Senior officials now in frame for HMRC data fiasco

Good...

"A junior official from the Child Benefit IT department has reportedly been suspended and sent to a nearby hotel with a minder in order to protect his or her identity."

As long as 1 in 25mil peoples identity is safe. When do we all start getting our own minders?

Letter to My MP

When this story broke I wrote to my MP asking for a bunch of details, including the file format and the current password protection policy.

I'll forward onto El Reg any info I recieve

What's worse - losing it or selling it?

The government has been selling our details to outfits little better than criminals for several years and continue to maintain their right to do so.

Don't believe me? All you have to do is set yourself up as a parking enforcement company, sign on with the SIA (Don't worry - they won't do any checks on you. They didn't on those 5000 illegal immigrants, did they?)

After that, all you do is collect a few likely looking car registrations and send them with a cheque to the DVLA. They'll give you the registered keeper name and address for a fiver a time. Sweet.

David Craig will have a FIELD DAY with this

He just about predicted that crap like this could and would happen in his book "Plundering the public sector". He was so right all along.

Go David!

eh?!?!?!

"Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards"

did he now?

fucking how's that, then?!?! i love the way he can just come out with crapola like that and not have to actually back it up with facts or even theories. at the end of it all, they didn't take appropriate steps with sensitive data. it should have been crypted to buggery, 4096 bit stuff. delivered by armed guard, if necessary.

GRRRR!!

How hard can it be?

"the NAO asked for the data be "desensitised" but this was rejected on grounds of expense"

How hard is it to run PGP over a file before sticking on the CDs?

Well, it would take the education of senior politicians - which can be hard.

More importantly it would take educating senior politicians that MS tools and (laughable) security are not all they're cracked up to be - and since MS bunged the British Library £100 million ( http://news.bbc.co.uk/1/hi/technology/4402442.stm ) that's *very* hard indeed!

Tell the Truth

If the chancellor is telling the truth - that only one junior official was to blame - that is much more worrying that the Tories' version.

How is that a junior official has access to the entire database, can copy it onto CD and, presumably, put it in his pocket (rather than the post) and take it home to sell to anyone he wants to? With no audit trail or management oversight. If this is what happened, heads should roll.

If a senior official was involved (which is likely) the chancellor is lying or misinformed and even more heads should roll, including his.

Poor old Steve McLaren looks like a hugely successful mastermind in comparison with this sorry lot.

Meanwhile in the private sector

Working in baks for many years, if a similar incident had happened, even of 1/100th of the magnitude, they'd be frogmarching everyone that had his figerprinted on this f-up out of the building with a binbag, and not a lot of sign of full pay and hotel rooms.

Poor Sod

I'm glad people are now starting to think about the only victim in this fiasco. The poor guy or gal who sent it out on the 18th of October. Was this or was this not the last day of the postal strike? Seems to me that internal unregistered post was the only option available on the day.

"Has a minder in a nearby hotel" - suicide watch more like.

What really happened

From the bbc story:

“He said the NAO wanted only limited child benefit records but was told in an e-mail from a senior business manager in March that to remove more sensitive information was too costly and complex.”

Right. Costly and complex – it’s a database right – so a simple query could have been written – may have taken time to run if it had to pull out all that information – actually the query might have been pretty complex given that im hoping the table structure was set up properly with all the correct joins and normalisation etc (though I wouldn’t hold my breath). Also – 2 cds? Whats that - about 1.6GB of data? Sounds a bit small for 25million records considering when I worked in the hospital the database I used that held the data for the patients that had been seen in the hospital – considerably less than 25 million I might add – was sitting at around 2GB when I left.

Im also assuming that they will have information officers whose job it is to respond to requests like that – who may be familiar with a little known application called crystal reports.

Though what happened probably went something like this:

Scene 1 - HM customs & revenoo office, basement where the IT people are kept

Non-Existent High Level Civil Servant (NEHLCS): “Ho there laddo! A mate of mine at the Audit Office,old school chum actually, jolly good sort [insert long winded anecdote about old pull-my-finger Smythe]… Well he asked for a bit of information that we have. I’ll have my secretary send you the details shouldn’t take a clever lad like you long eh?”

Scapegoat: “Umm… well maybe. Depends what it is they are looking for. Oh and could you sign the authorisation for me to access the data please as well – you know.. for the security audit thingy we are supposed to do…”

NEHLCS: “Well he did say its dashed urgent. No need to bother about that security tosh now – don’t worry I will do it later. You just get that info he wants and send it over to them toot sweet.”

Scene 2 – 20 minutes later

NEHLCS: “Well laddo have you managed to get that info I asked for?”

Scapegoat: “Umm… Just writing the query now. Its actually quite complicated because…”

NEHLCS: “Argh! Non of your technical mumbo jumbo! I don’t understand that rubbish anyway! Can you not do it faster?”

Scapegoat: “Not really boss. It all takes time, and because of the amount of data it will take a while to run when it is ready anyway”

NEHLCS: “Bugger. He did say he needed it soonest. I know,” (Self satisfied smile)”Send it all.” 

Scapegoat: “Umm… All of it? Are you sure? I don’t think that we are allowed to do that…”

NEHLCS: “Nonsense! We are the Government! We can do what we like – it is just sharing information anyway. Will be a lot easier when we have that big central database” (Scapegoat shivers and turns pale) “Stick it all on a cd and send it down to them. Let that git Smythe get the stuff out of it himself. Always was a lazy bugger.”

Scapegoat: “Umm… send it how? And it will take time to burn it onto cd anyway”

NEHLCS: “The post you daft sod! How else! Actually better use that courier service we use – stick it in their bag – royal mail are probably on strike again. Ruddy socialist slackers!”

Scapegoat: “Recorded delivery right you are”

NEHLCS: “Oh no! we are trying to save money here. It will be fine in the normal bag”

Scapegoat: “Riiiiiight….lf you could just sign this form saying that you have authorised a copy of the ENTIRE SYSTEM….”

NEHLCS: “No time! Of to see the minister for a few ummm… policy thingies. Pop it in the post there is a good chap.”

Scene 3 – A month later

NEHLCS: “You there! What happened that bit of data you sent to the Audit office! They haven’t got it yet!

Staffer: “…”

Scapegoat: “Umm… actually that was me. I posted it like you asked”

NEHLCS: “Well they have no record of getting it. Where is the tracking slip”

Scapegoat: “….”

NEHLCS: “Well?”

Scapegoat: “you instructed me to send it by normal mail”

NEHLCS: “…”

NEHLCS: “Send it again – This time recorded delivery. Those buggers at the Audit Office probably lost it.”

NEHLCS leaves basement

Scapegoat: “Boss. The boss had me do something and it stuffed up so now im telling you – we’ve lost a copy of the database.

IT Boss: “*@!£%^&*&I*UO(*U”

How did they fit all the data on 2 CDs

Ok, so nobody has yet specified whether the were "ordinary" CDs or not. But you'd have to go some to fit 25 M records onto 2 CDs. Rough calculations seem to suggest that each record would have to be between 50 and 160 bytes ( this is back of the envelope stuff ).

Presumably, since it wasn't encrypted, it also wasn't compressed so a small record with name, address, NI number, DOB, bank details might be :

fred bloggs,23 the road,truro,cornwall,tr5 4tr,ab123456b,020304,12345679,010163

That's 79 bytes - many records would be bigger than this and that's just CSV ( no allowance for file format /separators etc ).

Did they /really/ get all the data on 2 CDs ?

On a less cynical note - don't they have the intarweb in Govt ? If someone wanted a gig of secure data off of me I'd fire it over a VPN or something ( after encryption ! ).

There's no chance these muppets will /ever/ be able to run an ID card scheme securely !

Utter Toss

Obligatory speculation : CSV file, zipped with password. This is very, very common when shifting bulk, high value, personal data to/from outsourced functions or external organisations. Sad, but true*. But who knows how these muppets go about things.

Not so speculative part : Additional expense ? For unticking two fields (sort code, account number) in the database table export wizard used to dump the CSV (or whatever format) file ? At worst, setting up a duplicate query with those fields removed ? Fuck off. And there simply isn't any way it would have been much more complicated than this** no matter what's on the back end. (And it will be SQL Server or Oracle, I'd guess Oracle 'cause HMRC (or their outsourced pixies) have some experience in Oracle data warehousing)

I've seen this done (and done it myself) a hundred times, and I don't recall it ever being a chargeable extra.

Definitely not speculative : If a "junior official" is in a position to make such decisions, and access such data without some managerial supervision, then whatever else the gov might claim, HMRC really do have *serious* systemic problems with their IT, security and management processes, this is beyond question.

Grr!

*In which case your whole 'security' policy is largely predicated on the integrity of the physical transport process.

**OK, it's a little more involved in Oracle with no third party tools, but come on, it's what ? Seven lines of sqlplus ?

Hmm

"That's why we don't like seeing work off-shored. It raises all kinds of security issues about sensitive data and the worry is that it could get into the wrong hands."

I may be from 'daan saf' but Tyne and Wear is hardly off shore!

Anyone else think the 'unions' are just using this to bolster their own self importance?

@Joe McGrath

The easily could of used DVDs. They probably wouldn't know the difference.

Excuse me?

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards."

What, so the Gov't can send even more of our personal data around the country in a completely unsecured manner?

Also, what kind of screwed up database system have the HMRC got running, that simply removing the fields that they don't need from a data dump involves a prohibitively high expense of time and manpower???

Most (Microsoft) Office monkeys could do this in Excel, let alone the kind of over-priced Oracle-type monster that they've got, so why can't... wait, nevermind.

Elaborate, Darling ?

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards. "

I'd be very interested to read how he could elaborate on this one. El Reg to call him ? Worth the cost, IMHO.

Even in my banana republic, the press would collapse from laughter on this one ...

What!!!

"Chancellor Alistair Darling also said yesterday that the disaster actually strengthened arguments in favour of ID cards."

He's a bigger muppet than he looks if he thinks anyone is going to swallow that line.

Shooting yourselves in the foot

I also have a lot of sympathy with the union position and I don't like off-shoring of sensitive data, but when the unions come out with statements like this:

"That's why we don't like seeing work off-shored. It raises all kinds of security issues about sensitive data and the worry is that it could get into the wrong hands."

Didn't the big fucking irony alert go off in their minds?

Now their opponents can simply argue that an Indian data centre might lose the data, but it'll definitely be cheaper.

It's an access database

what toss.......

thats the problem with so called clueless"IT experts" , read "the reg" and think that they are Alan Turing and Bill gates rolled into one! -

"it was probably an access database"

id like to see a access database loaded with 2m million anythings and then still be able to export it to disk!

its probably same guy making this statemnt, who drew up the scurity and file and data transfer policy - stuff it in a jiffy bag and courier it up the M1 gov'nor...

otherise, well its either that or get a ad-hoc request through the GSI.

as for the lowgrade uncivil servant, he was probaly just following procedures - why dont we see a senior uncivil servant or a minister taking a jump of waterloo bridge?

In response to anonymous coward

Really? I wouldnt have thought of that. Thanks for clearing that up.

What is this "Junior" Official's job

A lot of commentators are asking why a junior official had access permissions to the entire database. Perhaps because that is his job?

I suspect that his role is to support a database application. He may have amazing technical skills and years of experience, but because it's a hands on role, he's "junior". Senior staff don't get there hands dirty, they go to meetings, think about blue skies, rub shoulder with politicians and issue instructions like "Send all our data through the post on a password protected disk because encryption software and secure networks are too expensive" and "I want it done by lunchtime!"

Would you really want to give such clueless senior civil servants full access to the data?

What the hell is a "Junior Official"???

Brown and Darling are taking full advantage of the public’s ignorance when it comes to the workings of the civil service. Their use of the word “Junior Official” is highly misleading. I’ve worked in the Civil Service since the late 80’s and I’m not entirely sure what a Junior Official is – it’s not on any pay scale I’ve ever read. I can only assume they meant someone who is not a Senior Civil Servant (SCS). If this is true, of the ½ million civil servants in the UK – 4000 of them are SCS. That means 99.2% of ALL civil servants are “Junior Officials”. The wording has clearly been used to give the impression of an office junior – an incompetent temp. And in this case, and what is more worrying, a rogue one. This is very misleading. It is simply not possible for an individual to act independently and download an entire database from the Child Benefit system (a “live-load run”). This requires very special permissions from management. There is no way this individual is guilty of acting independently – it’s impossible. If he’s guilty of anything, he’s guilty of trusting that the courier service, TNT, would do their job. Nothing more. Hardly a sacking offense.

"Junior Official"

Isn't that the title given to someone who is subsequently found dead (under suspicious circumstances) and is later said to have committed suicide?

re: How they would filter out the sensitive fields : Ssssshhhh!

"Being a computer science student, he realised that this could be done in a matter of seconds with an awk script, or similar. But if he had done that, he would have been congratulated and then fired since there was nothing else for him to do. So he spent the allocated 6 weeks doing it manually, as instructed."

Surely the correct approach in these situations is:

1. Write the script and run it

2. Spend rest of the summer getting paid to sit back, play Minesweeper or (if you're lucky) browse the web.

3. Hand in your results (and if you're feeling nice, the script) at the end of the contract, having been paid the full amount.

(For career bonus points, shave up to a third off the boss's expectations. They will be amazed, you will get 4 weeks pay for a day's work; the next guy still gets room to "improve" the process further still, everyone's happy, right? For geek bonus points, spend the rest of the summer benchmarking and optimising the code until it's mathematically impossible to tighten...

We've all been there, surely?)