Security Bullet In

The BBC has reported that four Britons have been sentenced for their role in a criminal network stealing personal data.

I had a very interesting chat with ex-confidence trickster Frank Abagnale at the RSA Security Conference Europe a couple of months ago. He told me that stolen personal data is worth more the longer you keep hold of it, because the trail of the theft gets colder, and so more difficult to link to the thief.

I wonder whose hands the 25 million personal details HMRC lost are in now?

Bob Dylan knew his protest songs. While I'm aware that the number of people who are a) interested in privacy and security issues, and b) Bob Dylan fans, is probably about two or three, what's been going on with the government and data protection recently led me to rework a Bob Dylan classic. Now, don't get me wrong -- Dylan is a multi-million record selling genius, and I'm an IT security reporter. Also, murder is obviously more serious than data loss. So, with apologies to Dylan and the shade of Hattie Carroll, here's my take on the HMRC fiasco so far:

HMRC killed poor data protection,
with two discs that it twirled round its diamond ringed fingers,
At a Tyne &Weir office, TNT had lost them,
and the cops were called in, and they failed to find them,
they called off the bloodhounds
and walked from the building

but you who philosophise disgrace,
and criticise all fears,
take the rag away from your face
now ain't the time for your tears.

Alistair Darling outlined the damage,
He spoke to the gov'ment most deep and distinguished
25 million personal details,
gone without trace, (to be found and then hoarded),
bank account info and credit card numbers,
on two discs that had only been password protected

Ah but you who philosophise disgrace,
and criticise all fears,
take the rag away from your face
now ain't the time for your tears.

Now the data protection watchdog was summoned
and set on the case to review the fiasco
and he sat and he pondered, then pointed to Poynter
and dressed down the gov'ment,
for penalty and penance,
but could not give any damaging sentence.
A maximum fine of £5000,
To be ult'mately swallowed
By the taxpayer victims.

ah you who philosophise disgrace,
and criticise all fears,
bury the rag deep in your face
for now is the time for your tears.

I didn't have enough time to write a verse about the government's plans for the National Identity Register, but I think it's fairly obvious that it's a very bad idea indeed.

On Monday the police will call of the search for the two unecrypted CDs containing sensitive information on 25 million people that HMRC lost at the end of November, according to the Financial Times.

After all, the personal details of all the people claiming and receiving Child Benefits (half of the country), and their bank account information, well, they're not very important really, are they? I'm really not surprised the hunt will be called off. Not a moment too soon, I say.

No, the police shouldn't be making every effort to trace that data. TNT should also stop looking for it, and HMRC should be exonerated. The discs are password protected, and we all know how stong passwords are as a form of authentication! They can't be cracked in a matter of seconds using freely available password crackers, oh no!

While we're at it, we should stop looking to blame the poor tax mandarins at the top, and the government ministers who put in place the current government data sharing regime, for what is admittedly a very minor incident. After all, 25 million people isn't very many, is it?I'm sure that that evil, vile junior member of staff is completely to blame for the systemic mismanagement of our data and the breakdown of government-wide processes, and that they were acting completely on their own initiative.

But seriously, what on earth are the police and the government playing at? Call off the search -- are they insane?

The US Government has been accused of meddling with Wikipedia entries.

According to an article in