What a bunch of discs

When the Guardian urged the government to “free our data”, I’m pretty sure they didn’t mean that the government should compromise the personal data of half the population. The “discgate” (gah, why does everything need to be called “-gate”?) scandal is all the more horrifying because of the sheer stupidity involved: it seems that 25 million people’s data was entrusted to a junior clerk and stored without encryption before burnt to CD and lost in the post. [The data was encrypted after all. Thanks Charles.]

It’s a spectacular display of utter incompetence, but of course there’s a bigger point here. There are all kinds of rules, procedures and laws to prevent such stupidity from happening, and none of them made any difference.

These are the people who will protect us from ID thieves? Jesus wept.

And that’s why the ID card scheme gives sensible people the heebie-jeebies. It’s not fear of Big Brother watching us; it’s the perfectly reasonable fear that Big Brother is D-U-M dumb. What’s the point of biometric scanning and other high-tech protection if the entire system can be compromised by a clerk with a CD burner?

As this sorry saga proves, relying on the government to safeguard our personal data is like asking Fred West to babysit.


Posted

in

by

Comments

0 responses to “What a bunch of discs”

  1. Ben

    “These are the people who will protect us from ID thieves? Jesus wept.”

    Ding-Ding-Ding.

    ID card scheme is a good one, sadly their isn’t a company/organisation/goverment dept. who are suitable or ABLE to achieve this without the usual pile of IT jibberish and p15h.

    [Spam word: Eek.. how ironic..]

  2. In what way is the ID card scheme a good one?

  3. This is what happens when you cut back on Civil Service funding, and give more and more of the work to temp agency staff, who’re either under- or overqualfied to do the work, have no incentive to learn, and end up making stupid mistakes (and I should know, having had several jobs like that). If the Government isn’t going to offer decent pay and the option of a career, they’re going to keep getting “junior clerks” who make enormous fvck ups.

    “In what way is the ID card scheme a good one?”

    Shockingly, I’m with Jo here. I’m not as libertarian as him (-6 or so on Political Compass), and am sort of okay about the idea of a National Identity database (with an enormous list of caveats that I won’t go into here), but I can see absolutely no reason for ID cards.

  4. The problem isn’t that someone made a mistake; it is that the mistake was possible in the first place. What would happen if someone broke into a shop and nicked all the credit card receipts? They’d discover the last three or four digits of thousands of customers’ credit card numbers — useless. Why was my bank account number even readable by users at HMRC? It’s only ever used by automatic systems; no human need ever see it. The problem is not the (possibly) underpaid member of staff who made the mistake; it’s the (probably) well paid person who designed the IT and security requirements. Paul Gray clearly recognises that, which is good of him.

    > am sort of okay about the idea of a National Identity database … but I can see absolutely no reason for ID cards.

    You’ll be pleased to hear you’re not with me, then. I’m far more strongly against the database than the cards.

  5. You know, it’s odd that I’ve not seen anyone use the phrase “tax disc” yet.

  6. By the way, another indicator that this is a top-rung fuck-up rather than a flunkey fuck-up is the way the National “Audit” Office are revealed to be working. The main reason this should never have happened is that the NAO’s auditors should have been physically in the HMRC offices. Once everyone’s calmed down about the loss of the discs, maybe we can move on to asking what kind of second-rate bargain-bin audit involves asking the auditees to send you their data and promise that it’s not lies.

  7. Agree with McGazz that when the truth comes out in the wash, it’ll be down to an intern (blame the intern!) or a temp whose nominal job duties were filing and typing.

    You can read how I ended up with my hands on your personal medical history here.
    http://idea15.wordpress.com/2007/10/12/a-lot-to-answer-for/

  8. Gary

    Bloody hell.

    Apparently the information commissioner – the lot in charge of data protection – can’t audit a company unless the company gives its permission. That’s going to work, isn’t it?

  9. > am sort of okay about the idea of a National Identity database … but I can see absolutely no reason for ID cards.

    I’m the reverse: ID cards are fine (what is a driver’s licence or a passport but something to prove you are who you say you are, with a bit of extra info), it’s the database that’s the problem. As this little exercise proves, having large amounts of info about large amounts of people in the hands of a single organisation is an accident waiting to happen. Having virtually all info about virtually everyone in a single, online database is just so monumentally stupid that the very idea might create a black hole of stupidity from its sheer density.

  10. > what is a driver’s licence or a passport but something to prove you are who you say you are

    No, a driver’s license is something to prove you’re qualified to drive and which you are not required to carry with you or produce on demand, and a passport is something to prove you are who you say you are when crossing nation-state borders. I see no problem with having to declare my presence and identity as a foreigner in someone else’s country, but the idea that I should have to identify myself to the agents of my home state is exactly the sort of pernicious way of thinking that one should never allow a government to establish. We are a people that has a government, not the other way around. Being obliged to prove to the police that I have the right to walk down my own street violates that principle.

  11. Back to the main topic… The NAO are saying that they only asked for names and NI numbers and didn’t want all this data, but were told by HMRC that it wasn’t cost-effective to extract two columns from the database and so they’d have to have the whole lot. Decisions about cost-effectiveness tend not to be taken by underpaid flunkeys — quite the opposite: underpaid unskilled uninterested temps tend to make the sorts of mistakes that cost their employers money. Looking more and more like a top-rung policy fuck-up.

    And extracting two columns isn’t cost-effective? That’s what I do all bloody day, with one of the largest insurance databases in the US. It’s about four lines of SQL; writing it takes all of a minute. Is a minute’s work that expensive at HMRC?

  12. tm

    >It’s about four lines of SQL;

    That’s assuming that it’s in a relational database. I haven’t heard anything to say that it was.

  13. Well, even if not, extracting just the names and NI numbers should have been fairly easy to do. Unless they’ve got the thing set up in such a way that it’s prohibitively difficult for them to get any data out of it, in which case cost-effectiveness is already utterly buggered on a basic day-to-day basis and one extra bit of work for the NAO would be a drop in the ocean.

  14. mupwangle

    It was probably a really big MS Word document.

  15. God, that’s so true.

  16. “The problem is not the (possibly) underpaid member of staff who made the mistake; it’s the (probably) well paid person who designed the IT and security requirements.”

    One of my conditions for agreeing to a National Database is that the database structure is well-designed from the outset, with people only being able to access the bits of the information they need to do their jobs. Another is that the security is watertight. You may argue that those two things are impossible. I may not argue back.

  17. Mupwangle

    it isn’t impossible, but unfortunately the same people that fuck every other government contract up will probably end up doing the national database anyway.

  18. Gary

    I’m far more strongly against the database than the cards.

    I’m against both. The former because it *will* leak, and because of the potentially catastrophic effect a single screw-up could have (I’ve written a few times about cock-ups that ended up with living people declared dead, with hilarious consequences) and the latter because of mission creep.

    What I mean by that is pretty much what S2 said:

    the idea that I should have to identify myself to the agents of my home state is exactly the sort of pernicious way of thinking that one should never allow a government to establish.

    It’s a bit like the way the law was changed so the cops could stop cars even if they weren’t doing anything wrong. It happened to fight drunk driving, but it’s now routinely used to check tax discs, insurance, tyres, to crack down on kerb crawling (bad news if your band’s rehearsal room is near a red light area, chaps), to look for burglars (I’ve been stopped and searched on two separate occasions for that), to look for knives, etc etc etc.

    It isn’t hard to imagine ID cards becoming a routine “stop! Show your papers!” thing for no good reason.

  19. I have a certain amount of sympathy with the police (that’s the theoretical police who fight crime, not the new branch-of-the-Labour-Party police who investigate thought crimes), because there is a popular perception that they catch criminals largely by investigating clues and using deduction, whereas in fact most police work is routine — breaks in major murder cases do come about because a PC not even involved with the case checks all the tax discs in a car park or something. So what the police are always struggling to explain is that the reason they want random stop-and-search isn’t so much so that they can catch people doing bad stuff there and then, but more so that they can gather more data to get a better handle on the big picture and get more breakthroughs in really important cases.

    Which is all fair enough, but just because something’s good for the police, doesn’t mean it’s a good idea. It’s like doctors who want to ban salt: we need to balance their needs with the public’s.

    Proponents of the ID card scheme are always saying that they have it in France and they seem to be all right and not a police state. But their experience of France is invariably that they spent two weeks going to nice cafes somewhere, not that they ran into the Gendarmerie or were anywhere near any of the frequent riots. I’ve been stopped and searched by the police in Paris for no reason other than that I was there, and it’s really not something I’d like to see introduced in Britain.

  20. Oh, by the way, another thing the random stopping of cars is used for: over here, they set up big road blocks and stop every single car with a diesel engine and take a sample from its tank, looking for agricultural diesel.

  21. Gary

    Oh, things are different over there. Many years ago my dad got a really hard time from the RUC when he couldn’t produce his driving licence that second, for no particular reason. Pointing out that he had 7 days to produce it at a cop shop didn’t go down well.

    It’s like doctors who want to ban salt: we need to balance their needs with the public’s.

    Absolutely. Police will always want more authority, same way politicians always want more power, docs always want to ban stuff and I always want more beer.

  22. mupwangle

    >>not that they ran into the Gendarmerie

    My only experience of the French police was being stopped (by heavily armed officers) at a roadblock in Gauchy. They were doing breath tests mid afternoon. It was a bit of a strange experience as my french is atrocious and none of them spoke any English. Surreal to see a policeman miming blowing then shouting “BEEEP!!” while pointing at me and nodding.

  23. Probably apocryphal, but there’s a great story of a man drunk-driving, who gets pulled over by the police and actually manages to convincingly pretend to be sober. The guy’s so good that the officer genuinely doesn’t realise he’s been drinking. But the officer asks him to sign something, and the guy blows into the pen.

  24. Gary

    heh. Much more on this in the papers today. It’s even worse than it seemed.

  25. It’s like doctors who want to ban salt: we need to balance their needs with the public’s.

    Just on that point, what doctors want to do is ban *excess* salt that is added unnecessarily to food. I agree – you don’t need extra salt; you can get it from any suitable diet. The “public” doesn’t have a great need for salt; indeed, the added salt is what makes adult food dangerous for babies.

    As to the discs – they are encrypted: PKZIP password encryption is actually pretty robust, about equivalent to SHA-0. The question is whether the password was with the discs or not.

    I did ask the Treasury about the structure of the database. They “couldn’t say at the moment”.

  26. > what doctors want to do is ban *excess* salt that is added unnecessarily to food. I agree – you don’t need extra salt

    That would be “excess”, “extra”, and “need” defined by whom? Chefs? Cooks? Restaurant critics? Food lovers? No, you mean doctors, of course. Do you really want to live in a world in which what goes into our food is decided purely on the grounds of what our bodies need? If that’s the sort of crap you want to eat, enjoy yourself, but you say you agree with moves to force this dull existence onto me and everyone else as well. That’s awfully nice of you.

    So how do doctors define “excess” and “need” when it comes to food? Well, Professor Julian Le Grand wants to ban chefs from using salt at all while cooking. Just because it’s well intentioned, doesn’t mean it isn’t fascism.

  27. >> No, you mean doctors, of course.

    Oh, yes, those madcap fools who read peer-reviewed scientific papers about what makes us well and what makes us ill, and have to treat us in the latter case.

    >> Professor Julian Le Grand wants to ban chefs from using salt at all while cooking.
    Sounds like a good idea. Have you actually tried cooking your own food and not using salt? All that happens is that it takes a bit longer for potatoes and veg to cook (because the water boils at a lower temperature than with salt – it’s a vapour pressure thing) and stuff doesn’t get dessicated in the same way if you roast it.

    What’s the alternative? Why, the joys of hypertension. Ah, red-faced climbing of stairs and the wonderful mystery of whether *today* will be the day when you have that massive heart attack – or will it just be a stroke that renders you a vegetable (slow cooked)? Or perhaps you’ll just enjoy taking the anti-hypertension pills, one every eight hours, like my father. Lord, the japes you can have.

    Plus: if you eat less salt, you really notice it when you eat commercial food which has it added for no reason other than to sprite up your mouth.

    However, SquanderTwo, looking at your entry about salt – “due to its crystalline structure, it draws liquids — and therefore flavours — out of things” – it’s clear you were hiding behind the desk during chemistry class. The crystalline structure doesn’t come into it. It’s salt’s affinity for dissolving in water because of their mutual polar structure. Crystalline be damned: the crystal is the lowest energy structure in the absence of (a surplus of) water (since any salt you find in a kitchen has some water in it – think rock salt). Give it some water, though, and it prefers to be a squoozly mess of ions lying about the place.

    But it’s your comments about baby food which are the most uninformed. Baby food has no added salt because babies can’t handle excess salt – see http://www.salt.gov.uk/babies_and_children.html . It can be toxic. Bear that in mind if you have children ever.

    And to read up some more about health effects of salt – as you need perhaps to do – see http://www.foodandhealth.com/cpecourses/salt.php . An argument contrary to your point of view? Yeah, dangerous, aren’t they.

  28. mupwangle

    >>As to the discs – they are encrypted: PKZIP password encryption is actually pretty robust, about equivalent to SHA-0.

    Not that I’m saying you’re wrong, but Darling said in parliament that the disks were “password protected” but I’ve not seen any other reference to them being SHA-0 equivalent. In any case, it is pretty irrelevant as physical security is the best security. If someone has the disks and the resources then they’ll probably be able to crack it given time and, even if they don’t, they’ve created a climate of fear for the people on the list and have probably used that to take advantage already.

    >>The question is whether the password was with the discs or not.

    In your own paper there were quotes from people who said that it wasn’t unusual for HMRC to send out disks with the passwords written on them.

    >>What’s the alternative? Why, the joys of hypertension.

    That’s the argument, though, isn’t it? Do what the doctors (en masse) recommend or you’ll die of whichever ailment is on the current agenda. Last week it was all about certain fats that will give you cancer (or something). Whole articles trying to scare the shit out of everyone. Then at the end they have quotes from dieticians to say that it is virtually impossible to completely remove them from your diet. So you’re shagged. Today, if you’re overweight you’ll die in childbirth (despite the actual figures being tiny (pardon the pun))

    I think most people are getting sick of being told what is good (or bad) for them every single bloody day. Every single time it is presented as fact when it is often based on incomplete research. It is usually presented, as you did earlier, incontrovertible cause and effect. Eat salt – Get Hypertension. Be a bit overweight and die in childbirth. Eat anything and get cancer. Eat eggs – get salmonella, eat beef and get CJD. Drink beer and you’ll get scleroris of the liver, or go to prison for killing someone.

    Eat whatever you like and you might get sick. Eat healthily every day and you might get sick. Or you might have some sort of unseen congenital defect and might drop dead tomorrow.

  29. > Oh, yes, those madcap fools who read peer-reviewed scientific papers about what makes us well and what makes us ill, and have to treat us in the latter case.

    Firstly, what have scientific papers got to do with it? The issue isn’t whether they’re right about the effects of salt; the issue is whether we should ban things because doctors say they’re bad for us.

    Secondly, there is not a doctor in Britain who has to treat anyone. They choose to.

    > Have you actually tried cooking your own food and not using salt? All that happens is that it takes a bit longer for potatoes and veg to cook (because the water boils at a lower temperature than with salt – it’s a vapour pressure thing) and stuff doesn’t get dessicated in the same way if you roast it.

    Wrong. Salt has lots of other effects, too.

    > What’s the alternative? Why, the joys of hypertension.

    What, for everyone, in all cases? No: I have abnormally low blood pressure which causes me to collapse now and then if I’m not careful, despite eating what you would no doubt think was far too much salt. A friend of mine has a serious sodium deficiency and has been advised by her doctor to eat as much salt as she can take. I rather like the current system of advising people of the effects and letting them live their own lives, not least because it enables those of us whose health isn’t the same as everyone else’s to make decisions approporiate to us. But you’d like to simply ban salt outright because too much of it is bad for most people. Fuck the minority, eh?

    > The crystalline structure doesn’t come into it.

    Fair enough. I admit I could be wrong about that. But you’re kind of concentrating on the wrong bit of the sentence there. Salt does draw juices and flavours out of things during cooking. If that’s not because of crystals, it’s still true. And that’s why banning chefs from using it would render food shit.

    > Baby food has no added salt because babies can’t handle excess salt

    You are conflating “excess” with “added”. They are not the same thing.

    Here’s an experiment for you. Buy some Hipp baby food in Britain. Now buy a jar of the same flavour of Hipp baby food in Germany. Taste. What you will discover is that the Germans put more salt in their baby food than we do, presumably because the health fascists haven’t taken over to the same extent there as here. Miraculously, all their babies don’t drop down dead as you seem to think they should.

    > Or perhaps you’ll just enjoy taking the anti-hypertension pills, one every eight hours, like my father.

    My dad’s been in a couple of car crashes. Let’s ban cars.

    > And to read up some more about health effects of salt – as you need perhaps to do – see http://www.foodandhealth.com/cpecourses/salt.php . An argument contrary to your point of view? Yeah, dangerous, aren’t they.

    No, I don’t need to read up on it, because I’m perfectly well aware of the health effects, thanks. At no point have I suggested that loads of salt is good for most people. That article you link to doesn’t even contain one instance of the word “ban”, yet you think that it somehow contradicts me. I’m not saying that salt is good for you. I’m saying that I don’t wish to live in a totalitarian state.

    You seem to have that lamentable attitude so popular these days that anything bad for us should be banned by the state. This argument should have been well and truly settled in the US in the 1920s, yet still we get this crap.

  30. @mupwangle: “Not that I’m saying you’re wrong, but Darling said in parliament that the disks were “password protected” but I’ve not seen any other reference to them being SHA-0 equivalent.”

    Sorry, I was wrong – it’s AES. Which the US gov thinks is good enough up to and including “secret”:
    http://www.winzip.com/aes_info.htm and then http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
    but yes, the physical security of the password would make a difference. A big one.

    On salt – @Squander Two, I think our views are actually closer than we’re making out. I agree – there’s no cause for governments banning salt outright.

    But – and this is my big but – what I do object to is food manufacturers including it, almost to excess, in *everything* (except where mandated, such as baby food in the UK). It’s not needed; it doesn’t (once you get used to a lower-salt diet) improve the taste – quite the opposite. It’s surprising, for example, how baked beans without any added salt have their own taste – not the salt taste.

    On the chemistry side, though – salt doesn’t “draw out” juices. What it does is dissolve in any excess water that’s around, which makes the flavours of the things that remain stronger because salt doesn’t dissolve in fats (it dissolves far, far more easily in water) and we get a lot of the “taste” of things from the organic compounds in fats. More salt = less water around the volatile organic compounds that make up “flavour” = more apparent taste. However, you don’t actually need the extra salt.

    But food manufacturers are in a sort of arms race: if they remove salt, people think the food has “less taste, and go for competitors’ products. The only solution then is some sort of external mandate on how salty food can be, or external peer pressure – through labelling and education. It’s indicative, isn’t it, how the food makers have fought against informative food labels? Compare the FSA ones and the supermarket ones. Which tells you more? Which is clearer? And why might that be?

  31. Gary

    Charles, sorry your posts are taking a while to appear. Akismet sees the hyperlinks and assumes you’re spamming, and unfortunately I don’t think there’s a way to whitelist you.

  32. > I agree – there’s no cause for governments banning salt outright.

    If that’s what you think, might I suggest not responding to suggestions that chefs be banned from using salt with “Sounds like a good idea”? It gives the wrong impression.

    > On the chemistry side, though – salt doesn’t “draw out” juices.

    Yes, it does. If you’re frying onions, adding salt will slow down the browning process, as it will increase the amount of onion juice in the pan. According to Nigella Lawson, Jamie Oliver, and my friend who opened his own gourmet restaurant last Saturday.

    > It’s indicative, isn’t it, how the food makers have fought against informative food labels?

    Yes, they’re all in a conspiracy to poison us all. Or maybe they fought against yet another large state-imposed cost to their businesses. Those labels don’t just involve a bit of extra printing — they have to be based on a chemical analysis of the product. Or maybe they’re resisting the inevitable end-point of cigarette-type warnings plastered all over loaves of bread and jars of olives. Or maybe, when they’re in the business of making products that are supposed to be enjoyable, they regard the never-ending campaign to make us all frightened of our food as a bad thing and so object to having its ideals plastered all over their packaging.

    I’m not saying I object to labelling — I support it, in fact — but there are enough good non-malicious reasons for manufacturers to object to it that there’s no cause to go inventing malign ones.

    Pretty much all chefs, when asked what the single biggest problem they come across in amateur cooking is, give the same answer: no seasoning. It is your contention that all these chefs are wrong, because food tastes better with no seasoning. When it comes to the taste of food, I’ll trust them over you.