Βι¶ΉΤΌΕΔ

The positive in this deeply depressing saga is that the government is now under intense pressure to reform Data Protection Law and this desperately needs to be done. The question isn’t so much about what information the government has on various systems but who actually has access to this information. How can we be sure that they can be trusted? What safeguards will there be? How will this prevent our information from falling into the wrong hands or from being abused? How secure is our information? Who watches the watchers?

All of this should have been resolved at least 20 years ago when Data Protection Laws were first being introduced. If it had then maybe the government wouldn’t find itself in the unfortunate position it's in now.

The Chancellor says there is no evidence of the disks being in the wrong hands. He doesn't understand - the disks were in the wrong hands the moment they were produced.
This is a systemic failure of Policy, Standards, Processes, Procedures , Tools and Training.
The problem is not that one junior employee simply did not follow instructions.

The Government's view is that there is no evidence of the disks being in the wrong hands. They don't understand - the disks were in the wrong hands the moment they were produced.
This is a systemic failure of Policy, Standards, Processes, Procedures , Tools and Training.
It is extremely dangerous to think that the problem is of one junior employee did not follow instructions.

The Chancellor is talking nonsense when he suggests that biometric technology will magically protect data in future.

No one in government is suggesting that all inter-departmental data-transfers would in future require civil servants to authenticate themselves using biometrics.

What he means is that WHEN the National Identity Register is compromised, he thinks it won't matter because names, addresses, etc. will not be useful without access to your biometrics.

What he is entirely missing, is that biometric technology doesn't work very well and can easily be spoofed.

The Βι¶ΉΤΌΕΔ Office's own Biometric Enrolment Trials encountered verification failure rates of 1 in 5 (and worse for disabled and elderly people). So how will that improve security when the contents of the National Identity Register are leaked, Mr. Darling?

It's all coming out now. According to the latest Βι¶ΉΤΌΕΔ News, the NAO only asked for childrens' names and NI numbers - but HMRC said it would be 'too costly' to separate it from the more sensitive information, so they sent everything. Another example of the effects of Brown's cost-cutting.

We are not going to forget who we are ..are we???

Passports Bank Accounts TV licences Driving licences Exam results are all data of the world..

We naturally selected to be British...

MPs naturally selected to be idiots... we don't want to be like them

MPs data says what they believe in like the bible says what Jesus believes in...

Who on earth would want to live their lives..

When our lives are motivated by the world and need the data of the world...maps books TV radio and the internet...prices in shops and our own thoughts and address books...

Passports TV licences Driving licences Exam results are all data of the world..we are not going to forget who we are or what was on offer...aren't we???

BCD TLC

To update ...the Audit office asked for the Names & NI Number ONLY (ITV 1830hrs) ..apparently the R&C office were not willing to separate this from the complete data...whether this was a monetary or time issue needs clarifying.
The Chickens are coming home to roost!for this government....
We have a Control Freak, Macavity type, PM ,chairing a cabinet of inept sycophants!....after many warnings it was only a matter of time before such a catastrophe!Can the people wait for the next General Election to replace this incompetent lot?

Staff at the HMs R&C centre say this is the tip of the iceberg!(This could be sour grapes!)

After this who has the stomach for ID cards... this administration has lost the trust of the populace with their security details

Oh yes...do let us remember the 53 ? questions we could be asked before allowed to leave the country..it's all utterly mad!

The "assumed close" is being used by the Government over the national ID database. This - the biggest assault on personal privacy and liberty in this country, ever - must not be allowed to slide under the door to become law.
This precise approach, without today's advanced and even further invasive technology, was what kept the Stasi in their omnipotence in East Germany for so long.
And will it be safe from prying and criminal eyes and usage? Of course not. And will it be never used against the best interests of citizens? Of course it will.
Join NO2ID today and campaign to stay a citizen and not a suspect.

Of course the government will continue with their plans to introduce ID cards, not for security reasons but because of the huge amounts of profit to be made by organisations like EDS and Accenture and many MPs and ministers will be relying on them for their future employment.

There is a far too close relationship between big business and government nowadays, I am sure many politicians make important decisions with one eye on their own career futures.

ID cards have many, many obvious problems, the government have proven that they are technologically inept.

The guiding principle would seem to be profit.

I am very concerned about the welfare of the poor junior member of staff who is in great danger of being scapegoated for the systemic failures of HMRC and the government.

I was glad to see Jeremy Paxman giving John Hutton a reasonably tough time. As a mother of two children receiving child benefit, I have been directly affected by this lost data fiasco and I want nothing to do with ID Cards. I do not want to give any biometric data to this government or any other! Listening to the discussion tonight I found it incredible that anyone should think that biometric ID cards are a good idea. It smacks of Stalinist tendencies within this government. I do not want to be pinned down in that way by 'the State'. I can't stand the self righteous way that John Hutton and Gordon Brown justify this programme. 'We are doing this to keep you safe, it is for your benefit, we are working hard to do the best for you.' If this isn't pushing us ever closer to '1984' and Big Brother, I don't know what is. We have to get rid of this government as quickly as possible.

With regard to the current debate about the missing 25 million records on CD, it seems that one very important issue is being missed. When the government outsourced data management to organisations like EDS they gave up control of that data and allowed the implementation of proprietary databases . I have experience of government officers requesting data queries and waiting hours for RDS to provide them, each query being chargeable. Surely the Government should implement standard high security databases from the likes or Oracle etc, where they can make simple direct queries and get the results instantly in a form they require
When the National Audit Office requested specific non sensitive data ( effectively specific fields only from the database) it in data terms should be a simple query with a simple report form. For the mandarins to say it was too expensive was either naive on their part or simply a result of poor IT implementation. They cannot go on to add further centralisation of data without sound database structures on proven commercial data bases with industry standard encryption.
I really don't believe that experienced IT professionals in Government are not aware of these basic needs and therefore are abdicating responsibility to implement sound IT systems. Rather supporting Outsourcing and thereby also outsourcing responsibility.

Regards

Mike Clarke

The computer experts on tonight's programme stated that computer data could be made secure - but at a cost.

With the revelation that the data was copied in toto because it was a cheaper option than producing a programme to transcribe ONLY the information required by the National Audit Office what trust can be placed in the Government's willingness to spend the necessary amount to ensure the total security of any system.

I have had previous experience of Government computing in the 1990s where, in order to meet budget / time constraints, computer programmes had not been fully secure and testing of these programmes proved woefully inadequate.

This latest security breach does not encourage me to believe that the Government is a competent body to handle / control sennsitive personal data and, given the recent intimation that it will require upto 53 pieces of data from travellers going abroad, makes me very concerned at the implications for the possible introduction of ID cards with its much increased use of computer systems.

Apparently a cost saving merger has contributed to the current data security problem. Cost savings that the public continually demand.
Presumably we all need to ask whether we're ever going to grow out of wanting more and better services while wanting tax cuts at the same time. We want to behave as badly as we like and want everyone else controlled. It's difficult to discover why money spent on the fabric of our society is 'wasted', unless it's for the police or armed forces, while anything spent on things is sensible even if it's an unnecessary gadget made cheaply, while boardroom remuneration reaches Mars earlier than the space programme. There doesn't seem to be a consistent narrative for any government to discern. Six impossible things before breakfast, perhaps?

The experts on tonight's programme noted that security of computer systems is possible - but it will cost and the more secure the system needs to be the greater will be the cost.

The transfer of the HMRC data in toto was apparently permitted because senior management felt it was a cheaper option than writing a programme to extract ONLY that data required by the NAO and which would have had minimal secure personal data.

The Government is now indicating that it's future computer systems will include, in addition to the ID Card system, a travellers database which has recently been quoted as requiring upto 53 separate pieces of data before travel abroad will be possible.

The Government has proved a poor guardian of personal data and, given this latest consequence of cost-cutting within a Government department, how can we trust this - or any - Government to treat personal information with the respect and security it desrves.

When I worked in Government computing in the 1990s, the programmes produced then were poorly tested, highly insecure and poorly coded in order to meet budget / time constraints.

This latest incident therefore is one that many within Government knew was "an accident waiting to happen" and now that policy decisions are producing the errors many prophesied what faith can be placed in the security of any information given to the Government.

2 Lies

Listening to the government "spin" about ID cards in the studio tonight I have detected 2 significant lies-

1. The ID database will be protected with biometrics, this is not true. The biometrics are used to identify an individual not encrypt data and those biometrics will be stored with all the other data.

2. Biometrics are only of use to the person who produced them, a quick Google gives 726,000 articles on biometric spoofing, i.e. making biometric devices think you are someone else, of course you can't change your fingerprints or iris so once your biometrics are compromised you are now a none person.

It's like the whole government from MPs to the lowest civil servant is a Manchurian Candidate set on the ultimate destruction of Britain and its people.

It's unbelievable that Newsnight and the media in general have devoted so much time to the scandal of the CDs yet barely spent 10 minutes debating the fact that 5000 illegal immigrants have been cleared to work in security sensitve positions in the UK.

Back to the CDs ... sure they weren't DVDs - but anyway, we are continually being informed that data of 25 million people has been lost, it has NOT been lost, there's probably more backup copies of this data in existence now than any other. My personal opinion is that it's sitting in some glove compartment of a TNT van somewhere north of Birmingham. We are also told that the decision to send all information rather than a subset of it was due to costs - bullshit, anybody ever heard of an SQL select clause? Then we are told the data structure may add an addition layer of security to any potential criminal .. does anybody in higher management know anything about databases, surely Newsnight's Nick Robinson should know a thing or two, but his journalistic skills probably don't extend as far as simple investigation of the facts. Doesn't anybody at all know what they are talking about here.

ID fraud? Yeah the media love this one, but let me make it clear that when you write somebody a cheque, you are giving them your bank details, this information has never been intended to be private, nor are people's addresses, that's why we've had telephone directories for the past 50 years or so. If we all wanted our privacy we would never fill in an application form, purchase goods and services, or speak to anybody in the street ever again.

By the way, if a security guard lost a set of keys to Conservative Party HQ, would Cameron appologise? I don't think so. If a policeman used his position of authority to check car number plates without due cause, would the Chief constable resign? If the Βι¶ΉΤΌΕΔ's IT security is braeched and confidential information is stolen and posted on web sites across the world, would the Governor appologise and resign? Nope, he I don't think so.

By the way, the person that adminsirates the server of the Newsnight web site is incompetent

Tonight I tried to complain to the government via their Email system that they had lost all my personal details regarding my families child benefit. Surprise; surprise its not working. How can we have confidence in this government when they even refuse to acknowledge us? You try it. As for ID cards. No way.

Error 502 is becoming a regular feature when trying to post /comment on Newsnight!

Sir, On the day when England went out against a country with four million, Croatia, and we lose 25 million records of our citizens it has been a bad day for UK plc...and that is the problem. We are not all about money and balance sheets. Darling will take the hit but Brown is the architect of all this madness, his cost-cutting to rival the Tories is an excercise in self-delusion has all backfired and bit him badly. To send mail second class of this sensitive nature is absolute madness and for some lowly office wallah to get the heat when his line managers forbid the use of record track and trace mechanisms were in place but forbidden to use just makes it worse...and they talk of ID's? Not in a million years. John Hutton got an easy ride from Jeremy considering what has gone on, Jeremy was a pussycat. Steve

The positive in this deeply depressing saga is that the government is now under intense pressure to reform Data Protection Law and this desperately needs to be done. The question isn’t so much about what information the government has on various systems but who actually has access to this information. How can we be sure that they can be trusted? What safeguards will there be? How will this prevent our information from falling into the wrong hands or being abused? How secure is our information? Who watches the watchers?

All of this should have been resolved at least 20 years ago when Data Protection Laws were first being introduced. If it had then maybe the government wouldn’t find itself in the unfortunate position it is in now.

Watching John Hutton on Newsnight last night was painful. His argument that the central database would be exceptionally secure because "it contains our biometric data" is complete rubbish.

Having biometric data on the cards will ensure that it'll be very difficult for someone to copy my card and use it pretending to be me. It will, in no way, will stop anyone with access to the centralised database, either legitimately or illegally, from copying vast chunks of data and mishandling it in the way that has happened at HMRC.

John Hutton, alike many of his colleagues I expect, have no idea how the ID card system will actually work - they pick up on buzz words like 'biometric security' and try to bluff us that it's an infallible system. It isn't. As one of the experts on Newsnight commented - what happens when (not if) someone manages to crack the biometric code, reads my data off the system and uses it electronically pretending to be me? Will the government issue me with new fingerprints or new eyes?? The whole thing will be rendered useless.

For them to be ploughing ahead with this scheme regardless shows a complete contempt for the genuine security concerns of many members of the public. Personally, I don't trust them to run the scheme with any level of competence and I expect many others feel the same.

"Newsnight" should leave Harold Pinter interviews alone they just don't work.

Football >>groan<<

I'm always amazed by the amount of media time spent on men in sport. Compare this to the number of reports we have about women doing their sports, it doesn't compare.

Sport seems to have replaced the ego boosting narcissistic adoration that religion once offered to men and still does in many places.

Consider Beckham; this man is swooned over by mindless women and admired and envied by adoring men. What can he do? Well, he has a well developed foot not unlike, in fact very like, the snail. The snail is a highly specialised muscular foot, its entire life depends on this foot and its agility, a description which fits so well for the human footballer.

Ed (#21) What's so distressing about it all is that too many high verbal experts/advisors don't SEE the problems, and I have long suspected that it's precisely because they're highly verbal and driven primarily by a coherence, not by a correspondence/evidential conception of truth that their errors are largely errors of omission. Sadly, many in the IT business suffer from this too. Computing per se is not, despite many's claims (Herb Simon set this ball rolling) a science, although engineering is. Computing/programming is primarily coherence (i.e. internal consistency, like maths) driven, it is analytic/tautologous. It's the sciences (which includes Behaviour Analysis) which are correspondence/evidence driven, and it's the latter which is being badly neglected these days.

This, I fear, is a major cost to our having created such a highly verbal, feminised, service sector driven economy/culture. We now have large numbers of well-meaning people occupying very powerful positions who are largely out of touch with physical reality.

Surely this is obvious from the way that they speak on Newsnight? It isn't that they are being clever, they really don't see the problems.

After Iraq why does anyone as Lord Goldsmith for advice?

There is a man under 24hr guard from the ...the media. Not gangsters, not terrorists but the press who for love of circulation wish to destroy someone who is prevented by law from speaking out. Diana, Kelly and how many more before the balance of human rights is redressed? Is the media a force for good when, merely for the love of money, they do not respect human rights ?

[ Addition to #14 / 16 ]The Government spokesmen have confused the issue of "Biometric" Data which - once again - raises concerns asto how much anyone in the Government understands what they are talking about !

BIOMETRIC in the way that the Government intends to use it in computer systems is simply a means of access to a particular set of data but - irrespective of access method - the actual data is still stored on a computer system whether it be a database or a simple set of computer files.

Anyone interested in retrieving data - for whatever purpose - will simply access the storage medium and take whatever data it requires and computer hackers have been adept at skirting round internal access security to do just this.

The current proposals for Government departments to share data simply increases this risk as not all individual data files will be maintained with the same level of security. Thus if a data source with low security is breached what current internal system security will be available to prevent access to other - more sensitive - data files of personal data.

Whilst it is very convenient that the inputting of a post code and house number brings up one's property details OR inputting the registration number of a car brings up confirmation of the vehicle details there is the unasked question of what other details are available from such inputs - BUT NOT SHOWN on the particlar computer screen being displayed at the time. Even more worrying is the unknown number of people who have the same ability to access such personal details without either a person's knowledge or permission.

As a regular visitor to East Germany between 1976 - 1983 my personal details were input to the STASI computer files to record when and where I had visited locations during my visits. When the walls came down in 1989 these details were available to anyone - including allied security services - and it has often crossed my mind that the fact of my details ( as I was then a civil servant ) being on that computer system was the motivation of senior management to oust me from a civil service career in the period 1990-1994.

I could prove nothing of this but the suspicion remains that once personal data is held on a computer system the individuals have no means of controlling either who accesses the data - or the uses they will make of any data being held.

Thus an individual's fate is taken out of their own hands and brings the demon of 1984 ever closer.

J Eccles @ 29
wrote,

" "Newsnight" should leave Harold Pinter interviews alone they just don't work."

Hasn't Mr. Pinter liaised with "Respect" via the 'Stop the War Campaign' and sold out to the gender fascist left? TUT! Won't do at all!

I was, and still am all in favour of stopping wars, and in particular I marched in the hope of stopping the one on Iraq, but I didn't feel the need to sell my feminist soul in the process nor did I feel that anyone else ought to either, including Mr. Pinter. He's been off my list of those to respect ever since.

I think Newsnight is at it's best when it brings together politicians committed to a policy, with analytical experts who can communicate an understanding of the consequences of the policy. Then we can sometimes see how (in)capable our politicians are; sometimes they're gob-smackingly hopeless.

Hutton was talking complete rubbish about biometric security; clearly he doesn't understand how it could be implemented even if it could be used reliably.
(Presumably Ministers and Civil Service mandarins are eager to bring in biometric ID cards because of the power/money/board-positions it will bring them rather than for any good of the citizens they are actually supposed to serve.)

Also Hutton saying 'sorry' is insincere and meaningless, as the Government and Civil Service appear determined to keep on doing what they're doing but on a much larger scale with far greater consequences for the people of the UK.

The specific failures in HMRC data security under discussion are not to do with the limits of technology, but rather to do with systemic failures, irresponsibility and arrogance.

Mike Clarke's comments above are correct, especially in describing how the data should have been extracted for NAO. If this was impossible then authenticated NAO personnel should have been required to personally visit HMRC to view data samples under HMRC supervision.

NAO's role in this fiasco is also worthy of examination.
As soon as NAO examined the first CD in March/April they must have realised that the full database had been sent unsecured - unencrypted and by unsigned & untraced mail; this was a breach of security which should have been immediately escalated within NAO, and then across to HMRC.
Instead NAO returned the CDs to HMRC - and exactly how did they return them, and with what warnings or information? If they sent the same CDs back through the post then surely NAO also has a problem with understanding and implementing security?

How far does such complacency run through the Civil Service, and how can we possibly trust it with greater (apparently unnecessary) intrusion into our lives?

35

No I like Harold Pinter and his work but I feel Newsnight as a dedicated News programme just failed again to "hit the spot" when interviewing him about his work.

Last night was in my mind a poor and very average interview and revealed nothing new,the same questions I have been hearing all week on various programmes, so best leave creative works to the designated genre and I am sure Kirsty will prove me correct on Friday

In a dimmed bedroom one glowing behaviourist leans across the pillow to another and coos 'that was fantastic for you - how was it for me?'

error 502 is appearing too much?

#39 'Many a true word..'. We (like all animals) learn about ourselves through the outcome (consequences) of our behaviours/actions (aka operants). Others learn about us the same way. This is why others can sometimes know us better than we know ourselves. The subtle point here is that some behaviours are less available to the reinforcing community than they are to ourselves. We call such behaviours 'private', sometimes, we mistakenly refer to these as our 'mental life'.

#39 'Many a true word..'. We (like all animals) learn about ourselves
through the outcome (consequences) of our behaviours/actions (aka operants). Others learn about us the same way. This is why others can
sometimes know us better than we know ourselves. The subtle point here is that some behaviours are less available to the reinforcing community than they are to ourselves. We call such behaviours 'private', sometimes, we mistakenly refer to these as our 'mental life'.

pippop (#30a,#35b) a) football - it's ballistics, *mainly* boys stuff, roots of maths/science etc. They're different, go easier on them. b) Feminist souls - remember, NOT(ALL) females have them....see above and below:

Sir, What a result! No participation in the Euros next year. No Wags with their overpriced clothes show down shopping malls, no beer swilling bores and abused staff, no flagwaving Empire builders turning our country into a 1935 Germany, no flags on cars outside supermarkets. No ranting at other competitors as being sub-human, no lager louts and know-alls on phone-ins. You've never had it so good. Stevie C.

The emails so far released do not substantiate the Chancellor's statement that only a 'junior official' was involved, though in an effort to make it appear so this subset of emails has been censored and a carefully worded NAO comment has been presented.

/blogs/nickrobinson/Informationrelatingtochildbenefitdata.pdf

Within the linked pdf NAO have commented that the HMRC Process Owner for Child Benefit 'was a copy recipient of an e-mail dated 13 March 2007', but NAO do not say that the Process Owner was ONLY a copy recipient of ONLY one email with no other involvement in the email chain shown in the pdf. (Those experienced in reading between the 'weasel words' know that what is omitted is often as important as what is included.)

Anyone used to doing business hrough emails will understand that if a senior manager was out-of-the-blue suddenly CC'd on a lengthy cross-departmental email marked high priority and Confidential they would demand to know what was going on, unless thay already had some knowledge of what was going on and tacitly approved, and were therefore CC'd just as a status report.

Also, within the pdf there are allusions to other relevant emails which have not been disclosed.

All relevant emails need to be disclosed, with sender's and recipient's seniority made clear, and with consistent anonymised identities being substituted for real names and email identities.
This means that within the email chain if someone sends an email, is a direct or CC'd recipient, or is even mentioned within the text, then the same anonymised identity is used
to show it is the same person.

Without such disclosure one can only conclude that HMRC and the Chancellor have something to hide. It smacks to me of their self-interest, which would be all the more cynical and self-serving given the possible serious consequences to so many UK citizens. So we not only
have an incredible security vulnerability, but those responsible for this state of affairs seem determined to prevent us knowing what happened so they can continue to inflict their incompetence on us.

The emails so far released do not substantiate the Chancellor's statement that only a 'junior official' was involved, though in an effort to make it appear so this subset of emails has been censored and a carefully worded NAO comment has been presented.

/blogs/nickrobinson/Informationrelatingtochildbenefitdata.pdf

Within the linked pdf NAO have commented that the HMRC Process Owner for Child Benefit 'was a copy recipient of an e-mail dated 13 March 2007', but NAO do not say that the Process Owner was ONLY a copy recipient of ONLY one email with no other involvement in the email chain shown in the pdf. (Those experienced in reading between the 'weasel words' know that what is omitted is often as important as what is included.)

Anyone used to doing business hrough emails will understand that if a senior manager was out-of-the-blue suddenly CC'd on a lengthy cross-departmental email marked high priority and Confidential they would demand to know what was going on, unless thay already had some knowledge of what was going on and tacitly approved, and were therefore CC'd just as a status report.

Also, within the pdf there are allusions to other relevant emails which have not been disclosed.

All relevant emails need to be disclosed, with sender's and recipient's seniority made clear, and with consistent anonymised identities being substituted for real names and email identities.
This means that within the email chain if someone sends an email, is a direct or CC'd recipient, or is even mentioned within the text, then the same anonymised identity is used
to show it is the same person.

Without such disclosure one can only conclude that HMRC and the Chancellor have something to hide. It smacks to me of their self-interest, which would be all the more cynical and self-serving given the possible serious consequences to so many UK citizens. So we not only
have an incredible security vulnerability, but those responsible for this state of affairs seem determined to prevent us knowing what happened so they can continue to inflict their incompetence on us.

Sir, When confronted with the facts about ID cards Hutton and Brown go spouting on about 'protection' and no loss of 'civil liberties' What Tosh! I wouldn't trust either of them to mind my car keys. They are staring at election oblivion and yet they go rambling on as though we are going to swallow all this madness by election day. When Hutton was being interviewed by Jeremy, his eyes popped out like Mekon (Dan Dare) and he looked very strange. The previous mad person, Blair, is a consultant in the Middle East peace process....words fail me.