Tracy says…

They’re cr*p, aren’t they? Tracy Says was the name of a band at the UK Met Office. They got their name from the quote :-). Reading the appalling stories that “Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing” I am irrestistibly reminded of them. The Register has a bit more; thanks to Inel for the tip.

I have two reactions to this story: the first is the familiar feeling: these people are cr*p. Anyone vaguely competent in the real world would encrypt the data with something unbreakable – gpg is, as far as I know. But we all know that they wouldn’t do that, its probably something stupid.

The second is, that there should, in a vaguely sane world, be no problem releasing this data. Just because you have my name, dob, NI number, bank account number, it shouldn’t do you any good. The systems in place *pretend* that this isn’t enough, and they tediously inconvenience you pretending that this is true. But no-one has any confidence that this is true.

[Update: the issue of whether the data is encrypted or not is interesting. Finding any info is hampered by most of the participants not having a clue. I've seen various descriptions, ranging from "password protected" to "not encrypted". A further demonstration of the cr*pness of the system is that during the highly heated debate in parliament, not one of the prats standing up on their hind legs to shout about the loss of data thought to even inquire about this issue. I can only assume, given that Darling *didn't* say "don't worry, its secure", that it isn't -W]

Comments

  1. #1 inel
    2007/11/20

    Children’s privacy is the bigger concern that is hardly touched on by today’s media coverage. Adults are protected to some extent by government guarantees against financial fraud. In general, government advice today centres on reassuring adults about risks to their money. I have heard nothing yet – only concerns being voiced – about protecting all the minors whose personal details could end up “out there” if information from these disks were to fall into the wrong hands.

    So much for a Data Protection Act, IT Directors and Data Protection Officers. Heads should roll along with those of the management line above the junior member of staff who was allowed access to the entire database, with “copy to disk capability”. Then there’s the internal mail non-delivery by TNT. Not much being said about that failure, yet.

    Only last week, the Foreign and Commonwealth Office was found in breach of the DPA. The Information Commissioner’s Office issued a press release (available on ICO homepage). Looks like those ICO folk will be kept busy for the foreseeable future by incomprehensible degrees of incompetence.

    Here, FYI, are the basics of the DPA.

  2. #2 Adam
    2007/11/21

    Time was, the delivery would have been done “in house” by some government courier. I’ve no idea whether they were any more reliable than the private sector, but at least if they had lost the disks they’d have stayed within the government somewhere and probably the department, instead of being left with the neighbours.

    I think one issue of this is that the data includes scans of signatures.

    The silver lining will hopefully be the (indefinite) postponement of the ID card system. Maybe. Hopefully.

  3. #3 csrster
    2007/11/21

    There also seem to be a troubling number of reactions of the form “What were they thinking of sending it by courier? It should have gone registered mail.”

  4. #4 guthrie
    2007/11/21

    Yes, that “internal mail” bit is interesting. So if it is as it sounds, TNT have some explaining to do. (But somehow nobody wants to bash the private company, its much easier to bash the Royal mail)

    With name, Dof birth and NI number, I’m pretty sure you can get address. Once you have that and bank account, you can siphon everything out of someones bank account. No system is foolproof, least of all this one.

    And Whither ID cards?