How HMRC gave away the UK's national identity Early last month Her Majesty's Customs and Revenue apologised after a laptop containing data on 400 customers was stolen. At the time the Revenue was praised by the security industry for coming clean and its "refreshing level of ethical responsibility". Earlier this month that it had lost pension records for 15,000 people …
"The banking industry would like to reassure its customers that sort code and bank account, national insurance number, date of birth, name and address details are not enough in themselves for an ID fraudster to access your bank account"
It's true. You have to actively pick up the phone and then SAY those bits of information to the person at the other end with your MOUTH.
Then and only then can the fraud be committed.
Let's face it - all of the affected individuals are going to have to start checking their credit files on a monthly basis from now on. To suggest that the details that were stolen are not enough to commit fraud is simply laughable.
May I suggest that HMRC arrange for all of the affected individuals to receive free monthly credit reports from Equifax and Experian for the next couple of years?
Back in the 80's, Clive Ponting and Sarah Tisdall were sent for trial for leaking government information.
As someone has already observed, the idea that someone with sufficient authority to have access to that entire dataset is also incompetent enough to think that it was OK to transfer the data in that fashion beggars belief - they need keel-hauling, as does the chain of command that permitted it.
Perhaps Andy Hopper at Cambridge should now start making more noise about the fact that even a brand new Computer Science graduate would not have made that elementary mistake !!
Questions that should be asked in the house....
Why was a "Junior" person within HMRC able to dump the contents of the database in the first place?
Were the IT Dept involved? If the data fitted one one CD, it'd be a piece of cake, spanning multiple CD's makes it trickier as anyone who has tried such things will know, so the DB was either extracted in two portions or was copied using some form of backup/span. Either way it took a bit more savvy than a simple "File Save".
According to Radio 4 this morning, the NAO questioned the amount of data they had received previously and asked for less identifiable info, but they were sent the same level of detail. So, this dump would appear to be the standard that gets provided whenever a gov.uk employee asks for anything. Where else has this data been sent?
What happened to the previous CDs? We are told they were sent from Newcastle to London, arrived, were used and then returned. Were they ever copied? do the originals or any copies still exist (maybe on someone's desk, gathering dust before being transferred to a draw once they forget what is on them).
According to a spokeswoman on the radio last night, this problem arose because the "systems are old" and the ID card system would be "new state of the art and inherently more secure". Hmm, we need to ask what drugs She is on.
The Chancellor of the Exchequer told the House of Commons that there was "no evidence" that the CD had fallen into the hands of criminals. Let's think that over for a little while, shall we?
1. Everyone in the world no knows that a CD containing 25 million taxpayer records has gone missing.
2. Arguably, there exist criminals who could think of profitable ways to use that information.
3. This is where the wonderful Free Market comes in - the one that Nu Laber ministers have been haranguing us about for 10 years.
4. The putative master criminals make it known that they are willing to pay £X for the CD. Alternatively, if they know who has it, they offer to let that person go on living.
5. Bingo! The CD has wound up in "the wrong hands". See how easy it was? Thanks to the marvels of capitalism, it was just as inevitable as water running downhill.
"customers can have peace of mind that they enjoy protection under the Banking Code" - yes this is very very enjoyable that the banking code have put things in place, I'm not sure it's an enjoyable experience dealing with it, especially as you now have to go through the bank, the police are not interested in ID Theft, or others fraudulently taking money from your account, probably because they have too many people smoking cigarettes while driving to pull over.
"Even 25 years ago, who could have possibly thought this is a safe way to send private information about 25 million people?"
25 years ago, all you would have got in an envelope is a few sheets of paper. The physical storage medium able to contain 25 million records would be the size of a suitcase, and a few years before that the size of a room. Now you can put millions of records on a laptop, CD, DVD, or memory stick the size of your thumb, and lose it in an instant.
Systems should be designed so there is no way copying of vast amounts of data on to portable media. If it needs to be physically transported instead of transferred over secure encrypted comms links, there should only be one place it can be done, and whatever medium is used on should be contained in a lock box changed the arm of a security guard for every second of the journey.
No, it would be a middle manager who would have burned the CDs, who then would have thrown the CDs onto a junior's desk and told him/her to send them to the NAO because he can't be arsed to do it properly himself. The junior then sent them un-recorded because the junior knew no better or had no idea of the contents.
The junior will of course have been sacked and had their career ruined whilst the middle manager will be moved sideways to await an early retirement.
"Were the IT Dept involved?"
Has to be. Nobody else has access to the entire database, or a CD writer. Records can be accessed one at a time, and only if the reference number/National Insurance number is known.
The BBC referred to an IT worker this morning.
It's a bit rich the Tories trying to exploit this. Does anyone believe it wouldn't have happened if they'd been in charge?
"I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC."
Un fucking believable. You WOULD have EMAILED a 25 million record database containing highly sensitive, personal data?
Thank your lucky stars that the Register allows YOU the privilege of remaining an Anonymous Coward - that more than your 'customers' get.
I believe that the data was requested by the National Audit Office as part of the National Fraud Initiative which gathers together data from all sorts of sources and cross references to look for fraud i.e. employees claiming unemployment benefit etc.
There has been a big fuss in Local Government circles (still being tracked and reported by Public Sector Forums) because the NAO inisisted that every Local Authority in the land sent them employee data; all the usual personal info, as well as bank account numbers, sort codes etc. without anyone (in my authority anyway) knowing why. We had 'we might use your data' paragraph on our payslips - but there was nothing about NAO fraud investigations!
There was also no information about how nothing about how the data was sent, was it encrypted, password protected etc. It appears to have been left to each authority to make up its own mind - if memory serves it was also sent to a third party not a government office.
There have even been concerns about the legality of the amount and detail of data being requested by the NAO. I don't know how far the NAO can reach, but it maybe that they can request data from any employer - even yours!
The chances that:
a) These disks fall into the hands of bad guys
and
b) My details are one the first to be taken advantage off
must be smaller than winning the lottery. So for a minimal risk of being a victim of identity theft from this route we get hopefully better protection from identity theft from all routes if the 'keeping a closer eye on peoples accounts' is to be believed.
As soon as it is found that someone has become a victim because of this there will have to be a massive change over of bank details etc.
The bad news is that even if the CD's are recovered there's no way of knowing if someone has copied them in order to sell the data in 6 months time when all the fuss has died down and everyone has stopped checking their accounts as regularly.
The good news is that the general public (ie the morons) are now very aware that the government cannot be trusted with their data. Mothers especially will probably be going ballistic right now - so there's eff all chance of a Nationanal ID database now - not by any government who wants to remain in power at any rate.
"So these discs have the names, ages, and address of (hundreds of thousands?) of children?
What if pedophiles[sic] get this information?
Unbelievable!"
Paedophiles could find out where a large number of children live by walking down any given street in the country and seeing which houses the kids go into and out of. Or they could go to one of those places where lots of kids are stored in one building. What are they called? Schools, that's it.
They don't need a list of names and addreses to find children, you cretin.
Bank details, on the other hand, don't play in the streets where just anyone can see them.
No, but it is more than enough to open one. Credit Card, pretty easy once the bank account is established (just deal with that troublesome "Oh I've changed addresses, you must have my old one" step first). Overdraft, pretty much defacto nowadays. Short Term Loan, easy with a solid set of bank account details.
So 25 million details, which ones to pick? Simple, you have the addresses. Think about where you live, now work out which streets the nice middle class people live on and search for those, then pick and choose.
Apply techniques in Paragraph one, and then multiply several thousand times.
I reckon about six weeks of work and you'd be able to set up enough accounts/cards/loans to make a decent amount of wonger. Leave rented house (rented using the database details, naturally - it's easy enough to fake an electric bill and the rest are just numbers) and head for Caribbean to live off your earnings.
No risk? - B*ll*cks. Glad I'm not on the list.
To continue the rant - why is the database accessible by a machine that has a CD/DVD burner attached? Why is the NAO asking for this data in the first place when the data is not supposed to leave the building? Why is the member of staff concerned so blase about the data that he feels it's ok to do this? Why has this happened several times and nothing has been done? Why are there not secure network links between all these government offices? Why are these clowns still in power? Why are they using TNT to deliver secure internal mail?
If it's so easy to get this data out of the HMRC then one wonders how many times it has happened previously that neither the public or the mandarins know about?
If Darling has the gall to say that Bank accounts without passwords cannot be comprised then I suggest that he publishes his own similar details and see what happens.
When they say that ID cards will be on more modern systems with greater security I have a vision that a few years down the line the data will be lost and the politician's excuse will be that procedures weren't followed.
If it's so easy to get this data out of the HMRC then one wonders how many times it has happened previously that neither the public or the mandarins know about?
If Darling has the gall to say that Bank accounts without passwords cannot be comprised then I suggest that he publishes his own similar details and see what happens.
When they say that ID cards will be on more modern systems with greater security I have a vision that a few years down the line the data will be lost and the politician's excuse will be that procedures weren't followed.
It means that if you open the file in the software package that was used to save it, you will need a password, but if you open it in a plain text or Hex editor (for instance), you will be able to read the contents although they probably won't be formatted.
In short it means the data is effectively unprotected.
Surely this data should have been stuffed into a Armoured Car, sent of with a Police escort and signed for in triplicate by the mothers of the heads of both departments.
Since the government is so into biometrics, why don't they use the damn things themselves, why wasn't the data only accessible in its 25 million format by senior management only upon receipt of a dna confirmed stool sample.
Plus if it was so important to the NAO to have this data why don't they have a secure link into the HMRC with appropriate data access filters why are they even having to ring some "Junior" numpty anyway ??
I know the answers to all these questions are that the government couldn't run a IT project to save its collective asses and we will probably rebuild Iraq with a decent biometric system before we get one !
Alien icon because it feels like they have landed at the moment !
Yeah, until some enterprising individuals send out surveys to obtain further information to help them scam us all. Ah, but wouldn't that require the addresses of everyone I hear you cry, oh wait, they already have that information too!! So, with a little effort, enough information could be obtained in order to get past any security questions the bank may have. I can hear it no.....Sorry, I can't remember my password....Ok sir, just answer these additional security questions.....mothers maiden name.....place of birth......first pet....very good sir, your new password is xxxxx, thank you and have a good day. I know how easy it is cos I've done it before (forgotten my password that is, not accessed other peoples bank accounts!!). I think it's time to go down to the bank and ask for a new account number, it's the only way to be safe and I thought I had been good shreading everything with personal information on it, why did I bother.
... via http://www.writetothem.com. Please feel free to use it as a template:
Dear ,
I am extremely concerned about the loss of data from HMRC. There is something fundamentally wrong with the whole system:
1. How was an entire data dump to removable media even possible without at least several layers of security and permission?
2. Why was sensitive information sent in unencrypted form (this would apply regardless of the means used (see point 3 below)?
3. Why was physical transfer of data disks necessary? It should have been possible to send this directly via a network (though see point 4 below).
4. What does the National Audit Office want the information on 25 million people for? (I have one legitimate answer in mind, but I want to know yours).
5. Why was a courier service with a known lousy record chosen for this service? What was wrong with supporting the Royal Mail?
Beyond these questions on the specific incident, there are three others:
a) Will you support a full investigation of this incident, with penalties including prosecution under the Data Protection Act ?
b) Will you support the creation of a government-funded compensation and assistance scheme for any victim of identity fraud if it can be shown that, on the balance of probability, their data came from this database?
c) Do you still support the creation of a national ID database in the light of the incompetence shown here?
Yours sincerely,
So if the govt goes ahead and creates the National ID scheme, including Biometric details of each of us, they would have to be stored in a database, probably beside our names, or National Insurance numbers, or bank details, or the names of our children, or our addresses.
Then someone asks for a copy and it goes missing.
The Chancellor & APACs say not to worry, meanwhile I am cutting off my own fingers and gouging out my eye!
Not only is this a disaster, but further ID card schemes, especially Biometrics will only add to the problem.
... turns out - according to the Daily Mail - our 'junior official' is a 'computer specialist'. Sorry guys but you are evidently part of the problem, not the solution (hear me BOFH?)
http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=495369&in_page_id=1770&ct=5
... is bound by the EU data protection laws. These are pretty clear cut when it comes to handling of data. The data should only be made available to those users who have valid business reasons to do so. So making the entire database available to someone in a completely different department breaks not only their internal precedures but the law in about 10 different ways.
The perpetrator of this has not even been fired according to reports.
My company test each and every one of us on these rules once a year to ensure we are familiar with the legislation. I know many other organisations do this too. It affects our bonus payment if we do not take these refresher courses.
If I did what this guy had done, even if it hadn't hit the media, I honestly think I'd be sacked.
What we've got here is the antiquated British civil service still floundering where most firms were 10 years ago.
The government enforce a the EU legislation but are completely incapable of adhering to it.
I for one will never have an ID card.
I object to being called a "customer" of HMRC and always have since they started using it some years back with the advent of "Hector" IIRC. The word implies choice. HMRC are an unelected, and largely unaccountable government body who I have no choice but to liaise with and use, and if they screw up I am lucky to get so much as an apology. If however I screw up, I get draconian penalties and fines. What supplier treats its customers like that?
Pah!
In OUT LAW (produced by Masons...) the following -
"A data breach notification law was recommended in a recent report by the House of Lords' Science and Technology Committee. Last month the Government responded (16-page / 90KB PDF) that it was "not so convinced as the Committee that this would immediately lead to an improvement in performance by business in regard to protecting personal information and we do not see that it would have any significant impact on other elements of personal internet safety."
The Government said it would "continue to observe the US experience and consider whether we need to find more formal ways of ensuring that companies do – as a matter of routine – contact the Office of the Information Commissioner when problems arise."
Aha, we can feel happy in our beds, the gov is watching what the US is doing......
I've been wondering about this - but haven't had time to play with it.
Couldn't one use TrueCrypt for securing a CD?
1. Create TC image on disk, just under CD size, using required level of paranoia settings you wish.
2. Mount the file, put files in it.
3. Unmount the file, then copy the TC file to the CD itself.
This assumes, of course, that one can securely provide the passcode to the person receiving it.
I'm not saying it is a good idea for the government to do this, but I'd think this would work (haven't tried it yet)
On BBC News this evening they said that the reason why *all* of the data was sent rather than just the names and NINOs was that it was too complex to extract just that data. Lesson number 1 in SQL:
select firstname, middlename, surname, NINO from ChildBenefits order by surname
GO
OK, it might be a little more complex than this as it's probably an ancient ICL or DB2 database. Perhaps it's true they are under-resourced in the IT department or perhaps EDS said it would cost £3000 to do the job. Or perhaps the next batch slot to run the query was in 2008.
Are useless, what I don't understand is why this isnt a breach of the Official Secrets Act which all government information, like that leading up to the Iraq War, is supposed to be governed by? Or is prosecuting those who expose embarrassing / criminal acts by our government more important than the ID fraud of 25 million Britons?
" Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant-a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense. "
I don't think it's a problem of the crims *using* your biometrics once they're nicked, though if they can access your environment, they may well be able to fake your fingerprints. It's more a problem of the false sense of security that embedding everything in a biometrics-based system gives.
Most checks against the biometrics will compare the local reader's findings with what's on your ID card. Once ID cards can be forged (and don't doubt it will happen) the crim will associate your ID with their biometrics on a card and everyone will take it as gospel. Which makes the whole biometrics thing useless for basic verification.
Having biometric data in a database doesn't make the database any safer, either, despite what that nincompoop at the despatch box said.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
