Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Security Government Politics

In UK, 12M Taxpayers Lost With USB Stick 258

An anonymous reader tips a piece from the UK's Daily Mail that recounts another sad tale of the careless loss of massive amounts of private user data. "Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets. An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost."
This discussion has been archived. No new comments can be posted.

In UK, 12M Taxpayers Lost With USB Stick

Comments Filter:
  • by Guido del Confuso ( 80037 ) on Monday November 03, 2008 @06:10AM (#25610147)

    I've got a better question. I'd like to know how this memory stick came to be in the first place!

    Putting aside the question of whether such a database of private information has any reason to exist, what possible excuse is there for putting the information to access that database on a portable USB device? It was not a question of if such a device would be lost, but when.

    Good security policy demands redundancy for just this reason. A verification system should require--at the very least--a combination of something you know (your personal pin), and something you have (for example, a SecurID or in this case, a USB key with the passcodes on it). That way, if the physical token is lost, security isn't immediately compromised.

    This kind of careless attitude towards security wouldn't fly in the corporate world. It's only because it's the government doing it that security is so lax. After all, nobody's job is on the line over this. It's next to impossible to fire a government employee in most countries, epic incompetence--or even outright misconduct--notwithstanding. So expect to see more of this, because there's no incentive to change.

    • by MrMr ( 219533 ) on Monday November 03, 2008 @06:19AM (#25610197)
      Sorry to disappoint you, but the careless attitude appears to be entirely that of the 'corporate world'. Oversight of the subjects has long been a privatised matter in the UK.
      • by electrictroy ( 912290 ) on Monday November 03, 2008 @07:22AM (#25610519)

        Well I'm working for a corporation, and they forbid the use of USB gadgets for this precise reason - they don't want people copying & later losing the USB drives as they carry work to their homes. It's simply not worth the risk.

        • Re: (Score:3, Insightful)

          P.S.

          Time to start demanding Account numbers *separate* from your social security number. That helps minimize the damage to a minor loss of personal info at megacorp.com, rather than a loss of national identity (someone else pretending to be you with your stolen SS number).

    • by saintm ( 142527 ) on Monday November 03, 2008 @06:21AM (#25610211)

      > This kind of careless attitude towards security wouldn't fly in the corporate world. It's only because it's the government doing it that security is so lax.

      It was a private company, Atos Origin, which lost the data.

      • by Anonymous Coward

        Work and Pensions Secretary James Purnell leaves red box secrets on train [mirror.co.uk]

        Interesting things to note:

        • Someone uses the British rail system.
        • He's not the first: "The embarrassing gaffe comes days after civil servant Richard Jackson was fined for leaving top secret documents relating to al-Qaeda and Iraq on a train."
      • by jeroen94704 ( 542819 ) on Monday November 03, 2008 @08:18AM (#25610837)
        I used to work for Atos Origin (Although this was in the Netherlands, not the UK). In my experience, their insight into how security works is absolutely abysmal. When I worked there, it was no problem to reset someone else's password without their knowledge with a simple call to the help-desk.

        At a later stage, they introduced a new 'lost-password' procedure for the intranet site which was positively retarded. In essence, when creating an account, you were required to enter three passwords. One of these was the actual password used to enter the site. When you had forgotten your password, you were then required to enter the other two passwords in order to reset the first one.

        This was obviously intended as an implementation of the well-known "question-only-you-know-the-answer-to" challenge-response idea. The way it was done though (you had to enter both the 'answer' AND the 'question', and both were displayed as asterisks) rendered the whole system completely useless.

        When I pointed this out to the helpdesk, they assured me the whole procedure was approved by very knowledgeable people, and very secure. Besides, there was absolutely no way for them to submit any problem reports to the developers responsible.
        • by hedwards ( 940851 ) on Monday November 03, 2008 @08:41AM (#25611037)

          Of course that's very secure. It means that anybody who loses their password is completely unable to log in ever again. That's possibly the most secure way of handling things.

          My only complaint is that they allow users to log in in the first place. Perhaps they could try encasing all the input devices and CPUs in some sort of rigid plastic case. Or better yet fill the power connections with some sort of epoxy.

        • by gsslay ( 807818 )

          they assured me the whole procedure was approved by very knowledgeable people, and very secure.

          And how was this not secure?

          Unfriendly, yes. Annoying, definitely. But unsecure?

          • Re: (Score:3, Insightful)

            by sgbett ( 739519 )

            It's insecure because the default user response to this kind of 'security' is to affix said passwords to screen using a post-it note.

            Admittedly, that isn't the system itself being insecure per se...

            • by sgbett ( 739519 ) <slashdot@remailer.org> on Monday November 03, 2008 @09:25AM (#25611519) Homepage

              Soory for the double post, but I have just noticed that the story is talking about the "Government Gateway" which I have the unfortunate mispleasure of having to use.

              The huge irony is that I am having a dig at 'users' circumventing security, whilst at the same time having to record my username and password (albeit not using a post -it) for this particular system, because the government gateway sees fit to not let you choose either, and instead issues you with:

              username: AX58HJP7PR
              password: Y734BTRT9J

              (sorry if that is anyone's btw!)

              Making it almost impossible to remember.

              The password 'reminder' process then relies on you answering a bunch of questions about your company to get one half of the new password, the other half is sent to your registered e-mail.

              Convoluted? They wrote the book.

              In any case- the worst someone could do when they log in is pay your tax for you!

              • what they should do is provide a username that appears random.. but can be "pronounced" to a meaningless, but unabigious word.

                eg:

                username: jbloggs
                password: SeneVar

                • Re: (Score:3, Interesting)

                  by my $anity 0 ( 917519 )
                  Although not perfect, there's a program around, PWGEN, which tries to do that.

                  Here are some examples:

                  poogh4ei zeefail8 aeg9pie7

                  http://sourceforge.net/projects/pwgen/

        • by Bert64 ( 520050 )

          Chances are they bought that system from a vendor who wined and dined some upper management types, and they trust the "knowledgeable" vendor that their system is secure without any input from anyone who's both knowledgeable and unbiased, this happens far too often and people get lumbered with complete garbage...
          And they're probably right about being unable to submit any problem reports, they bought that system, paid a lot of money for it, and are now stuck with it. Even if you did submit a problem report, w

          • Re: (Score:3, Informative)

            by jeroen94704 ( 542819 )
            Nope, as far as I know, this was a home-grown system. In theory, the helpdesk has to call the phone-number listed with you info before changing the password. In practice, they didn't.
    • Re: (Score:3, Funny)

      by dnwq ( 910646 )
      From TFA:

      An expert who examined it for The Mail on Sunday said it contained confidential passwords, security software and the technical blueprint to the system known as the 'source code'. The memory stick is now in the hands of the police.

      I love the little quote marks around "source code". Oh my god, it's the Source Code! Anyway... from that, I daresay that the USB stick wasn't meant to provide access to the database. Probably more as a copy of the gateway system software.

      This kind of careless attitude t

      • Re: (Score:2, Insightful)

        by FourthAge ( 1377519 )

        I'm not convinced about the credentials of their "security expert". Sounds like more of a "scare story expert". Quoting the article:

        He said: 'We have to hope that there are not more of these out there. This is potentially the most serious data loss this country has seen in recent times... Not only would a fraudster be able to take personal details using the tools provided on the lost memory stick, but the extent of the information contained in the source code would allow a hacker to access the Government Ga

        • by AlecC ( 512609 ) <aleccawley@gmail.com> on Monday November 03, 2008 @07:23AM (#25610531)

          I recently attended a lecture by Ben Goldacre, author of the Bad Science column in the Guardian and book of the same name. He regularly debunks newspaper "experts", usually in the medical/health care/nutrition area. He gave numerous examples where the newspaper's so-called experts were, as I would see it, nothing of the sort. Without commenting on the particular case, most newspaper editors are scientific illiterates who will grace with "expert" anybody who knows anything at all about the subject.

          • Without commenting on the particular case, most newspaper editors are scientific illiterates who will grace with "expert" anybody who knows anything at all about the subject.

            This particular case being the Daily Wail, there's no need to qualify 'illiterate' with 'scientific'. OK, I admit that in this case he's confounded my prejudices by publishing a story which is actually journalism... but it was probably by accident.

        • Re: (Score:3, Insightful)

          by asc99c ( 938635 )

          Does the Mail have a gallery of these "experts" on standby to give a comment as required for the scare of the day...

          From that comment, I'd assume you've never read the Daily Mail. But then you seem to have a list of their recent headlines.

          Oh I see, you *think* you're being sarcastic!

      • From TFA:

        An expert who examined it for The Mail on Sunday said it contained confidential passwords, security software and the technical blueprint to the system known as the 'source code'. The memory stick is now in the hands of the police.

        I love the little quote marks around "source code". Oh my god, it's the Source Code! Anyway... from that, I daresay that the USB stick wasn't meant to provide access to the database. Probably more as a copy of the gateway system software.

        ...maybe the source code got lost because they forgot to stamp the destination code on it, and nobody knew where it was supposed to go?

    • I'm guessing this USB drive contained an MS Word file with the passwords written in it. I'm sure it is nothing as sophisticated as a SecurID key.

      • by dnwq ( 910646 )
        Apparently not:

        A spokesman for the Department for Work and Pensions insisted that the security software and passwords on the memory stick had been protected so that a stranger would not be able to access the Government Gateway easily.

        She said: 'Passwords are hidden using an industry standard technique which is difficult to break. We believe the risk of someone accessing personal data in this way is extremely low.'

        Assuming she's not lying through her teeth, my impression is that what was on the USB stick

    • Re: (Score:3, Funny)

      by Anonymous Coward

      In UK, 12M Taxpayers Lost With USB Stick

      Presumably the rest of the population are lost without one.

    • by Dan541 ( 1032000 )

      Why can't we throw people in Jail for this sort of thing?

    • by Drasil ( 580067 )

      This is just the latest in a long line of data losses/leaks. I find it difficult to believe that these are isolated events. I am forced to ask myself what there is to be gained from such frequent blatant breaches of data security. It seems to me that this and the previous incidents will be used to justify the creation of the upcoming UK government database. This is the usual MO when a government wants to do something unpopular, it first engineers events and the public perception in such a way that when the

    • The problem is consequences, or more accurately the loss of. If the government and private sector had to pay compensation to people whose data and identity has been recklessly put at risk then there would be much tighter restrictions applied within companies/the state and to subcontractors. At the moment if the government or a bank leaks your personal data and you lose money from ID theft this is your liability. It ought to be theirs.

      p.s. My mother is a consultant physician in an NHS (government) hospital,

      • Re: (Score:3, Informative)

        by Bert64 ( 520050 )

        I don't like the idea of SecurID...
        RSA provides the key, a foreign company, so now you are beholden to a foreign organisation not to lose your keys or hand them over to a hostile party...
        I would only trust a system like that where I could generate and input the key material into the device myself. Quite a few companies are turning away from securid for this reason.

    • Re: (Score:3, Insightful)

      by HungryHobo ( 1314109 )

      The corporate world is just as bad. Hell it was a private company which screwed up on this one.

      Get this through your head:
      "corporate" does not equal "competent".
      "Government" does not equal "incompetent"
      They are both quite capable of both and both tend towards incompetent.

  • by N1AK ( 864906 ) on Monday November 03, 2008 @06:11AM (#25610149) Homepage
    "An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost." I dont particularily care how it was lost, people will always manage to lose things and expecting otherwise is very niave. What I really want to know is how the hell that much sensitive data was doing on a USB stick in the first place.
    • Re: (Score:3, Funny)

      by niks42 ( 768188 )
      That's their off-site backup!
    • I dont particularily care how it was lost, people will always manage to lose things and expecting otherwise is very niave.

      Quite true ... was this one the only one they lost?

    • by Jeppe Salvesen ( 101622 ) on Monday November 03, 2008 @07:55AM (#25610695)

      I have witnessed how strict, inflexible security rules force people to break the security in order to get their job done.

    • by conlaw ( 983784 )

      "An urgent investigation is now under way into how the stick ... came to be lost."

      I don't think it should take much of an investigation as to how a flash stick came to be lost "in a pub car park." I think that one pint too many would be the obvious answer. It seems that investigation should focus on how and why he had the USB stick in the first place.

    • I did some consulting for a company a while ago that kept its entire customer DB on a USB stick that one of the managers carried around with him. It was very secure, until the manager decided to go and set up a competing company and took the USB stick with him...
  • Bet (Score:5, Insightful)

    by Sasayaki ( 1096761 ) on Monday November 03, 2008 @06:22AM (#25610217)

    I will bet $100 AUD (Or about 50 UK pounds) that there will be absolutely no jailtime served by anyone involved in the loss of this data, with the possible exception of the poor soul who found it.

    Not the first time it's happened by far, and it certainly won't be the last... would you trust a surveillance society that can't even keep track of its own inventory?

    • Re:Bet (Score:5, Insightful)

      by jimicus ( 737525 ) on Monday November 03, 2008 @06:50AM (#25610363)

      I will bet $100 AUD (Or about 50 UK pounds) that there will be absolutely no jailtime served by anyone involved in the loss of this data, with the possible exception of the poor soul who found it.

      After the number of high-profile security breaches, the number of well-meaning people who have been treated as suspects by the police and the willingness of the media to pay for such stories, it seems that the only sensible thing to do is very quietly hand it over to a journalist.

    • Re:Bet (Score:5, Insightful)

      by robably ( 1044462 ) on Monday November 03, 2008 @07:29AM (#25610561) Journal

      would you trust a surveillance society that can't even keep track of its own inventory?

      There isn't supposed to be any trust in a surveillance society - that's the whole reason for the surveillance.

  • taking their work home with them. This is a consequence of such a thing. Companies are even more worried about projects being lost this way, with 64GB USB sticks out now and what not. Makes you think that they should put a move onto implementing all data systems that encrypts/decrypts data only upon it syncing with a central system via an authorized route PLUS a user password ahead of time. Because once there is a malicious user within the framework, encryption alone won't stop them from selling off mas

    • The companies should run thin clients with locking covers over the USB ports (to allow the keyboard and mouse) and they should epoxy shut any extra ports.

      Want security? Take away user choice, give them orders, and punish disobedience.
      "Don't like it? Tough shit!" methods work well when applied.

  • by bugbeak ( 711163 ) on Monday November 03, 2008 @06:26AM (#25610233)
    I'm sure regular Slashdot readers have seen something involving misplaced private information and the UK government more than enough times...this is almost as bad as a dupe.
    • by Anonymous Brave Guy ( 457657 ) on Monday November 03, 2008 @08:26AM (#25610919)

      This sounds like typical hyperbole in a Slashdot summary based on a typical Daily Mail scare article. Try reading a more balanced report [bbc.co.uk] from the Beeb.

      If you follow that link, you will find that the data was all encrypted, and the memory stick should never have been removed from the contractor's premises. According to the official statements, security was never compromised (though access to the government service's web interface was temporarily suspended). And it's not some nasty central database to spy on everyone, it's a useful system that allows you to do things like filing your tax return on-line rather than messing around with lots of paperwork — one of the few IT projects our government actually seems to have got right!

      This was just one guy working for a contractor who screwed up by not following protocol, and assuming the data really was properly encrypted, the security procedures have done their job to mitigate the damage. There is nothing to see here. Please move along, and spend your time worrying about the numerous cases where data really has been compromised and the numerous databases that really don't need to exist.

  • by Loibisch ( 964797 ) on Monday November 03, 2008 @06:34AM (#25610277)

    Damn...that's quite a lot of people to go missing.

  • The unknown (Score:4, Insightful)

    by TheP4st ( 1164315 ) on Monday November 03, 2008 @06:40AM (#25610305)
    This USB stick with sensitive/valuable data got returned and appropriate actions could be taken to minimize damage. But the number of incidents like this we've seen lately raise the question how many other lost USB sticks and other storage media with passwords, personal data etc that are floating around unknown to the people whose integrity and personal finances quite possibly are at stake.
  • Annual reports from Whitehall departments show that the government has lost all data it ever held on anyone. [today.com]

    Losses have occurred through couriered unencrypted disks, misplaced memory sticks, lost laptops, briefcases left on trains and files falling down the side of the tea machine. "The real scandal is that a train was running for them to lose a case on," said a source whose name has been lost.

    Treasury minister Jane Kennedy said the HM Revenue and Customs breaches did not necessarily result in data losses, or at least any that they have records of. HMRC said it takes data losses and security breaches "very seriously" and thoroughly investigates any breach that it does not lose track of.

    Information Commissioner Richard Thomas has served enforcement notices on various departments for their data losses, but the departments in question could not find their office addresses to accept the notices. They noted, however, that Mr Thomas' call was very important to them, and that he had been placed in a queue.

    Home Secretary Jacqui Smith reassured citizens that plans for an all-encompassing ID card linked to biometric passports and a universal medical record with the NHS would not change because of these losses. "We won't even be thinking about them."

  • by Anonymous Coward on Monday November 03, 2008 @06:45AM (#25610339)

    If they could lose taxpayers just like that, these idiots would be a lot more careful, wouldn't they? Perhaps that's the way to solve this problem: If you lose my data, then I don't pay taxes for a year.

  • But how .. (Score:5, Interesting)

    by Idimmu Xul ( 204345 ) on Monday November 03, 2008 @06:48AM (#25610353) Homepage Journal

    Why is it that whenever something like this gets *found*, the person doing the finding always understands what's on it? If any of my typical pub going friends and relatives found this the chances of them realising what is on it is pretty slim, and it would most likely get formated.

    How many other memory sticks get lost and found by people that don't realise what is on them, or why is it that every memory stick found is always found by an IT literate with the know how to work out what they contain and the immediate urge to sell their story to a tabloid ...

    • Re: (Score:3, Interesting)

      I'd guess that anyone finding a USB stick who didn't realise what it was would ask their friendly local BOFH to take a look - thus ensuring the flow of beer tokens from the tabloids to said BOFH.
      • Re:But how .. (Score:4, Informative)

        by The New Andy ( 873493 ) on Monday November 03, 2008 @07:38AM (#25610605) Homepage Journal
        Or possibly just that the story about a guy who found a usb stick and deleted everything on it didn't make it to the news.
        • Or possibly just that the story about a guy who found a usb stick and deleted everything on it didn't make it to the news.

          How many other memory sticks get lost and found by people that don't realise what is on them

          That's also one of my points!!

      • by KGIII ( 973947 ) *

        Any self respecting BOFH would then tell the luser that it was broken, out of date, and discard it into the "bin" for them. Bin meaning, of course, back pocket of said BOFH.

  • Same old same old... (Score:3, Informative)

    by WillKemp ( 1338605 ) on Monday November 03, 2008 @06:52AM (#25610371) Homepage

    Britain's a joke. I've been living there for most of the last year and barely a week seems to have gone by without a 12-14 year old kid getting stabbed or a large batch of confidential personal data going missing from some government department or other.

    It's unbelievable. When are they going to get their shit together???

    (Before anyone gets too narky, i'm British - i just haven't lived there for nearly 25 years).

    • by duguk ( 589689 ) <`ku.oc.garf' `ta' `gud'> on Monday November 03, 2008 @07:00AM (#25610413) Homepage Journal

      Well, this is why the British government wanted to increase the terrorist detention limit to 42 days; to make sure they had enough time to gather all the information about a suspect.

      They just didn't explain that most of those 42 days would be working out what bloody train they'd left their details on.

      See, this is why I don't do my taxes.*
      * yes, of course I do, I just do them on paper. it's actually a shorter form iirc.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      You raise two quite unrelated issues.

      I was in the USA for 2 years and barely 10 minutes goes by without someone being murdered with a gun over there. The odd knifing in the UK is basically nothing compared to this. More interesting is the media frenzy - in the UK it's actually news when a murder happens. In the US it's only news if the victim is white.

      As for data losses, I don't know, it's like a piss take of epic proportions.

      • Re: (Score:3, Funny)

        by magarity ( 164372 )

        in the UK it's actually news when a murder happens. In the US it's only news if the victim is white
         
        The US has only about 3 times the murder rate of the UK (http://www.nationmaster.com/graph/cri_mur_percap-crime-murders-per-capita) While that's a lot worse, it's not enough to justify such a holier-than-thou attitude.

    • by prefect42 ( 141309 ) on Monday November 03, 2008 @07:33AM (#25610583)

      To an extent it's just because that's what sells papers. There are always kids being stabbed and planes crashing and data being lost. It's just if kids being stabbed becomes a hot topic, you print more stories on stabbed kids.

      I really don't think much has changed, but the Mail is keen to point out that the world is ending, and it's probably Johnny Foreigner's fault.

    • by Candid88 ( 1292486 ) on Monday November 03, 2008 @10:53AM (#25613055)

      That's what reading a "newspaper" like the Daily Mail will do to you. If you read tomorrow's copy you'll find out it's all 100% due to immigrants, the EU and Gordon Brown (who "according to a source", was seen carrying out the stabbings himself).

      In reality though, looking at the police stats, there's actually only been a single 14 year-old (and no one younger) who's been murdered this year in the UK. There was a clump of teen stabbings in London at the start of the year but this has reversed to actually being slightly below average over the year.

      The murder rate in the UK currently stands at 1.4 per 100,000 which is only about 1/4 the US murder rate of 5.5 per 100,000 (which itself is extremely low by historical standards).

      So clearly the actual statistics and reality aren't coming out in the media. My problem with this is that it's pretty hard for a rational and correct solution to be engineered when everyone's being told irrational scare stories everyday by newspapers with a clear finnancially vested interest in exaggerating facts.

  • by petes_PoV ( 912422 ) on Monday November 03, 2008 @07:07AM (#25610437)
    Check out the daily mail's front (web) page. If you can get past the bile, hate, bias, bitterness and sensationalism, ask youself: does this publication actually have any credibility?
    • by Weedlekin ( 836313 ) on Monday November 03, 2008 @07:26AM (#25610551)

      "If you can get past the bile, hate, bias, bitterness and sensationalism, ask youself: does this publication actually have any credibility?"

      Once you get past all that, there's no content left in the Daily Mail, so its credibility or otherwise is moot.

    • The problem is all the bile, hate and bias is all true.
      That's how free press is supposed to work: Fifth Estate.
      To take a critical look at all government actions, and to bias against the government, as people have no other means of controlling the government.
      If the newspapers of a country are filled with good news, then the jails of the country are filled with good people.
      Probably you are an american who has only seen Fox News and read Newyork post all his life so anything that does not toadie up to the gove

  • by Phurge ( 1112105 ) on Monday November 03, 2008 @07:15AM (#25610473)
    In these days of the intertubes, why do government departments even need such a massive amount of data on a physical medium? Why not transfer data from one location to the next by a dedicated enrcypted net connection?
    • In these days of the intertubes, why do government departments even need such a massive amount of data on a physical medium? Why not transfer data from one location to the next by a dedicated enrcypted net connection?

      Seriously, the main reason for using memory sticks is to get around security. I regularly carry data into and out of a particular client's offices on a memory stick, because their firewall rules are too strict to allow it to be passed in or out by any other means. The data I am carrying is non-sensitive data that I am authorised to carry - but no-one verifies this, and (because I develop business critical systems for them) I do have access to their highly confidential business critical data.

      There are two is

  • by MrKaos ( 858439 ) on Monday November 03, 2008 @07:17AM (#25610491) Journal
    For a government that collects so much surveillance on their citizens you would expect an outcry for some accountability when private data is lost.
  • by Anonymous Coward on Monday November 03, 2008 @07:35AM (#25610589)

    We need a -dailymail option, currently I am having to use -notthebest, which isn't quite right. It does not adequately cover the feeling of anger and disappointment, nor the small amount of bile that leaps from my stomach to my mouth, at the sight of a Daily Mail article on the Slashdot homepage.

    I know it's bad to regard an article as an utter fabrication, just because of where it originated. But in this case we must make an exception, because every other article the Daily Mail has ever printed has been a half-truth or outright lie.

    FFS, this is the 'newspaper' that bitched about the number of Jews immigrating to Britain in the late 30's. They're not called the Daily Hate for no reason.

    This sums up the Daily Mail [youtube.com], from the perspective of your average-Brit-with-a-clue. Seriously, please do not consider the Daily Mail as a reliable source, of anything. Ever.

  • Privacy losses (Score:5, Informative)

    by Wowsers ( 1151731 ) on Monday November 03, 2008 @07:36AM (#25610597) Journal
    Why were unencrypted passwords allowed to be copied? Why are there no criminal convictions for these lapses in these companies and of government ministers responsible for these companies? More worrying is comments like this [timesonline.co.uk] from the UK's supreme leader on 02 Nov 08:

    Gordon Brown has made a frank admission that government cannot promise the safety of personal data entrusted by the public. The Prime Minister was speaking hours after it emerged that a memory stick containing the passwords to a government website used submit online tax returns had been lost.

    Even more worrying considering government rhetoric [guardian.co.uk] on the £20bn ID cards they want:

    From 2010, the government will target young people to get an identity card on a voluntary basis "to assist them in proving their identity as they start their independent life in society", with full roll-out to all British citizens starting from 2011. "The government are kidding themselves if they think ID cards for foreign nationals will protect against illegal immigration or terrorism - since they don't apply to those coming here for less than three months. "ID cards are an expensive white elephant that risk making us less - not more - safe. It is high time the government scrapped this ill-fated project." The Liberal Democrats said the cards' "fancy design" did not detract from the fact that they remained an intrusion into people's liberty. Chris Huhne, the party's home affairs spokesman, said: "It does not matter how fancy the design of ID cards is, they remain a grotesque intrusion on the liberty of the British people. "The government is using vulnerable members of our society, like foreign nationals who do not have the vote, as guinea pigs for a deeply unpopular and unworkable policy. When voting adults are forced to carry ID cards, this scheme will prove to be a laminated poll tax."

    And from the government mouthpiece the BBC [bbc.co.uk]:

    SNP Home Affairs spokesman Pete Wishart MP said his party had opposed ID cards from the outset but the government's "abysmal record on data protection" was reason enough to cancel them. He said the government looked "absurd" for pushing ahead with such a costly project. "These cards will not make our communities more secure, they will not reduce the terrorist threat and they will not make public services more efficient," said Mr Wishart. Phil Booth, head of the national No2ID campaign group, attacked the roll-out of the cards as a "softening-up exercise". "The Home Office is trying to salami slice the population to get this scheme going in any way they can," Mr Booth told the BBC. "Once they get some people to take the card it becomes a self-fulfilling prophecy. "The volume of foreign nationals involved is minuscule so it won't do anything to tackle illegal immigration."

    • Gordon Brown has made a frank admission that government cannot promise the safety of personal data entrusted by the public.

      The British Taxpayers association has made a frank admission that the taxpayers CANNOT guarantee that income & VAT taxes would be paid by its 1.8 million members.

      ...that the cards would allow people to "easily and securely prove their identity".
      "We want to be able to prevent those here illegally from benefiting from the privileges of Britain," she said

      The British Citizens Association is proposing a "compulsorily voluntary" ID card for public servants and MPs starting from January 1, 2009. The president of the association has stated "...this is to prevent brain-damaged MPs and low IQ civil servants from grabbing power, and to ensure the safety and security of all citizens against illegal ele

  • by Kupfernigk ( 1190345 ) on Monday November 03, 2008 @07:47AM (#25610655)
    Sorry to disappoint UK bashers, but it was a French/Belgian company, and not the British Government, that lost the data. The scandal, of course, is that so much of our IT and utilities have been hived off to non-UK companies, but for that we have to blame the City, not the Government. The people who are saying "corporates wouldn't allow it" - this mess of data loss is almost entirely caused by American, French, and German/Japanese corporates. I would love to blame Civil Servants, but I can't.

    I'm afraid the solution is roughly as follows, in a simple step by step guide

    • 1. Bear down on French IT company from windward.
    • 2. Lie down between guns for protection.
    • 3. Let them fire first broadside, most of which will miss
    • 4. Taking your time, deliver devastating broadsides at close range.
    • 5. Repeat until final victory.

    Worked for Nelson, anyway.

  • It's a freaking memory stick... bout the size of a pack of Wrigley's gum... If it were the size of a suitcase it wouldn't have fallen out of a pocket... There's your solution... Gov't systems now have special jacks that only allow data to be transferred to suitcase sized storage mediums... I'm surprised they don't have a proprietary form of transfer medium anyways.
  • Losing a USB stick in a car park is nowhere near as cool as the old days of losing a station wagon full of tapes. But would be even better is losing a station wagon full of tapes at a car park.

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Working...