Fraser Speirs Cocoa and Photos

Paging Bruce Schneier

The government which proposes to centralise all our information in a national ID Card database has managed to lose the bank account details of millions of people by sending two CDs in the post:

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.

What has been compromised? Just the personal details of twenty five million individuals and seven and a quarter million families. Names, addresses, dates of birth and bank account details. For the government to lecture the nation on preventing identity fraud and then itself directly facilitating it is obscene.

If this is not a resignation matter for the Chancellor then, clearly, the principle of ministerial accountability has been expunged from our constitution by New Labour.

Frankly, there are already half a dozen good reasons why Alistair Darling should no longer be a cabinet minister. This is but the icing on the cake.

Have they checked down the back of the sofa yet? I bet that’s where they are.

Hehehehehehe, amazing. I thought there were cameras everywhere in the UK, can’t they use them to find them

This sort of thing is the best argument against the welfare state yet.

wow. a simple bit (PUN!) of encryption is all it takes folks. wow. just, wow.

I really would like to know why someone like Schneier or Zimmerman hasn’t been parachuted into the role of a public sector data security chief yet—I know competent people willing to work for HM Government are a little thin on the ground, but it doesn’t take a massive amount of effort to find somebody with whom you can come to agreement about salary and is also clued up.

Encryption only helps if the infrastructure is there: but it really does need to be put in place; you need to make sure that only the right people at the recipient organisation (and only) can read the data, but that includes the right sort of senior people to provide for overridden decryption in the case of absence, reassignment of tasks, etc. Setting up the infrastructure, giving everybody appropriate keypairs, training the entire public sector to make use of it all is a mammoth task—though you could restrict it to certain groups of people and enforce regulations that only they are able to shuffle data around in this way. Either way, though, it’s not a small job, but it’s one that needs to be undertaken sooner rather than later.

In contrast, I was talking to someone today who works for Connecting for Health (the NHS IT arm). He transferred a substantial amount of personal data to a government department in London. They took the disk down in person, there were two of them, the disk was in a locked box, he delivered it into the hands of the person it was intended for. And it was encrypted - I believe with an AES 256-bit cipher.

Perfect? No. But a damn sight better than this debacle.

The Conservatives should be going for the jugular on this one. Will they though?