chance of viewing it - even if every hacker, university and intelligence agency in the world banded together to try to break in. You could safely give those encrypted disks to every criminal in the land and invite them to do their worst, without any worries. That's the whole point of encrypting data.
When I worked for banks, there were forms which had to be filled out with checklists to tick off before data was sent out via courier. When the disk was created, it underwent a final check to ensure the data on it really was encrypted. It will probably shock people, but British banks send and receive CD-ROMs and DVD-ROMs with customer data on them all the time. Yes, seriously! However, the good news is that the data on them is always encrypted (usually with PGP) so if the data ever does go missing it is useless to whoever finds it.
This fiasco is a classic case of "For want a nail a horseshoe was lost, for want a horseshoe a message was lost, for want of a message a battle was lost, for want of a battle a country was lost, and all for want of a horseshoe nail."
Can the Government go on? Of course not.
I totally agree with Robin on this point
In fact, as a tax-payer I have to ask are we really getting Value For Money from the Government. If this was a private industry, we'd have moved on to a new service supplier already.
Imagine BT or Tesco losing all this information - We'd drop them like a hot potato, but with the Government we seem to have no choice - we just have to keep on handing our money over to these incompetents - and if we don't they'll bring the full force of (their) law services onto us.
A class action lawsuit against the Government may be the only answer on behalf of all the parents (and children) who have had their data treated so abismally.
But once again, they'll wriggle out of it - they always do.
The hung drawn and quartered mentality has never quite left the British mindset and no doubt we won't be happy until someone's beating heart is held aloft. The civil service is a vast employer in many regions of the country and it is not possible for ministers to stand over the shoulder of every employee to see that they do their job properly. The fact is, mistakes happen, even very serious ones. I'm no Labour supporter, but the opposition parties should be mindful that this is something that could happen to any administration before they get on their high horses. As a civil servant myself I recognise that this is one of its greatest failures of an adminisration. But life is going to carry on whether someone resigns or not.
For what does the Audit Office need our bank details - name and an identifier possibly but anything more is well outside its remit. It must be asked where else are these being sent, why and how often?
It has also been kept very quiet - everyone involved can sue HMRC under the Data Protection Act. Costs could run into millions.
Just imagine if there was a general election this autumn. What fun that would be.
The situation as described by the chancellor is absurd. If a low level civil servant can:
a)recieve a valid request
b)reinterpret it to include loads of extra data
c)Access the whole data set
d)Download the complete data set onto removable medium
e) get that media out of the building
ALL WITHOUT AUTHORITY or the alarms going off then there is very little data security.
I wonder if the same low level civil servant can upload or change data as well.
Any FD of a large distributed organisatin could tell them how thier systems are wrong.
I can understand that a junior official might not have properly thought about the security issues / policies involved with what they were intending to do with data, but what I don't get is why there weren't technical measures in place to prevent that person downloading all 25M records complete with all the personal information.
The personal data should be held securely on a server. Only those officials that need to access individual records should be able to see those records, and then only the parts they need to see. Even mass viewing of multiple records of personal data shouldn't be necessary very often, and certainly the ability to bulk download should be physically restricted to a few high-ranking individuals (who should appreciate the need to keep such data secure).
I see this as a technical failure as much as a human one.
Anyone who saw Prof Ross Anderson of Cambridge Univ interviewed last night by Jeremy Paxman will realise that this scandal was just waiting to happen. According to Prof Anderson the government has wilfully 'brushed aside' repeated warnings from data protection experts and govt select committees that bringing together ever greater amounts of personal data and making the database available to ever larger numbers of government servants would inevitably lead to leaks or misuse. Predictably the Financial Secretary to the Treasury, one Jane Kennedy, in turn brushed aside the expert's opinions, saying only that correct procedure had not been followed and lessons would learned... The only safe prediction is that this won't be the last time.
Nick, I must disagree with you in favour of the Govt - or at any rate Alistair Darling. Thank goodness he is at the Treasaury.
He is a safe pair of hands. He has addressed in a timely manner a calamitous failure. You are quiet wrong to villify him and suggest he no longer deserves his soubriquet. You should defend him or else risk questions about your own judgement.
The failure unquestionably belongs to his predecessor during who's time, the policy and procedures were deevloped and implemented.
The man responsible is the same man who has fuelled a debt binge that, if it were smoking, drug or drink related, would have resulted n a change in the law. But that would have bought his economic 'miracle' to a halt and shown him to be fraud he really is.
Step forward Gordon. Or is he saving the act of falling on his sword for when the debt bubble really bursts next year.
No ellection. No mandate. And no guts either.
One question I would like to be asked
of our incompetent government.
If there are discs containing data on the child credit system is it not possible that there are also discs floating about with the data on all taxpayers ?
That would probably effect 50,000,000
people.
Can we be sure ??
Short of getting the Chancellor to sit in HMRC post room all day, every day, I can't see how the REAL blame can be laid at his door.
If procedures have been set in place but not followed, what more can he do? And what of the role of the Courier company in all this? No blame there?
I'm all for accountability but the line has to be drawn somewhere!
Criminals are unlikely to do something straight away. If the CD's have fallen into the wrong hands then they are probably figuring out the wealthy postcodes in the UK - easiliy done - just look at the Land Registry Database online or Various marketing tools/CD's available that tell you the characteristics of those households - crikey even upmystreet.com will give you some good information. Tie up the postcodes for each and hey presto you haves specific bank account details for those more likely to have money. Worrying.
One of the dangers that is now exposed with people being told to watch for unusual activity on their account is that fraudsters will take advantage of this and I am confident we will see a massive rise in "phishing" emails.
Something along the lines of "As you may have seen in the news, your banking details may have been on a CD that was 'lost', we have noted some unusual activity on your account and are concerned you may be a victim, please visit the link below and confirm your details".
So very very easy and in the current climate of panic I suspect this will be the source of the problem rather than the missing CDs.
Questions have to be asked however :
1) Why was it possible to export the entire database to CD?
2) What level of authorisation was required to grant this level of access?
3) Who made the request and why?
4) Are the people who made the request and those that copied the data still in post? If so why?
Biometric Data is alot more useful to secure data than your password, whether it is your daughters name or the standard '123456' password.
Although a word of warning, biometric data is not 100% safe and secure. If we had ID cards and 2 disks with 25m people personal data AND biometric data then slightly clever crooks would have a field day. It is fairly easy to copy someones fingerprint from an image (if you know how). Although It would probably stop the few who cant use a basic search engine.
Disclaimer: I dont know the ins and outs of how the ID Card system works, so I could be 100% wrong about the amount of security they would bring. (not about being able to copy our finger print from an image)
Not casualness per se, but rather, poor recruitment and development of staff, and a craven managerial approach to development, such that outmoded practices like this have not been driven out. There are many more secure and more reliable data transfer media than a CD in a mailbag (and I can just hear Lady Bracknell retort that "the courier is immaterial").
It's not just this example, and it's not just government. Just look at the overwhelming proportion of people who use wordprocessors mindlessly as no more than ribbonless typewriters, the drivers who route themselves without regard to the past thirty years' changes in road and population layout, or supermarkets which require branch-by-branch registration for facilities. It's the luddite concept that it was done this way yesterday, so we'll not update and upgrade what we do today. It's sabotage, just as much as setting fire to TGV railways (by persons or unions unknown) is sabotage.
Public sector or private sector, it's all the same. Administrative convenience and intellectual bankruptcy delivers respect for the public (or customers, or shareholders) a thuggish kick in the wherever.
I agree entirely with this post (Robin - No 1), but how do we make it happen?
RIP ID data base
If I recall the current Data Protection laws correctly; the head of the organisation is legally responsible for any breaches. The punishments include substantial fines and potential jail time.
I wonder if this will be applied here...
Alastair Darling seemed to completely missed the point when asked about whether we should have confidence in the Government's ability to safeguard data for the proposed ID card scheme.
The question is not about the usefulnesss or otherwise of biometric data in establishing identity, but rather about whether or not the Government can be trusted to maintain the security of the biometric data that the ID card is checked against.
It seems to me that this latest incident throws considerable doubt as to the viability of the entire ID card scheme.
That's a good angle, Nick.
I seem to remember a number of recent stories about laptops with sensitive data being lost, or stolen, too.
Clearly the government needs to make their data protection as airtight as possible before we can entrust it to have an all encompassing database on us. As it is, if this latest dataloss did find its way into the wrong hands, the result could literally be catastrophic, for both the government, and even the economy. Not to mention the 25 million individuals.
The thing which really gets my goat is how much effort the chancellor making disowning all responsibility for the errors that occur on his watch. Is there no-one in this disreputable and dishonest goverment who will actually take responsibility for something?
Actually, given the behaviour of the Prime Minister, and of course his immediate predecessor, I think I can answer my own question.
Nick
One of the problems caused by the government is that they appear to have a great mistrust in the civil service and have outsourced a great deal of IT work to large IT service providers. This has ended up with them more often than not, paying Rolls Royce money for broken Mini Cooper performance. Some say this has arisen through the fact that the government have an inability to express their exact requirements to these providers, causing confusion and problems.
Irrespective of this, we now have the situation of demoralised civil servants using inadequate systems and following procesess in which they have had little input.
Think of Post office counters, Child Support agency etc.....
The lack of security in this case is risable, a personal background in both electronic payments and utility billing tells me instinctively what would have been best practice in this instance.
I am sure we now all collectively look forward to being bled dry to pay for future inadequate services and await the introduction of ID cards with great anticipation.
A petition is now on the Number 10 website asking for compensation for everyone involved for the breach of the Data Protection Act. Please sign it.
If the "personal data" had instead been "National Security" data then the person in question would now be in jail for making an illegal copy of secure data, and distributing it in an insecure manner and then losing it!
It's about time government started treating the personal as at least as sensitive as military secrets.
Surely more harm can befall the citizens of this country by having criminals and foreign agents or even terrorists gain access to personal details of our population than some of the items routinely marked as secret for the military?
Imagine if a someone managed to withdraw just 5 pounds from every account listed; small enough to easily overlook. Or if they applied for a credit card falsely using all those details and then withdrew cash to the limit before dumping the card. More than enough money to fund terrorist or criminal operations. What's more, the money is now gone. Which means we have the economic impact to deal with of all those banks and/or the government refunding the money to the victims.
Trying to blame "the government" (regardless of political persuasion) for the failures of one minor civil servant is both laughable and what brings politicians into disrepute.
Yes, there are a number of backsides that should be kicked, some very hard, but it's difficult to see how the chancellor can be held personally responsible for the actions of some moron that breaks the rules.
Nick, you say you dont understand the relavence of job cuts and low morale, but you obviously have never worked in a place like this.
most of the time these sorts of admin jobs are carried out by 'agency' workers where the government pays some other company so that they can sack you whenever they please.
now im not saying that was the case, but we have created a system whereby staff are treated like a disposable asset, with no prospects. Is it any wonder that most people dont care how well they do their jobs?
Give people a decent career and maybe they will think before doing a task.
> However, what interests me much more than any of that is the yawning gap that has opened up between what we're told about the protection of our personal data and the reality.
And who told us this? The government, often to the accompanying sound of sales pitches of commercial IT companies who, of course, have product to sell. As far as I can see, the entire basis of Mr Brown's public sector agenda (Gershon review), cutting jobs, boosting technology is badly damaged by this.
In political terms, how can the government talk about security, without the opposition being able to come back and say, HMRC. Of course, efforts will be made to obscure with talk about one lowly civil servant, human error, systemic failure, the role of the banks and so forth. However, they obscure, at great cost to us all, much more serious issues around data storage, both commercial and governmental. The information commissioner, Richard Thomas and the trade press* have been talking about these issues for years, big media has not listened, but it bloody well ought to start listening now.
* I declare an interest, I work for both the trade press and also for No2id
Missing: One vision. Presumed lost in the post. If found please return to G Brown, 10 Downing Street.
Nick, you say you dont understand the relavence of job cuts and low morale, but you obviously have never worked in a place like this.
most of the time these sorts of admin jobs are carried out by 'agency' workers where the government pays some other company so that they can sack you whenever they please.
now im not saying that was the case, but we have created a system whereby staff are treated like a disposable asset, with no prospects. Is it any wonder that most people dont care how well they do their jobs?
Give people a decent career and maybe they will think before doing a task.
I could have written this piece and I dont even live in the UK.
Journalists are one step up the evolutionary ladder from politicians.
Before long, the government will tell us that this incident proves the need for cards with biometric data; as it is specific to the individual, the cards will protect us against identity fraud following this sort of incident. The opposite is true. Biometric data is digital, and it won't be long before someone works out how to splice their own biometrics with someone else's ID details. In 10 years' time there could be some violent criminal or terrorist scumbag out there who has an ID card giving absolute proof that he is me. Or you.
"In reality, there is clearly a culture of casualness toward it which allows one man, apparently, to copy 25 million names and details onto two discs and chuck them in the post."
Are you seriously suggesting that some person at the bottom of the org chart took it upon themself to send the data this way? That nobody told them to send the CDs in the post? That there was a secure transmission mechanism and they just decided to ignore it?
Stretches credulity a bit too far, I think.
Biometric data as protection is a red herring. Are we really going to equip every household, every public place, every contact point overseas with a full set of biometric scanners?
As soon as your data is on a computer connected to any other computer it becomes vulnerable to hacking attacks or staff being bribed or blackmailed to get data. Once someone has the data, however they got it, it's theirs to do with as they will.
The government will NEVER be able to guarantee the safety of our data. No government will. And this government is aiming to sell the data, making it even more vulnerable to misuse and abuse.
I don't think you can ignore the human element in this. If you have a staff that is overworked and demoralised and you have removed a layer of management you are much more likely to get sloppy practice like this.
Obviously I don't know what happened here but in my experience in the IT industry good, well motivated staff are much less likely to make bad mistakes.....in reality processes only work if there are people willing to implement them diligently.
I heard Alistair Darling on the radio this morning and he just doesn't get it. It's no good saying the government will legislate something away. That doesn't stop people breaking the law. It's no good saying the government will hold another enquiry to tell them how they got it wrong. It's no good saying there are procedures which some lowly official didn't follow as though that's an explanation. As anyone with responsibility for any organisation knows you have to MAKE IT HAPPEN. 'A Yawning Gap' is symtomatic of the government not knowing what is happening be it in HMRC, NHS, Child Benefit Agency, DEFRA, etc., etc.
The major problem as I see it is the management structures in all Government departments are archaic.
The dinosaurs in charge have worked the way they do for so long that when confronted with new technology (ie computers), they carry on blithely in the same old tired way that the Whitehall mandarins have done since time immemorial.
The incompetence doesn't lie within Government, rather within the Civil Service who I believe follow their own agenda no matter which party is in power.
What needs to be done is simplify management structures, have correct training for the job, have systems in place that prevent some 'junior' from being able to burn discs with sensitive data and then pop them in the post.
A small data protection department responsible for safeguarding it should suffice. They would be the ones who made hard copies of the information.
Should it need to go elsewhere, thney should arrange for the safe transport, preferably under guard to the location it was required and ensure that it is encrypted with a secure key that will only be supplied once it has been confirmed it is where it should be.
It should also be possible to include a time limit in the usefullness of the data. Once that has expired, it should become inaccessible.
With regard to the Government, they are a poor excuse of a party to represent the workers of this country.
They are shambolic but I fear the alternatives even more. A tory party that has no credible policies and a libdems who chose what the others don't want.
Some questions that need answering before Parliament
Why was this level of detailed data being sent to the NAO in the first place?
To what purpose were the NAO going to put this data and had that use been disclosed under the data protection act?
Why wasn't the request referred to the legal council of the HMRC for vetting before being acted upon?
Why wasn't the data being sent encrypted?
Why wasn't the data being sent electronically?
Rather than hanging someone out to dry, I believe a cultural change within HM Government is required. Especially if they are going to routinely keep large amounts of the public's private information.
Hmmm.... I wonder...
The 'accidental' loss of these details, was it maybe the act of somebody who objects the introduction of ID cards into the UK ?
I think it puts paid to ID cards for a while.
Where do I stand if I decide that I don't want to provide certain personal information supplied to government dept's? Such as bank details & such like that is at risk right now. I cannot trust them?
I'm more concerned by Alistair Darling's insistence that despite him having no idea where the discs are, they haven't fallen into the "wrong hands". How on earth can he possibly claim that?
Saying that there has been no noticeable increase in fraud makes little or no difference. This may not be noticed for 10 or more years, when the children on the database get to an age when they themselves are getting bank accounts and still living at home.
Their DOB, address, full name & (if their mother is currently unmarried or hasn't taken her partner's name) their mother's maiden name are out in the wild, and playing the long game will yield sizeable returns for anyone with that information.
Also from a data management point of view, whoever created the two discs must have been in a fairly senior position. Junior staff at HMRC don't have the ability to send external emails, let alone burn CDs.
And why exactly is information at this level of detail being sent to the NAO?
“In reality, there is clearly a culture of casualness toward it which allows one man, apparently, to copy 25 million names and details onto two discs and chuck them in the post.â€
Yes, and No, Nick.
Casualness would be an excuse, if this had happened once, but there were THREE, possibly four, attempts at losing this information.
Firstly, in March, the discs reached the intended recipient, but the Audit Office returned them when it was discovered that too much information (bank detail, etc) was included for their requirements.
No detail has been released as to the method of transportation in either direction, so possibly two infringements of security here.
Then, in mid-October, during an extended period of Post Office disruption (yes, TNT mail gets dumped on the Post Office) the set of discs, which are now listed as lost, were sent by unrecorded post.
Did nobody in the Government employ realise that this strike action was taking place?
Finally, when these discs were reported back as not received, a third set was despatched, but we have not been made privy to what transportation method was used in this case.
Indeed, we have not been told if the full volume of secure information was put at risk again, or if the requested detail has finally arrived at the Audit Office.
Replace “casualness†with “criminal irresponsibilityâ€, and I give you 10/10 for this article.
Do you want my honest opinion?
Failures like this should be met with one thing - jail time.
We sometimes hear about a culture of failure. Well here it is, in bright, gaudy, neon twenty-foot-tall lights. The UK doesn't have a fear of failure. It accepts it! It *welcomes* it!
If a government minister does something wrong, what happens? At worst, the consequence is them resigning. Resigning with a nice pension, no harm to any future employment, heck, the notority can HELP their future employment! Books, lectures...
We've already heard about a 'learning curve' and 'lessons will be learned'. Let me tell you, I don't need to fall fifty feet to learn that it'll probably kill me. They shouldn't need to 'learn' that handling data like this was insane! It's obvious to anyone with even the slightest bit of common sense!
I've had enough. I really have. We need to make people fear failure again. If it takes this government being ousted from power by a vote of no-confidence (or similar) for future governments to learn the lesson, then so be it! We should not, we MUST not tolerate such rank incompetence in the people we elect into power, nor the systems they manage!
No more excuses, no more hiding the error while they cover their own backs, no more 'complete confidence', no more resigning!
Ignorance is not an excuse! If someone's made a mistake, fire them! If the mistake is criminal in scope, jail them! You can guarantee that whoever took over would then learn the lesson!
I know I'd get fired for such a breach of data controls. Do you honestly think that you'd get off so lightly as them? So why should they?
Never will I trust these incompetents with my data, and I will NEVER give them information for their precious ID database.
Sack the government. Jail the men who ordered this transfer of data, and the men who carried it out. Tear down and reform this corrupt public service.
Do it, or be cursed to this style of government forever.
Surely though if the government scrapped ID cards they would be admitting that they are not competent to handle peoples data.
If anything, this means that they are more likely to stubbornly press ahead with this foolhardy project.
The major problem as I see it is the management structures in all Government departments are archaic.
The dinosaurs in charge have worked the way they do for so long that when confronted with new technology (ie computers), they carry on blithely in the same old tired way that the Whitehall mandarins have done since time immemorial.
The incompetence doesn't lie within Government, rather within the Civil Service who I believe follow their own agenda no matter which party is in power.
What needs to be done is simplify management structures, have correct training for the job, have systems in place that prevent some 'junior' from being able to burn discs with sensitive data and then pop them in the post.
A small data protection department responsible for safeguarding it should suffice. They would be the ones who made hard copies of the information.
Should it need to go elsewhere, thney should arrange for the safe transport, preferably under guard to the location it was required and ensure that it is encrypted with a secure key that will only be supplied once it has been confirmed it is where it should be.
It should also be possible to include a time limit in the usefullness of the data. Once that has expired, it should become inaccessible.
With regard to the Government, they are a poor excuse of a party to represent the workers of this country.
They are shambolic but I fear the alternatives even more. A tory party that has no credible policies and a libdems who chose what the others don't want.
The primary task of government is to protect its citizens. It has clearly failed in this instance.
A senior civil servant feels this is serious enough to resign over, but will any politicians go - no.
Now we are told there have been previous breaches of data protection involving missing discs. Lapses in processes happen, but there is no excuse for them happening more than once. Mr Darling should have clamped down on data protection procedures when the first incident was reported to him. A second incident should have been impossible. Therefore he does have some responsibility for this issue.
The Brown government does look more and more like the gaff ridden Torys of the 90's. More interesting to me is that the opposition look more like the Blair oposition of the 90's - their claims of government incompetence and lack of vision have stuck, and the press scent blood.
It's time we all recognised that the "yawning gap" between promised services and reality goes far beyond this particular crisis. It permeates government agencies, utilities, banking and corporates. This government makes policy without considering the resources needed to deliver on them.
At the risk of being accused of taking a "cheap shot" I can't help being envious of all the illegal immigrants in the country since there is no way anyone in government has a list of them to lose.
For the life of me I can't understand why data needs to be sent by CD, don't they have secure electronic communication?
I'm not sure this can be the responsibility of Darling, it seems like it occurred on the previous incumbents watch.
I fail to understand why the Government should be held accountable for the actions of one goon who thinks it's acceptable to copy mine, and everyone elses', records onto a CD.
Sure, the Government holds our trust, but they cannot be held accountable for the actions of every idiot who works for them? I don't sue the council when the bin man scratch my front fence - it's not the council's fault?
Of course, this is the most terrible breach of data security - my data is included in there somewhere. But the Chairman of HRMC has graciously fallen on his sword, so why should Alistair Darling?
He should go for the shambles of Northen Rock instead :)
Everyone keeps on going on about ID cards, when all along it is the database which is the 'bogeyman'- a database which already exists and seemingly could find a home in the lost property section of a mail courier or much much worse. I am not convinced that simply because it contains biometric data that makes the database as a whole more safe. Scenarios such as changing individual fields are not addressed by such an argument- after all banks and other 'trusted' companies will be able to update records on it. This sharing of information like it's some big government version of a social networking site makes security of it even more likely to be breached.
What this calls into question is the whole of the government's strategy on the use of IT systems. If they can't keep personal data secure in this way how can we trust them to do it with the NHS proposed system? Or with the database which will be associated with ID cards? The whole principle of using such enormous systems is shown to be unreliable. The trouble is that the government is given advice by IT 'experts' and then ignores it. People in the IT industry have been aware of potential problems for years.
All this reinforces the argument for opting out of the NHS system if you can (I have already written to my
GP requesting this). Unfortunately, there is no option to opt out of an ID database or the Inland Revenue!
I had an enjoyable argument a couple of weeks ago with a friend of mine in which I made clear my opposition to the introduction of ID cards. My friend remained unconvinced, but I shall be certain to re-ignite the debate next time I see him. The government has proved yet again that it is incompetant to deal with all the data it claims it needs and if this doesn't illustrate the pitfalls of its ID card proposals, then I don't know what will. Who's to say some junior government official won't accidently email the whole ID card database to one of his friends after pressing the wrong button on his computer. The government should stick to the basics - I'll run the risk of getting blown up before I carry a card I don't want or need.
Nick, I don't think you have got this wrong at all. We are all human, so things can get lost. That's why the data shouldn't have been on CDs, in the post in the first place.
Personally I'm not convinced about the ID card link. Multiple government departments and even more private firms have this kind of info about me. Last time I got a letter about my details going missing was a laptop being nicked from a building society executive. ID card or no ID card, it's time for some serious consequences following this kind of behaviour.
And this is the lot that wants all health details and all educational details (for life, in both cases) online??? The Kalahari looks like a sensible option for residence.
Our account got hit by fraud last year to the tune of £4500 and the bank didn't notice, so we're really worried about this data loss as we receive CB.
I have contacted the bank this morning to ask about changing our account number but unfortunately they cannot provide this facility. If the missing data starts being used fraudulently this leaves us with the only option of changing banks.
Please urge your bank to allow you to change your account number, this is the only way to be safe.
When I invest in a blue chip share I expect three basic things of its board of directors - to run the business efficiently and competently, to grow the profits of the business in a sustainable way, and to manage the balance sheet effectively. I'm afraid to say that the writing has been on the wall for a long time, and we are now seeing just how incompetent our government is at running UK plc in the best long term interests of its shareholders, i.e. you and me.
We have administrative incompetence which has wasted billions of our money on failed IT systems, a failure to manage effectively the enormous organisational change imposed by central government at all levels of the public services, and now they have "lost" highly sensisitve personal data on a large proportion of the adult popultation. We have economic incompetence which has led to ever-growing levels of public debt putting the country's prosperity at high risk as the global economy slows down, and a seeming complete lack of understanding of how to turn things around. Added to which our money is now being used to prop up a small, badly run bank which over-stretched itself itself in boom years and it too had no subtsance to fall back on when the going got tough. It might not be so bad if our leaders were to present a big picture view of where they are trying to lead us as a country, but from the second election victory onwards both Blair and Brown have been focussed on nothing more "visionary" than protecting their own jobs for as long as possible. If this isn't Brown's "ERM moment" the momentum is now established. He'll hang on as long as he can and drag the country further down this path until eventually even he will have to admit the game is up.
The government's IT spend (of our money) annually is tens of billions of pounds. With the apparatus and resources at its disposal there is no need for unsecured data transfer processes. Nick has a point that this represents systemic government arrogance with the public's property. In this case data.
We have been hypnotised by this government's spin that me must be taxed exorbitantly to finance public services. And one way or another health, education, transport, IT, prisons, immigration, taxation, welfare et al remain at a level which insults the term third world.
Perhaps the conclusion we have to draw is that the government's ideology cannot be delivered. (At least not by government.) In which case it is morally justified to ask if we should not be changing our contract with government.
Rather than pay through the nose for public services and not not get them, we should try not paying for them and not getting them. By that method we make more efficient decisions for ourselves on how our money should be spent.
Nick,
I agree, but will there be any resignations over this? The Government's historic record in treating such breaches seriously when one considers that the current Security Minister, Lord West, was only lightly disciplined for similar security breaches whilst a serving officer in the Royal Navy in the 1980's, and the spate of missing document cases since....
One questions the seriousness with which Ministers view this current case. I am sure that the Civil Service Union, the PCS will say that the problem is systemic and that the individual should not be disciplined- or their line management- but to me, they should be fired immediately. I guarantee you that they will not- not withstanding the resignation of the HMRC Chairman.
Darling keeps making the point that if anyone is the victim of fraud as a result of the lost discs will be recompensed in accordance to the banking code. But what he fails to mention that this is likely to be at the expense of tax payers.
So in summary the public paying for the governments incompetence.
Furthermore unless Darling resigns as a result of the gross incompetence, there will be no incentive for future Chancellors to truly take it upon themselves to control the work of junior ministers.
The government's IT spend (of our money) annually is tens of billions of pounds. With the apparatus and resources at its disposal there is no need for unsecured data transfer processes. Nick has a point that this represents systemic government arrogance with the public's property. In this case data.
We have been hypnotised by this government's spin that me must be taxed exorbitantly to finance public services. And one way or another health, education, transport, IT, prisons, immigration, taxation, welfare et al remain at a level which insults the term third world.
Perhaps the conclusion we have to draw is that the government's ideology cannot be delivered. (At least not by government.) In which case it is morally justified to ask if we should not be changing our contract with government.
Rather than pay through the nose for public services and not get them, we should try not paying for them and not getting them. By that method we make more efficient decisions for ourselves on how our money should be spent.
When I invest in a blue chip share I expect three basic things of its board of directors - to run the business efficiently and competently, to grow the profits of the business in a sustainable way, and to manage the balance sheet effectively. I'm afraid to say that the writing has been on the wall for a long time, and we are now seeing just how incompetent our government is at running UK plc in the best long term interests of its shareholders, i.e. you and me.
We have administrative incompetence which has wasted billions of our money on failed IT systems, a failure to manage effectively the enormous organisational change imposed by central government at all levels of the public services, and now they have "lost" highly sensisitve personal data on a large proportion of the adult popultation. We have economic incompetence which has led to ever-growing levels of public debt putting the country's prosperity at high risk as the global economy slows down, and a seeming complete lack of understanding of how to turn things around. Added to which our money is now being used to prop up a small, badly run bank which over-stretched itself itself in boom years and it too had no subtsance to fall back on when the going got tough. It might not be so bad if our leaders were to present a big picture view of where they are trying to lead us as a country, but from the second election victory onwards both Blair and Brown have been focussed on nothing more "visionary" than protecting their own jobs for as long as possible. If this isn't Brown's "ERM moment" the momentum is now established. He'll hang on as long as he can and drag the country further down this path until eventually even he will have to admit the game is up.
The government's IT spend (of our money) annually is tens of billions of pounds. With the apparatus and resources at its disposal there is no need for unsecured data transfer processes. Nick has a point that this represents systemic government arrogance with the public's property. In this case data.
We have been hypnotised by this government's spin that me must be taxed exorbitantly to finance public services. And one way or another health, education, transport, IT, prisons, immigration, taxation, welfare et al remain at a level which insults the term third world.
Perhaps the conclusion we have to draw is that the government's ideology cannot be delivered. (At least not by government.) In which case it is morally justified to ask if we should not be changing our contract with government.
Rather than pay through the nose for public services and not get them, we should try not paying for them and not getting them. By that method we make more efficient decisions for ourselves on how our money should be spent.
I am and have always been a labour supporter and yet I am considering voting for the opposition.
Why? Because I am so frightened by the I.D card scheme that this goverment is intending to implement.
Let me first make the point that I am not making this point along party lines ,the general incompetence seen recently and the subsequent attempts to cover it up, would have been the same under a tory goverment as they are under a labour goverment, because it is impossible to allow so much imformation to be held by public servants and expect it to remain safe.
We read of banks throwing out personal information in black bags, unshredded and gifted to potential identity theft.
What on earth makes anybody think that any goverment will be able to maintain non disclosure of such vast amounts of information
The fact is that the more information that is stored ,the less chance there is of it remaining secure.
If the goverment goes ahead with its I.D card policy it will be a mistake of such severe consequences that we may be still trying to pick up the pieces in 20 years time.
Think about this, your information, very sensitive information will be available to people who are employed by local councils, putting aside the obvious problems of this data being sold to criminal organizations, I would expect laziness, incompetence and just plain carelessness to put all of us in a position where we are constantly in fear of our bank accounts being robbed,and our identity's being stolen, and used for nefarious purposes, and do you really truly believe that the computer systems that the goverment will put in place will protect this information, given their already disastrous track record with computer systems.
This one issue has me so scared that I am considering voting Tory, just to stop that one thing happening.
When I invest in a blue chip share I expect three basic things of its board of directors - to run the business efficiently and competently, to grow the profits of the business in a sustainable way, and to manage the balance sheet effectively. I'm afraid to say that the writing has been on the wall for a long time, and we are now seeing just how incompetent our government is at running UK plc in the best long term interests of its shareholders, i.e. you and me.
We have administrative incompetence which has wasted billions of our money on failed IT systems, a failure to manage effectively the enormous organisational change imposed by central government at all levels of the public services, and now they have "lost" highly sensisitve personal data on a large proportion of the adult popultation. We have economic incompetence which has led to ever-growing levels of public debt putting the country's prosperity at high risk as the global economy slows down, and a seeming complete lack of understanding of how to turn things around. Added to which our money is now being used to prop up a small, badly run bank which over-stretched itself itself in boom years and it too had no subtsance to fall back on when the going got tough. It might not be so bad if our leaders were to present a big picture view of where they are trying to lead us as a country, but from the second election victory onwards both Blair and Brown have been focussed on nothing more "visionary" than protecting their own jobs for as long as possible. If this isn't Brown's "ERM moment" the momentum is now established. He'll hang on as long as he can and drag the country further down this path until eventually even he will have to admit the game is up.
There's one other question I'd like to throw into the mix of this whole debacle, and that is to ask why the NAO needs this exact info in the first place (if I've understand the NAO's brief correctly). For example, if one is a parent and therefore in receipt of Child Benefit etc for one's children, then I guess those in the government machine who need to know all that associated info should of course know it, but does the NAO actually need to know everyone's personal bank account details, for example? Or is it the case that within the HMRC all info is just lumped together, and it was thought simplest to just store / bundle it all together and send it off wholesale? How about not only storing and sending info responsibly, but also sharing only the relevant parts of it with those who actually need to know? Nick - could you or someone like you ask that... ?
I think you've hit the nail on the head here, Nick. It will take a lot of doing for the Government to regain our trust in its stewardship of our personal data, and maybe in its stewardship overall. Who watches the watchmen, indeed?
We need an independent, knowledgeable and critical party to assess the storage and transfer of data throughout Government and especially how data is passed on to the NAO or indeed from any department to another.
Then we need any recommendations implemented as a matter of extreme urgency and enforced by law.
Everyone keeps on going on about ID cards, when all along it is the database which is the 'bogeyman'- a database which already exists and seemingly could find a home in the lost property section of a mail courier or much much worse. I am not convinced that simply because it contains biometric data that makes the database as a whole more safe. Scenarios such as changing individual fields are not addressed by such an argument- after all banks and other 'trusted' companies will be able to update records on it. This sharing of information like it's some big government version of a social networking website makes security even more likely to be breached.
Darling keeps making the point that if anyone is the victim of fraud as a result of the lost discs will be recompensed in accordance to the banking code. But what he fails to mention that this is likely to be at the expense of tax payers.
So in summary the public paying for the governments incompetence.
Furthermore unless Darling resigns as a result of the gross incompetence, there will be no incentive for future Chancellors to truly take it upon themselves to control the work of junior ministers.
Nick,
I agree, but will there be any resignations over this? The Government's historic record in treating such breaches seriously when one considers that the current Security Minister, Lord West, was only lightly disciplined for similar security breaches whilst a serving officer in the Royal Navy in the 1980's, and the spate of missing document cases since....
One questions the seriousness with which Ministers view this current case. I am sure that the Civil Service Union, the PCS will say that the problem is systemic and that the individual should not be disciplined- or their line management- but to me, they should be fired immediately. I guarantee you that they will not- not withstanding the resignation of the HMRC Chairman.
Working in IT and having worked on government projects in the past, it amazes me that government IT workers cannot abide by the standard that the government itself expects the private IT outsourcing companies that run much of the governments networks and system to themselves work to.
How can the government expect companies like CSC, IBM, EDS etc, to get it right when they can't get it right themselves? This is especially relevant with the proposed ID cards scheme.
As for Robins charges of incompetence, all I can say is that all governments of all persuasions are just as useless when it comes to IT projects, the litany of failures is endless, expecting the government to get IT right is an exercise in futility.
Labour's failure is not in losing 25 million records, but not ensuring strict adherence to security standard within all departments.
I wonder if during todays PMQ Gordon Brown will actually answer WHEN he was made aware of this missing data fiasco. Perhaps Gordon Brown should of called the election when he had the opportunity earlier in the autumn... I think he is going to live to regret not doing so.
I am afraid the big hopes the country put on GB and his government and falling away and his inability to answer questions directly is an unwanted inheritance from TB.
I really do worry about the future of this country!!!!!!!!!!!!
You are right to ask "Will plans for ID cards be the victim of this scandal?". But to reply "Not necessarily and certainly not forever" shows a frightening disregard of the implications of this case.
Attitudes to safeguarding data are set from the top of an organization. If a junior member of staff was able to copy all these personal data onto disks - and to do so twice - without any checks, it's clear that senior management simply don't care about confidentiality. And given the way Labour has centralized things, that must reflect messages coming down the line from ministers' attitudes.
Oh: and were the Prime Minister's own details included on the disks? Or those of senior Intelligence Service staff?
Sure, they should all resign. The problem is, who will take over? Will they be any better? We seem to be running out of political parties.
As long as Britain is run by policitians who between them could not run a sandwich bar it will be run by incompetents who know nothing much about anything. Being an MP is one of the few jobs you don't need any training or experience for, and this is the result.
Politics has moved on and the labour party have failed to see the shifting of the tectonic plates. The public are tired of grandstanding politicians setting out ideological positions and legislating until the statute books creak. The politics of today is about managerial competence. The main parties are all realising that there is much synergy between them about the best ideological way to run a country, an approach which combines the free market with local democracy and (some) public services.
What the public want now is a board of directors they can trust, and the question is simply one of ability and competence. Have labour still got what it takes? I suspect not judging by the consistent flow of mishaps and mistakes.
There is an air of inevitability about Westminster today. Why did Gordon Brown bottle out of an election? Well he knows as well as we do that if he is to live his dream of being Prime Minister his stark choice was between 2-3 years or 100 days in post, not the full term he was playing for. Parties don't win elections, parties lose them, and that is one area where labour seem to be demonstrating an unnerving competence.
Just a quick note relating this issue to ID Cards - While it's true that one's own Biometric Data cannot be tampered or duplicated. I believe the Government is being deliberately evasive by concentrating on this single aspect of ID cards.
Surely the point is that our Biometric Data will be linked to a massive database of personal information - a database of information that in reality is no different than that which has been lost by HMRC.
What is abundantly clear is that the government (by this I refer to all aspects: The executive, civil service, HMRC, Local government and other Agencies/Quangos) collectively have not got the faintest idea about data security or protection; and hence should not be trusted with the wealth of personal information that they currently seek.
Until Ministers, above everyone else demonstrate a sufficient understanding of the issues involved, and are prepared to involve themselves in a debate about those issues, I can see no reason to trust them with my personal data.
Currently they are relying on the electorates ignorance of the issues involved to railroad their plans through - more incidents like this will ensure people do not remain so.
Questions that need to be answered by this government.
1.) Why is this data accessable to a degree that a database can be downloaded to disc in the first place? What stops a corrupt employee from doing the same thing?
2.) When data needs to be transferred it should only be done so using military grade public key encryption. Password protecting a file is *not* the same thing. Why was the data not encrypted with strong encryption!!! Is there any system for exchanging data with other departments in a military grade secure manner!!
3.) If this is the standard of incompetence for sensitive data, why should we trust the government in any capacity? If you can't get simple things like this right why should we have confidence in how you spend our money or undertake security matters.
My conclusion is that this is inexcusable and a *major* housecleaning is in order. This level of pure stupidity cannot be excused. Firing the poor lackey who did it is not the solution here. There is an air of laziness, stupidity and pure arrogance that underpins this sort of debacle. And the root cause needs to be addressed.
I'm more concerned by Alistair Darling's insistence that despite him having no idea where the discs are, they haven't fallen into the "wrong hands". How on earth can he possibly claim that?
Saying that there has been no noticeable increase in fraud makes little or no difference. This may not be noticed for 10 or more years, when the children on the database get to an age when they themselves are getting bank accounts and still living at home.
Their DOB, address, full name & (if their mother is currently unmarried or hasn't taken her partner's name) their mother's maiden name are out in the wild, and playing the long game will yield sizeable returns for anyone with that information.
Also from a data management point of view, whoever created the two discs must have been in a fairly senior position. Junior staff at HMRC don't have the ability to send external emails, let alone burn CDs.
And why exactly is information at this level of detail being sent to the NAO?
Systems and procedures obviously fell short, but what really worries me is the management culture in HMRC which allowed even a "junior" member of staff to think that copying this information was acceptable behaviour. I do not exclude the NAO from criticism here. Surely the person requesting this data should have been alarmed when it was even suggested that the data would be sent on disc (and it isn't clear to me why they needed the complete database anyway).
As a manager I always understood that "what you show you want is what you will get". Even if they don't understand the minutiae, the people at the top have to make clear how their organisation should behave.
When I invest in a blue chip share I expect three basic things of its board of directors - to run the business efficiently and competently, to grow the profits of the business in a sustainable way, and to manage the balance sheet effectively. I'm afraid to say that the writing has been on the wall for a long time, and we are now seeing just how incompetent our government is at running UK plc in the best long term interests of its shareholders, i.e. you and me.
We have administrative incompetence which has wasted billions of our money on failed IT systems, a failure to manage effectively the enormous organisational change imposed by central government at all levels of the public services, and now they have "lost" highly sensisitve personal data on a large proportion of the adult popultation. We have economic incompetence which has led to ever-growing levels of public debt putting the country's prosperity at high risk as the global economy slows down, and a seeming complete lack of understanding of how to turn things around. Added to which our money is now being used to prop up a small, badly run bank which over-stretched itself itself in boom years and it too had no subtsance to fall back on when the going got tough. It might not be so bad if our leaders were to present a big picture view of where they are trying to lead us as a country, but from the second election victory onwards both Blair and Brown have been focussed on nothing more "visionary" than protecting their own jobs for as long as possible. If this isn't Brown's "ERM moment" the momentum is now established. He'll hang on as long as he can and drag the country further down this path until eventually even he will have to admit the game is up.
All this is being blamed on a mistake by a junior civil servant.
a)Why are junior members of staff given access to such data?
b) ...or is it they are not, and we are being lied to (again)?
c) is low level access to critical data the norm across the whole civil service?
Everyone keeps on going on about ID cards, when all along it is the database which is the 'bogeyman'- a database which already exists and seemingly could find a home in the lost property section of a mail courier or much much worse. I am not convinced that simply because it contains biometric data that makes the database as a whole more safe. Scenarios such as changing individual fields are not addressed by such an argument- after all banks and other 'trusted' companies will be able to update records on it. This sharing of information like it's some big government version of a social networking website makes security even more likely to be breached.
Its not good to know that things like that can happen, and i am sure that now it will make people alot more careful about just how much data they give away.
I think its sad that with all this rise in new technology that someone can just simply copy that amount of data on to 2 CD's and then loose them. I am sure that the system they use to keep this data should have some kind of encryption on it, but i guess not.
This isn’t cabinet-level government incompetence. Alistair Darling cannot be responsible for the fine details of everything that happens in such a huge department. The impact of the problem may be large, but the cause is probably a mundane lapse by a small number of middle and low ranking people. As Nick says, it is about the government machine.
I’ve worked for years in IT on the HR systems of several very large companies. All put great emphasis on privacy and security. I imagine organisations in the public sector do much the same. Even so it is inevitable that a range of senior and junior IT and HR staff have access to large quantities personal information and that mistakes occasionally happen. The one at the treasury may be the largest so far, but it certainly isn’t the first.
The fixes for this problem are equally mundane. An investigation is needed, of course, which may result in some mid-level careers being shifted or terminated. This also emphasises the need for constant training about security and for the tedious bureaucracy that ensures that personal data cannot be copied and distributed without the necessary checks.
Finally (at risk of special pleading) we’re now in a world where computer people have the kind of access and responsibilities that previously was only available to the likes of accountants, bankers, lawyers and doctors. That is why we required those professions to be regulated, allowing the sanctions of non-criminal punishment or life-long exclusion for anyone who breaks their code of conduct. Should IT be brought into the same system? There are fledgling professional IT bodies (e.g. the British Computer Society in the UK) but at the moment I could easily continue to practice without them. If my job and income depended on continued membership and therefore 100% professional conduct then perhaps lapses like the one at the treasury would be less common.
The thrust of your article about basic understanding of protecting data is not seemingly understood by many people - only this morning on the train from Preston to London I was able to hear 4 members from a large company in the North West naming and ranking staff members and discussing their individual abilities and competencies, I made a mental note of a few of the names who sounded like they could be worth poaching and some others who I would not want to employ! I often am astounded at the amount of information one can glean just by sitting in a train carrage and listening to mobile and other conversations - nice and easy to gather bank and credit card details when people loudly provide the information when shouting down their mobiles.
The problem is that idividuals don't seem to think anymore about the consequences of their actions or they live in some sort of bubble and are not aware of anything outside of themselves!
Number 1 reason never to go into politics - you get blamed for stuff that has nothing to do with you whatsoever.
The "government" could be Labour, Tory, or Monster Raving Loony, and they still would have nothing whatsoever to do with this error.
This was a reasonably severe security lapse by a salaried worker (not an elected politician) that unfortunately sounds a lot worse than it is.
Data protection is a fantasy - personal data is misused and misplaced daily by companies, banks, public bodies and individuals.
The risks are minimal - heck you've probably got a better chance of winning the lottery than suffering non-recoverable loss due to your personal data being compromised.
Sure the fools that were messing about with physical media and postal services for data with such a perceived value need to be given a better method of file transfer, but I frankly couldn't be less worried about this.
And what has this got to do with Northern Rock and immigrants and the NHS and whatever else the chicken littles are wittering on about?
I have never understood this "totting up" approach. Is there an official system I don't know about - 2/4/6 major screw-ups in a 1/3/6 month period and you're out? Is there a sliding punishment scale - what if they'd only lost 10m records and only had to bail out Northern Rock for a couple of hundred million quid? Would the catcalls be a bit quieter and the headlines several point sizes smaller.
And why do Â鶹Éç journalists need to be so over the top and wilfully inaccurate when reporting all these stories - you guys aren't selling advertising (well not in the UK at least), and us people you seem to gleefully mis-inform are threatened with massive fines and even the jail if we don't pay your salaries.
Honestly, everyone needs to chill out.
The complaints handling team for the Child Benefit Office are based at Washingtom, Tyne and Wear. The name of the road? "Mandarin Way". How ironic.
Is it not illiegal to break data protection laws?
Can the 25 million residents of the UK sue the governemnt for not protecting their data?
One part of the story, or to be more precise the presentation of it, on Breakfast News this morning was the hand wringing about how someone junior could get access to that information. Come on people! Do you think when you ring up your bank, your credit card company, your local council or who ever that the person accessing your personal and priavte information is someone senior in the company? They're not, they're probably on the bottom rung of the ladder, haven't been there long (turn over in call centres is massive) and, these days, may not even be in the same country as you and therefore not subject to the Data Protection Act and beyond the range of legal retribution if they abused their access.
In this case some junior civil servant copied data they had legitimate access to and lost it. We don't know that it's been released to anyone who would use it for nefarious reasons, it could be in an envelope that's slipped down the back of the filing cabinets and will be found when they do the next office move. It might be convention to hold the minister responsible for the failures of their staff but that doesn't mean they actually are.
Stephen
You are right to ask "Will plans for ID cards be the victim of this scandal?". But to reply "Not necessarily and certainly not forever" shows a frightening disregard of the implications of this case.
Attitudes to safeguarding data are set from the top of an organization. If a junior member of staff was able to copy all these personal data onto disks - and to do so twice - without any checks, it's clear that senior management simply don't care about confidentiality. And given the way Labour has centralized things, that must reflect messages coming down the line from ministers' attitudes.
Oh: and were the Prime Minister's own details included on the disks? Or those of senior Intelligence Service staff?
We can all band words like "catastrophic", "atrocious", "incompetent" around as we want, the harsh truth is NOTHING will happen!
The general public lack any stamina/backbone/determination to get their true opinions heard let alone make a change. The politicians know this and that's why the arrongance prevails.
We are now in an era where the masses have been beaten/brainwashed into submission.
PS. To the writer of the blog - I am impressed how you still convey some optimism when writing about politics. :)
The sooner this Government is out the better? Incompetent fools, whom if they worked in the private sector would be hung out to dry.
So what are the consequences?
Everyone else is subject to the terms of the Data Protection act, which as far as many people are now concerned has been well and truly broken. Unlawful I think is the common terminology.
So who is going to come before the Judiciary to answer for this incompetence?
I'm more concerned by Alistair Darling's insistence that despite him having no idea where the discs are, they haven't fallen into the "wrong hands". How on earth can he possibly claim that?
Saying that there has been no noticeable increase in fraud makes little or no difference. This may not be noticed for 10 or more years, when the children on the database get to an age when they themselves are getting bank accounts and still living at home.
Their DOB, address, full name & (if their mother is currently unmarried or hasn't taken her partner's name) their mother's maiden name are out in the wild, and playing the long game will yield sizeable returns for anyone with that information.
Also from a data management point of view, whoever created the two discs must have been in a fairly senior position. Junior staff at HMRC don't have the ability to send external emails, let alone burn CDs.
And why exactly is information at this level of detail being sent to the NAO?
There are a number of things I thought of while this was unfolding yesterday (I should mention I work in academia in the computing and data security sector and so it's my area of interest):
1.It is clear that this rather cavalier approach to personal data is endemic within the civil service.
2.Why was sensitive data being transported via physical disks anyway? What is wrong with sending the files over an encrypted link over the so-called high-speed private network(s) that government departments are supposed to have.
3. The disks were "password protected" but not encrypted. What procedure/guidance is in place covering the transport/transmission of sensitive data of this type? Why wasn't it adhered to and who is policing it?
3.Was the person who sent the data in this way actually authorised to do so. If so, what auditing went on of that process?
4. Why doesn't the Information commissioner have the power to perform random and unannounced inspections of DP and security measures? He clearly wants those powers if his comments in yesterday's media are to be believed.
5. Dr Peter Sommer of the LSE gave a VERY interesting interview to Channel 4 News yesterday evening concerning the culture surrounding the general lack of IT knowledge and experience within upper ranks at Whitehall. Many of the criticisms he had of this situation do not bode well for the Identity and Passport Directorate, who have already been eviscerated by anyone with knowledge and expertise of the proposed ID cards system.
The lack of IT expertise in the Civil Service in the face of such massive projects relying on it is really quite frightening.
6. Although the Chancellor ultimately is carrying the can, this is really an operational problem within the Civil Service as a whole. Security systems are only as strong as their weakest links and it seems as if there are too many who are simply too naive and ignorant about such matters in positions of responsibility.
Actually, seeing as the Civil Service is the Prime Minister's portfolio, he should be the one sorting out the mess, not Alistair Darling.
It is of course staggering, but a minister's resignation would only be symbolic and not tackle a deep underyling problem.
No junior official should be allowed to dump records pertaining to nearly half the UK 60 million popularion onto to CDs for any purpose amd shove it in unregistered internal post. This is clearly a failure of process and mangemerial oversight not the technology as was alledged by the minister on Newsnight lsst night who cited that the ID card shceme would be safer because it is newer technology, just rubbish.
There was clearly no senior technical oversight to ensure data security procedures were followed; and that off the back of a similar breach a month before where were the systems that were said to have been put in place to prevent that from happening ever again? The fact that this was considered even acceptable at all just to password protect such large amounts of data is crassly stuipd and again a mangement failure.
It sounds like managers and civil servants have been very good at sipping coffee in meetings devising security procedures without ever implemting them properly. Why should anyone accept those assurances. My own home wireless network is more secure than these guys.
Why are managers paid huge sums of money plus bonuses to make such bone headed mistakes as they clearly do. Why do HMRC and for that matter some banks even allow allow employees out with laptops filled with sensitive data to go out of the building with no adequate encryption of data, let alone at all.
I couldn't comment on whether the merger of Revenue and Customs had anything to do with it, but it may not have helped management to get any kind of a grip given staff cuts that have ensued since 2005.
People will blame the technology but it is actually the people and management we need to look at. Humans can undo any amount of security that technology can provide therefore it is imperitive that best security procedures are followed. In that context I wouldn't be happy with a huge agregated identity database accessed by many many government officials.
If we have a government secured intranet (the GSI in many government email and web addresses) why don't we use that to send this data, perhaps in the evening when noone else is on the network instead of exposing huge chunks of the population to identity fraud again, just plain stupid.
The consequences of this mistake may be felt even years after, criminals who do get their hands on this data may just lie low until the immediate policitcal storm as died down and then start dipping into peoples accounts. How the banks can expect people to sit tight just checking for unusual activity is beyond me, never mind phone phishing of customer details through call centres, how is one to stop bored call centre operator from exposing a customer by accident if it is not the customer on the other end of the line.
This one will run and run.
There is something slightly hyped up here. One recalls, pre-computers, how investigative reporters persuaded banks to give details of people's personal affairs. No procedure is ever fool proof. It is just the scale that is different.
Rather the real issue is, as you have identified, the repeated failure of (human) civil servants to act competently. Society is somehow increasingly complex, maybe because computers allow it to be so. Governments cannot resist the temptation to tinker - "change"! And we expect them to do so.
I fear that this episode will be repeated by each successive governemnt into the future.
Its not just a yawning gap between the image of data security and reality, its the difference between what we are told by uk.gov and what we actually see which is the wider gap.
We are told waiting lists are low, but our relatives or friends still wait.
We are told hospitals are clean, our families and relatives still get sick.
We are told Iraq is under control, yet normal people are still being killed every day.
This government has rose coloured specs on all the time. They need to take them off. They've had 10 years to organise things and they just can't do it. No skill, no organisational ability and no clue.
Brown was running this lot before he became PM, he can't dodge it now.
Nick, we surely all know by now that any organisation when making efficiencies never actually puts in place the infrastructure (new technology generally) required to let one person do the work previously done by two,three or more. Reality check, after the "efficiencies" (read job cuts) have been taken, corners get cut by the guy left who is in fear of his job being the next one chopped should he become a "jobs worth" and follow the procedure manual to the letter.
Pick your analogy, but eventually the camels back gets broken by that final straw. In this case, the "lowly" IT worker was the one left without a chair when the music stopped.
He may or may not have been incompetent in the first place, but that is certainly the label being pinned to this particular scape goat.
You don't just merge two departments, cut 25,000 jobs and expect everything to be peachy. The chancellor has been let off far too easily on this aspect by all who I've heard questioning him todate.
Sorry, I mistakenly seemed to have given the LSE's Peter Sommer a doctorate he doesn't have. Oops.
I thought that the reporting of this story by you and your colleagues on the 10.00pm news last night was the latest example of irresponsible and sensationalist Â鶹Éç journalism.
Using words such as 'disaster' and 'catastrophe' was wholly innappropriate for an issue where nobody has died and, to date, there are no victims.
What we are talking about may be a major security failure or significant security risk, but it is in no way a catastrophe or disaster.
Isn't it time for the Â鶹Éç to step back from it's tabloid style scaremongering and hype?
The sooner this Government is out the better? Incompetent fools, whom if they worked in the private sector would be hung out to dry.
So what are the consequences?
Everyone else is subject to the terms of the Data Protection act, which as far as many people are now concerned has been well and truly broken. Unlawful I think is the common terminology.
So who is going to come before the Judiciary to answer for this incompetence?
It is time to face facts - we live in a country run by idiots. The evidence:-
A Prime Minister who refuses to fight an election because he is convinced he would win it.
A cavalier approach to data security at HMRC that leaves one quite breathless. This has resulted in the personal details of 25 million people being mislaid - circulating goodness knows where.
A government agency that allows foot and mouth virus to be released into the community.
A health service that has an internal infection record which strikes fear into the heart of prospective patients.
The use of taxpayers money to underwrite a private sector organisation to the tune of £40 billion, when £50 billion of that outfit's assets are lodged in the Channel Islands.
An under-resourced armed forces fighting two wars whilst...
Prisons full to the rafters - where future inmates will be housed is a mystery.
An education system that is failing employers.
An Home Office that hasn't a clue about the number of peole entering the country and doesn't know what to do next.
And so it goes on.
On second thoughts, perhaps I'm really the idiot for caring!
Nick, This is just another example of the incompetence of this labour government. The trouble is if a vote of no confidence was passed who is going to take over, none of the other parties, in my view look as if the economy of this country would be "safe in their hands", maybe its time for a coilition, then we might get the best of what's on offer, or better still vote for independence like the scots and the welsh.
Revenue and Customs were making a big thing about their modernisation programme and talking about us as customers. Seems we need less psuedo business speak and a few real values about respecting the public. We are not customers of the government we are more important than that. We are citizens in a democracy in the EU where we expect that government will be competent and respect the information they hold about us.
What worries me also, is that this is the same Government that has given itself unprecedented powers over information. I'm thinking in particular about the recent activation of part III of the Regulation of Investigatory Powers Act (RIPA). Giving the police complete power in demanding encrypted and sensitive data be decrypted for them. (Guilty until proven innocent, you can be imprisoned for not decrypting your data, even if you don't know there's any encrypted files on your computer or if they're innocent files) When you combine that with the level of incompetance in handling our data that we give them anyway, that's a very very scary prospect.
It's also very hypocritical with these recent laws that we're meant as the public to have complete 100% constant knowledge and responsibility for all data we may possibly come across (ie stored on our PCs) and yet the Government messes up their data responsibilities beyond belief and there's no real accountability because they are exempt from the Data Protection Act.
Ultimately Darling must take the blame but if his knowledge of IT is as bad as the majority of middle to senior management in businesses thoughout the UK then he wasn't to know. The concepts of data in such a copiable format are hard to grasp. Every PC now has a DVD/CD writer, every PC has USB port stuck on the front so you can easily access it, most IT staff have a 2GB USB memory stick swinging round their neck with their favourite utilities on it. 99% of PCs are running the leakiest bit of software ever produced called Windows which has to be the most complicated OS to nail down in security terms across an enterprise. There will never be data security to the level that is required as it will be always compromised by convenience. How namy times a day will a subset of the database be exported to Excel to be taken home for some middle manager to do some overtime (because it's convenient). The only good thing that will come out of this is that ID cards are now completely off the agenda.
Anybody who uses private courier companies (like TNT or DHL)knows that they have excellent tracking systems to ensure items do not get lost. Each item is numbered and its progress can be monitored online by the client, even down to who signed for it at the other end and when. So what went wrong this time?
It is precisely one year to the day (21/11/06) that contributors to the publicsectorforums website began complaining about the way that the NAO was requesting information for the National Fraud Initiative by post, with only a suggestion that supplier 'may' password protect data, nothing about encryption. Sadly, it appears that the NFI over-rides duties under the Data Protection Act. Lots of people knew this would happen and said so. The NAO did not listen.
Sometime in the 90s when administrative competence in what was then the Civil Service was replaced by presentation and targets, the detail of boring things like security and procedure was replaced by presentation, change-management and other such apparantly exciting but vacuous new-speak terminology. The loss off 25,000,000 sensitive records is the inevitable consequence of such a process.
How I agree with the comments made by the writer 'Robin' regarding a vote of no confidence in this hapless Government. Unfortunately honour and responsibility are unfamiliar terms to them all.
They will not be able to sweep this scandal under the carpet, however, because even if the disks are found, who is to say that the details haven't already been copied and/or sold on.
Their sheer arrogance astounds me!
We need a legal and constitutional mechanism for the people of this country to be able to remove a government mid term, when that government renders itself in breach of the contract of trust between itself and the electorate by its negligent, or criminal activity.
We are now in a situation where the vast majority of the UK population have a strong desire to see the back of this inept and contemptuous government becuase of its own dire performance.
A vote of no confidence will not work. Labour MP's will not vote to end their gravy train. We need a practical mechanism whereby when 75% or greater of the population demand a government should go, then they must!
What worries me also, is that this is the same Government that has given itself unprecedented powers over information. I'm thinking in particular about the recent activation of part III of the Regulation of Investigatory Powers Act (RIPA). Giving the police complete power in demanding encrypted and sensitive data be decrypted for them. (Guilty until proven innocent, you can be imprisoned for not decrypting your data, even if you don't know there's any encrypted files on your computer or if they're innocent files) When you combine that with the level of incompetance in handling our data that we give them anyway, that's a very very scary prospect.
It's also very hypocritical with these recent laws that we're meant as the public to have complete 100% constant knowledge and responsibility for all data we may possibly come across (ie stored on our PCs) and yet the Government messes up their data responsibilities beyond belief and there's no real accountability because they are exempt from the Data Protection Act.
If having procedures and guidelines and legislation was all that was needed to stop bad things happening, why do we have prisons, and full ones at that?
Human beings will always take the easiest way out whenever it is presented to them, including just doing a quick 'drag and drop' when someone tells them to get this data to so-and-so PDQ or else....
Has the head of the courier service resigned for losing the mail in the first place? What of the actual courier with the packet? Where is s/he? Why aren't they being paraded in front of microphones to explain themselves too?
Hi Nick,
Great post as usual.
I strongly agree with the comments that it shouldn't be possible for anyone to actually create a CD like this in the first place. In the database age these problems are vastly more serious than they were way back in the 20th century when we just used paper. Back then if I had somehow got access to 7 Million odd benefit records on paper it would be pretty useless to me because of the scale. These days I can import that data into my own database, cross-reference it with other databases, make inferences and very quickly fill in the gaps in the data from different sources.
The data from these discs could surface in 20 years when all these children are grown adults and have forgetten about Darling and Brown. Even if the discs are found today how do we know they haven't been duplicated 100's of times?
Incredibly, with the National Identity Register the government wants to create a one-stop shop for Identity thieves to access all this information without much work. Remember that the security of the whole system is only as strong as the weakest link and that system is going to have so many links....
Post 20 - I recently retired after working for the police and we had access to a pretty large and sensitive database - PNC , and even then there were certain levels of authority needed to search for specifics. Not one of the machines in the bureau had a working floppy disk reader/writer or cd reader/burner. No screen savers except that authorised by the Chief Constable were installed on the machines and all of them had fingerprint logins . After several minutes of keyboard inactivity the screen saver operated and to continue to use the computer you had to re-login with your fingerprint - tedious at times but secure. The only way for those with sufficient authorisation to send out work was by e-mail to their home account.Then what they returned after modifying at home was scanned for viruses etc. before being allowed to copied to the system. It is inconceivable that a junior person would have had the authority to use yet alone access to a cd burner even if they had authority to access the entire database , which I doubt very much . Password protection only works if one person alone knows , and changes regularly , the password - in this case the password must have been available outside the organisation for the data to be accessed by a third party - leaky!. Then the lack of encryption - did this junior member have the authority to use encryption - they must have done as they had the authority to access the entire data base - leaky squared!. Then to entrust this sort of information to a general purpose courier without any record of posting or tracking in place - well that's just dynamite ( or was it TNT).
However the public will be reassured that they will not lose out , and when someone ( possibly a terrorist) uses a cloned ID card we will all be the losers.
How can we relate the stupidity of some incompetent junior staff member to the resignation of Alastair Darling? The junior member of staff in question broke standard procedure, and did something very stupid. If every minister who had somebody as monumentally stupid working within his department were for the chop, we'd have a new cabinet every other week. I'm not saying that Darling should be exonerated on this basis... I am just trying to discern his level of culpability, without jumping to knee-jerk conclusions.
I think I agree with the poster above that no amount of rulebooks and legislation are infallible in the face of such stupidity. However it is clear that these public organisations play fast and loose with our data. The question is not how could a junior member of staff put such a valuable disc in the post, but rather how did a disc of such importance even come to exist in the first place?
Who cares that this junior member of staff put a disc in the post? It is hopefully lost to the world and being used as a coaster, not in the hands of some criminal mastermind. I care that this clearly demonstrates that civil service employees of all levels who may be malicious rather than daft, have this kind of access to our details, coupled with the tools to create digital copies as though they were copying the latest Britney Spears album. In fact, Sony BMG will make much more of an effort to protect and secure their copyright, presumably because there is a commercial incentive.
I know several lovely people who work for the civil service - it notoriously attracts those who lack the mean streak so often required to be succesful in the commercial world. However lovely they may be, many of them are too naive and incompetent to be given such access to our data. How the government can possibly countenance ID cards in the face of this howler is the only silver lining I can spot.
The only options I can see are...
1. Don't employ idiots. Impossible, there simply are too many of them around. Some of them may have influential parents and will slip through the net.
2. Don't rely on a rulebook- use foolproof mechanisms instead Problem... mechanisms cost a lot more than rule books. However as a general rule, people don't read rulebooks or instructions until they've broken something.
3. Don't collect the data in the first place. Trouble is, some data is essential. So we have to put foolproof mechanisms in place to protect it. So to minimise these costs... don't collect unnecesary data.
Hi Nick,
I have argued against the government changes to civil service in an official capacity - you said you’d have a response on the cuts! However, my view on that issue is that it isn’t necessarily making the ‘machine’ smaller that’s the problem but the way these changes have been conducted in a rushed, indiscriminate way that has more to do with numbers than how to meet public needs. During election time the two main parties seemed to engage in a competition with who could cut the most public sector posts. A considered way forward would be a welcome approach but seems unlikely given the political fuel the civil service and wider public sector generates.
I entirely agree with you that this incident is unlikely to be relevant to the job cuts or low staff morale at HMRC and using this argument just isn’t appropriate or sensitive to the 25 million people who are likely to be feeling quite vulnerable. By trying to draw a connection between the two it also undermines valid arguments there are against job cuts or how these cuts have been implemented.
Best wishes,
Percy
Thanks Nick. You hit the nail on the head. The problem as I see it is - how can we ever have confidence that our private information on these critical data handling systems in a multitude of departments and private companies throughout the UK and beyond is ever safe? Once the trust between the public and the stewards of our data is lost, support for these systems is lost forever.
A personal solution is to only give out personal information if you absolutely have to. Have seperate accounts (with minimal balances) and email addresses etc for handling public data. Keep vigilant with fingers firmly crossed!
I hear our 'Junior Official' may be someone in IT. Speaking as an IT person, it's highly unlikely that a truely junior official would have access to dump the entire live Benefit database contents to CD. Much more likely is that the request came in from the NAO, has found it's way to a suitably skilled database administrator, then the dumped files have been passed to someone else to burn to CD then put in the internal mail. I find it doubtful that any single person at HMRC has taken the NAO request and dealt with it entirely themselves, which would suggest more a systematic failure rather than a single individual being to blame (although, what do I know, I work in the private sector.)
Anyone who thinks that data is secure is an idiot. I work for a multi-national company. We store customers credit& debit card details including issue numbers, dates etc along side their names, addresses, postcodes, mobile and land line numbers, vehicle details.
No big deal you may think and ordinarily it probably isn't. Except for the fact that it's un-encrypted and every company employee across the world and in eastern european call centres has access to it, can copy it, print it, e mail it to themselves etc etc. And I'm talking thousands of numbers.
I've brought this to the attention of my superiors and no-one cares.
This all begs the question....whats next?
Political journalists must be having it easy at the moment, they don't even have to find a story, they just keep appearing, maybe even turning up in the post.....
There appear to be two main issues here - firstly, the terrible incompetence of those than run the infratstructure of the state. It defies all credibility that sensitive data of this nature could have been mishandled so badly. Secondly, the political issue that will haunt Darling is the apportionment of blame to a 'junior' official. This sounds like an attempt at a cover up of major proportions. Someone at a senior level in HMRC must have given the instruction to pass data over to NAO - and should have been accountable for it.
The trouble is we'll elect a new government in in due course and they will be just as bad - we the public, at the insitgation of the pundit's blogs, will bay for blood - and nothing will have changed at all - and so the merry go round will go on and on and...........
What has amused me most about this story are the constant reassurances that the data has not "fallen into the wrong hands", and that attempts are being made to find the discs.
In what way is this reassuring? If the location of the discs is not known and they have not reached their intended recipient, then they are not in "the right hands" and, by definition, must be in the "wrong hands".
Regardless of whose hands these are (and that person's intent), that is a serious issue.
Secondly, even if the discs are found, there is no guarantee that someone will not have hacked the password protection on the data and copied them/sold that data prior to handing it to the Police.
Data is intangible - just because you have the original CD back does not mean that no one else will have a copy. How often do people borrow a music CD from a friend and then make a copy before returning it?
As you say, there are clearly systematic and chronic failures in government and blatant disregard for data protection laws. Control of the data has now been lost.
If it is "in the wrong hands", then it doesn't really matter what steps are taken to protect this database in the future - you can bet the contents of those CDs will be sold 100 times over and circulated around the world.
If central government was aware of the systematic failings prior to this latest incident and failed to act, then it must be held to account.
Either way, substantial efforts will need to be made to reform complaceny in the civil service and resore confidence. Mr Brown could start by giving the Information Commissioner the powers he has requested to make reckless disregard of data protection laws a criminal offence.
Aside from the main issue of the complete disregard for data protection, why was a government office using a private sector postal service (TNT) when the government ran Royal Mail is requiring £1bn from the tax payers coffers to prop it up?
As I see it, part of the problem with HMR&C is that it is staffed with a huge number of temporary people, because they have got rid of so many permanent staff. As a result, the customer service to taxpapers has fallen to an appauling standard.
This data security breach is a classic example of an agency out of control. They have made savings - but at what cost?
It would be interesting to know if the staff member resonsible was a temp.
What has amused me most about this story are the constant reassurances that the data has not "fallen into the wrong hands", and that attempts are being made to find the discs.
In what way is this reassuring? If the location of the discs is not known and they have not reached their intended recipient, then they are not in "the right hands" and, by definition, must be in the "wrong hands".
Regardless of whose hands these are (and that person's intent), that is a serious issue.
Secondly, even if the discs are found, there is no guarantee that someone will not have hacked the password protection on the data and copied them/sold that data prior to handing it to the Police.
Data is intangible - just because you have the original CD back does not mean that no one else will have a copy. How often do people borrow a music CD from a friend and then make a copy before returning it?
As you say, there are clearly systematic and chronic failures in government and blatant disregard for data protection laws. Control of the data has now been lost.
If it is "in the wrong hands", then it doesn't really matter what steps are taken to protect this database in the future - you can bet the contents of those CDs will be sold 100 times over and circulated around the world.
If central government was aware of the systematic failings prior to this latest incident and failed to act, then it must be held to account.
Either way, substantial efforts will need to be made to reform complaceny in the civil service and resore confidence. Mr Brown could start by giving the Information Commissioner the powers he has requested to make reckless disregard of data protection laws a criminal offence.
The deep problem behind this is the lack of scientists, engineers and other people well-versed with the modern world who ever make it to governement. All those economics and history graduates are just blinded by technology issues. Unable to scruntize recommendations with a scientifically trained approach, they're vulnerable to 'expert' opinion (which is often no such thing). That's why NHS computer systems run over budget by billions, as do defence contracts, etc. Darling probably has only the most vague technical understanding of data security which means he's not able to influence things from the top and is easily misled by daft ideas from below. The Identity Cards agenda, for example is ultimately driven by those set to make a fortune from implementing the scheme. (And, as usual, 3 times the fortune they estimate).
I cannot believe that anyone would send this type of information without marking it for recorded delivery. It is common-sense - Junior or Senior.
I work within a government-run membership organisation and this would never have happened. Anything relating to personal details is couriered, tracked, recorded, delivered, and then confirmed. I guess different departments have different processes and policies.
Not thinking TNT are liking the negative publicity, however due to the recent postal strikes I sent something recorded delivery three weeks ago and Royal Mail could not track it. due to the backlog - Dammed if you do, dammed if you dont!
Nick - I take it you have seen this fabulous link.
Is it just me or are most of these comments direct from Conservative Central Office and/or direct from the Daily Mail? The righteous indignation is absolutely laughable. These massive failures are anything but unique to government; Monster.com have compormised 159 million records and TJX (parent company of TK Maxx in the UK) lost nearly 47 million customer records along with credit and debit card information. There are massive leaks of information - do you really think all that credit card fraud is down to pickpockets?
As I see it, part of the problem with HMR&C is that it is staffed with a huge number of temporary people, because they have got rid of so many permanent staff. As a result, the customer service to taxpapers has fallen to an appauling standard.
This data security breach is a classic example of an agency out of control. They have made savings - but at what cost?
It would be interesting to know if the staff member resonsible was a temp.
The deep problem behind this is the lack of scientists, engineers and other people well-versed with the modern world who ever make it to governement. All those economics and history graduates are just blinded by technology issues. Unable to scruntize recommendations with a scientifically trained approach, they're vulnerable to 'expert' opinion (which is often no such thing). That's why NHS computer systems run over budget by billions, as do defence contracts, etc. Darling probably has only the most vague technical understanding of data security which means he's not able to influence things from the top and is easily misled by daft ideas from below. The Identity Cards agenda, for example is ultimately driven by those set to make a fortune from implementing the scheme. (And, as usual, 3 times the fortune they estimate).
Too much 'Rock n'roll' and now a slipped disc (or two).
You know Nick, contrary to your view, it is the time for raw politics, never mind about deflecting to data protection and the honour and obligations of employees.
That is letting politicians off the hook.
Politicians make thousands of announcements every year on proposals, reviews, changes, pledges, committments but very few are followed through, checked,investigated etc by the media to ensure delivery and accountability.
This fiasco would not have happened if senior politicians were more interested in delivery than of the tone and content of the next annoucement to the press.
So your job Nick today is to look at what the Chancellor said when the previous data cock up happened, what measures he 'pledged' and what physically happened.
You would be doing the public a better service rather than looking at morale of employees, cut backs,redundancies,etc which would have played a part - but it is to miss the point.
Remember that the Â鶹Éç employees involved in the Blue Peter and other scandals did the deed but who set the easy going climate under which it was allowed to happen.
By the way tell the Chancellor not to ring NHS Direct about his slipped disc(s). They might misplace his records.
On second thoughts they would probably hang up when he says it's me Darling...
I cannot believe that anyone would send this type of information without marking it for recorded delivery. It is common-sense - Junior or Senior.
I work within a government-run membership organisation and this would never have happened. Anything relating to personal details is couriered, tracked, recorded, delivered, and then confirmed. I guess different departments have different processes and policies.
Not thinking TNT are liking the negative publicity, however due to the recent postal strikes I sent something recorded delivery three weeks ago and Royal Mail could not track it. due to the backlog - Dammed if you do, dammed if you dont!
What happened to this country? You chose this government! Why complain until things happens? What did you do in the election?
What is extremely worrying about this appalling lapse in security is that billions of pounds have been spent on a centralised NHS medical records database- a centralised database for all children up to age of 18 - the National Identity register and the proposed eborders database so that in a couple of years time every aspect of our lives in this country will be monitored and registered on these vast Government databases. It will be impossible for us to know who is accessing this information and in the light of recent events we will never be sure where the information will end up.Surely this makes a mockery of the Data protection Act and as for Civil liberties and Human rights - it seems we have none.
These days government is not about ideology, it's about competence.
This administration has proved time and time again that it is incompetent.
And Nick, why do you, like so many of your journalist colleagues, blithely dismiss the effect this debacle will have on ID cards?
Many people are either completely against or ambivalent about ID cards. Those that were ambivalent have now lurched dramatically into the completely against camp. Issues like ID cards and road charging really matter to ordinary people, yet so many political journalists seem to sweep them under the carpet.
I've not got a criminal record but I will definitely refuse to cooperate should this shoddy Government try to impose ID cards upon us.
Much has been made about more safeguards, what we need is for Govt officers just to enforce and obey the laws already in place.
Under the terms of the Data Protection Act I believe a Line Manager is resposnsible for the information under their control. ANY breach may be open to criminal prosecution. Has this been done, or is there just one rule for them, yet another for the rest of us?
There's a petition on the PM's website at the moment with only 15761 signatures on it, calling for a general election in 2007. Problem is, the petition won't be closed until 26.1.2008...
Yes it's a first rate balls up. But can anyone tell me honestly whether the tories will be any better. The parties appear exactly the same, you can't tell the policies from the parties now.
I work in retail and you should see the hoops we have to leap through to protect customer card data; encryption, secure servers, limited personnel access, etc. If I were to jepordise data security in anything like the manner that HMRC have done both myself and my employers would be hauled through the courts and made to face a stiff penalty - both financial and possibly custodial.
The data HMRC have misplaced is even more detailed than credit card details so their error is even worse. Even so, I suspect that there will be nothing more than a rebuke and search for a sacrificial lamb (who, no doubt, will be suitably rewarded).
I also think that people are worrying too much about their bank accounts. The real danger is that fraudsters can get credit and mobile phones, etc with these details. Something no one will know about until the invoices drop onto the doormat.
Whilst this may be more fodder for the whining government bashers, this event is so far removed from ministerial level that to suggest Alastair Darling should resign is pure opportunism on the behalf of the opposition.
I agree that the checks in place are evidently pathetic - to allow such data to be available en masse is deeply incompetent - the rules on Data Protection are clear. Organising HMRC is nothing to do with the Treasury, they set the framework and civil servants do the organising and so the right person, the head of HMRC has resigned.
To suggest that the entire government resigns due to one junior official with no sense is bizarre and pathetic.
IIt is also true that most people around the country are just as lazy about protecting their own data in the first place.
These days government is not about ideology, it's about competence.
This administration has proved time and time again that it is incompetent.
And Nick, why do you, like so many of your journalist colleagues, blithely dismiss the effect this debacle will have on ID cards?
Many people are either completely against or ambivalent about ID cards. Those that were ambivalent have now lurched dramatically into the completely against camp. Issues like ID cards and road charging really matter to ordinary people, yet so many political journalists seem to sweep them under the carpet.
I've not got a criminal record but I will definitely refuse to cooperate should this shoddy Government try to impose ID cards upon us.
I think that politicians have very little grasp of what 'databse', 'security', 'fire-wall', 'access', '£40B' ... and similar terms really mean.
This is not surprising, given their back-grounds. And the same is probably true of civil-servants.
There is a complete lack of understanding of the implications of putting everyone's wide-ranging personal details into 'one database' and then give many 10K's of civil servants and other access to it.
The information is not even treated by all concerned with the same respect that they view their own bank details.
As an engineer, I am horified by what the government continues to think it is capapable of achieving through technology, given their complete incompetence in anything related to technology.
Nick,
Forget Osbourne's little rant, it could have happened to any Goverment. The real issue is that the Brown administration is becoming 'unlucky'. This is the real worry for those of us who wish it a fair wind.
I think we need to ask why the National Audit Office asked for this information in the first place?
Apart from the junior official putting the information on to disk, if they were asked to do this, then by who? They obvioulsy are not aware of the data protection issues also.
To me this absolutley highlights the potential nightmare ID cards could create. For all the reported DPA breaches there are many that are not. To have information on every individual, which not only infringes my liberties but is not actually needed, can only make this potential risk so great as to effect every member of society.
Do we really want to create that risk for ourselves and a civil service that has now shown they cannot be trusted with our data?
These days government is not about ideology, it's about competence.
This administration has proved time and time again that it is incompetent.
And Nick, why do you, like so many of your journalist colleagues, blithely dismiss the effect this debacle will have on ID cards?
Many people are either completely against or ambivalent about ID cards. Those that were ambivalent have now lurched dramatically into the completely against camp. Issues like ID cards and road charging really matter to ordinary people, yet so many political journalists seem to sweep them under the carpet.
I've not got a criminal record but I will definitely refuse to cooperate should this shoddy Government try to impose ID cards upon us.
I work administering the Data Protection Act at a major university within the UK. This is the nightmare that we all have in this field; despite systems, processes, and training, sometimes you can't account for simple human stupidity.
I would say however, that allowing a junior officer this degree of access and control over such records raises significant issues about the administration of the DPA within that department. Proper procedures will not eliminate risk but they can reduce the probability - the more data the government possesses, the more stringent and effective procedures must be in order to meet the requirements of the DPA. Clearly, administration of data needs to be improved within government, or, it needs to retrench.
I don't know anything about techniques for limiting the amount of data that one person can extract from a database. I expect this to change very soon now. I'm in a position of great trust myself as regards access to data, and that may be not intended.
As for encryption, or where the discs actually went, either the data will find their way into the ha&ds of someone who can crack the password encryption that may have been placed on them, or they will not. There isn't much point in discussing how good the encryption is, and it could help someone planning to misuse data.
A basically uncrackable code system exists (although there are ways around it), "one-time pad". For this, the data are changed in accord with a random key that is as long as the data. Then literally there is no way to get the data out of the coded message except by using the same key. So if a key or keys were sent in separate envelopes, you would have to get each of them in order to decode the message. Another refinement would allow the message to be received successfully if one or more discs were intercepted and not received. But all of this is not necessarily practical, apparently was not used in this case, and, as it seems, the data should not even have been sent at all.
The fundamental issue is not so much that some CDs got lost (although that's clearly a major security breach), but it's that a single operator could download the entire child benefits database and make a CD in the first place.
Clearly there are fundamental failures of basic IT security going on. Presumably in this instance the CD was made for the right reasons, but how many other data extracts have been made for the wrong reasons? How can such a sensitive system have such poor controls?
It's the culture of slapdash security that should be a resigning issue for the responsible Minister.
Why did a junior employee have access to *extract all the data from the database*? Their ICT security policy has fell down somewhere. To them it looks like a list of data but they *have* to realise that this data is precious. I was gobsmacked that even after they had extracted the data they sent it in standard non-recorded post. I wouldn't even trust sending a £20 item I sold on ebay via standard post!!!! As we say in ICT support: PEBCAC. Problem Exists Between Chair And Computer :)
The argument for ID cards that, 'If you've nothing to hide then you've nothing to fear'
as been shot to blazes with this blunder.
Well I have something to hide, my privacy.
This will not stop the government from pushing ahead with ID cards and the national database, which I believe is the real reason for ID cards anyway. They have shown over the last 10 years that total control over every aspect of our lives is their Holy Grail, and Gordon Brown is worse than his predecessor in this regard. A little thing like loss of personal data won't hold up their plans.
I disagree with you that low morale and job cuts are not relevent in this case. Working within the DWP, another government department in a similar state to the HMRC, I see ongoing IT upgrade problems, ill-thought out performance targets and efficiency challenges on a daily basis. Most managers eyes are completely off the ball with regard to the actual 'raison d'etre'. Senior and Junior managers have become obsessed with statistical analysis trying to squeeze greater performance out of a dwindling and overworked workforce, all under the false premise of improved IT resources. The department is governed throughtout by unsuitablle people who have no direct purpose to the services we deliver or any clear thought or understanding of what is actually important to deliver our services. Staff, right through the organisation feel pressured, undervalued, with no identity to, pride in or responsibility to the organisation they work for. This is where the complacency and incompetence, like we have seen in the HMRC starts.
Government departments should each have simple mission statements to remind themselves exactly what services they should be providing and how they should provide them. They should concenrate on rewarding and retaining staff and getting a long and complicated job done correctly, rather than a complicated job done quickly and poorly. I fear however that it is already too late to rescue our embattled civil service.
I work in the geophysical industry, where data is our business, it's our life blood. The money that we earn is based solely on the the content of "the data", whether this be data that we have collected or generated, or client supplied.
If it were to transpire that we had let "data" out of the company that was confidential, then we would never get another contract again and we would go out of business. So, the message to employees of the company is a simple one.
However, the problem with security in Government Departments is that there are no customers per say. Yes in a way the public are customers, but because it is a Governmental Department, it is funded and therefore not subject to market forces. Clearly there needs to be a major improvement in this.
I think that this Government is stagnent and needs replacing. Gordon Brown is different from Blair. He has the same ideas, the same policies, but doesn't have the charisma or people skills to be able to put the right people in the right jobs. How long can we keep replacing ministers before the barrel is scrapped clean?
What we need is a new barrel, and we need it now.
I find this completely unbelievable. Why is this data not held within a main frame server environment, with layers of security. If information has to be passed between departments, you must define protocols and interfaces which do this securely. The act of just downloading data on to a disc seems like a way of 'Saving Money' and fool hardy to the extreme. Has this not infringed our rights under the 'Data Protection Act'. And who will be prosecuted accordingly?
Gordon must act quickly to implement measures to stop this happening again, or he will lose public support that I doubt he can recover from. I expect he is now very glad that we are not having a general election soon.
Calm down, what's all the fuss about? O.K someone made a mistake. Now the whole country is being advised to to rip open bank statements to see if their entire savings have been siphoned out. If the authorities need help with locating the package try behind the filing cabinet!
Why were the NAO asking for bank account details of all parents in the country? What were they supposed to be auditing?
Nick, have you ever actually tried complaining to the DP Commissioner about something that's being mishandled, like (shock, horror) the way the Â鶹Éç pursues innocent people who don't have a TV and therefore don't have a licence?
How many times have you been told, after correctly identifying yourself, that "I'm sorry, I can't discuss your personal details with you, Data Protection Act"?
You get absolutely nowhere, because the Commissioner's a party hack, a parliamentary poodle. And this is what happens as a result. The gap's been there since the start of the DP Act, protecting the incompetent and blocking people entitled to speak for themselves from doing so.
In the meantime:
* the NHS central database is being set up. GPs are being erm... persuaded to send it data. It is planned that "health professionals" and "other competent persons" will have access.
* Workers from the DVLA have recently been sacked for "inappropriate" access to the vehicle or driver databases.
* Many companies have access to a car insurance database where details of who has insured a car, what type it is and the address of the insurer. Some of these companies include credit card companies that don't even sell car insurance.
* The DVLA has a similar database for MOTs (as well as a link to the insurance database)
* The land registry will, over time, have details of ownership of every property in UK. It already has a large proportion online. One can track the buying price of those properties.
* Data from ANPR cameras are being collected from all over the country by councils both for themselves and the police. Your car can be tracked all over the UK, as a result.
The national ID database is being planned. It was going to be a new, "clean" database started from scratch. But that is too expensive to arrange. So what are they going to do? They are going to obtain the necessary information from all of the above databases (as well as several others).
And having brought it all together, they will allow access to any "authorised person". Which could be a council worker in your local district council, a post office worker, the list is endless!
And all this is supposed to make ID fraud disappear? Go figure.
To blame it on 'procedures not being followed' is to blindly believe that people faithfully follow procedures. How many of us haven't followed laid down procedures sometime in our life - even something as simple as placing a company order before getting an order number? In the vcase of computer security systems should be designed to be 'failsafe' even to the simplest method of I.T. dept unplugging the CD drive on the workstation to prevent download or upload of software.
And so far I've not seen any comments about the NHS patients records system where they plan to give access to tens of thousands of NHS staff (and others) as opposed to the HMRC system where access is supposed to be restricted. This is an even worse scenario if sensitive data gets into the wrong hands.
I agree with the comments about procedures. Politicians have to understand that these scandals will continue until the root causes are addressed.
More than one senior person no doubt "signed off" this transfer before the discs were sent. Obviously none of them checked personally that the procedures had been followed. T'was ever thus in bureaucracy.
Worse, no one at a senior level in the HMRC appears to have had the courage or confidence to say "Why are we sending this stuff this way?" "There must be other ways of complying with an audit".
Until senior levels of the civil service are trained to get down on the shop floor and ask pertinent questions, then major failures of administration will continue, Home Office, HMRC or anywhere else. Ministers will remain hostages to their departments until a "culture change" can be made.
I give it ten years and an average rate of two "catastrophes" per year.
Who would be a minister?
I a bit perplexed about this. I am a Civil Servant, working in an HR department running an electronic payroll and record management system. It is a complex issue, IT systems such as the ones my organisation use save the tax payer literally billions every year in higher efficiencies and lower wage costs.
IT systems are more secure than paper systems, but obviously if breached have the potential to release enormous amounts of information which is easily dispersed to criminals. The inevitable weak link, as explained by others, is the human element. People make mistakes. Even intelligent people, following robust "systems" and "processes".
I have no doubt that someone just like me is sitting in an office somewhere in London knowing that they messed up. It looks like it was a foolish mistake, but I find it difficult to blame them. As long as everything REASONABLE was put in place to avoid this happening I find it equally impossible to blame anyone in the Government. Remember that this has happened to all sorts of institutions in both Public and Private sector in recent years, there is nothing to suggest either that this is a "Government" problem or that "Goverment" can eradicate it.
Incidentally, I have no doubt that my records and that of my family will appear on these disks!
So, do we just accept a reasonable level of risk that things like this will occasionally happen due to use of IT systems?
Or do we go back to paper and accept higher costs for administration and therefore less money spent on public services?
Or alternatively do we make the information worthless to criminals by actually tackling the financial institutions who make fraud so easy?
Throughout the morning I've heard / read a procession of people saying that it just shouldn't be possible to download this data and put it on a disk.
I've worked on large systems (including HMG systems) for many years, and the brutal truth is that what has been done in this case could be done on all the systems I'm aware of... Very few mainframes have a CD-ROM, much less a writer, but it's a simple case of running a query and outputting the product to a text or CSV file. This can then be saved to any network drive, from where it can be accessed by a CD / DVD burner.
The point everyone seems to be missing is that only someone with full System Administration and / or Security Officer passwords would be able to run a query of that magnitude in the first place. Surely if an individual is sufficiently trusted to possess top-level clearance for a system, we ought to be able to trust them to handle the data in an appropriate manner? If not, then perhaps we should consider the possibility that a couple of stray CD's are the least of our worries....
I only despair that we voted Gordon Brown into power....oh no, wait a minute. We didn't....
Personally I don't blame Darling for this mess. He inherited the structure from Brown and things won't have gone so wrong in the short time Darling's been in Brown's old job. Brown and the Labour government are a sick joke. Brown bottled the election a few weeks ago but he should now do the honourable thing and call the election so the people can decide on his ability to lead. Of course he won't because he's power-hungry and will drag us all to hell in a hand-cart before he lets go.
I know several lovely people who work for the civil service - it notoriously attracts those who lack the mean streak so often required to be succesful in the commercial world. However lovely they may be, many of them are too naive and incompetent to be given such access to our data. How the government can possibly countenance ID cards in the face of this howler is the only silver lining I can spot.
The only options I can see are
1. Don't employ idiots. Impossible, there simply are too many of them around. Some of them may have influential parents and will slip through the net.
2. Don't rely on legislation- use foolproof mechanisms instead Problem... foolproof mechanisms are complicated to work out (needing experts) and cost a lot more than rule books. Unfortunately, people don't read rulebooks or instructions until they've broken something or done something stupid.
3. Don't collect the data in the first place. Trouble is, we have to collect some data. So we have to put expensive, complicated, foolproof mechanisms in place to protect it. So to minimise the costs and the risk of using inadequate legislation to protect our data, don't collect unnecesary data i the first place.
This begs the question - is any of our data at HMRC safe? I won’t be on that list, but like every one else in the country, I'll be on a database there somewhere. Clearly, the HMRC and its employees have become untrustworthy in the last 24 hours, and we are now stuck with a government body which appears to leak like an old bucket. We have no alternatives to go to, nor can we require data held on us to be removed or deleted. We are quite literally at their mercy.
Other data will be held on computer systems in the future. I doubt that the ID card scheme will be scrapped, as it's "different" (my eye), but we also have health records moving to an NHS database. Again, I question anyway, but in the light of current developments, I trust it even less.
The scale of the govenments incompatance and handeling of its own failures is a disgrace. I personaly have no confidance in our current govenment be if failures with loss of personal details, Iraq, the NHS,Transport, the list is endless. The the govenment should be asked to stand down and call an election. The more of us calling for this the better.
Someone should point out that if Mr Brown and Mr Darling spent rather more time trying to provide us with good government rather than making sudden policy changes for short term gain to wrong foot their opponents this sort of thing might not happen. The time spent burning the midnight oil to produce the announcements on changes to CGT and IHT should instead have been spent making sure that ministers control their departments and not just the departments' PR offices. The delivery of good government has been non-existent since 1997, the focus has been entirely on press releases, new legislation, new schemes, new quangos and congratulating pop stars on their birthdays. Ministers should instead be slaving away in their departments to make sure that the delivery comes somewhere near the rhetoric. When John Reid said the Home Office was not fit for purpose he has being economical with the truth, he should have said it was the whole government that was not fit for purpose.
Merely confirms what I've thought for years: a party that stated they would not create any new legislation, departments or quangos until they had got the existing ones working properly would win any election.
Too many MPs are solicitors/barrister or political professionals who simply think that making laws is better than enforcing them.
Let's look forward to the day when a lowly paid civil servant can take back-handers for supplying tailor-made sets of 1,000 people's details to order. Say all those males, 30, born in November, 5'8", degree educated, 9.5 stone, brown hair, brown eyes, no glasses required, born and living in London.
It'll make it a lot easier to pass oneself off as another if your can pick who to impersonate based on your own accent and appearance.
The move towards ID cards and merging these databases make it all the more possible. They'll even get a photo of each of us.
I watched the tv report as head down Alistair Darling spoke to the despatch box whilst apologising to parliament for this unbelievable betrayal of our trust. I thought, as I saw the P.M. sitting there, well this may be the first time your are a victim of government incompetance. Your wife's bank details are on these discs, since I assume she draws the child benefit to which she is entitled.
We know what the report on this national disaster will state.
"lessons have been learnt" though as always we are never made privy to those lessons.
Security of data is a ground up issue and what this incident reveals is there is a systemic data management problem in HMCR.
It is almost certain that if a junior employee can make uncontrolled copies like this, then many other copies will exist. Staff will probably have taken copies home , on a laptop for example, for a variety of innocent purposes.
I would imagine that any frauster could get hold of a copy simply by offering the right amount of money to a member of staff in financial trouble.
We already have a number of national security caveats that would have ensured this could not have happened, simply because a whole bevy of managers would have gone to jail if it had.
Just imagine, the number of litres of fuel a UK frigate's fuel tank can hold is better protected than all your personal data.
I really don't see how this can be taken to be the government's fault. It was a mistake by a non-elected junior official and would still have been made under any other government. A terrible mistake, yes. Requiring training of all staff who work in the department. But a different chancellor would make little or no difference.
This series of events has already caused a significant case of identity theft - I have just noticed that a bunch of incompetents have been masquerading as our government.
what were 25 million details being put onto 2 discs for??? selling 18million mothers details for a few tesco mail shots??? part of an mi5 investigation into terrorist activity?........c'mon Nick get stuck into the details for us!!!!!
This is the latest in a series of significant security lapses that, almost always, relates to the use of electronic data. Invariably the data contains important confidential information and, in these days of identity fraud, this must be regarded seriously. It is manifest that the systems are inadequate and there should be an immediate embargo on the removal of data in a portable medium from government buildings. This should include laptops. If data needs to be sent to other offices, electronic encryption is readily available. Old fashioned courier companies could also be used!
Forgive me but nobody seems to have asked one pretty obvious question - why was this information required by the NAO in the first place?
Surely all they would have needed was a report of some sort, not every single piece of data held on every single individual?
The chancellor must resign. In fact the whole government is totally incompetent. The list of blunders is endless but this issue is of a massive scale which will impact the whole economy for years to come.
In the past, we used to see ministers resign for something trivial such as screwing their secretary. Adulterous and immoral maybe, but when compared to this issue today, it is trivial to ordinary people who are not impacted by their actions except their immediate families.
Hence, the chancellor and the PM must resign. After all, the PM was the chancellor for 10 years!
While I agree that the security and integrity of data is the responsibility of everyone that handles it, from the postroom up, what this incident betrays is a culture of corporate indifference to and neglect of security, and that goes right to the heart (and the top) of management.
The data, we are told, was copied by a junior employee. A junior employee should never have had access to a dataset that extensive; that they had is a policy and management decision. They should never have had the ability to download the data that they had access to to removable media like CDs. That they had was again a management and policy decision. That data should never have gone to the NAO without being stripped of personally identifying data. That it was allowed to was again a management and policy decision. It should never have been transmitted in any medium without being strongly encrypted. That it was...you get the idea. And it should never have been burned onto a couple of CDs and shoved in the internal mail like a memo about where to book the Christmas do. That it was...etc. If it was transmitted at all, it should have been by secure electronic link.
The government have been warned by the IT industry and security practitioners time and time again of the dangers of unrestricted information sharing. They have been told time and time again of the absolute necessity for sensitive information to only be transmitted via secure means, and that it should be encrypted. Time and time again they have cavalierly brushed aside such warnings and gone on in the same utterly incompetent and lackadaisical fashion through bungle (lost laptops) after bungle (Standard Life details).
Yes, the employee who sent the data is at fault, as is the courier company, but their actions are the inevitable consequence of the culture in which they operate; the same culture in which the potentially disastrous National Identity Register and its accompanying piece of plastic are being implemented.
Unless and until government (of whatever stripe) takes seriously issues of data protection and privacy; unless and until they lose the culture that says that anyone in government has a divine right to see whatever data they want, they will keep staggering from botch to bungle and back again, and the citizen will continue to suffer the consequences of their institutional incompetence.
As usual the feeling is one rule for them and another for the rest of us.
In my area of work any paperwork to be discarded has to go into confidential waste to be handled via a security company, at a cost to us.
Any information that is required to be sent is done via Special Delivery, at a cost.
Failure to comply would result in disaplinary action and very likley loss of contract.
These rules are laid down by this Government. Who in response to there own failures are unlkley take any obvouis action, other than to say "they regret". If only the rest of use escaped so easily.
Once again, this government, no matter what their political colour may be, has shown total disregard for its citizens, the very people that voted them in.
This is not the first instance where personal data has been lost and I very much doubt it will be the last.
They tell us that the data is not in the wrong hands, but they cannot tell us where it is!
Somehow, that does not add up.....
Then they expect the British public to have faith in the proposed biometric database and ID cards!
Just imagine if personal biometric data got lost!
With all that we keep being told about ID cloning and to take care with personal documents and the very people that are supposed to be able who should be able to protect us from this, are just incapable.
The consequences are frightening too think about.
What has amused me most about this story are the constant reassurances that the data has not "fallen into the wrong hands", and that attempts are being made to find the discs.
In what way is this reassuring? If the location of the discs is not known and they have not reached their intended recipient, then they are not in "the right hands" and, by definition, must be in the "wrong hands".
Regardless of whose hands these are (and that person's intent), that is a serious issue.
Secondly, even if the discs are found, there is no guarantee that someone will not have hacked the password protection on the data and copied them/sold that data prior to handing it to the Police.
Data is intangible - just because you have the original CD back does not mean that no one else will have a copy. How often do people borrow a music CD from a friend and then make a copy before returning it?
As you say, there are clearly systematic and chronic failures in government and blatant disregard for data protection laws. Control of the data has now been lost.
If it is "in the wrong hands", then it doesn't really matter what steps are taken to protect this database in the future - you can bet the contents of those CDs will be sold 100 times over and circulated around the world.
If central government was aware of the systematic failings prior to this latest incident and failed to act, then it must be held to account.
Either way, substantial efforts will need to be made to reform complaceny in the civil service and resore confidence. Mr Brown could start by giving the Information Commissioner the powers he has requested to make reckless disregard of data protection laws a criminal offence.
I cannot believe that a junior member of staff could copy 25 million records in the first place.
I am puzzled that 25 millions records fitted onto 2 cd's.
A cd holds 700mb of data, i would have thought it might have been 2 DVD's or 30 + cd's to hold this amount of data.
At the end of the day, Alistair Darling should resign, Gordon Brown has dismissed this as a inconviennance.
It is more than that, also as many people already have said, if this can happen with this, what can happen with ID cards...dread to think.
I'm not sure that it's "the government's fault". Alistair Darling cannot be responsible for the action of HMRC, or for that matter any other public body. They stand or fall on their own operational performance. It's just a shame it's so hard to fire the incompetents within them.
However, in defence of HMRC on this particular instance, if you send anything by TNT or any other courier it is trackable, via the waybill number on their website. It might not be "registered" or "recorded" but for the life of me I cannot see what difference it would have made. A lost package is a lost package. Lebelling it recorded or registered doesn't make it glow in the dark recesses of a distribution depot!! Moreover, I don't imagine for one moment that these files that have been lost are conveniently in an everyday microsoft program, and unpassworded. I would assume they are raised from a program written in UNIX or some other more specialist software, and as such, of little no use use for sale in the "Dog and Duck"
I would be surprised whether out of all the hype any more than a handful of people's data, even if that many, will be compromised as a result.
Crisis, what crisis!?
Every chain is only as strong as its weakest link. So is the weakest link with Mr Darling or has the management team at the Child Benefit Centre been cutting corners with their security measures and no one has known until now? Maybe one day we will find out.
Completely agree, Nick. It's simply a matter of whether HMRC and their employees respect the public enough. If they can't be bothered to protect our data, that is their own problem and no-one else should be dragged down with them.
The main problem is that HMRC is staffed by low grade morons without the common sense to realise copying half the population's most saleable information onto a CD or two is a stupid thing to do. Its difficult to justify why this particular low grade moron decided not to even bother sending it recorded delivery. Even more amazing was that after the disks went missing, said low grade moron then sent it out again in the exact same way, but this time the CD's arrived at the NAO! You couldn't make this stuff up!! Government seems to be staffed by people who are too stupid to work for the private sector these days.
If I had done this in my job where I keep the records of clients and their mortgage details, I'd be in Court. Fact is there needs to be a watertight system in place so that this can't happen. Obviously the Government office in question is a bit leaky. And staffed, as in society as a whole, by some pretty silly people.
Let us not be amazed by this exposure of Data Insecurity, while at the same time we are subscribing to an Internet connected world of Online Bank Accounts, Online Personal Blogs, Wireless transmitted phone calls and data, etcetera.
There is no politics in this event, other than what excitement can be drummed up by the class of journalists of which Nick Robinson is a member.
And why is the National Audit Office acting After the Event, when auditors have for decades been required to be proactive and to assist organisations to pre-empt problems?
Finally, let us distinguish between the need for a paper ID card, and the need to have a Computerised ID card. Here in Britain, as there has never been a paper ID card, this distinction is vital to understand, because the difficulties of implicating a Technologically Modern Identity can be isolated from the difficulties of introducing ANY identity card in the UK. The latter difficulties are political. Ho hum to the people who thrive on politics....
I am at a total loss to understand how an imbecile at HM R&C who sent these discs out instead of filing them in the correct place is the fault of the Government! WE are all personally responsible for data protection and the person who released the information should be discliplined over it and dismissed. He/she will never work again anyway! AS a DP Practitioner, this has always been coming and is actually far less of a problem than the banks leaving personal information on the doorstep (which they are still doing by the way). The discs are not normal cds but encrypted large cds that were specifically designed to beat this sort of problem.
Now, as to the folk who are on about the government being exempt from the DPA, rubbish!! They are covered as much as the rest of us. Also, don't forget it is the Tories who want to get rid of the DPA and get back to total openness.....
Or you could argue that increased centralisation of data storage through identity cards will make it easier in the long run to ensure citizens' data remains safe...
Earlier this year, after being a trustee of a prominent museum for 4 years, having been groomed and pleaded with, to be a trustee, it was decided that trustees could no longer be trusted and I needed to be checked out by the CRB and also prove who I was. All this, despite my having been sought out and identified at my University. In my letter of resignation, I declined to provide copies of my passport, drivers licence and birth certificate along with NI number and bank account number to a body (CRB) who had already been involved in IT fiascos and who had licensed 14 thousand dubious persons to access the data they hold.
Not surprising, I received no thanks from the govt department that appointed me, after 4 years of voluntary work, during which I claimed not a penny of the expenses I was entitled to. It is this combination of incompetence, indifference and ignorance that leads me to say that many heads must roll for this latest scandal of unprecedented magnitude. The underling who totally ignored data security procedures must go. The local data protection officer whose job it is to manage security in Newcastle must go. And I am afraid, Darling, as the place where buck ought to have stopped, as the person for whom security of the population's data ought to be first point of call, you too have to go. Indifference to and ignorance of what is going on, is as bad as incompetence.
Ref Post 59,
could not agree more! Merchant bankers the lot of them - I would not trust them to run a bath!
Funnily enough; neither did 60-odd percent of the public who voted at teh last election!
I really enjoy your thoughts, thank you very much for them.
But I don't agree that job cuts and low morale are not relevent here.
The managerial and ministerial culture in the UK seems to be to insist that everything is fine or just about to be fine, make demands on front line staff that cannot remotely be delivered in a reasonable working week, and cross their fingers.
For example, they have bright ideas about big organisational changes, then pretend that these can be successfully managed at the same time as large-scale job cuts
Faced with the impossible, even conscientious and hard working people will cut corners, skip procedures and pray to be lucky.
"We will learn lessons" will be trotted out. It'll be sincerely meant, but it will be a self-delusional fib. The pressure on managers and ministers to promise the impossible will soon overwhelm them.
ID cards are being forced on us apparently to prevent terrorism. Yet given that mistakes of this magnitude can occur what is the bigger risk to our national and individual security - that our personal data is not all together on one database or that this data is all together and can fall into the wrong hands, and thus used for identity fraud etc on a hitherto impossible scale. Where is the evidence that id cards have ever reduced terrorism? Spain?
My advice to the wise is to scour the press releases of the govt over the last and next few days. Why did they sit on this for so long only to release it now? What is being covered up with this?
Having worked with secure and sensitive data for most of my working life I am amazed that such a mistake could of been made. There are so many ways to send secure data by electronic means. We seem to drift from one crisis to another with the same fools at the helm. Remember the family tax credit fiasco !
What worries me more, Nick, is that nobody has repeated what was being said yesterday that the "Internal Post" was sent via a commercial courier company, and was not conveyed by servants of the Crown.
Is it possible that the data which was being downloaded on to the disks was also being handled by an outside contractor?
We should be told all of this because successive Governments' attempts to master IT have been an expensive disaster for us as taxpayers, and if outside contractors have been involved here, a very serious security breach with real consequences for all.
That's also before we consider the outside contractors vying for the contract for the ID cards...
I work in IT and the idea that a 'junior' member of staff has the ability to DOWNLOAD this list and the be able it to write to a mass storage device (DVD, CD-ROM, etc) beggers belief.
Most corporates I work for restrict DVD/CD writers and do not allow people to run queries against production systems. I wonder why they do that? ;-)
Well Nick, job cuts often equal one person doing two people's jobs and low staff morale which lead to said staff saying 'Why should I bother to do my job properly when no-one values me?' and thus to shoddy and careless practices - or worse to disaffected staff members being willing to provide data for large sums of money.
What really amazes me, though, is that no-one has yet referred to the very worst possibility - that these very detailed data about children have fallen into the hands of/been commissioned by paedophile networks.Do you have any observations about this?
If I had done this in my job where I keep the records of clients and their mortgage details, I'd be in Court. Fact is there needs to be a watertight system in place so that this can't happen. Obviously the Government office in question is a bit leaky. And staffed, as in society as a whole, by some pretty silly people.
you're right Nick, its the total lack of responsibility for very confidential information - reams of it - that is shocking. lack of respect for the public, as though the infomrmation related to a cosignment of mars bars. Its put me right against identity cards, though I was agaisnt them before, to be fair. This shows exactly why I was against them to start with.
There is a huge problem in the UK in that competence is undervalued and incompetence tolerated, whilst those skilled in any kind of politics rise to the top.
The fix is to introduce a nationwide culture inversion where honesty, integrity and competence are seen as THE most desirable traits for personal advancement.
Everyone in the chain of command involved in this scandal should be summarily sacked, from the junior worker who clearly ignored protocol, through the incompetent middle management, right the way up to the Chairman (already gone).
Nick
I suspect the data wasn't downloaded from "the system" by a junior employee in response to the NAO request at all.
I suspect the data was already being held in an unsecure format by an analyst who was using it to prepare management information. This was then simply copied. If this is proven by the enquiry to be the case, it'll be even more damaging as it'll show that sensitive data is routinely extracted from systems and held without approriate security.
I bet the Recycle Bin's of the civil service are being filled today with sensitive data that's been stored on C: drives in Excel or Access or the like. They won't even be smart enough to empty the bin.
Oh, and one last rant, does the PM really believe that invoking Price Waterhouse Coopers will reassure the public? We are not that stupid. PWC will not compromise their relatonship with government by producing an objective report. After all, in the development how many government IT systems were PWC the prime contractor?
Right, going to lie down in a ddarkened room now.
Simon
1979: Labour isn't Working
2007: Labour isn't Coping
So how exactly does the government know it hasn't fallen into the wrong hands, given the fact that it has no idea where it is? Surely any fraudster would wait for the dust to settle for a few weeks at least before beginning to perpetrate identity and benefit fraud on a massive scale, as appears distinctly possible. I actually find myself feeling sorry for the Chancellor......
How is it even possible for one junior ranking official to copy the whole of a database of this size and importance without controls and restrictions being in place - never mind then putting it in the ordinary post? This in itself is a huge security risk - if this is possible, how do we know that some corrupt official has not already copied this or other sensitive government databases and put them in his briefcase and taken them home to sell into the criminal world?
I have always been a supporter of the idea of ID cards but this incident has made me begin to think again. It is just unbelievable.
I do not believe that this incident is a consequence of political failure. A repetition would be.
I consider this incident to be a consequence of the continuing very poor professional standards in the Civil Service.
As I believe you say, Mr Robinson, the first line of defence should be the training of staff and the second should be in the form of data access safeguards such as those we in the defence industry experience routinely.
This matter is important enough to warrant a third layer of control - possibly a 'dual key' solution (as with nuclear wepaons [except in UK, I hear in the news this week]) or the absence of software tools to permit bulk access.
It is general profession standards that are in decline, not politicians, for whom further decline would be hard to imagine.
This is good news for IT firms who sell encryption technology, and bad news for everyone else.
Presumably the National Audit Office must receive many large-scale, sensitive databases.
What is the normal protocol for transferring data? How do we know this won't occur when the NAO looks at a private bank, or any other area of the government?
I've spent the last 20 years working on major IT projects in both the public and private sectors.
In the wider discussions about data safety one crucial point is often missed: Data Quality. At some point almost all data has been keyed-in by a person, a process as error prone as every other human activity.
A 2% error rate is considered very good in the private sector. In large government systems 20% upwards of the data can suffer from quality issues (look at the recent reports of the millions of extra NI numbers on the National Insurance database).
We used to call it "Garbage in Garbage out". Most people have suffered from this in one way or another - the support rep can't find you on the database, the letter that goes astray because of a miskeyed post-code, money debited out of the wrong account, the tax demand that should have gone to someone else.
These errors are inconvenient, stressful and sometimes costly.
But if the National ID database has you confused with someone else, the problem is on an altogether different scale - you can't get a passport, you can't use your bank account or credit cards, you can't claim benefits, or use the NHS.
You may even be arrested and detained because your DNA fingerprint has been confused with a criminal's.
And a 2% error rate in a database of 60 million people equates to 1.2 million people.
However, on one note particularly, calls for the Chancellor's resignation are a bit premature. Only if the file info falls into criminal hands should the Chancellor then consider his position. Otherwise, he should stay to deal with these difficulties and not shirk the moment things get tough. There is a tendancy in British politics to equivocate responsibility with resignation. Responsibility ultimately means not only putting one's hand up when something goes wrong but saying look I'm going to sort this out and ensure that nothing of the sort occurs under my watch again.
On a wider note, the recent difficulties for the Chancellor and the PM hark me back to the days of September 1992, the 15th day of that month to be percise when Norman Lamont withdrew the country from the ERM. That day the Tories lost their reputation for economic competence and that (along with other matters, I acknowledge that) destroyed their reputation for a decade and a half. Could Northern Rock and the Missing Data files controversy be Labour's 'Black Wednesday'? Hmmm, time will tell.
I wonder how many of the staff in HMRC are security cleared to handle and see this data anyway? That would be an interesting parliamentary question. The Government will not recover from this, nor should it
Both myself and my wife who have two separate accounts have both been hit in the last couple of days with calls from our banks fraud teams. It appears that despite us both having individual accounts, the details have been cloned some how in America !
Could it be through this leaked information ? Stuck now with no money for a week and a half whilst I wait for my new card.
For those who do not make the connection with ID cards, please go back to first principles. What are they for? Who will they benefit? Originally, we were told that they were to combat terrorism: that was subsequently admitted to be untrue. Then they were going to stop illegal immigration: that was shown to be untrue. Latterly, they have been promoted as the cure for ID theft: apart from the ability of criminals to clone them as they already do with our passports, it is now clear that human error is likely to make ID theft more likely rather than less so. And so I repeat, what are ID cards for, apart from creating the pretext for a new 'stealth' tax and for selling our private details to big business?
Could we find out what, if any, action Cameron and Brown have taken to prtect themselves as recipients of child benefit?
If yes - I hope it was taken only after the rest of the country heard the news!
"Thank you Darling!" The government are quite obviously out of control and have become a reactive mess.
I would never consent to carrying an ID corresponding to data held by this lot. In fact I'm just digging out my abacus to start compiling my accounts!
I have got a cd with more detailed information free on the front cover of a computer magazine. This data is available to all on the internet anyway - so why the over-reaction sacking ministers and the rest. This is just more spin by the prime minister who is reforming the benefits system and needs to get it on the top of the political agenda.
Dear Nick,
Your comment about the difficulty of making the government machine work is exactly the core issue. Every day we hear of more official incompetence in all areas of life. For example, refer to another feature story today about a 16 year old admitted to hospital dying because of misdiagnosis.
It seems to me that we have lost the abilities we used to have, e.g. running half the world from London with minimal communications! How do we rebuild these skills? So much effort is spent on minutiae, political correctness, eliminating bias and prejudice, and general burocracy that the core issues and the ability to make clear foresighted inteligent decisions seem lost. Additionally we seem to see the problem in party political terms whereas surely it's a management issue?
Nick,
You, like so many other political journalists and paid-up members of the chatterati, tend to ignore or dismiss issues which concern the ordinary voters.
Issues such as road charging and especially ID cards.
Over half of your correspondents mention concerns over ID cards and the national database, but you sweep aside such concerns as if they're not important.
Well, Nick, they are important. I, and many others, won't be paying through the nose for the privelege of being tagged and numbered by a Government who I wouldn't trust with my laundry list, let alone sensitive and important data.
Wheter you believe it or not, one of the biggest issues here IS that of the ID card and national register.
Govt these days is as much about competence rather than ideology. This lot have got it wildly wrong on both counts.
This is spot on. I saw Newsnight last night and the breathtaking arrogance of the minister to maintain, in the face of all the evidence, to maintain that a national ID database would be secure, was so shocking. Labour is desparate to cling to power and simply ignores the inconvenient fact of its own incompetence. If they cared at all about the country they are ruining, they would call an election immediately. But we know they won't.
Andrew Dundas wrote:
Alistair Darling may emerge from both crises with his reputation enhanced.
You would get along well with Brown et al - yet another living in a dream world.
Even if the cd's did magically appear, we would wait months or even years to find out if they were copied and susbequently fraudulantly used.
15. At 10:33 AM on 21 Nov 2007, M Chandler wrote:
Alistair Darling must be at a loss for Words!
Not words - names, addresses and bank details. Didn't you read the article?
At least there might be some worried Government Ministers. There details will be on that disk if they draw Child Benefit. They can worry along with all those 'ordinary' folk that are having to watch their accounts now. Some honourable members are now getting a taste of their Government's department's inefficiency.
Just a quick comment on the perceived security of biometrics - the government may claim that they are secure, but you can't change your fingerprints or your irises. Once these are compromised - and it's very easy to fool a fingerprint reader with a silicone 'fingerprint' - that's it. No system would run its security based on a password you can't change.
Alistair Darling studied law and worked as a solicitor before being elected to parliament. Surely of all people he should know what the Data Protection Act means and taking care of personal data? What's the excuse for running a department that doesn't understand its legal obligations?
What I cannot stand is the sheer hypocrisy of a government that continues to impose and enforce greater & greater regulatory burdens on individuals and corporations but seemingly cannot even comply with the most basic of those regulations when the boot is on the other foot.
I fully agree with your comments. The fact is that in their own dealings with the public our current political and governing class has been playing fast and loose with information for a very long time. They see government as a game, and the only consequences that matter are how things look; how they can further their personal careers and that of their fellow careerists on the greasy pole.
I no longer have any confidence in the government. Its time for regime change.
What I cannot stand is the sheer hypocrisy of a government that continues to impose and enforce greater & greater regulatory burdens on individuals and corporations but seemingly cannot even comply with the most basic of those regulations when the boot is on the other foot.
As much as I would like to blame the government for yet another failing, this case has only been brought to light because of (obviously) who they are. I recently requested a copy of my credit agreement from Black Horse finance, and was horrified to receive back EIGHT pages of someone else's personal details - name, address, bank account, NI number, vehicle details, the list was endless - needless to say the individual concerned wasnt too happy either and is now pursuing the matter.
Black Horse assured me that it was 'human error' and that it wouldnt happen again - cant say I'm that convinced. The Data Protection Act isnt worth the piece of paper its wrote on.
As a former Civil Servant and union member, I agree absolutely with Nick. I know sure my Department was not alone in stressing the importance of securing the personal information of those we were there to help and to serve, and the likes of Mark Serowtka are trying simply to shift the blame. This failure is in no way the result of cutbacks and mergers, but due to the sheer incompetence of those official directly involved. It beggars belief that anyone could think it was right and proper for this information to be requested by the NAO, let alone provided by HMRC.
Stan Hanson
I'm afraid this doesn't give me much confidence that our NHS records will be safe either, assuming the centralisation project ever gets finished. And that's another government project which is failing. There seems to be a common thread building up.
I'm just an ordinary guy in the street who isn't involved in politics beyond what I see in the news. I pay my taxes and I support the well being of the country. But I'm feeling uneasy about the growing history of blunders that is building up. It seems to be happening too often.
The above comments talk about arrogance, complacency and incompetence. In the commercial world, these characteristics generally get "rewarded" with a change in personnel. Maybe that time is getting near for the government. I'm sure Brown will list successes, but the balance is changing.
How can it be that, in 2007, the only way to transfer data from one government office to another is by burning off a CD and putting it in the post?
Haven't they heard of networks in HM Government yet?
260 comments in 4 hours, and the government thinks it's not a Black Wednesday moment?
This is obviously an inside job and the info is already in the hands of criminals.
The next set of polls will be most interesting, I am sure you will agree!
How baffling. I now Brown is said to be a control freak, but surely even he and Darling aren't able to control someone in Newcastle putting a CD in the post.
The main lesson is that events will happen, it is fate, regardless how good the government may (or may not) be. They should be judged on how they deal with those events.
... unless an inquiry shows that ministerial passion for meddling and re-organisation caused the break down that lead to an "unfit for purpose" scenario - but we don't yet know if that is the case.
So , the discs are missing.
Even if they are found , I would think that any self-respecting thief would have made a copy before allowing the origional discs to be " found"
"Systems can be circumvented" wrote a poster above. True, but it should be pretty bl**dy hard to do so.
Ergo - How is a 'Junior' member of staff able to access and download a full copy of this data?
- Why are there machines capable of accessing this data which have CD-Burners and other portable media attached?
- Why was the data not encrypted? Is this not a requirement of the Data Protection Act?
- Why have similar problems happened three times before and nothing seems to have been done to tighten up those procedures?
- Why is internal mail thought of as a secure and satisfactory method of shipping personal data between government offices (as opposed to secure file transfer systems for example)?
- Why is this internal mail service, which is obviously thought of as secure, operated by a private company (and presumably the lowest bidder too)?
- Why wasn't this data treated with some respect?
in reply to post number 114; do you really think your bank is going to want to allow it's customers to request a change of their account numbers? For a start it would require a huge amount of manpower to make it happen and in all probability a lot of the time it would be completely messed up.
I assure you, I used to work for one of the big banks in this country and the things that would go wrong there make the idiots at hmrc look like smooth professionals in comparison.
Nick said "[a] gap [...] has opened up between what we're told about the protection of our personal data and the reality"
Is this a euphemism for "we are being lied to" or just for "no one knows what is going on"?
How was a junior official allowed to download sensitive data on 25 million people to two discs in the first place ? Who gave the junior official clearance to do such a thing ? Where the disks encoded with passwords and encypted so no one but those who need to know could see such data ?
Has the data already been transmitted to Russia and South America ready for the biggest spamming and phishing enterprise in internet history ?
What is next ? Our health records ? Our Driving Licenses ? Personal ID records which the government still foolishly wish to implement ?
Despite all reassurances that the data that is held on all of us is safe, it obviously is not.
Alistair Darling used to be my MP. I wrote to him in 1996 re Tory government social security red tape, the campaign being mentioned in the Scottish press. In Sept 1999 I asked him what he was going to do about it now that he was in power. He replied showing no interest in addressing the bureaucracy in government departments, the inefficiency and wastage and red tape. How does having a law degree qualify someone to run such a huge department? For goodness sake bring in a heavyweight manager.
[quote]177. At 12:09 PM on 21 Nov 2007, Andy wrote:
I hear our 'Junior Official' may be someone in IT. Speaking as an IT person, it's highly unlikely that a truely junior official would have access to dump the entire live Benefit database contents to CD. Much more likely is that the request came in from the NAO, has found it's way to a suitably skilled database administrator, then the dumped files have been passed to someone else to burn to CD then put in the internal mail. I find it doubtful that any single person at HMRC has taken the NAO request and dealt with it entirely themselves, which would suggest more a systematic failure rather than a single individual being to blame (although, what do I know, I work in the private sector.)[/quote]
As a "junior officer" myself I think you've hit the nail bang on the head. This is a chain of errors and bad decision making with more than one person involved and to blame.
BTW however HMRC does not have in house IT data service support provided by civil servants - it is outsourced to a private sector 3rd party.
In the case of security breaches and data loss in the private sector, most of these are simply covered up as it's bad for business - especially banks - to reveal the truth. At least with this happening in the public sector the truth has had to come out...eventually.
There is a further very serious concern which no one seems to be addressing. Sure, HMRC messed up big-time through failure to enforce proper procedures for information security.
But who encouraged the "junior official" to dump this information onto CDs and post it. None other than our National Audit Office, whose raison d'etre is to enforce proper procedures...
The malaise is clearly very deep indeed, and the climate of contempt for customers will take years to reverse. The corporatist attitudes which this Government routinely adopt mean that they will never be capable of being trusted with the interests of individual citizens - we're just gogs in their conceptual machine.
I voted for them in 1997, and Brown stole one third of my personal pension's value within a month of taking office. Never again.
I have held out as long as I can on this response. I don't see anyone else stating it so I thought I should.
I have worked in IT security for over 12 years and DATA protection has and always will be at the heart of what requires protection.
This story does not suprise me at all, the laughable explanations all seem to miss the key point, which I mentioned to security professionals within the HMRC/DWP when I worked with them beginning in 2002.
The key issue is - WHY was the data held in an unencrypted format WITHIN the database?
The data does not need to be held 'in the clear' (readable) at all, it should be encrypted. For example, 'NICK' should be encrypted within the database itself, so that 'NICK' might read 'AEBA' to anyone who doesn't have the right 'keys' to read it.
Then it wouldn't matter if it were lost, it wouldn't matter if someone 'found' the data, since it would be unreadable without the key.
It could be sent in the mail then by anyone, who cares, since the information on record would be useless.
This is NOT a policy within HMRC or the DWP, instead anyone with access rights to the database can simply copy it onto a disc, and do whatever they like with it.
Finally, the point about not being able to 'copy' biometric DATA - what an absolute joke. DATA is DATA, if you created it, someone can copy it, if it's stored, it can be copied.
The ID card would not have prevented this, nor would I welcome a move which relies on a single means of ID being 'reliable' at proving who I am.
A centralised ID system puts all the cards in one hand, and if some fool mismanages the DATA in that situation, there is no difference to the disaster today.
You cannot rely on a Government employee to secure and be responsible forever with your ID - it's simply laughable.
The only people saying you can are the people who manufacture and sell this type of garbage.
DATA is DATA - it can be copied, and it will be copied. If you really think that it's possible, look at Microsofts, or Apples, or the film industries efforts to stop people robbing them of billions of pounds a year.
It cannot be done.
The media are concentrating on the 'lost in post' element, which from the data protection point is almost irrelevant. As you suggest, the real issue is that a single 'junior' employee has the capability of copying the entire database!!!
How much other information can be copied in this way? What is there to stop an unscrupulous employee copying a database and walking out with the data and passing it onto criminals?.
Surely no one individual should ever have access to be able to copy such a large amout of data.
It is no good having rules (which can always be broken) you must have physical protection of data.
Why arent the media pursuing this line of inquiry into government data protection?
Spot on Nick. Government arogance and civil servant complaicancy are bad enough now. Super data bases linking information held by several or all government departments with very little restriction of access by juniors will be a boon for fraudsters. Let's keep the departments separate and keep the individual concerned in the information loop.
As the Information Commissioner has already said by letting government continue with bigger electronic storage systems ie. ID Cards the country in heading for an Orwellian state without a fight.
What is the problem this government have with IT? It seems the launch of any kind of computerised system is always either late, or over-budget, or both, and rarely works in the way intended. It would be interesting to compare the amount spent on IT by this government in the last 10 years and compare it to the initial projections - I would guess that it could be an overrun of tens of millions.
This crisis underlines the government's difficulty in getting to grips with the most basic elements of IT policy. Any security review should have shown that the data was being stored insecurely - the fact that a junior member of staff could export the entire database shows that basic precautions weren't implented at an IT level.
The government needs to either hire someone who actually knows something about computers, or start going back to using pen and paper.
I was asked to download Supplier bank details onto a disk.....
I asked 4 managers internally the risk of putting it all in one place.....
I was laughed at saying "you've seen Channel 4 dispatches last night haven't you!!!"
I said yes I did - by the way the dowload includes your bank details too - as employees are set up as suppliers for expenses
As a parent of a young child & on a single income, we claim Child Benefit, and I am absolutely appalled at this negligence. You have no choice but to put trust in the powers that be to at least look after your most personal & private details. It seems very worrying that this information can be treated with such contempt that they can be copied & popped in the post. I do completely agree with Nick on the area of job cuts & unopened post - It is an individual's responsibilty to act with due care in the workplace. It is time people in this country took repsonsibility for their actions. With this government it seems to be one debacle after another.
Kevin,
Watford
Yes, there should be a vote of no confidence.
Yes the government should resign and submit themselves to a general election.
Has no one grasped the magnitude of this error? Never mind people's money, someone could have the names, adresses (and dates of birth?) of every child in this country! This is the biggest breach of security and individual safety since the London bombings.
Now, think what would happen if Tesco had managed to lose two discs with their Clubcard data on it (also likely to be 25m individuals). Resignations? For sure! Collapsing share price? Certainly! Opportunistic takeover? Very likely.
We are the customers of the Government. We appoint them to manage the affairs of our society. They have presided over an enormous error and I would like to shop elsewhere.
No-one seems to be asking the obvious question ... what did the National Audit Office want with all this personal data - especially bank account details, and did they have to make an application through the Data Protection or Freedom of Information Acts to get it? Moving onto the data download, I work in IT and it's so easy to make a system that controls access to specified individuals, and can only allow top level people to download all the data. Strikes me a cheap solution/quick fix has lead to this debacle.
The current government have pushed through reorganisation of various departments as fixes to problems - rather than actually trying to get the existing departments to function efficiently.
This is much like Nero fiddling as Rome burns.
The lucky chancellor has become the incompetent Prime Minister. About time he was found out.
Well written as ever. They may not be guilty of the same sleaze as the Tories in the 90s, but the Government is becoming increasingly guilty of incompetence, lack of vision, and of being almost entirely reactive. Government ministers, instead of dictating the pace, look like rabbits caught in the headlights; and appear almost as stunned as the rest of us.
Time is coming for a change of government, and it is coming faster than most of us would have predicted, even a couple of months ago.
Why did the NAO need details of our bank accounts?
I would be fascinated to know exactly why the NAO need the names and personal details of child benefit recipients in the first place? I can understand that auditing HMRC's performance is vital, but why were the personal details not removed from the data before it was passed to the NAO?
I'd also be fascinated to know if there is actually a secure method for moving this amount of data within the civil service. If not (as I suspect) then claims that procedures were not followed are entirely misleading - there is simply not a procedure for moving this size of file.
It is just another example of Govt departments in disarray. From one department to another we hear of failed computer systems, backlogs, lost data.
They clearly are in total meltdown.
Another example: Why do I get a letter in October 2007 giving me 14 days to repay Child Tax Credit given to me during 2003/2004. They leave it 3 years to write to me!!!
Maybe the letter really got held up in their internal post for 3 years and they simply changed the date on my letter!!!
Total incompetents.
The trouble with this kind of data is that once it is lost, it can never be recovered and made private again.
Something has to be added to the data protection act, to ensure that organisations only allow employees access to personal data on a record-by-record basis, with some mechanism in place to ensure that the record is being accessed for some valid reason. Additionally, every single access to the data should be logged, and the results audited every so often, so that the employee knows that they are being monitored.
Who wants their NHS records sold illegally by a rougue employee within the NHS? For that matter, who wants their medical records open to be viewed at a whim by any nurse, dentist, doctor or administrator across the country? Trust, procedures and rules will never stop this happening.
Nick,
Congratulations on a fine piece of Journalism. You hit the nail on the head with your open opinions and I think you fairly accurately reflect the mood of the nation at this time. Exasperation doesn't come close. 300,000 MISSING illegal error(s) after bumbling Incompetence after 25million MISSING personal bank details Error. And what do we get for it?....words....apology after apology after apology! What else do the electorate need to convince them that the Tories are looking a pretty good and practical option right now?!? Bring on the General Election Gordon!!
As a long serving current civil servant (I did spend 3 years working at Child Benefit Centre from 1998 - 2000) I feel I am better placed to comment on the issue of why a "junior" member of staff was able to do all this.
There is only one reason - they were given the task to do and the authority to complete is by a more senior member of staff who has seemingly had all blame removed from themself and put onto their subordinate. Staff members will usually only be able to access one case at a time and are subject to regular random system test checks where a manager must check that there was a valid reason for accessing the case, you would need authority from a very senior level (I believe a special request would need to be put to whoever manages the database) to be able to download this sort of information.
The security is there - someone must have given authority for it to be bypassed in this instance, not quite as senior as Mr Gray but not far off it.
It is just another example of Govt departments in array. From one department to another we hear of failed computer systems, backlogs, lost data.
They clearly are in total meltdown.
Another example: Why do I get a letter in October 2007 giving me 14 days to repay Child Tax Credit given to me during 2003/2004. They leave it 3 years to write to me!!!
Maybe the letter really got held up in their internal post for 3 years and they simply changed the date on my letter!!!
Total incompetents.
In the words of General Melchett:
"What the hell are you DOING Darling!"
Let's knock one piece of sloppy commentary on the head.
The discs were not "in the post" - chucked or otherwise. They were in the internal government mail service which is supposed to be capable of dealing with items up to 'Restricted' level. This service has existed for decades and has been outsourced for several years.
Whatever else failings may have occurred - the method of transportation can't be blamed on HMRC staff
Of course it's possible that these details were never lost at all, rather that the overstretched junior at HMRC forgot to send the data in the first place, then when asked why the discs hadn't turned up, used the old 'oh they must have got lost in the post' line (similar to 'the dog ate my homework') and quickly sent out another set, thus explaining why there's no trace of the first ones and why the second ones were sent registered. Of course once the white lie was out there and growing out of all proportion there would be no easy way to tell someone the truth.
Mike:
The NAO have already stated that they didn't actually request most of this information, especially the bank details.
Nick,
Congratulations on a fine piece of Journalism. You hit the nail on the head with your open opinions and I think you fairly accurately reflect the mood of the nation at this time. Exasperation doesn't come close. 300,000 MISSING illegal error(s) after bumbling Incompetence after 25million MISSING personal bank details Error. And what do we get for it?....words....apology after apology after apology! What else do the electorate need to convince them that the Tories are looking a pretty good and practical option right now?!? Bring on the General Election Gordon!!
How was a junior official allowed to download sensitive data on 25 million people to two discs in the first place ? Who gave the junior official clearance to do such a thing ? Where the disks encoded with passwords and encypted so no one but those who need to know could see such data ?
Has the data already been transmitted to Russia and South America ready for the biggest spamming and phishing enterprise in internet history ?
What is next ? Our health records ? Our Driving Licenses ? Personal ID records which the government still foolishly wish to implement ?
Despite all reassurances that the data that is held on all of us is safe, it obviously is not.
This is too farcical for words and reminds me of Dr Strangelove (the way one man is able to do something that you imagine would require far greater power and confirmation from "higher on up").
The concerning thing is the defence that it was one individuals failure to follow procedure. We do not live in a utopian environment where everyone can be trusted to follow procedure (or law) and safeguards need to be put in place.
If I was to go on holiday, leaving a window open and all my valuables on display, I shouldn't be suprised to be burgled. In fact, my insurer and the police would probably tell me as much when I tried to make a claim and report the crime.
Sure, the person who entered and took all my belongings might have broken procedure (the law) but to be honest, if you take no responsibility for security then not even the best procedures can help you.
I think the inefficiency of public sector workers are the main fault. I have friends who have joined the civil service because it is a job for life. There is no fear of losing your job and a handsome pension at the end of it.
What needs to be corrected is this complacency. After working in the private sector for over 12 years, there is nothing more motivating than if your efficiency and credibility are at doubt, the fear of losing your job grows. That is enough to make most in the private sector more efficient than their public sector counterpart
Why not use Secure Email to transmit the data? UK MoD and US DoD are using such systems. The technology is available - see www.tscp.org
It may be some time before any fraudulent use of personal data will emerge,if the discs have fallen into malicious hands. It was three months, after being compromised, before my Chargecard was cloned for known use,noting superficially good backup proof was also provided in its first attempted 'face to face'usage in a department store. However they got the card's end date slightly wrong and failed to outwit a canny shop assistant who found my rare name in a telephone directory (published details sometimes useful?)and got their finance office to telephone me at home at that instance, late one January night.
All ended well for me but four fraudulent transactions occurred and it took some determined effort with the card company to explain why they had let these occur and left it to a third party to have to tell me directly. They were very casual and evasive. SOUNDS FAMILIAR!
As another finance company was involved a note was made against my credit records, despite assurances to the contrary. This became evident over a year later when we applied for an equity release against our mortgage and I was queried about fraudulent use of a Charge Card. I had to explain somebody else's criminal behaviour, all of which transpired from the burglary of our local railway station offices which held unsecured Card details with addresses for these lovely people to sell on .
Mr. Darling will have to wait with bated breath, hoping the discs have fallen behind some filing cabinet drawer or are stuck between or under a pile of those loosely bound papers.
The stink of having one's identity taken can stick to an individual for years and if these HMR&C details are in BAD hands any people targetted may have a long road ahead to clear their names.
I would like one question answered, which I haven't yet heard asked; how did the Audit Office allow someone to send data on a disk through the post. They cannot say they did not know because they reported that the information had not arrived and it was sent again. Not only are Departments not following standing orders ("the procedures were in place to protect ..")but the institutions that are set up to be the public watchdogs are asleep as well.
This reminds me of the Financial Services Authority who seemed totally unaware that a major financial company (Northern Rock) had a model with no risk management built in.
If I can avoid it, I would not allow any personal information to be held on any database. The bigger the database, the more people (legitimately) will have access to it.
Linda Taylor, CAmbridge
Am I living in the past, is it not a requirement of civil servants, especially those in government and in charge of such information, to sign the Official Secrets Act? Forget Data Protection, disclosure of such information is treason, punishable by...?
An interesting question here is what sort of job did the 'Junior Official' have?
I've worked in quite a few corporate IT departments as a programmmer and database administrator. Whilst there are indeed usually heavy checks and restrictions on office clerks accessing data, access to such by IT people is generally much more lax. Generally programmers need copies of the databases to work with (small subsets often won't do because there are size issues) and even if they don't have routine access to real data it's not usually two hard to get it.
Database administrators are even more privilaged as you can't admin a database without having complete access to it. Indeed in practice it's not at all uncommon for a junior dba (database administrator) with a couple of years experience and in his mid-20s to have access to data which wouldn't be cleared below executive level anywhere else in an organisation.
My guess is what happened is the admin people at the audit office contacted the admin people at the revenue and asked for the data. The request was then passed to the IT department where such a relatively simple data extraction would be assigned to a junior dba or programmer. The dba then did things in the easiest and most straightforward way - a data dump to disk - and sent it off thinking no more of it - because from a technical point of view it really isn't a big deal.
It should be emphasised that this sort of massive data dump isn't at all hard or takes up a lot of space. You can now buy a 64Gb pen drive that will fit on your keychain for less than £100. This is sufficient storage to easily hold the data that's gone missing here. Any dba worth his salt in a position to access the data could easily download a database such the Revenue's to a pen drive in the course of a normal days work without anyone noticing - which is why holding major critical centalized databases such as the proposed ID scheme is a fundementally bad idea as 'security' will be breached somewhere, eventually.
Well our dour scottish leader promised change, and what a change it has been.
Now that the style of leadership has changed it has become obvious that there has been no substance to this government for years. But don't worry, I am sure that the Labour party apparatus will keep on announcing initiative after initiative. Read 'em and weep.
What an immediate and immense response to this item.
Post no.28 is interesting.
Ok so it happened big WOW. Can someone explain how on the one hand the press believes that this poor bunch of saps are so grossly inefficient they cannot post a letter, Now suddenly they have delivered it to the home of the worlds greatest identity fraudster. Get a life Â鶹Éç ITN SKY and all the papers this is not worth your time when there are real problems with our world.
You don't think this is some sort of plot to deflect us from the fact that England will qualify for Euro 2008 whereas Scotland (Brown, Darling and most of the rest of the Government) won't?
To paraphrase that banned record title years ago by Paul MacCartney's band "Wings" - "Give England Back to the English"
lets not kid ourselves, I work in the financial services industry and I can vouch from personal experience that our personal data is as safe as an unlocked car in Manchester.
it is just a matter of time before the next scandal - unfortunately for the current government they happen to be on the wrong end of the stick this time.
We have been told the cd`s that were lost were password protected.
BUT surely the data was also encrypted, so that the right "keys" and the right programs have to be used to read it.
I work in IT passwords are easily forgotten by users so ways around them are common knowledge, if the data isn`t encryted, then the whole department should go, this is highly sensative data, all people at all levels with access to it should understand that, hence if data is not encryted the whole department should be sacked for gross misconduct as the data could be read on any pc running windows / linux etc,
Once you can read the disk just need the right program / correct file format to read data, password protection of files is a joke , might just keep a 5 year old child out, but not a teenager.
One very nervous parent of 2 kids.
Good grief.
Firstly, most of the comments on here are written by people not affected by this. My wife is!
Second, on a daily basis I receive bank statements, credit card and other bills with my name, full address, post code, sort code, account no etc through my door which I should not put into my recycle bin and yet I do. Never had a problem. Even with all this info they cannot access my account or my wife's because they need to know our internet account number, pass code and password, etc and this info is not available on the discs. Even I can't get into my wife's account as I don't have these details.
Yes, it shouldn't have happened. Yes, data should be sacred, however, this is a non-story about an absolute idiot in the Civil Service. We ALL work day in day out with absolute idiots, do all our bosses have to resign then?
Nick and most of you writing here aren't affected at all by this, I am. Get over it, I have.
So, 25m individuals' personal data is mislaid by the incompetent actions of ONE junior official. How does this reflect on the competence of the Government exactly? There is a lot of yaboo about resignations, immediate elections and no-confidence votes, fuelled no doubt by those who would wish Cameron and his crowd into number 10 no matter what the Govt's performance. What is required now is exactly what we have: a calm, rational, measured response from Govt and an apology. This Labour Govt. is far from incompetent, no matter how widly its opponents cry otherwise.
Kevin Hall (#188) reckons its all alright because the problem isn't unique to the Government! Just because other people have made the same cock up, doesn't make it alright that the Government have lost 25 million peoples personal records! This is a major concern for around half the population who won't take comfort in the fact everybody makes mistakes!
Absolutely typical of a centralised, socialist (and yes, brown at heart remains deeply socialist)and over-complicated system. Life is too complex to rule its minutiae as Brown would like. It must a be great irritation for Brown that real life keeps getting in the way of his lifelong grasp for power.
Despite the scale of this data loss by a low level minion within HMRC, I don't think that Alistair Darling can be held personally responsible. However, the individual concerned and the immediate line-management should be facing some stringent questionning in the aftermath.
However, it does bring up the question of ID Cards. Several ministers have been quoted along the lines of "...completely different..." and "...modern security is much less fallible than that currently in use by HMRC...". That being the case, why is the information that has been lost not protected by the most advanced IT security available? Some wags have also been heard to mutter that biometric data cannot be duplicated - this is clearly irrelevant because, as has been demonstrated in this case, nothing can be made idiot-proof and wherever the human hand is involved in anything, mistakes can, and undoubtedly will, happen.
In this case, I am not so much concerned for the account affected by this breach of security, but by the prospect of somebody obtaining one or more credit cards in my name and enjoying a spending spree at my expense. Mr Darling says that losses as a result of this fiasco are covered by the Banking Code but the banks will be unwilling to meet these costs from their own pocket as this data loss was as a direct result of incompetence within a Government Department. As such, we, the Taxpaer, will be footing the bill in the long run.
How is it that a junior official can have access to so much sensitive data in the first place?
Who else can access all of these bank account details?
My company holds the bank and credit card details of customers. These are kept in a secure environment with CCTV in pace and access is stictly controlled.
If we lost or exposed any of this data we would be fined heavily under the Data Protection Act. We would also probably lose a great number of our customers.
None of these rules seem to apply to government.
As usual it just goes to show that politicians should never be allowed to be in charge of anything.
Gone are the days when shops would ask you to write out your name and address in order for goods to be delivered to you. Now I'm asked for my postcode and house number for the shop assistant to then repeat it back to me in full. Often I'm then asked for my phone number. Anyone standing nearby will know where I live and how to get in touch with me. The e world is supposed to be safe, surely the government would have secure enough systems for the data to be encrypted and sent through the ether? And why wasn't the data encrypted on the discs if this was their only method of transferring data from one office block to another?
Like several others in this list I'm curious to know why the NAO wanted the data. Did they request all the data items sent to them or was it just a lazy (or over-zealous) HMRC minion? Has data been sent this way before? Can I go to lunch with Sir John Bourn? (no forget that last one)
Nick, these are not military systems. They use commercial off the shelf software and hardware. It is also clear that the government, nor their advisers it seems, do not comprehend the complexities involved managing this kind of data.
Aside from the above, why has no one picked up on the fact that it was due to the audit office requiring a peek at the records that it was lost. What were they auditing?, why could they not attend the site of the HMRC systems to perform their audit?, why did the data have to be copied and transferred off-site?, why weren't there access methods available which did not require copy and transport of the raw data? I could go on for pages and pages of these kinds of questions.
Hi Nick,
"Forgive me if I'm misunderstanding something - I'm sure you'll respond if I am - but I fail to see the relevance of job cuts or unopened post or low morale at HMRC to this."
In the days when most people that worked for the Inland Revenue (and not some overpaid £1300 (yes, you read correctly!) per day consultant), we moved post etc via our own internal mail system.
OK, it may not have been data on a CD or DVD in those days, but it would have still been in house.
The chance of any loss of information such as this, who knows but surely it wouldn't have meant the involvement of an outside business who it seems cannot be brought to task about this potential loss.
Which then brings me to the next potential disaster waiting to hit at HMRC.
Not only do we employ a rather large number of temps (anyone for illegal immigrants?) to save on costs (pensions etc), but our data gatekeepers are the ever expanding Fujitsu empire.
And the price of this outsourcing to the taxpayer?
£8.4 Billion! This started off as around £3 billion about three years ago, but just keeps on raising.
the reason I mention this?
There's VERY, VERY limited money left for HMRC to function in an IT sense.
It's no wonder that something like this has come to light.
There's nothing in place from within the department that our own knowledge and common sense would have told us.
We're now all told what to do by these consultants.
Just wait for the next bombshell.
I've no doubt in my mind it'll come.
And yes, I am a very dis-illusioned and demoralised Civil Servant with 27 years of service, and in all my career I have never seen such incompetant managers and their decisions as i have witnessed in the last 5 years or so.
Right, that's me off my soap-box!
#263 - Michael Hardy wrote:
"There is a huge problem in the UK in that competence is undervalued and incompetence tolerated, whilst those skilled in any kind of politics rise to the top."
Absolutely spot on.
My wife is a doctor and finds her clinical judgement is dictated by a politico from the PCT. I am an consulting engineer and find the same in my public sector work.
This current scenario demonstrates the terrible neglect of good professional administration.
I am not in the least surprised that the government continues to push ID Cards but the question people need to ask themselves is what the consequeences would have been had this leak been of the National Identity Register. The point of the NIR is that it is a master index to every state and (the government would like) every private financial record a person holds. If this information is compromised then you might as well become a new person as your life will be changed forever. The biometrics in the ID Card will not really protect as much of the information is useful without the biometrics. In addition, the government plans to harvest the biometric information through travel agents and post offices so the risks of misrepresented biometrics is very high indeed. As an IT professional, I hope the lesson the public take from this farce is that over centralisation of data is as risky if not riskier than over-distributed data - data that is scattered across a hundred systems. The ID Card is not particularly the issue. The issue is the over-centralisation of data and the profound risks that represents to everyone's financial and even physical health. One can but hope the British public learns from this and starts making its voice heard.
Although the government has fobbed everybody off on the back of its' assurances about the fraud protection offered by the banks (thank God for their foresight, eh?), it hasn't addressed the far more sinister issue of identity fraud.
As the Data Protection laws have clearly been violated, the only thing I want to hear is that every victim involved in this debacle will automatically be issued with Identity Theft Protection Insurance, paid for by the government. This could be initiated within a matter of days as there are many commercial companies already offering this service. I suggest that they pay for it out of their pension funds, golden hellos, platinum handshakes, completely unwarranted performance bonuses etc.
It would surely put some peoples mind at rest if they knew for certain
whether their details were on the missing CDs. For example, did it only
include current recipients of Child Benefit, or did it include
historical data of anyone who is now over 18. If the HMRC could at least
say that anyone born before (say) 1st January 1989 is not exposed to any risk, that would be a help.
The trouble with this kind of data is that once it is lost, it can never be recovered and made private again.
Something has to be added to the data protection act, to ensure that organisations only allow employees access to personal data on a record-by-record basis, with some mechanism in place to ensure that the record is being accessed for some valid reason. Additionally, every single access to the data should be logged, and the results audited every so often, so that the employee knows that they are being monitored.
Who wants their NHS records sold illegally by a rougue employee within the NHS? For that matter, who wants their medical records open to be viewed at a whim by any nurse, dentist, doctor or administrator across the country? Trust, procedures and rules will never stop this happening.
This is the National Audit Office's instructions from their own NFI handbook on sending data 'securely':
It is recommended that data is either couriered or sent by registered post. Data should not be emailed.
If auditors say 'jump, people jump. The junior officer was doing exactly what they were asked.
I think we should all be very worried.One of the many incompentences caused by this goverment was the foot and mouth crisis caused by their mismanagment.Their answer to this was to suggest that farmers are levied to pay for the clear up of the disaster that they caused.This they intend to push ahead with.Maybe all parents whose details they have so cavavierly lost can expect to pay extra tax in future to clean up this mess.
UKplc has an executive management structure like any other organisation. The CEO is the PM and the Directors are the Cabinet Minister (MP's).
The executive of HMRC resigned as expected from any organisation. So why are Gordon and Alistair still in their position? Surely, they should follow the same route as the executives of HMRC.
People of UK would normally have elected the executive of UKplc, however, in this case we have been handed on the plate by NuLab after Blair resigned. Therefore, people of UK have the right to ask for UKplc’s CEO and some of its Directors (MP’s) to resign with immediate effect. In fact NuLab should ensure that this is done before UKplc take this country into a 3rd world position.
I can't beleive how low key the Â鶹Éç is being about this story...it seems to me that this is an issue of competence and about the prime minister..yet for some reason the Â鶹Éç reporting is focusing on a 'junior official'.
If this had been the Tory Government in the mid 1990's the Â鶹Éç reporting would have been rabid about competence etc
At times like this I expect the Â鶹Éç to be fearless in its reporting not complicit in downplaying both the seriousness of the issue and the culpability of ministers.
Of course this shouldn't have happened, but people should be much more concerned about the vast volume of highly sensitive data which is processed off-shore every day of the year. Most banks and financial institutions are regularly sending their customers' transaction data all over the world for processing. Staff vetting is far less rigourous in many of these off-shore locations - this is the real threat, not some incompetent civil servant loosing a couple of CDs.
Nick,
Congratulations on promoting the best metaphor yet for sensitive data: "a virus in a lab". It's doubtful if ministers will ever be required to understand databases and computer security, but in the meantime good metaphors are extremely useful for ministers, civil servants and computer system administrators to live and work by.
The Chancellor seems to think there will be relief all round if the discs are discovered and returned. But how can he know whether they've been copied? Steam open the envelope, copy the discs, and make a mint from a sale to the Russian Business Network. Viruses that have reproduced a thousand times are indistinguishable from those that die without replicating.
Can someone also ask whether digitized images of signatures are part of this data?
A 'junior official' is being blamed for copying a large database onto 2 CDs and sending them off by courier to the NAO. The NAO says it only wanted a sample, not the whole database.
First, some of us might remember that the the source for the Today dodgy dossier report on Iraq was claimed at first to be a junior official; he turned out to be Dr David Kelly, one of the world's leading experts on arms control and illegal arms detection. So I wouldn't take the current spoutings about junior officials at face value just yet.
Second, it begs the question of how much reliance can be put on NAO reports if they are in the habit of letting the people audited pick the audit data for them. But their head, Sir John Bourn, enjoys swanning round the world with his wife at our expense, so probably has his mind on other matters anyway.
The idea that it is a low level cock up beyond the government's control, doesn't wash. Their fingerprints that allowed it to happen, are all over this.
The HMRC merger, the job cuts, and the lack of basic security procedures, have all been mentioned. Not the following point.
In July 2006 the government quietly made a significant change through secondary legislation (therefore bypassing a Parliamentary vote) on Data Protection. From data not to be shared, it became 'will normally be shared, provided it is in the public interest'. Before that change, the transfer of data would have been illegal. The fiasco would not have happened.
What needs to be revealed is, what was the public interest in sending highly sensitive and confidential records, of 25 million of the population, including children, to the National Audit Office, from Tyne and Wear to London? Can that question be put to the Chancellor, Alistair Darling?
And to the opposition, could they be asked if they will reverse the change and revert back to the previous data protection law?
Hi Nick
They say "a fish rots from the head down" and this is proving to be so. Gordon Brown is proving to be like a fish out of water as a PM and the small fry around him are not satisfying our appetite. A fishes guts are not a pleasent sight and the guts of this government are trying to do a job which is progressiving ripping line of the spool whilst they are struggling to hold onto the rod before it breaks in two.
There was a lot of talk about Brown v Blair not so now, bring back the codfather !
With this current debarkle over lost child benefit records and the fact that millions of children are being fingerprinted at schools, how long before innocent children find themselves victims of wholesale ID fraud. It is rankly a disgrace and heads need to roll. No pay off , no pension just the sack.
Nick, I think you are spot on with your analysis that the big rumbling issue is the use (and lack of protection) of personal data. It is probably the amount of data on each individual that the government wants to hold in the national ID database that worries people as much as the idea of having to have an ID card, coupled now with the famous 53 pieces of information (including credit card details)that the PM now wants every traveller to provide before being allowed to travel, together with the thought of all of every individual's medical details being held on a central database ... and so on. People would probably worry even if they knew categorically that these data were secure, but recent examples across the board have shown as you say that there is a yawning gap between theory and practice. And, here's the rub, the individuals' worry will likely increase to fear and anger. If kafka were an Italian adjective 'kafkissimo' would be the best adjective to describe how many of Her Majesty's citizens feel about the overmighty bureaucracy! And yes this is political, because in a democracy angry citizens will sooner or later relish the opportunity to do something about it at the ballott box... As long, that is, that the alternative government continues to show a greater respect for the concerns and worries and anger of the citizens! It is no good the PM thinking and saying that he knows what is best, ultimately it will not be his verdict that counts.
I agree with Nick. There's a time for party politics - when, despite weary and worn assurances of a new style of parliamentary debate, we end up with the usual pot shots over the despatch box - and there's a time when it's best to keep schtum, your powder dry, and let your opposition blow their own feet off. Don't know why the labour MPs were so pleased after PMQs - David Cameron didn't have to do a thing except watch Brown and (Captain) Darling floundering in a mess of their own making. I'm sure 25m potential victims of the cock-up didn't particularly want to see the Tories making capital out of their misfortune - they wanted to see what's being done about it. They'll form their own opinion about incompetence, system failures and where the buck stops. They may have forgotten the specific incidence come polling day - but the perception of lurching from one crisis to another tends to linger...
The HMRC merger, the job cuts, and the lack of basic security procedures, the low level cock up (if that is what it was), are all incidentals in the bigger picture, as Nick alludes to. Yet he did miss a point even more substantive.
In July 2006 the government quietly made a significant change through secondary legislation (therefore bypassing a Parliamentary vote) on Data Protection. From data not to be shared, it became 'will normally be shared, provided it is in the public interest'. Before that change, the transfer of data would have been illegal. The fiasco would not have happened.
What needs to be revealed is, what was the public interest in sending highly sensitive and confidential records, of 25 million of the population, including children, to the National Audit Office, from Tyne and Wear to London? Can that question be put to the Chancellor, Alistair Darling?
And to the opposition, could they be asked if they will reverse the change and revert back to the previous data protection law?
Come off it, you seriously can't see how staff cuts can affect procedures?
You can have all the security procedures in the world, neatly typed in shiny ring binders in HMRC but, if there aren't the staff or the resources to carry out those procedures then, when a minister or a manager says "do this", those procedures will get bypassed.
Try telling a government minister that something can't be done because of the needs for certain processes - you'll find yourself marked down as having a negative attitude.
If the electorate keeps voting in governments with a casual attitude to the civil service and keeps demanding staffing cuts in the civil service, that same public can't act like an outraged dowager when their neglect and false economies lead to an almighty cock-up.
And Simon Hoggart's "porpoise in a bath" remark was about George Osborne not David Cameron. Do try to get the occasional detail right.
Biometric data even with encrypton will eventually be cracked by hackers (it already has). I've worked with computers for over 35 years and have seen hacks and cracks appear (even as free dowloads) for all manner of so-called "secure" products.
For example, Lukas Grunwald a consultant with a German sercurity company has already discovered a method for cloning information on the new "hi-tech" biometric passports (Guardian 6/7/06).
I am perplexed that it seems that the original data held on the server not encrypted, making it far more secure (without "keys") if it is lost and found.
Another concern is that the blame is being put on an insignificant junior. Why do such persons have access to the data and what sort of security checks are run on personnel?
And finally, you can't ignore what the staff say. Alistair Darling doesn't know what effect cuts have on nor staff morale or security. And it appears that he knows even less about secure data.
Hi Nick,
This government, almost since its inception, has ignored the rights to privacy of the ordinary man in the street. It has behaved completely undemocratically, riding rough-shod over much of the countries opinions in the belief that they are right and the electorate being, what could only be relatively termed "ignorant peasants". The reason? We (the electorate) shouldn't comment on that which we have little or no real knowledge.
Well, I KNOW when my rights are being corrupted and with the way the government slams around deriding democracy, centralising government to the degree that the "BIG BROTHER" tag is an almost specious term. I believe we have gone well beyond that envisaged by George Orwell because surveillance, data collection on the populace, etc, should be covertly applied. At least George had the decency to give the perpetrator a nice cosy name. What should we call George Brown? Big Bro' George?
Then this, the mis-application of the great Procedure. People are now so browbeaten by political correctness and the dumbing down of society to suit the profile of the lowest common denominator it is little wonder the Procedure is ignored - it's the only plausible way people can show their resentment of an overbearing, thuggish government insisting on looking after everyone from cradle to grave. I don't like it!
Nick, losing this stuff is bad enough but what about the new NHS 'spine' which is being loaded with the confidential medical records of every citizen in the UK, in the cause of enabling doctors and other authorised healthcare workers to access the records immediately (without having to wait for records to be sent). At the time this was proposed, most GPs were against it. The usual assurances were given that data would be protected but, as some commentators said at the time, there's not a secure computer system in the world. Imagine your health records being available to all and sundry.
Banks have been holding data for years and have resources galore but they still cock up on a regular basis - recall RBS and a mountain of records turning up at some bemused customer's address some months ago? Or instances of records for sale?Perhaps this ought to be a wake up call regarding what data we hold and how it is held. So far as I am aware this latest is a breach of the Data Protection Act and it is arguable that a criminal offence has been committed in failing to ensure its safekeeping. The Information Commissioner ought to be invited to comment.
What an immense and immediate response to this item.
Post no.28 is interesting. Government's competence Nick?
I notice the papers are suggesting that the Civil Servant in charge of HMRC has done the honourable thing and resigned. However, he is a 59 year old career civil servant, who has walked away from a monstrous failure on his watch, and therefor his reputation remains intact, his pension will be paid, and no doubt he will pop up as a highly paid consultant either in the private sector or attached to one of Gordon's much loved quangos. Not honourable, I suggest we are mislead, he has skulked away without any of this calamity sticking to him. The pension element is particularly galling to those in the private sector, who would have been sacked for such sloppy management. Public sector managers are overpaid given the complete lack of responsibility they seem to have.
This data is potentially out in the open, and cannot be put back in the box. There is the short term worry about our bank accounts but we can change those. However my 3 year old daughter will have to spend the rest of her life, worrying that her identity will be stolen, because of the neat package of data the state has managed to loose.
Is the Government going to indemnify her and the other children possibly for several generations against identity theft? I expect not since they are counting on the Banking Code to pick up any resolve any issues.
Funny how Mr Darling can underwrite Northern Rock customer accounts when the Northern Rock board got the bank into difficulty, but is not prapered to underwrite our bank accounts when the state has potentially compromised them.
Come off it, you seriously can't see how staff cuts can affect procedures?
You can have all the security procedures in the world, neatly typed in shiny ring binders in HMRC but, if there aren't the staff or the resources to carry out those procedures then, when a minister or a manager says "do this", those procedures will get bypassed.
Try telling a government minister that something can't be done because of the needs for certain processes - you'll find yourself marked down as having a negative attitude.
If the electorate keeps voting in governments with a casual attitude to the civil service and keeps demanding staffing cuts in the civil service, that same public can't act like an outraged dowager when their neglect and false economies lead to an almighty cock-up.
And Simon Hoggart's "porpoise in a bath" remark was about George Osborne not David Cameron. Do try to get the occasional detail right.
The HMRC merger, the job cuts, the lack of basic security procedures, and the low level cock up (if that is what it was), are all incidentals in the bigger picture, as Nick alludes to. Yet he did miss a point even more substantive.
In July 2006 the government quietly made a significant change through secondary legislation (therefore bypassing a Parliamentary vote) on Data Protection. From data not to be shared, it became 'will normally be shared, provided it is in the public interest'. Before that change, the transfer of data would have been illegal. The fiasco would not have happened.
What needs to be revealed is, what was the public interest in sending highly sensitive and confidential records, of 25 million of the population, including children, to the National Audit Office, from Tyne and Wear to London? Can that question be put to the Chancellor, Alistair Darling?
And to the opposition, could they be asked if they will reverse the change and revert back to the previous data protection law?
As a matter of collateral interest, Bill Thompson's techie page is not irrelevant to why the Government managed to shoot itself in the foot. Nemesis is clearly at work.
I doubt very much that the 'junior employee' who is being blamed did anything more than drop the package in the post. The data must have been downloaded by someone else and passed to him/her. There is no way a junior employee would have the user permissions to do this. More likely a senior manager asked an IT guy to do it for him, bypassing the entire procedural system, then passed it on to the office junior to post (or maybe did it himself). If TNT segregate and carry all their post, then there is complacency over this too. Why mark it for recorded delivery?
It would be very easy to find out who downloaded the data, which terminal was used, which password was used and the exact time and date. From this, the culprit could be readily identified. If the IT guy did it, then it'll be his PC that ran the query. If it was the manager, he's unlikely to have left his own office to do it. Simple investigation.
Covers are being pulled here and they expect the public to buy it. It's not an office junior, it's a critical management failure that they don't want exposed. Why do you think the boss fell on his sword?
The HMRC merger, the job cuts, the lack of basic security procedures, and the low level cock up (if that is what it was), are all incidentals in the bigger picture, as Nick alludes to. Yet he did miss a point even more substantive.
The Labour government have enabled and nurtured the framework that has created the ‘accident waiting to happen’.
As just one prime example, in July 2006 a significant change was made through secondary legislation (therefore bypassing a Parliamentary vote) on Data Protection. From data not to be shared, it became 'will normally be shared, provided it is in the public interest'. Before that change, the transfer of data would have been illegal. The fiasco would not have happened.
What needs to be revealed is, what was the public interest in sending highly sensitive and confidential records, of 25 million of the population, including children, to the National Audit Office, from Tyne and Wear to London? Can that question be put to the Chancellor, Alistair Darling?
And to the opposition, could they be asked if they will reverse the change and revert back to the previous data protection law? Their criticism and complaints are all very well, but they should at least give us some specifics on what they would have done differently.
Maybe this is indicative of a wider problem with IT Security. Most people find it difficult and clumsy configuring and using such things as Firewalls, encryption technology etc. The frightening result is that the vast majority of IT users simply don't bother with it. I suspect that the IT Security industry is a significant part of the underlying problem here - until it produces products that are simple and effective to use then users will still be "scared off" of doing what they should to protect themselves and their data.
Maybe this is indicative of a wider problem with IT Security. Most people find it difficult and clumsy configuring and using such things as Firewalls, encryption technology etc. The frightening result is that the vast majority of IT users simply don't bother with it. I suspect that the IT Security industry is a significant part of the underlying problem here - until it produces products that are simple and effective to use then users will still be "scared off" of doing what they should to protect themselves and their data.
I have found the discs and identified the particulars of all members of Gordon Brown's government and the Parliamentary Labour Party. I'm selling them on eBay to highest bidder.
But the good news is that Richard Thomas the Information Commissioner had already put the wheels in motion for a new criminal offence.
The offence would be for knowingly or recklessly flouting data protection principles.
Offenders could be fined up to £5,000 in a magistrates court or unlimted sums in the Crown Court.
Who would take HMRC to court I am not sure but I suspect the banks might think about if their losses start to mount.
HMRC does have a Chief Information Officer (CIO) and perhaps it is he who should be answering some of the questions readers are posting.
I dont think it is quite that easy to copy data to a CD, or other form of removable media, on any government computer installation.
If it is then its the CIO who should be targetted not the ministers.
Mind you DVDs are better than CDs, USB sticks better still, and IPODs are fantastic as they can hold oddles of data. But can you still listen to your favourite tracks whilst copying those boring big files?
Working in an NHS Trust IT department (one with a good record on data security) I am incredulous at how this has not happened sooner.
Two CDs carrying 25million records is nothing - more data could be easily dropped onto a USB flash drive or other flash storage unit in a fraction of the time and easily slipped out of the office.
What we have here is - on the whole a culture and government that hasn't the first idea of its responsibility to data security, technology use and policies and procedures that Labour and public service departments like to repeatedly tell us are in place are not worth the paper they are written on if the people supposedly adhering to them are incompetent.
When 25 million records of this type can be stored on writable CDs, why are department's IT departments/information security bosses allowing users (staff) access to these devices?
What need does any standard office have for a 2gb USB flash drive, capable of holding 2000 (TWO THOUSAND) floppy disks of data?
The system is flawed, and we as a culture need to adapt. The Government need to act quickly, and either lead by example, or step down.
Nick,
You must have been watching a different PMQs to me. Gordon Brown unscathed? You must be joking!
As a Civil Servent but not employed by HMRC I am astounded at the actions of the "Junior" official who did this. All Civil Servents are aware of the Data Protection Act. I would like to know how junior this officer is. I assume he was instructed by his manager to download this information, in which case more than one person was involved. Normally I would expect a member of staff would have to be given specific access to such information before it could be done. Presumably he was also told to send the disks and was either told to use the TNT service, because it costs less, or it was the usuall practice. As a family that receive CHB I would also like to know why the NAO needed my personal details from the HMRC ? If they didnt then the Data Protection Act has been broken and those responsible should face prosecution. Also the staff cuts throughout the Civil Service have left Depts with young inexperienced staff paid barely above Minimum Wage who are never going to be motivated to provide excellent service that used to be the pride of the British Civil Service.
Hi All,
The protection of data will increasingly be an issue of trust for the Government. Since Brown has taken over he has become accidcent prone. Serious issues one after the other have only served to show that at best he is unlucky, and at worst that his only talent lies in plotting the down fall of others. Napoleon wanted lucky generals, Brown is not lucky in any way but rather Bungle Brown, Bottle Brown or whatever you want to call him. Either way the government must be held to account for this and take responsibility. In the past resignations were rightly offered and accepted for incompetence for offences far less than these - even in the recent past - see Blunkett for details.
The government through their processes have allowed for half the population to be put at an increased risk. Half the population. I can't think of another issue, apart from a declaration of war which could in one move uniformly increase the risk of the population. Call the election now Gordon so that we avoid the Bungle Brown curse in the future.
I'm glad it was'nt a box set, Christmas n all.
I would hate for people to find out the gaffs I make on a daily basis at work...
You are right on many things Nick, but one thing. Your senior labour mp who said "we are beginning to look like the Tories in the mid-90s" is flattering himself and attempting damage limitation. The last Tory government were nothing compared to this lot in terms of sleaze, incompetence and down right dishonour. They bend the rules constantly, they are found wanting constantly and they misrepresent the facts almost always. And no-one resigns. In the Tory days of sleaze and incompetence they resigned over £1000 planted questions and sexual adventure. This lot could send this country to the wall, try to bury the news, be found out and blame others (the Tories)and still demand a bumper pension. It is time you guys at the coal face did some proper "then and now" research and threw some proper light on how low this govermnment has got.
Who will actually suffer as a result of this apart from the at-risk population?
Surely one minister needs to be fired over this (if not the chancellor himself). Further, given that the primary economic benefit of being a civil servant is the pension scheme, someone needs to be publicly fired and their future benefits taken away as an example to others. What will change in future if nobody is fired over this: people in such positions should respect the responsibility they are given and not be allowed to hide.
Mistakes, happen, and apologies are good, but if accountability is not seen and publicly demonstrated this life-long labour voter will vote otherwise at the next election. One consequences of having such centrist parties is that when policies are so similar, the voter decision will be based more on trustworthiness and integrity. Unless Mr. Brown shows he is worthy of my trust by firm and public action, he will lose my vote next chance I get.
I am glad this has happened - it is unfortunate for any affected - but finally something will get done.
I had it happen to me at Nationwide Building Society (lost laptop), it also happened with HMRC and Standard Life BUT it doesn't affect me this time. HMRC lost discs to Standard Life yet STILL they did not change their procedures. Because of this more heads should roll. Now the armchair army will finally sit up and take notice when potentially the most financially vulnerable are affected.
How does someone prove ID theft was caused by this and claim compensation for damage to character and inconvenience when banks like Nationwide won't state whose details were lost (as I have 5 of their products my details were likely in there)? The ICO (Info. Com. Office) are useless and won't provide me with an answer. Also, how and where does the ICO fine for companies like Nationwide get returned public or compensate those affected (I know the banking code fixes their accounts, but it doesn't provide for the aforementioned inconvenience) - the ICO didn't answer this either.
Considering how much post was lost and never retrieved because of the postal strikes, and bearing in mind that the envelope with the disks in bore no special marks, I think it is highly unlikely that anyone with ulterior motives would be able to identify it even if they came across it. It is, presumably lost in a mountain of similar envelopes that the postal services have no intention of delivering.
I agree with the security expert who posted on this blog that it simply should not be the case that data is held in unencrpyted form in these Government databases.
If data is held 'in the clear', then that in itself should constitute a security vulnerability.
The Information Commissioner's Office powers need beefing up ... urgently, so that it can address these serious issues.
I would imagine that UBL and chums are thinking that blowing up people and buildings is 'old hat' now.
Far easier to create economic havoc by stealing data.
Yes, HMG, get a grip.
Nick has really got to the heart of the matter in this post.
I'm an IT professional, and the Government's writing this off as a case of an individual not following procedures really doesn't cut the mustard.
Why?
A fundamental point underpinning any processes surrounding computer security is that people can not be trusted to follow them properly. If you do not have technological measures in place to enforce and audit your data management policies - then all you have is what we call "a moron signing off your IT". Responsibility must be shared by the people the people who allowed the breaches to be possible.
I can not comment on what level of access the perpetrator needed to do his or her job. Lets (laughingly) give them the benefit of the doubt and assume that they do need the ability to return large data sets like this on an ad-hoc basis. Dumping out 25 milion rows of sensitive data can not possibly be a regular occurence, my systems would alert me if something like that happened and it would be immediately investigated. That obviously didn't happen because no one realised there was a problem until the discs didn't arrive (oh, by the way not to worry or anything but that DOES mean that'd anyone working there who wanted to steal this data wouldn't have a particularly hard time of it).
Really, a screwup of this magnitude being possible and a basic level of IT competency are mutually exclusive. Anyone who says anything different does not work in IT or is lying.
Do not trust these people to run a national ID card scheme. Please.
A
Those that are calling for the government to resign over this issue are missing an important point. If this happens it would mean that a lowly individual in an operational role has the power to bring down the government! Surely our democracy can do without that threat. The logical extension is that if this lot is thrown out and the next lot get in all somebody has to do is loose a few data records and the whole lot change again!!
The significance of job cuts etc Nick is that this error is typical of organisations who are banged together to create one new one, savings are achieved by brutal headcount cuts probably at management as well as operational level, processes aren't adapted, systems aren't enhanced to meet the new operating model, and people aren't trained as required (training ls always an easy "saving"). So you end up with an insecure, unconfident, inadequately trained or suvervised workforce who will make mistakes. I am prepared to bet staff hadn't been trained in their responsibilities for data protection or the associated processes, for years, and noone was concentrating on it. And this isn't just a problem with government - this is how much of the private sector works - getting away with it most of the time, and occasionally falling flat on its face.
Nick,
Congratulations on promoting the best metaphor yet for sensitive data: "a virus in a lab". It's doubtful if ministers will ever be required to understand databases and computer security, but in the meantime good metaphors are extremely useful for ministers, civil servants and computer system administrators to live and work by.
The Chancellor seems to think there will be relief all round if the discs are discovered and returned. But how can he know whether they've been copied? Steam open the envelope, copy the discs, and make a mint from a sale to the Russian Business Network. Viruses that have reproduced a thousand times are indistinguishable from those that die without replicating.
Can someone also ask whether digitized images of signatures are part of this data?
Gordon Brown - The id fraudster/paedophile’s friend
Darling tells us not to close our bank accounts and almost in the same breath tells us to check our bank statements. From now on every victim of id fraud, whether related to this or not will suspect the government are to blame.
I will never arrange a direct debit with a government agency again, would you? I wonder how many MP’s are changing their bank details right now while telling us all to there’s nothing to worry about?
Every one of them should be made to answer that question.
It’s not all about the money.
This story has only just begun, when the enormity of the breach, leaking the names, addresses and ages of all of our children, whether they live with their natural parents or not, potentially vulnerable etc, sinks into public consciousness, this lot will have to go.
You say:
"losing the personal data of almost half the adult population"
I don't think that's right. Included in the 25 million records are 15 million children as your own Â鶹Éç says here:
Why harpoon your enemy when they are cutting themselves to pieces.
When was the last time you had so much traffic on your blog?
If Labour MPs view this through the Westminster village, they are village idiots.
Nick,
Were you watching the same PMQs as me? Gordon Brown survived unscathed? You must be joking!
Once again, it appears, the British Government of the day will respond to an awful mistake by a civil servant - by initiating a massive review. Resulting - no doubt, in a renewed focus on establsihing robust processes and systems of control in order to prevent future mistakes happening...
Invariably the review will be headed by a distinguished, well respected public figure, invariably a sound stragy will be formulated with numerous well thought through recommendations. In several months time the public, media and politicians alike will agree with the findings of the review, commend the 200+ recommendations - and the story will ebb away...
Why oh why cannot politicians see that the time and money should be invested in people, not reviews and reworked processes. Its people that fail to follow processes, its people that make mistakes.
Our british government must set the performance bar for its public servants far higher, establishing real consequences for failure and stop tolerating mediocrity. We seem to have convinced ourselves we are over-worked, high performing nation. We aren't.
The government is right to cut jobs and modernise the public services (as its plain to see there is still a massive amount of 'fat' in our public services) but to do so whilst retaining the paucity of effective senior leaders at the top of our govt departments - is an absolute disaster. We need to rethink our expectations of civil servants, or face many more scenarios like this one....
Hi Nick,
Do HMRC have a mechanism to check if an employee downloads a database?
If not, how can they know if someone working in the revenue has downloaded and sold a database.
If they do, for example: have a log of these computer transactions, then someone should have noticed the download on the 18th October and checked what was happening.
This potential loss of 25 million data records has only come to light because the CD's failed to turn up in the post.
Even if the CD's turn up no-one can be sure they have not been copied.
But, worse still, my guess is that no-one in authority will know if this data has been downloaded and sold in an unrelated event.
Robin in Somerset
As some one who was works within the civil service, it is not hard to see what has happened. I work at a very low position, and I very much doubt that the person who was responsible will be that low. I work in a contact centre dealing with customers on a daily basis, and trust me morale is as low as you can possibly imagine. The system I use is not coping, and constantly has to be adjusted and "improved". It never really is. Those higher up decide that those on the front line have to be threatened with "training" if you use your own name more than once in the first phase of a call, but find it acceptable to leave us without basic information to complete the rest of it.
Relating to whether the current government should go or not. As little faith as I have with them (which diminishes on a daily basis), my real worry is who the alternative is. A party without a direction, policies that are about as daring as an 80 yr old having a second sherry on a saturday night, and the hope that they'll get in by the incumbent government making such a royal mess of it that they don't have to do an awful lot. I really think we need a viable third alternative, but we don't.
So unfortunately, my personal view is that we have to allow Gordon Brown, etc try and dig their way out of this themselves.
I am disgusted. Our details have been treated with absolute disregard, offered no protection yet we are encouraged constantly to deliver more and more personal and private information to this incompetent and incredibly arrogant government. I work in the NHS and have to constantly listen to "Information Governance". The protection of personal information is paramount. I know we are only human, but this recent episode is a disgrace, has been dealt with very casually and has taken a month to become public. And now I believe that the Head of this Department is to remain on full pay until an early retirement package can be worked out.He has resigned. He has no right to receive a salary and this government have no business giving him an early retirement package out of the public purse. Disgraceful.
Remind me again, WHO WAS THE CHANCELLOR responsible for introducing the initial changeover and who was still the chancellor when the first known balls up happened in MARCH !!!!
Mr Brown is doing such a good sidestep he should be on Celebrity Come Dancing with his Darling.
Is there anyway at all for us to force the government into an early election? Please
Nick, I think you are spot on with your analysis that the big rumbling issue is the use (and lack of protection) of personal data. The amount of data on each individual that the government wants to hold in the national ID database probably worries people as much as the idea of having to have an ID card, coupled now with the famous 53 pieces of information (including credit card details) that the PM now wants every traveller to provide before being allowed to travel, together with the thought of all of every individual's medical details being held on a central database ... and so on. People would probably worry even if they knew categorically that these data were secure, but recent examples across the board have shown as you say that there is a yawning gap between theory and practice. And, here's the rub, the individuals' worry and frustration will likely increase to fear and anger. If kafka were an Italian adjective 'kafkissimo' would be the best adjective to describe how many of Her Majesty's citizens feel about the over mighty bureaucracy! And yes this is political, because in a democracy angry citizens will sooner or later relish the opportunity to do something about it at the ballot box... As long, that is, that the alternative government continues to show a greater respect for the concerns and worries and anger of the citizens! It is no good the PM thinking and saying that he knows what is best, ultimately it will not be his verdict that counts.
Just watched Nick Robinson on the 10 O'Clock News and once again he has got in the way of what is a massive story.
Stop trying to be the news and report it (unless you are auditioning for the next celebrity reality series).
This requires formality.
Dear Mr Robinson,
There are a number of questions which the Government needs to answer:
- Were repeated attempts made to send to the NAO personal details which the NAO had clearly stated that they did not require? If so, this was not data sharing within government; was it not an apparent clear criminal breach of the Data Protection Act? Are prosections being considered?
- How exactly does the number of records sent far exceed the number of those taxpayers qualifying for Child Benefit?
- Cheap, easy and secure encryption has been available for decades. It is regularly used by the Revenue in other contexts; how did it come about tht encryption was not standard procedure here?
-Direct electronic transmission of data, providing nearly instant confirmation of its receipt, has been used regularly in government for many years. How did it come about that it was not standard procedure here?
No system can be proof against all the unfortunate or malicious things people do, but answering those questions in full will take us some way into seeing what was wrong with the Revenue's systems, when these faults arose and from what sins of omission (or misplaced zeal)they came about.
Civil Servants (I was one) are rightly accountable for instances of failure of this kind. However, if a department becomes "not fit for purpose" any Minister who has been in charge of it for a substantial period must accept a substantial share of the responsibility for that state of affairs, unless he or she can demonstrate evident non-responsibility.
Your admiring servant,
My gut instinct (the minute this story broke) is that this will finish the Brown government - interestingly many foreign friends of mine also agree. Tony Blair certainly knew when to jump ship. We've all had enough of Clip Boards and red tape here in the UK. All these Government reviews are just more wasted paperwork with no real action. They've burned billions of our Tax payers money on the NHS with no result (my local Hospital, the Royal Tunbridge Wells, looks from the exterior like a Baghdad Police Station - where I'm sure the hygiene standards are much higher, and I know the death tolls are lower). The Police now constantly moan about the Paperwork taking precidence over the job - they're more interested in ticking boxes and chasing road traffic offences. Our roads are full of Potholes (in South East England) cosmetically fixed every time someone breaks a tire on them and makes a claim - with the insurance payouts exceeding the cost of the repairs (if they had been done properly in the first place). Councils now pay in excess of one hundred thousand pounds (that's $200,000 for any one outside the UK wishing to make sense of this madness) for Zebra Crossings (Painted lines and two flashing lanterns); a single example of many "Beauracracy gone mad" instances commonplace in governmental decisions that promulgate from our Nanny state government in the UK. Now they've posted all our Personal Data on the Internet so fraudsters can filch even more money from us than this 'Government' do themselves. I tell you, democracy is not the be all and end all of Govern(MENTAL) systems. Don't get me wrong Britain is a great place - just run by Alpha-ole's at the moment.
If Data Protection is ever to be taken seriously somebody needs to go to jail over this one.
Not just the junior who did it, but the idiot who asked for it to be done and the even greater idiot who allowed this level of access.
Why on earth do they have a system that alllows this level of data extraction, surely you only need to query 25 millon records to find a few or for statistical purposes (and you really don't need bank account numbers for statistical purposes do you).
Working in an NHS Trust IT department (one with a good record on data security) I am incredulous at how this has not happened sooner.
Two CDs carrying 25million records is nothing - more data could be easily dropped onto a USB flash drive or other flash storage unit in a fraction of the time and easily slipped out of the office.
What we have here is - on the whole a culture and government that hasn't the first idea of its responsibility to data security, technology use and policies and procedures that Labour and public service departments like to repeatedly tell us are in place are not worth the paper they are written on if the people supposedly adhering to them are incompetent.
When 25 million records of this type can be stored on writable CDs, why are department's IT departments/information security bosses allowing users (staff) access to these devices?
What need does any standard office have for a 2gb USB flash drive, capable of holding 2000 (TWO THOUSAND) floppy disks of data?
The system is flawed, and we as a culture need to adapt. The Government need to act quickly, and either lead by example, or step down.
Hi Nick,
Should anyone really be surprised that the government treats our personal data with such contempt when they strive to remove any rights we have under the guise of "War on terror"
The huge irony of this for me is that with two discs of data the government has managed to inflict more worry on the British public than any terrorist could ever hope to achieve.
The questions I would like answered which still have not been are:
1. Why did the NAO need to see ALL these records. Auditors only need to sample data surely?
2. Why was this data not transmitted over the government’s own secure network (GSI)? Surely they could have arranged for some form of VPN to exist between them and the NAO?
3. How can one employee, no matter what grade, be able to copy onto disc the entire database of all Children and Claimants for Child Benefit
4. Why are ANY government documents / packages sent via an untraceable method using a courier? I didn’t think this was even possible!
5. Should there be an immediate and independent audit ordered for the entire civil service? It has been a joke for private contractors for some time now that civil servants have to be "shadowed" by contractors to get their work done properly. With so many contractors and such high staff turn over and a very transient work force security risk has to be unacceptable.
I suspect that what has happened at the HMRC is, as some of its staff have been telling you, the tip of the iceberg. The government has been so caught up with its neurosis about terrorism and stripping its citizens of rights - it would seem it’s taken its eye completely off the ball.
.
Nick, I actually find this story quite amusing as an Information Security expert. I regularly have to battle with business project managers to implement the most basic information security controls. They look at this as purely a cost to the business rather than a necessary control over the flow and access of confidential customer/user information.
BTW I work for a leading UK bank!
Furthermore, just to set the record straight about ID cards.
Of course biometric data can be copied! Any information stored in digital format is simply converted from analogue and stored in a series of 1's and 0's whatever the initial representation. And yes, it is only a question of until the proposed ID database is compromised, rather than a question of when. I'd be interested to find out where the government thinks we will find a new retina from, or set of fingerprints or even DNA sequence. Once Biometric information is compromised, it stays that way...forever.
The government is simply not taking account of subject matter experts who have expressed the sheer folly of their ID scheme. Names like Dr. Ross Anderson of Cambridge University should be heeded...I don't think that Mr. Brown will be around for very long!
This IS a systemic failure.
The simple fact is that HMRC have clearly failed to install the most elementary security procedure i.e. one person authorizes a transaction, another person performs the transaction and a third checks that the transaction was authorized and performed then reporting this back to the authorizer.
Forget telling people what to do - they will make mistakes - set up procedures in the computer programs that enforce compliance. What once WAS rocket science is NOT these days.
Given the HMRC debacle I would have thought that the proposed NHS plan to upload confidential GP patient digital records to the national NHS 'spine' is (or should be)dead in the water. This seems much more relevant than ID cards. Can you explain why the NAO wanted this information. Was it the outcome of an expensive lunch attended by Sir John Bourne and hosted by some dodgy IT firm or other in order to boost Sir John's pension plan? I expect you know.
Given the HMRC debacle I would have thought that the proposed NHS plan to upload confidential GP patient digital records to the national NHS 'spine' is (or should be)dead in the water. This seems much more relevant than ID cards. Can you explain why the NAO wanted this information. Was it the outcome of an expensive lunch attended by Sir John Bourne and hosted by some dodgy IT firm or other in order to boost Sir John's pension plan? I expect you know.
This IS a systemic failure.
The simple fact is that HMRC have clearly failed to install the most elementary security procedure i.e. one person authorizes a transaction, another person performs the transaction and a third checks that the transaction was authorized and performed then reporting this back to the authorizer.
Forget telling people what to do - they will make mistakes - set up procedures in the computer programs that enforce compliance. What once WAS rocket science is NOT these days.
Just waiting for the advert to appear on Ebay now...
"For sale...2 CDs for sale, with quite a few names and numbers on them.
The files are password protected, but don’t worry, just type the word ‘password’ and you’ll be able to open them.
Winning bidder will receive the CDs by post (TNT). Just in case they get lost, I’ve got back-ups on my USB pen drive.
Happy to ship to Nigeria or Russia.
Note: Can’t guarantee quality of data. The system it came from has got in bit of a pickle of the last few years."
It seems to me ,that this debate misses the point.Why should we allow our personal data to be collected in one place where it can be passed around by simply pressing buttons on a keypad.It is the need for control of the population that makes the government insist it has records of all our activities and this debate only serves to reinforce the govt arguement that personal data must be collected and stored in their so called official and therefore "safe" hands- so sorry we must now just do it safely and all will be well ..meanwhile we willl continue to monitor your movements,and allow companies to buy and sell and market and -who knows steal by using personal data.
get over it is only data. big crooked companies have lods of data about us alraedy and we dont say nothing we actually give it to them.
Quite a few years ago, I had a temporary driving agency job working for Securicor Omega (parcels, not cash in transit). The van was loaded for me - I just had to go round the list of customers, delivering or collecting as appropriate.
One delivery was to the site of the new underground bunker being built for the RAF at High Wycombe, from which a major part of North West Europe's Strike Air Forces would be commanded.
The pack I had to deliver to the construction office had burst open in transit, and I could see that it contained the engineering drawings for the whole installation - something of significant interest to hostile parties, and surely deserving of much more secure packaging and carriage.
When I tried to draw attention to this, I was told very firmly to keep it quiet or else the contract would go to somebody else.
I see nothing much has changed over the years..!
The arrogance of the people in power is beyond belief, just look at all the past breaches in data security and compare what has happened in each instance and you will find that in almost every instance it's down to human error, the failure to implement adequate security yet how many of the cases have led to the information commissioners office imposing fines on the government departments or businesses guilty of such incompetence, None!
In the wake of a security breach by the utilities retailer Powergen, back in the summer off 2000, Patricia Hewitt who was at the time Ecommerce Minister made a public statement to the effect ""Data security is an important issue whether it be stored on paper or electronically" She added "We shall be talking to Powergen and the Data Protection Commissioner to see if there are any wider lessons we can learn." Obviously her words where simply that and nothing was taken seriously and nothing by this Government was learned.
Then there was the ILA (Individual Learning Accounts) fiasco where a CD containing the personal details of people registered on the scheme turned up in the house of commons, list of data breaches goes on and on.
So what do all the cases have in common lake of skills, lake of monetary resources or sheer incompetence by the people in power who make decisions on who and how our personal information is managed? Things do not get better over time with this government the get worse.
Dear Nick and all others who have commented on this,
I am puzzled. Why does everyone feel the need/right to collect/demand masses of very personal information, just because computers are big enough to store it? In the past, only a few relevant questions were asked in any situation and answered/stored on a piece of paper. Far too buly to send around the UK, by what ever means without raising questions.
Now it's completely out of hand - NYC or just plain intruding into lives. And nothing is ever secure. Hackers are endlessly trying to show that.
Liz
The whole affair (Northern Rock/Missing Data)is a mess, however think on ;-
Brown and Darling or Cameron and Osbourne (Notting Hill mob) in charge of the mess.
You decide?
I am someone who used to work in Government and now work in the private sector. I am not in the least surprised that this happened. Government departments have a belief that you can make something happen just by writing a procedure that says how it will happen. Often these procedures are unworkable, so staff do other things to get the job done.
I notice on this thread that there are a number of obviously Labour die-hards who claim that management shouldn't take responsibility - and in this case Alistair Darling. I argue differently, simply because it is clear that something like this should not happen if management had been doing their job properly. There are so many basic things that could have been done differently here to prevent this happening:
1) Anonymise the database. Store names and DoB separately from other information in a separate DB. Link the databases with a unique ID. The vast majority of staff would only need access to at most 1 database. NAO would be able to get anonymised records without compromising data security.
2) Put electronic checks in place on the people using the database. There are very few reasons why anyone would need access to more than a few thousand records a day where the 2 databases have been linked (and the data is no longer anonymous). So place electronic controls that monitor this, and either prevent large access (unless authorised by someone senior) or monitor large access and investigate people who pull down lots of records.
3) Control access to writable media on the networks. We have procedures in Government for classified data, use the same procedures for confidential data. Copy numbered documents, registers of documents coming in and out, audits of those records.
4) Implement security on the databases to guarantee that people only have access to the data they need access to. If you have someone who works in Child Support for London, they should not have routine access to records of children outside London.
This is basic stuff, and if the government has neither the wit, nor the competence, to come up with plans like this and implement them; then resignations are in order. I don't want Alistair Darling, or even Gordon Brown to resign over the failures of an individual to follow some procedure. I want them to resign because the systems in place allowed such a failure to happen. If management are not going to ensure that policies and procedures are followed, then the management are incompetent. That is one of the main functions of management.
This is so similar to the problems with Northern Rock. I have no issue with Alistair Darling not taking the blame for decisions senior management at Northern Rock took regarding their risk positions. However, I do have issue with the division of responsibilities of regulation of the financial services industry (where FSA, treasury and BoE are a curious triumvarate with mixed responsibilities) just didn't work, and intervention to prevent a disaster wasn't taken earlier because everyone saw it as someone else's responsibility.
Working in an NHS Trust IT department (one with a good record on data security) I am incredulous at how this has not happened sooner.
Two CDs carrying 25million records is nothing - more data could be easily dropped onto a USB flash drive or other flash storage unit in a fraction of the time and easily slipped out of the office.
What we have here is - on the whole a culture and government that hasn't the first idea of its responsibility to data security, technology use and policies and procedures that Labour and public service departments like to repeatedly tell us are in place are not worth the paper they are written on if the people supposedly adhering to them are incompetent.
When 25 million records of this type can be stored on writable CDs, why are department's IT departments/information security bosses allowing users (staff) access to these devices?
What need does any standard office have for a 2gb USB flash drive, capable of holding 2000 (TWO THOUSAND) floppy disks of data?
The system is flawed, and we as a culture need to adapt. The Government need to act quickly, and either lead by example, or step down.
Nick, I think you are spot on with your analysis that the big rumbling issue is the use (and lack of protection) of personal data. The amount of data on each individual that the government wants to hold in the national ID database probably worries people as much as the idea of having to have an ID card, coupled now with the famous 53 pieces of information (including credit card details) that the PM now wants every traveller to provide before being allowed to travel, together with the thought of all of every individual's medical details being held on a central database ... and so on. People would probably worry even if they knew categorically that these data were secure, but recent examples across the board have shown as you say that there is a yawning gap between theory and practice. And, here's the rub, the individuals' worry and frustration will likely increase to fear and anger. If kafka were an Italian adjective 'kafkissimo' would be the best adjective to describe how many of Her Majesty's citizens feel about the over mighty bureaucracy! And yes this is political, because in a democracy angry citizens will sooner or later relish the opportunity to do something about it at the ballot box... As long, that is, that the alternative government continues to show a greater respect for the concerns and worries and anger of the citizens! It is no good the PM thinking and saying that he knows what is best, ultimately it will not be his verdict that counts.
Something needs to be done now before it is too late and we wake up to find we have a one party for life government. Who doesn't believe this is going to happen? We should demand an election or all leave the country en masse.
Dear Martin Boothby,
That's exactly why a number of highly experienced correspondants here are using pseudonyms, we recall what happened to Dr David Kelly, Sir Thomas More, and any number of others who dare to hold truth as a fundamental principle of democratic government - they may get us eventually, but until then we'll make it as difficult as possible for them.
This isn't some form of dissident terrorism, it's the founding principle of the Fourth Estate, and the Government had better start respecting it. Their viewpoint will certainly be that they know best - but they're arrogant in thinking no one else knows anything. This is why it's critical the editing of this blog rejects Paxman's noddies and sticks to innovative arguments - and please, ask yourself if you are merely parroting other peoples' ideas before you post here, folks, the place for that kind of "Outrage of Tunbridge Wells" is the Have Your Say page.
Returning to Paxman, this was what he as saying in the McTaggart Lecture - that the role of the Fourth Estate has been compromised. Now we see his real targets, and they weren't his bosses, so hopefully these pages will establish some more secure foundation for reputable reporting. It's not the role of the Fourth Estate to subvert government, but neither is it to support it when it's not doing it's job, and that's become abundantly clear of late.
Where do we go from here, then? It's sadly become clear that the PM is limited to reaction and not proaction, in his review of data safety across the entire Civil Service, he should have called the Cabinet Secretary to account for a much wider malaise within the Civil Service, which is entirely his responsibility for allowing to happen.
The problem is typified by the poor booby who's taking the rap for his bosses' mismanagement. He's evidently got none of the traditional Civil Service support functions llike a decent Registry to call on. In fact, the entire thing's become an improvised lash-up of monumental proportions, subject to the whims and vagaries of half-educated staff and completely out of control. Let's start naming some Not Fit For Purposes:
1. the Home Office. Condemned by it's own boss, but nothing's been done about it other than to split it in half. The remnants are still not functional, apparently, and as for
2. the Ministry of Justice, what more can I say than list the current set of serious complaints against their most seniro officers. When Dyfed-Powys' Chief Constable is allowed to retire prematurely because he's about to be caught with his hands in the till, when North Wales' Chief Constable faces the sack for breaching a family's right to privacy and their ownership of the body of a deceased motorbiker, whose decapitated head he showed to the press for sensationalism, when the chief Constable of Yorkshire's in court in the former's patch for speeding, then there's something seriously wrong at the top.
3. the Ministry of Defence. Troops in the Middle East are still being denied the equipment they need by this bureaucracy, despite the previous PM's absolute pledge on the matter.
4. the NHS and Social Services. The closure of Norwich's only emergency hospital because the Social Services had bed-blocked 60 beds is a sufficient condemnation, there's no underlying epidemic or anything, just pure mismanagement.
5. the Treasury. For allowing the Northern Rock situation to appear in the first place.
After that lot, there's not a lot left functional in the Civil Service, I can only conclude. And that's the fault of the Mandarins, the Private Secretaries, as well as the Government for losing its grip over them.
Nick has really got to the heart of the matter in this post.
I'm an IT professional, and the Government's writing this off as a case of an individual not following procedures really doesn't cut the mustard.
Why?
A fundamental point underpinning any processes surrounding computer security is that people can not be trusted to follow them properly. If you do not have technological measures in place to enforce and audit your data management policies - then all you have is what we call "a moron signing off your IT". Responsibility must be shared by the people the people who allowed the breaches to be possible.
I can not comment on what level of access the perpetrator needed to do his or her job. Lets (laughingly) give them the benefit of the doubt and assume that they do need the ability to return large data sets like this on an ad-hoc basis. Dumping out 25 milion rows of sensitive data can not possibly be a regular occurence, my systems would alert me if something like that happened and it would be immediately investigated. That obviously didn't happen because no one realised there was a problem until the discs didn't arrive (oh, by the way not to worry or anything but that DOES mean that'd anyone working there who wanted to steal this data wouldn't have a particularly hard time of it).
Really, a screwup of this magnitude being possible and a basic level of IT competency are mutually exclusive. Anyone who says anything different does not work in IT or is lying.
Do not trust these people to run a national ID card scheme. Please.
A
There is another chilling aspect of all this. The numbers.
21 million, nearly half the population now forced to go grovelling to the government in order to get their own money given back to them.
7.5million families forced into the indignity of surrendering details of their personal arrangements in terms of who they live with or once had relationships with along with their bank details simply to get a refund from Gordon of the money he took from them in the first place.
If it were not for the Gordonian knot of benefits and so called 'credits' (as if you had been rewarded for being good at school)this huge cache of information would never have been on the system and demoralised staff would not be struggling to keep up with the mountain of data surging through the doors.
The more this goes on the more the stench of total government created incompetence permeates the air.
Currently the excuse is a junior clerk ignored operating procedures. Are we realy expected to buy that? It should never have been physicaly possible for someone at that level to even access the database.
They should never have had access to a CD writer
They should never have been able to access the raw database.
They should not ever have the computer user authority to download the data to disk.
It is the people who failed to ensure basic computer security systems were in place who are at fault.
There is a lot more to come from this yet, assuming MP's and Reporters have the nouse to ask the right questions and prevent the government burying the evidence.
For a start I would be wanting confirmation that a full computer audit is being done to confirm how often and by who this database was downloaded. I'll wager if that is done they will be less than keen to release the information under the freedom of information act.
If the system was as utterly deficient as its beginning to look it's likely this database was compromised by criminals months, maybe even years ago.
Could it be that the continuing rise is bank fraud has less to do with people being careless with their personal details and more to do with the Governments casual attitude to our privacy.
Certainy I will be writing to my doctor instructing him that my details are not to be placed on the NHS computer system.
Nick, I think you are spot on with your analysis that the big rumbling issue is the use (and lack of protection) of personal data. The amount of data on each individual that the government wants to hold in the national ID database probably worries people as much as the idea of having to have an ID card, coupled now with the famous 53 pieces of information (including credit card details) that the PM now wants every traveller to provide before being allowed to travel, together with the thought of all of every individual's medical details being held on a central database ... and so on. People would probably worry even if they knew categorically that these data were secure, but recent examples across the board have shown as you say that there is a yawning gap between theory and practice. And, here's the rub, the individuals' worry and frustration will likely increase to fear and anger. If kafka were an Italian adjective 'kafkissimo' would be the best adjective to describe how many of Her Majesty's citizens feel about the over mighty bureaucracy! And yes this is political, because in a democracy angry citizens will sooner or later relish the opportunity to do something about it at the ballot box... As long, that is, that the alternative government continues to show a greater respect for the concerns and worries and anger of the citizens! It is no good the PM thinking and saying that he knows what is best, ultimately it will not be his verdict that counts.
I agree with the security expert who posted on this blog that it simply should not be the case that data is held in unencrpyted form in these Government databases.
If data is held 'in the clear', then that in itself should constitute a security vulnerability.
The Information Commissioner's Office powers need beefing up ... urgently, so that it can address these serious issues.
I would imagine that UBL and chums are thinking that blowing up people and buildings is 'old hat' now.
Far easier to create economic havoc by stealing data.
Yes, HMG, get a grip.
Dear Nick,
I have been reading your blog for sometime now and I enjoy your work. (This is the first time I have posted a comment.)
I think your analysis of the loss of data got most of the points. However, no matter what protections we have in place, lapses and security breaches will occur. It is just a matter of how frequent and reducing that. The reason is that we have to accept that ‘risk’ is a part of life. Some much of modern society is about risk protection that we may tend to forget that.
The loss of the data is systematic of a wider problem of society. That is, the promise that government can protect us from risk. They cannot from everything and some things are beyond their control. That may sound somewhat hopeless.
The Northern Rock run is also a sign of that problem of modern society. That is, our desire to be protected from risks from systems we create, and our belief somehow that governments should do it. This is not a problem peculiar to Britain. It is something all governments face. We often talk of less government but when something goes wrong, we expect and demand more government.
My answer. I do not have one that is all compassing. In fact there is none. But I think we need to do two things at the start.
One is to seriously think about how we respond when the system does not work according to the way we ‘thought’ should.
Two, reformulate our understanding of what government is. Government is parliament, for sure and politicians and even the media. But as the data loss shows, on a less abstract plane, it is a wider and sometimes uncontrollable system that depends on people. When people mess up, no risk protection systems or assurances can save us.
Hi Nick,
This is pretty much par for the course with this government regarding technology I'm afraid. Especially when they are dealing with contractors.
I know a few things about databases having built them for big companies and government and the guys at EDS could just have easily exported the data in question without the sensitive information. Instead they whacked a charge on it because it sounded more complex and the department didn't pay.
Indeed EDS should have been the ones saying "we won't transmit this data like this" - EDS are employed as technical experts as are many others within government. Civil servants are mostly administators not techies, doctors, engineers or teachers. They require the knowledge of experts to make the sysem work.
Where this breaks down is when the knowledge of the experts is only provided when silver has crossed their palms.
Until the government deals with this way of working with contractors (either by having policies or else very experienced senior practitioners within government agencies) where they can be given dud information at every turn because they don't know any better then we are destined to continue in this fashion.
Technology is a high-stakes game. Unfortunately at this table the government is only holding a pair of twos.
Hi Nick,
Do HMRC have a mechanism to check if an employee downloads a database?
If not, how can they know if someone working in the revenue has downloaded and sold a database.
If they do, for example: have a log of these computer transactions, then someone should have noticed the download on the 18th October and checked what was happening.
This potential loss of 25 million data records has only come to light because the CD's failed to turn up in the post.
Even if the CD's turn up no-one can be sure they have not been copied.
But, worse still, my guess is that no-one in authority will know if this data has been downloaded and sold before in an unrelated event.
Robin in Somerset
So... from recent events it would be quite possible for an illegal imigrant (or anyone from another country) due to the lack of security checks, to obtain a junior level job within hmrc and download a large section of data on to disk and either post it elsewhere without fear of it being checked or likely also just walk out with it. All it takes is confidence.
We no longer have secure borders, in any form.
This is a systematic failure, that I am sure does not just span hmrc.
Released just in time for Christmas;
A double cd by HMRC feat Ali Darling And The NA Orchestra.
That should keep Cliff Richard off the number 1 spot.
The yawning gap Nick is the culture of casualness of which you so justly write, yet reaches far beyond mere politics. Having practically nothing to do with government, its causal chains extend almost beyond limit. By no means isolated to Westminster, this is a social disease- social in dimension and global in reach. By no means isolated to Labour MPs, we ALL wonder each morning what will happen to us next, from which quarter. There is no escape. The credit crunch, which has its genesis in like form, has seen to that. Casualness, couched in political correctness, towards checks and balances, rules and procedures, brought on from poor parenting through exposure to carelessness in all walks of life... we are crying out for a quantum shift in personal standards, in intelligence, for CC is inescapable and like carbon emission we are in dire need to diminish it rapidly.
The idea of ID cards shouldn't have cost the millions it has already! another example of Government arrogance and stupidity while you have scores of homeless and mountains of other social problems in Britain the all seeing authority see fit to waste millions on an idea!! while other countries even 3rd world countries simply implement an ID card scheme without wasting millions thinking about such a scheme. As for the idea of releasing a CD in time for Christmas, forget it Christmas is for kids and they really don't care for data unless it's new release of Grand Theft Auto
The government have been found guilty of failing to safeguard the public in the aftermath of the bombs in London in 2005. They have been found guilty of failing to properly arm our troops serving in Iraq. The foot and mouth outbreak implicates the government research facility designed to guard against just such an eventuality. They have now been found to be wholly incapable of protecting our very identities.
Considering the fact that the PM and the Home Secretary keep on telling us that the first duty of government is to protects its citizens, I believe that they have quite demonstrably failed. Even on celebrity shows, the voters eventually get the chance to chuck the hopeless contestant out. It is now about time we got to vote on what we think of this catastrophically useless, incompetent, authoritarian government.
Hi Nick,
some thoughts on the total myth that this couldn't happen if the data was protected with 'biometric' security.
Firstly, It seems that this junior official was authorised to access the data, his mistake was sending the data via insecure transit.
If this data had been protected by 'biometrics', the junior official would have established his identity using (say) a fingerprint, been granted access to the data and then copied it onto a CD and mailed it. Biometric security wouldn't stop this. The government is confusing Authentication with Authorisation. Authentication is "Is this person who they claim to be". Authorisation is "What is this person allowed to do?" Biometrics are useful for Authentication, but not for Authorisation. It is in the Authorisation phase that this system should have been stronger.
I can't understand why no-one (yet?) appears to have challenged the alleged reason for leaving in the personal details - that it would cost too much to remove.
The whole thing about a database is that it's as easy to do an operation on 25 million records as it is to do on one.
And only selecting a chosen subset of the fields requires virtually no extra thought.
Don't get me started on how they got access to the whole database in the first place ...
Incidentally, wasn't the National Computing Centre (NCC) set up to define standards in IT and data processing - maybe Nick should give them a ring and see what they've been up to of late. Time (belatedly) for them to leap to the fore ??
Prime Minister Gordon Brown announced to the commons during PMQs yesterday, in responce to a question about Northern Rock by Lib Dem acting leader Vince Cable, that not rescuing the bank would put NR's 80,000 mortgage holders at risk of losing their homes. He asked a rhetorical question "should we let the mortgage holders in northern rock go under?".
Is this hyperbole and irresponsible scaremongering from the PM to defend his government's position or should i as a NR mortgage holder be as worried as he says? Why is the PM's view on this matter so different from all the financial advise i can find on the matter online? And if we really do risk losing our homes if northern rock goes under shouldn't the government's money have gone into rescuing honest home-owners and savers and not in propping up this flawed institution?
Or perhaps Gordon Brown thinks it's appropriate to lie & exagerate in the commons as a means of winning a debate?
Ignoring all the security-related issues, which just beggar belief, I fail to understand why EDS would have charged more for a database extract that would have excluded non-anonymised data. Somebody would have had to compose a database query to select the records relating to child benefit claimants, so why didn't they specify the data fields to be returned as well? This is SQL 101, surely?
If EDS can persuade the Government that it's an additional cost for writing a simple database query that they'd have to write anyway, then I strongly suspect somebody ought to be investigating the nature of the cotnract between HMRC and EDS, because this sounds like money for old rope to me.
Dear Nick,
I have long respected your work.
However I cannot stress enough just how wrong you are regarding the impact of Job cuts and low moral within HM Revenue & Customs.
I am an HMRC Officer and have been for almost 7 years.
In this time Gordon Brown and the Treasury have implemented massive changes to the structure of the Civil service in general. Merging two huge departmens, the Revenue and Customs. Making vast amounts of job cuts (we are half way through proposed 25,000 staff cuts!) and efficiency drives designed to save money.
The ambition to modernise the department and make it more efficient is a worthy one. However there is a right way and a wrong way.
I can assure you that contrary to popular public opinion the vast majority of our staff work extremely hard and provide an excellent service.
But right now HMRC staff have never been under so much pressure to deliver far more with far less resources.
Hard pushed staff strugle to achieve very stretching targets. With promotion embargoes in effect there are thousands of staff who's careers are on hold, and we are offered paltry wage rises below inflation.
The pride and job satisfaction one used to feel has almost completely been removed.
You simply cannot expect the same level of service and competence from the Civil Service if you are not willing to pay for it!
The very basic and fundamental elements of civil service operation are being affected both by the way the staff have been treated, and the severe lack of money in our budgets to effect even the most basic functions.
This results in extremely low moral with very little job satisfaction. And this is added to by a system of government where politicians do not consult the Civil Service staff who matter when making changes, and where there is little or no preperation and planning for the changes prior to their immplementation.
Is it any wonder that drastic cost saving and pressure of work has essentially resulted in the terrible Data loss currently spread all over the news?
I am affraid that you can only expect more of the same in the future.
I do hope that in some small way you can understand that Job cuts and poor moral are a massive problem when trying to deliver a first class service to the people of Britain.
NB: My opinions are my own and do not reflect HMRC policy, etc etc.
Who generated the system requirements for this HMRC database?
Who approved those requirements?
These are the crucial questions that must be answered because that is where the ultimate responsibility lies.
I would imagine that that would be senior civil servants.
Certainly it should not be Government ministers, who we should always assume have no expert knowledge in these subject areas.
I do not expect that we the English public will ever find out.
After all, in more serious matters involving significant loss of life, where there was culpability by senior civil servants, e.g. the Mull of Kintyre disaster, the names of the guilty never entered the public domain.
The democratic deficit in England is currently a gaping chasm.
There comes a time in the life of all governments when the only direction they take is downhill. I think we have now reached that point.
Largely for want of a decent opposition, and the abiding memory of the Major years, the country has forgive Labour a lot: the Bernie millions, the double-accounting, the burying of bad news, the dodgy dossiers, the over-taxation, the freebie holidays, even the personal sleeze - Mandelson, Blunkett, Vaz - as bad or worse than anything the Tories did, but this must be the end. The public won't forgive this.
Gordon Brown is responsible for the creation of HMRC which has failed, and the SEC which failed over Northern Rock. He was the one whose under-funding helped cause the foot and mouth outbreak. He is holed beneath the waterline, and the sooner he sinks beneath the waves the sooner we can start re-building this country. "Things can only get better!"
And now there is ANOTHER escape of FMD virus from the Pirbright site. What was that about being as safe as a virus in a lab??
When I worked in Internal Audit in the bad old days when doing IT meant knowing how to punch holes in cardboard we dreamt of being able to get the computer to do the donkey work flagging up duff transactions, possible frauds and the like.
Our problem then (and it has been still recently when I did some part time work)the IT crowd are generally unhelpful to auditors until you get to know them very well at a personal level. Build up trust.
The motto?
Never trust a postman.
"Security" means that the information is protected from someone or something who shouldn't have it. All the debate about how junior is junior is irrelevant. So too is a breach of procedure by an individual. Suppose the individual involved hadn't been someone trying to help the NAO but someone involved with a criminal gang. Indeed, suppose that someone involved with a criminal gang has already downloaded the information as a piece of private enterprise. We now know that there was nothing, absolutely nothing, to preventt the information being taken away. Security means that when someone tries to breach procedures, they find they can't.
This requires formality.
Dear Mr Robinson,
There are a number of questions which the Government needs to answer:
- Were repeated attempts made to send to the NAO personal details which the NAO had clearly stated that they did not require? If so, this was not data sharing within government. Was it not an apparent clear criminal breach of the Data Protection Act? Are prosecutions being considered?
- How exactly does the number of records sent far exceed the number of those taxpayers qualifying for Child Benefit? Precisely what numbers of which records were on the discs?
- Cheap, easy and secure encryption has been available for decades. It is regularly used by the Revenue in other contexts; how did it come about that encryption was not standard procedure here?
-Direct electronic transmission of data, providing nearly instant confirmation of its receipt, has been used regularly in government for many years. How did it come about that it was not standard procedure here?
No system can be proof against all the unfortunate or malicious things people do, but answering those questions in full will take us some way into seeing what was wrong with the Revenue's systems, when these faults arose and from what sins of omission (or misplaced zeal) they came about.
Civil Servants (I was one) are rightly accountable for instances of failure of this kind. However, if a department becomes "not fit for purpose" any Minister who has been in charge of it for a substantial period must accept a substantial share of the responsibility for that state of affairs, unless he or she can demonstrate evident non-responsibility.
Your admiring servant,
This story shows also that there no adequate safeguards in the public administration's system dealing with data of such importance.
This case was uncovered because administration was responsible enough to notify police about the loss of this material. Also there was nothing done deliberate from the side of the administration. But we should ask ourselves: "Should such data be accessible to a circle of many public servants?"
We could imagine that such data leaks could have happened in the past and were never revealed to the public. Many commercial organisations would have interest in getting hold of such information. This would be the least harmful case for the puclic.
Collecting such a big volume of data gives government major advantages in terms of efficiency, but it creates a big responsibility as well. Maybe an independent authority could be the answer for guarding these information.
Exactly what I had wondered about John! (message 439)
A picture in The Guardian today of the delivery van outside 10 Downing Street, would have made for the perfect visual gag in Yes Prime Minister. The wording on the side of the van read:
Government Mail
The slogan below:
Trusted to deliver
You couldn't make it up.
Apologies for the multiple postings from yesterday. I kept getting 'Server error' appearing, after a long wait.
re: PMQs
Cameron and Osborne may be doing a good cop / bad cop routine...
...or else Osborne is simply gunning for Cameron's job rather than Brown...
Osborne gunning for Cameron's job? Replace one lightweight with an even lighterweight? You must be joking.
Even at an election in 2010 Osborne would be under 40. He wouldn't get anywhere near the levels of experience Brown and Darling have, and look what they are mishandling.
The Tories need substance not spin. They used to have it until 2005. As for Labour, the sooner an election the better, but for me I'd rather have a concrete alternative with coherent and intelligent policy made with reference to real people and their immediate concerns, not something out of a think-tank focus group somewhere artificial like metropolitan London. We lost a real heavyweight in 2005 that managed to get us half-way into government, and the Tories will probably still be saying "we'll have real grit this year" in 2010 when they are back down to 165 seats having lost all that Hague and Howard fought to win.
The Tories need to stop playing politics and put up some policy because I know some people in the party - higher-ups - are getting restless and want something solid from the leadership so we can actually face the Labour machine on our own terms. This is probably the Tories in 1991, with the exception that Brown will increase rather than decrease his majority because Kinnock actually had an alternative manifesto to stand on, all Cameron has is hot air.