On fallibility and encryption

To lose one person’s details is unfortunate, but to lose 25 million database records looks like a carelessness. Or as Geeklawyer prefers to say, a fuck-up that only the civil service can execute flawlessly.

The entertaining thing listening to Alastair Darling is his bland reassurance that things will change in future. In effect he was saying we have rigorous security procedures in place and that while serious this was merely an isolated failing lessons will be learned. The only problem is they have said this in 2003 when they lost several million other government records.

The obvious question, already being asked in Parliament, is if they can’t protect the relatively smaller more limited HMRC data what are they going to do with the vastly more elaborate ID Card database? Darling’s asinine response was to talk mindless rubbish as to how biometrics would mean only the owner of the data could access the data. This is drivel since the card has no protection function: once you hand over data to the government and it is in their database your biometrics are irrelevant to whether the government copies it to a CD and then loses it.

This entry was written by Geeklawyer, posted on November 20, 2007 at 4:48 pm, filed under ID Cards, privacy. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Related Post

  • No Related Post

RSS feed | Trackback URI

3 Comments »

Comment by moon23
2007-11-21 10:43:44

Don’t worry though there is no evidence that this disk has fallen into wrong hands! They have checked all the CCTV cameras and no one was seen leaving the building with a swag bag. :lol:

Oh and they put a password on the data and I have every faith in Microsoft’s encryption software.

Reply to this comment
 
Comment by simply wondered
2007-11-21 11:42:29

password: administrator? let’s have a geek lawyer sweep on what the password is.
(’you canna come in unless you know the password - i give you a clue itsa typa fish’)

i have a novel first year law solution: invoke the postal rule. deem that date of posting constitutes date of receipt and sue the recipient for negligence in losing them.
next please.

Reply to this comment
 
Comment by taking data security seriously?
2007-11-21 20:50:32

Is it worring that, since LSC Online was taken offline :!: earlier this week, the LSC are asking their suppliers to email in monthly submissions? http://www.legalservices.gov.uk/lsconline/submitting_claims.asp

This is sensitive data about clients, unencrypted, unpassworded, transmitted over (unsecured) email.

Reply to this comment
 
Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.