Security Bullet In
Communiques from the security front, sir
Thursday 22 November 2007, 5:43 PM
Mixed messages from HMRC over data loss blame
As the full implications of the loss of two discs containing 25 million people's personal details by Her Majesty's Revenue and Customs begin to sink in, it's interesting to notice how the blame for the fiasco seems to be shifting from a "junior official" to the "team" in which he or she was a member.
The immediate reaction by HMRC was some hysterical finger pointing. According to the Guardian, HMRC on Wednesday said that the junior official was acting as a lone gun, "completely outside of their remit".
According to the Guardian, a spokesperson for HMRC said: "This individual should not have been involved. It was none of their business. They should have forwarded it on to someone else - another group of civil servants at a more senior level."
"The HMRC office is a huge office with 200 people and there is a nominated team that send items between us and other departments. The individual in question had nothing to do with that team and it was completely outside their job remit."
I particularly like the bit in the article which says:
[An HMRC] official described the situation as being like "going to a bank clerk to ask for a £15m loan when I should really be dealing with the manager".
All pretty compelling stuff. Case closed, right?
Wrong. When I rang HMRC on Thursday, I was told by a spokeperson that it was not currently known who exactly had given the order for the discs to be made, but that there had been "a team of people involved in the process", and that HMRC was "trying to move away from the idea of a junior official sitting there pressing buttons off his own back."
Wednesday: Guilty! Thursday: Team responsibility!
I wonder whether the current inquiry into what exactly happened will actually get to the bottom of it? And whether those truly responsible, the senior level officials and up, will get any come-back?
Wednesday 21 November 2007, 2:21 PM
HMRC data breach fiasco disks appear on eBay
At least somebody has a sense of humour about the absolute farce of the UK Government losing discs holding the personal details of 25 million UK citizens. Including their bank account details.
The discs briefly appeared on eBay listed as "Two CD-R's - Have data on them - some sort of database". I think it's a really nice touch that "The seller ended this listing early because the item was lost or broken."
I suppose you've got to laugh, really. Or maybe cry. That Her Majesty's Revenue and Customs managed to compromise the names, addresses and national insurance numbers of half the people in the country is compounded by the fact that bank and building society details were linked to those people. What was HMRC thinking? Obviously not much.
It really calls into doubt the competence of the government, or anyone else, to administer the ID Cards Scheme. Honestly, does the government really expect us to trust it with all of our personal information, as well as our biometrics, handily kept in one place -- the National Identity Register?
Public trust over the data-handling capabilities of the government will rightly be shaken over the HMRC fiasco, and I hope it will get people questioning about whether ID Cards will actually be secure, and necessary.
Friday 2 November 2007, 4:52 PM
Smart surveillance network software for phones
Software that can turn camera phones into a rough and ready surveillance network has been developed by Swiss scientists, reports the New Scientist.
Yes, the country that brought us the cuckoo clock and a handy place to store any gold teeth or conflict diamonds we may have somehow chanced upon has now brought us software to link mobile phones together in a surveillance network.
The software enables phones to be linked via Bluetooth, and to share and collectively analyse information.
While this is unlikely to yield footage of a high enough quality to stand up in a court of law, I shudder to think what sort of use this kind of technology will be put to in the CCTV-mad UK.
Thursday 1 November 2007, 3:28 PM
Hysterical security stories
Bruce Schneier talks a lot of sense. In a great blog post he shoots down the hysterical reactions by the authorities to reports of supposed "terrorist" attacks.
From the post:
"The problem is that ordinary citizens don't know what a real terrorist threat looks like. They can't tell the difference between a bomb and a tape dispenser, electronic name badge, CD player, bat detector, or a trash sculpture; or the difference between terrorist plotters and imams, musicians, or architects. All they know is that something makes them uneasy, usually based on fear, media hype, or just something being different.
Even worse: after someone reports a "terrorist threat," the whole system is biased towards escalation and CYA [cover your ass security] instead of a more realistic threat assessment."
I agree with him completely on this. Supposed counter-terrorist measures at airports, for example, are there so if there is an incident the airport authorities will have looked like they had tried to prevent it, rather than actually being effective. Yes, you need to be scanned, but having to take your shoes off and make sure you're not carrying any water? Crazy.
Wednesday 31 October 2007, 3:45 PM
Gmail spam decreases
Google has claimed that its spam filters are discouraging spammers, after a decline in attmepts to spam Gmail users.
In a post on the Official Google Blog, Brad Taylor, Google "Spam Czar", claimed that:
"Attempts to spam Gmail users have been leveling off over the last year and more recently, even declining slightly."
A YouTube video, linked to in the blog post, seems to be pitching Gmail primarily at businesses, with an explanation of what Google spam filters do, in layman's terms.
In the video Google does not go into intellectual property concerns surrounding the use of its software by businesses.
Previous
