ARE THESE THE RAVINGS OF A LUNATIC? YOU BETTER HOPE SO.
----------
The unfortunate loser of the unencrypted Rolodex referred to in your post will by now presumably have enjoyed the Al Qae'da brand of summary justice.
----------
What of the UK?
We have displayed a reprehensible disregard for data security.
We have done reprehensible things before. Failed to pay our farmers the EU subsidy they were owed, for example, under first Margaret Becket and then David Miliband.
And what happened then? According to Private Eye, the EU fined us GBP400 million.
Could the same thing happen in this case? What is the penalty for abusing 25 million of your citizens?
----------
The EU has an eGovernment initiative [1]. Citizens all over the EU should be able to communicate with their government over the internet and vice versa. The eGovernment initiative also provides for the computerisation of the health service and of public transport.
This initiative relies on each of us having an electronic identity [2], carried on a smart card, verified by biometrics, registered on a national identity register, authenticated by encryption, with the data being shared between all agencies in all governments which need it.
Remember, this is nothing to do with our own dear, domestic Identity Cards Act 2006. This is an EU initiative. And they have a good track record of getting what they want.
Suppose that they decide that our civil service isn't up to delivering. Then what?
Well, they're not going to be thwarted. So the EC might take over the job directly and get eGovernment implemented in the UK under the direct control of one of their many Directorates. Or they might appoint another country to do it, with a more competent civil service.
----------
1. http://ec.europa.eu/idabc/en/document/7134
2. http://ec.europa.eu/idabc/en/document/4484
Posted by: David Moss | 23 Nov 2007 15:39:16
RIP VAN WINKLE WRITES:
"Good morning.
In the late 1970s and early 80s I worked as a computer auditor. My employer was a firm of accountants. They had clients. Some of them were quite big. Like the Stock Exchange. And BAT Industries. Plessey and Sun Alliance Insurance Group ...
These clients had to be audited. On occasion, they would also ask for consultancy advice. One way and another, as in today's case of the NAO and HMRC, we had to look at their books.
If we had said to the clients, please send us a copy of your books, i.e. your computerised systems, they would have assumed that the suggestion was a charmingly flippant joke. If we had persisted, they would have assumed that we were ignorant or that we were insulting them. If we had persisted even then in asking for a copy of their data, they would have assumed that we were up to no good and fired us.
They would no more let the data off the premises than they would lend us their daughters or give us the company cheque book to settle our hotel bills. No, the data didn't come to us, we went to the data.
And now, 30 years later, I wake up and what do I find? Entire databases being couriered around on CDs. Have you gone mad? Why not send a nerd up to Newcastle and get him or her to do the work at the client's offices?
You want to save the cost of a train fare and a hotel bill? The technology may have changed but arithmetic hasn't. That cost is swamped by the potential cost of the data going astray.
You want to access the data remotely? OK, but do it properly. Use a secure link. We've had frequency-hopping since WW2, thanks to the divine Hedy Lamarr. And we've had PKI since the early 70s. And GCHQ/CESG to tell us how to use it.
I trust that when I next wake up, sanity will have returned.
Goodnight."
Posted by: David Moss | 23 Nov 2007 16:12:38
Scenario... terrorists get hold of disks terrorists add info file to disk and change to look like a popular AVI film file then they put what looks like a film file on all the popular p2p servers within hours there will be thousands of copies of both disks distributed around the world ( with how to use instructions) on a purely random
basis
probable..not sure possible..obviously
it would destroy the world economy when no-one can trust any systems basic safety Osama wins
Posted by: Udo | 24 Nov 2007 00:56:06
Yes this is monumental blunder of gargantuan scale. Yes the Minister has to take the nominal responsibility for the failure. But who made the failure? The Minister and the Prime Minister have a nominal responsibility for the departments under their control, but they cannot account for the fashion in which each member of staff carries out his duties. If procedures are wrong they must be tightened and enforced, but this comes to light with a failure. Can the Minister be held to ransom because a disaffected member of staff decides to work slackly and short circuit protection measures. if so, it means he is at the mercy of his department, since they can make him look a bafoon whenever they choose. In the present circumstance it seems Alistair Darling and the Prime Minister are being solidly punished for being honest and informing the public of a serious data failure under their watch..
Posted by: Tunde | 25 Nov 2007 02:07:25