Tuesday, 20 November 2007

More incompetence

According to the BBC "Personal details of every family receiving child benefit in the UK are on two discs which went missing after being posted from HM Revenue and Customs to the audit office, the chancellor says."

According to the BBC "Point-by-point: Darling statement" Alistair Darling has been making lots of points, I will concentrate on just a few, my comments in italics:

"two password protected discs containing a full copy of HMRC's entire data in relation to the payment of the child benefit was sent to the NAO in October."
Password protected, how many digits, how strong was the cipher? Why would I not be surprised if it was "letmein" or "secret" or password" or "12345"? This isn't 1990, surely even the HMRC have better security than that. Surely we the public deserve better than this.

"Contrary to all HMRC standing procedures two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the National Audit Office by HMRC's internal postal system operated by the courier TNT. "The package was not recorded or registered."
How was this allowed to happen, thsi was apparently done by "junior officials". These junior officials had access to a system where they could make a copy of all 25 million records, burn them to a CD and put them in the internal post. Are there any restrictions on how many copies of the database are made, how many PCs at the HMRC have CD burners on them? How many PCs at the HMRC have not had their USB ports disabled? I suggest that data has been taken from the HMRC previously, they just don't know about it.

"The missing information contains details of 25m individuals, 7.25m families - including children's names, addresses, dates of birth, NI numbers and where relevant bank and building society account details."
That would seem to be enough to steal someone's identity, sorry 25 million people's identity. This is a scandal and this from the government that want every person in the UK to be on one giant databse, how secure would that be? Hospitals have already been found using one login name and password (details on a label stuck to a nurses station PC) to access patient details.

"He said the missing data in itself was not enough for people to access people's bank accounts as passwords and other information would be needed, but admitted there was an "increased risk" and said people should keep an eye on their accounts and not give out personal details requested unexpectedly by phone."
Increased risk? If there is any money left after bailing out the Labour party bankers in the north of England, maybe they could set aside some for the victims of identity fraud due to the incompetence of HMRC staff.

"He said there was no evidence it had been used for fraudulent activity."
What a pathetic statement to make, "no evidence". What evidence was he expecting to have found? A list of the names that were going to be used fraudulently? This man is a fool of the highest order and should be sacked. I know Gordon Brown had to find someone spineless enough to be Chancellor of the Exchequer whilst he himself ran the Treasury but this man is a joke.

"He said he had been told there was "every chance" the discs might be recovered during searches - but when it became clear that would not happen he called in the police."
If the disc was recovered, how does he know it hasn't been copied? Copies could be winging their way to Nigeria, Albania and Russia even as he pontificates.

"On ID cards he said the key thing was that information was protected by biometric information, while at the moment information was "much more vulnerable" than it should be."
The man is an even bigger fool than I thought. The "biometric information" system may prevent us from accessing services or people from accessing services under our identitiy; how will it prevent a reoccurrence of this sort of fiasco?

This government and its politicised civil service don't give a damn about the public's confidential data, we are just there to pay tax, pay fines and vote once every four to five years. Do you trust this bunch of incompetent fools to implement the NIR database?

Take a look at the BBC Have Your Say thread on this subject. Even the BBC cannot moderate the venom away...

"Dear gods! Who ARE these incompetants?! I have recently got married and need to change my surname, this involves a lot of posting the original marraige certifiacte around the country to various people inc. Inland Revenue. CERTAINLY not doing that now! They can have a photocopy and make do with that, I'm not losing important documents because they let hopeless people deal with important affairs!

M. C., Hertford "

"This is a scandal of the highest proportion. Basic IT security would not enable some random person to copy a complete database with out some serious approval. How can we trust these people to do anything if they cannot even implement the simplest and most logic security measures.

Makes my head spin.

Allan Leth, Reading"

"What a complete shambles! This government must be the fraudsters friend.
Can you believe that there is only one copy of this information? This Mickey Mouse government is a laughing stock and the tories will have the loudest laugh.
This will cost us millions in extra tax. And the inquiry will cost more millions.
But we do not need an inquiry we all know what is wrong. Brown's mob

Dave Morris, Kidderminster"

"Another shambolic mess from a department run by idiots calling themselves Civil Servants on behalf of a lax lustre and incompetent Government who do not give a hoot about the people who effectively keep them in the lifestyle they have now become accustomed to - Time to change this government and alter the way things are run in these departments - SACK heads of department who fail and WITHOUT payoffs

Chris C, United Kingdom"

And those were just some from the current page 1 of latest.

From the Most recommended:

"These are the same people that will be looking after your personal details once the dreaded ID cards are rolled out across the country.

Nothing to hide? Think again!


"In the last three weeks this govt has shown us not once or twice, but three times it can not be trusted with our personal information, Now they loses 15 million peoples details in one fell swoop.
At least it must to to rest the stupid plan for a national ID card scheme, It would have more holes in it than a swiss cheese.
No politician with an IQ higher than 10 can now support the ID card scheme.

Steve Day"

"Let us hear from the sheeple who were welcoming and defending ID cards and National Register now please. Trust them with this data now?

Tony Sweeting, Leicester, United Kingdom"

"As an IT professional who has worked in security, there is simply no acceptable excuse for this failing. None whatsoever.

Not only have they not protected the data adequately, they have sent the data by insecure means. Two serious failings.

These people are complete muppets and know nothing about data security. More people should be fired.

Richard, Bracknell"

"This government certainly has been implicit in helping criminals in this country. Not only do they help criminals in committing identity theft against their citizens in losing 15 million identities but our national security is compromised whilst they employ over 5,000 illegal immigrants in top security jobs. And to top all this, this incompetent government expects each taxpayer to foot £900 each to prop up Northern Rock (£24Billion).


Caroline, England"

Not for the first time a phrase come to mind and whilst in the past I have not used it, because of my no swearing on this blog policy, I feel I have no choice today. This government is full of fuckwits and Alistair Darling might very well come very near the top of that pile.

I hear that Gordon Brown has flown to Uganda and so will not be at PMQs tomorrow. If this is the case then can I suggest that, although it is customary if the PM is away for the Leader of the Opposition to stand aside at PMQs for another shadow cabinet member, in this case the point that Gordon Brown has deserted the country and the 15 million potential victims of this episode of ineptitude should be made loud and clear by David Cameron. I am sure Vince Cable will make his points as vigorously as he has done already today.

This government are on the run, the economy is collapsing around their incompetent ears and even the lickspittles at the BBC will be unable to hold back the tide soon.

No comments: