It’s usually the Home Office that leads the way in the British government’s eternal Olympics of stupidity; but now and again, someone is inspired to go that bit further, to be a tiger, to raise the bar.
Having built a monster centralised database of every last child in the UK, the Revenue burned it to a pair of disks and sent them off with a courier…and never saw ’em again. With no less than 25 million records compromised including names, addresses, National Insurance numbers, and bank accounts, this must be the world champion securifart.
“Dear Sir, The Department for Work and Pensions requires you to update your bank details now or face losing out on child benefit for your” (son/daughter) ($name)…
We told them it would happen, and they went ahead and did it.
From Darling’s point by point:
“On ID cards he said the key thing was that information was protected by biometric information, while at the moment information was “much more vulnerable” than it should be.”
Blair is grinning ear to ear as he sips his G&T in some Jerusalem hotel, pity he didn’t have the same exit plan in Iraq.
We’ve all been there, at least according to Martin Kettle we have anyway.
http://commentisfree.guardian.co.uk/martin_kettle/2007/11/grays_elegy_darlings_disaster.html
That was staggeringly stupid, even by his own low standards. I suppose he’d say the same if a nuclear power station went into melt down due to inadequate safety procedures…
They had some junior minister on newsnight trying to defend the government (up against a very calm and collected shadow treasury minister, who found it hard not to smirk and Ross Anderson who was excellent). She didn’t actually seem to understand what they’d done wrong. Now granted she was the sacrifice to the great god Paxman, but still. She kept rambling out there being procedures, but they weren’t followed – which rather spectacularly misses the point.
Which is that this shouldn’t been possible. Junior civil servants do not have access to this kind of raw data, you don’t send it (unencrypted for gods sakes) via courier. Its bad enough if encrypted stuff goes missing (its probably crackable given enough time), but it offers some protection. And you design into the system secure methods and procedures for data transfer which minimise the potential for human error. I’d feel safer if they were using pen and paper I think.