In UK, 12M Taxpayers Lost With USB Stick 258
An anonymous reader tips a piece from the UK's Daily Mail that recounts another sad tale of the careless loss of massive amounts of private user data. "Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets. An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost."
Re:How it came to be lost? (Score:5, Informative)
> This kind of careless attitude towards security wouldn't fly in the corporate world. It's only because it's the government doing it that security is so lax.
It was a private company, Atos Origin, which lost the data.
bet carried (Score:1, Informative)
agreed. this'll just disappear as soon as the tabloids find something new to focus on.
and no, this breach of security wouldn't fly in the corperate world. everywhere i've worked in the last 4 years has operated a USB lock down policey, and a "non-writable" optical drive on the desktop.
i know the average slashdotter could get round re-enabling the mass-storage usb class with their eyes closed, but these are government, and public sector companies we are talking about. who couldn't find their arse with both hands.
unfortunatly, they somehow got to the position of running the country....
the brain drain continues....
Same old same old... (Score:3, Informative)
Britain's a joke. I've been living there for most of the last year and barely a week seems to have gone by without a 12-14 year old kid getting stabbed or a large batch of confidential personal data going missing from some government department or other.
It's unbelievable. When are they going to get their shit together???
(Before anyone gets too narky, i'm British - i just haven't lived there for nearly 25 years).
it's the daily mail - probably rubbish (Score:5, Informative)
Re:How it came to be lost? (Score:5, Informative)
Well I'm working for a corporation, and they forbid the use of USB gadgets for this precise reason - they don't want people copying & later losing the USB drives as they carry work to their homes. It's simply not worth the risk.
Re:Same old same old... (Score:3, Informative)
You raise two quite unrelated issues.
I was in the USA for 2 years and barely 10 minutes goes by without someone being murdered with a gun over there. The odd knifing in the UK is basically nothing compared to this. More interesting is the media frenzy - in the UK it's actually news when a murder happens. In the US it's only news if the victim is white.
As for data losses, I don't know, it's like a piss take of epic proportions.
Re:How it came to be lost? (Score:4, Informative)
I recently attended a lecture by Ben Goldacre, author of the Bad Science column in the Guardian and book of the same name. He regularly debunks newspaper "experts", usually in the medical/health care/nutrition area. He gave numerous examples where the newspaper's so-called experts were, as I would see it, nothing of the sort. Without commenting on the particular case, most newspaper editors are scientific illiterates who will grace with "expert" anybody who knows anything at all about the subject.
Re:UK Government loses all data on everyone (Score:3, Informative)
Suggestion for the new Beta Index page (Score:5, Informative)
We need a -dailymail option, currently I am having to use -notthebest, which isn't quite right. It does not adequately cover the feeling of anger and disappointment, nor the small amount of bile that leaps from my stomach to my mouth, at the sight of a Daily Mail article on the Slashdot homepage.
I know it's bad to regard an article as an utter fabrication, just because of where it originated. But in this case we must make an exception, because every other article the Daily Mail has ever printed has been a half-truth or outright lie.
FFS, this is the 'newspaper' that bitched about the number of Jews immigrating to Britain in the late 30's. They're not called the Daily Hate for no reason.
This sums up the Daily Mail [youtube.com], from the perspective of your average-Brit-with-a-clue. Seriously, please do not consider the Daily Mail as a reliable source, of anything. Ever.
Privacy losses (Score:5, Informative)
Gordon Brown has made a frank admission that government cannot promise the safety of personal data entrusted by the public. The Prime Minister was speaking hours after it emerged that a memory stick containing the passwords to a government website used submit online tax returns had been lost.
Even more worrying considering government rhetoric [guardian.co.uk] on the £20bn ID cards they want:
From 2010, the government will target young people to get an identity card on a voluntary basis "to assist them in proving their identity as they start their independent life in society", with full roll-out to all British citizens starting from 2011. "The government are kidding themselves if they think ID cards for foreign nationals will protect against illegal immigration or terrorism - since they don't apply to those coming here for less than three months. "ID cards are an expensive white elephant that risk making us less - not more - safe. It is high time the government scrapped this ill-fated project." The Liberal Democrats said the cards' "fancy design" did not detract from the fact that they remained an intrusion into people's liberty. Chris Huhne, the party's home affairs spokesman, said: "It does not matter how fancy the design of ID cards is, they remain a grotesque intrusion on the liberty of the British people. "The government is using vulnerable members of our society, like foreign nationals who do not have the vote, as guinea pigs for a deeply unpopular and unworkable policy. When voting adults are forced to carry ID cards, this scheme will prove to be a laminated poll tax."
And from the government mouthpiece the BBC [bbc.co.uk]:
SNP Home Affairs spokesman Pete Wishart MP said his party had opposed ID cards from the outset but the government's "abysmal record on data protection" was reason enough to cancel them. He said the government looked "absurd" for pushing ahead with such a costly project. "These cards will not make our communities more secure, they will not reduce the terrorist threat and they will not make public services more efficient," said Mr Wishart. Phil Booth, head of the national No2ID campaign group, attacked the roll-out of the cards as a "softening-up exercise". "The Home Office is trying to salami slice the population to get this scheme going in any way they can," Mr Booth told the BBC. "Once they get some people to take the card it becomes a self-fulfilling prophecy. "The volume of foreign nationals involved is minuscule so it won't do anything to tackle illegal immigration."
Re:But how .. (Score:4, Informative)
It was a French company, not UK Govt. (Score:4, Informative)
I'm afraid the solution is roughly as follows, in a simple step by step guide
Worked for Nelson, anyway.
How many angels can dance on the head of a pin? (Score:1, Informative)
That's because what we REALLY want to know is how you fit 12 million taxpayers on a USB stick... This is the modern version of "How many angels can dance on the head of a pin?" meets "Honey, I shrunk the kids!"
"12M Taxpayers Lost With USB Stick" - or did they lose both a USB stick AND 12 million taxpayers? That must be one heck of a recession.
Or is it "M" as in metric measurement, so that taxpayers who are taller than 12 meters/metres got lost? If so, they should check with the circus or Guiness book of World Records. How DO you "lose" anyone who's almost 40 feet tall, anyway?
Re:How it came to be lost? (Score:5, Informative)
At a later stage, they introduced a new 'lost-password' procedure for the intranet site which was positively retarded. In essence, when creating an account, you were required to enter three passwords. One of these was the actual password used to enter the site. When you had forgotten your password, you were then required to enter the other two passwords in order to reset the first one.
This was obviously intended as an implementation of the well-known "question-only-you-know-the-answer-to" challenge-response idea. The way it was done though (you had to enter both the 'answer' AND the 'question', and both were displayed as asterisks) rendered the whole system completely useless.
When I pointed this out to the helpdesk, they assured me the whole procedure was approved by very knowledgeable people, and very secure. Besides, there was absolutely no way for them to submit any problem reports to the developers responsible.
It would be nice if the summary was accurate! (Score:4, Informative)
This sounds like typical hyperbole in a Slashdot summary based on a typical Daily Mail scare article. Try reading a more balanced report [bbc.co.uk] from the Beeb.
If you follow that link, you will find that the data was all encrypted, and the memory stick should never have been removed from the contractor's premises. According to the official statements, security was never compromised (though access to the government service's web interface was temporarily suspended). And it's not some nasty central database to spy on everyone, it's a useful system that allows you to do things like filing your tax return on-line rather than messing around with lots of paperwork — one of the few IT projects our government actually seems to have got right!
This was just one guy working for a contractor who screwed up by not following protocol, and assuming the data really was properly encrypted, the security procedures have done their job to mitigate the damage. There is nothing to see here. Please move along, and spend your time worrying about the numerous cases where data really has been compromised and the numerous databases that really don't need to exist.
Re:Bet (Score:3, Informative)
Yeah there is; this data is not classified, so is not covered by the same legislation that was used to prosecute the civil servant.
Re:How it came to be lost? (Score:3, Informative)
Re:How it came to be lost? (Score:3, Informative)
I don't like the idea of SecurID...
RSA provides the key, a foreign company, so now you are beholden to a foreign organisation not to lose your keys or hand them over to a hostile party...
I would only trust a system like that where I could generate and input the key material into the device myself. Quite a few companies are turning away from securid for this reason.
Re:How many angels can dance on the head of a pin? (Score:3, Informative)
As others have pointed out, it was passcodes on the USB stick not 12 million people's records.
However, you can now get 64Gb USB sticks, which should be enough to hold that many records.
(It also comes with TrueCrypt)