Thoughts on the HMRC ID-theft fiasco
Tuesday, November 20, 2007 11:05:00 PM
So how the hell did we get to the point where 25 million people's personal ID data got lost in the post? Can any kid lucky enough to receive the golden disks, with a CD-ROM equipped PC, pour over the data and start flogging it on ebay? If not, why are we all being told to check our bank accounts carefully? I mean, surely the data is held securely on these disks, right?
The last 48 hours has seen general panic from officialdom and a total lack of qualified reassurance. The answers to these questions, therefore, are the ones you don't want to hear. This, from an "organisation" in charge of our military, our security, our secret-services and our [.....] (fill in whatever government function you find important here - it's so damn pervasive there must be at least one I've missed).
OK, enough ranting. Some facts (I know, they're stupid things). I hope some government officials are reading this because normally I would be on consultancy rates from here on in.
Rule 1. It's easy to encrypt data as securely as you want
It's pretty easy to secure data that you burn onto a CD or DVD. It's a process called encryption and it was going on during the 2nd world war (and it's come a long way since). It doesn't even need to cost anything. A free, open source application called GPG will encrypt your files using high grade encryption that would take a decent PC workstation many decades to decipher. It's fully compatible with a program called PGP which you have to pay for. For some reason, because you have to pay for it and it's not open-source, some people feel that PGP is more secure (especially anyone connected with government or the military).
It takes a matter of minutes and a very basic amount of computing skill to encrypt the data before you burn it onto a CD or DVD. Should those discs fall into the wrong hands, they are completely useless; effectively, they are full of random, unreadable garbage.
Rule 2. You're a government department moving sensitive data. Use a trustworthy means of transit
The UK postal service is not awful, but since the government have shafted the privatised Post Office with enforced opening of those markets, allowing other private companies to cherry pick the most profitable sides of that business, they've become a pretty lean organisation. Something's gotta give, and often mail ends up in the wrong mailbox. Of course, you're the government, you know this, so you don't put sensitive data in the post, right? You at least use recorded delivery or special delivery, hire a respectable courier or even use a private delivery service if the data's that important. I mean, 25000000 people's personal data, bank accounts etc. is pretty important, no? Probably worth a few quid to assure secure transit, I'd say.
Rule 3. Don't panic if something goes wrong
After all you've taken all the necessary steps to ensure that whatever happens, the fallout will be minimal. All the layers of security are in place. You can assure people that there's no problem, their data can be entrusted to governments, because their leaders act responsibly and in their best interests.
Rule 4. Apply these rules everywhere where you hold sensitive data
Make the data protection agency (ie. registrar) do something that is actually in the public's interest. Create a culture of information security that's appropriate in the information age.
- Government websites (eg. Junior Doctors' job application website)
- USB flash drives
Only by following these rules is there any hope of rolling out the really worrying stuff, like national ID cards, RFID (chipping) and national DNA databases. One must marry a culture of fear (stick) with the reassurance of parental competence (carrott). The stick, clearly, is working. The carrott: could do better.