In UK, 12M Taxpayers Lost With USB Stick

An anonymous reader tips a piece from the UK's Daily Mail that recounts another sad tale of the careless loss of massive amounts of private user data. "Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets. An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost."

That would be something!

[Anonymous Coward]

If they could lose taxpayers just like that, these idiots would be a lot more careful, wouldn't they? Perhaps that's the way to solve this problem: If you lose my data, then I don't pay taxes for a year.

But how ..

[Idimmu Xul]

Why is it that whenever something like this gets *found*, the person doing the finding always understands what's on it? If any of my typical pub going friends and relatives found this the chances of them realising what is on it is pretty slim, and it would most likely get formated.

How many other memory sticks get lost and found by people that don't realise what is on them, or why is it that every memory stick found is always found by an IT literate with the know how to work out what they contain and the immediate urge to sell their story to a tabloid ...

Why the need for a USB stick at all?

[Phurge]

In these days of the intertubes, why do government departments even need such a massive amount of data on a physical medium? Why not transfer data from one location to the next by a dedicated enrcypted net connection?

Re:But how ..

[aproposofwhat]

I'd guess that anyone finding a USB stick who didn't realise what it was would ask their friendly local BOFH to take a look - thus ensuring the flow of beer tokens from the tabloids to said BOFH.

Re:Lost data

[pisto_grih]

At the same time, the government wants us to let them to store personal details of all citizens in the interest of national security.

I'm hoping that all these USB sticks are lost on purpose, in an underground campaign to show how careless the government is with our personal details, thereby increasing mistrust and fueling public backlash against a surveillance state.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:How it came to be lost?

[sgbett]

Soory for the double post, but I have just noticed that the story is talking about the "Government Gateway" which I have the unfortunate mispleasure of having to use.

The huge irony is that I am having a dig at 'users' circumventing security, whilst at the same time having to record my username and password (albeit not using a post -it) for this particular system, because the government gateway sees fit to not let you choose either, and instead issues you with:

username: AX58HJP7PR
password: Y734BTRT9J

(sorry if that is anyone's btw!)

Making it almost impossible to remember.

The password 'reminder' process then relies on you answering a bunch of questions about your company to get one half of the new password, the other half is sent to your registered e-mail.

Convoluted? They wrote the book.

In any case- the worst someone could do when they log in is pay your tax for you!

Re:How it came to be lost?

[Anonymous Coward]

Only they won't be...
If they do fire this one company, then they will simply give the contract to one of the handful of companies that handles all the government contracts...
They are really all as bad as each other, overly large companies with too many layers of management, meaning that there's always someone else who can be blamed, giving people very little power and very little incentive to do very much.
Because of the way these companies are managed, the competent staff leave quite quickly leaving large numbers of very poor staff who realise they won't get the blame for anything anyway.
The upper management doesn't care either, they expect to be fired for incompetence from a contract or two, all that happens is that it rolls over to the next company and the same happens until eventually it comes back.
These companies assign the lowest priority and the least competent staff to the government jobs for this reason...

The entire system for procuring external contractors to manage government systems needs to be overhauled, right now it's run by a small number of incumbents who do a terrible job while charging ridiculous amounts for the poor service. If you split the large projects up into smaller chunks, and ensure that they use open standards so they can interoperate, and then hire smaller consultancies who will have competent people managing their own smaller areas. When you have someone, especially someone without a technical background, overseeing a large project, small things like encrypting (or preventing the use of) removable media often get overlooked. You need someone who understands the whole system overseeing it, and defined perimeters between each segment of the overall system... This is how the Internet works, people run their own networks and understand/control what passes their borders.

Re:How it came to be lost?

[my $anity 0]

Although not perfect, there's a program around, PWGEN, which tries to do that.

Here are some examples:

poogh4ei zeefail8 aeg9pie7

http://sourceforge.net/projects/pwgen/