Wednesday, November 28, 2007

One of the 7.5 million


Apologies are not enough., originally uploaded by mike1727.

If you live in the UK and missed this you must have been living in a remote cave on the Isle of Arran or something.

In a nutshell, the National Audit office needed some sample data to do a random audit of shild benefit, which is a state benefit to which all parents/guardians of under-16 year old children are entitled. Although all the NAO asked for was 100 name,national insurance number, child benefit number tuples. What they got was an extract the entire child benefit database showing the info they'd asked for along with address and bank account details. Actally, the NAO didn't get this because some staffer burnt the lot onto 2 discs and popped them in internal post, whereupon they were lost. But that's ok, isn't it, bacause the files were password protected. (But not encrypted)

I'm slightly less rantingly angry thatn I was a few days ago, but still...WTF is going on? What makes HMRC think internal post is a secure transport system? Why are HMRC moving data on disks. WHY WASN'T IT ENCRYPTED? Ultimately, why does a junior staffer dealing with this sort of data have access to a CD burner , or come to think of it the access rights to be able to copy this data onto aany removable media anyway? Doesn't someone have the common sense to install THE MOST OBVIOUS AND BASIC security measures? How many social engineering attacks are there on this patently shite security infrastructure?

It's inexcusable, and most likely criminal under the UK's data protection laws. Apologies are not enough- I want arrests and jail time for whoever's responsible for opening me, my wife and my children to identity theft either now or at some future stage.

And forget all about ID cards.

The Register has a good article on the debacle.

I'm going for a coffee to cool down.

Monday, November 12, 2007

Word of the day


The cat sat on the mat. ., originally uploaded by mike1727.

There are transitions in every parent's life when a child does something for the first time. There were had two today: our son read his first few sentences, and then came out with a word which had me going back to first principles to work out its meaning.

Today's word is digraph: two letters which when written together make a single sound. He must have heard it from his teacher but his use of the word, in correct context and with explanation, just floored me.