See also: "the ID card will make us safer"
Home Office coughs to five database breaches (from The Register).
Security at the British Home Office's Identity and Passport Service (IPS) database has been compromised four times, with individuals' data used inappropriately by Home Office employees and contractors. A fifth breach has hit a Prison Service database.
In three of the cases workers were able to access data they had no authority to use and in the fourth a worker who did have authority to access data used it inappropriately. The fifth case involves a worker accessing the Prison Service sentencing database, a Home Office spokesman said.
Do I have to repeat myself?
Comments
This is actually a more general problem: organizations which maintain sensitive databases they don't have a clue how to control or defend. Even if ID cards were banished from the Earh tomorrow, the database problem would still be here. I am, however, encouraged by the fact that in the Untied States (sic), the FBI has not been able to get their new database to work, after 2 tries and > $6E8 tossed in. They should have codenamed it "Rathole".
Posted by: Bruce Cohen (SpeakerToManagers) | August 31, 2006 9:26 PM
Yes, you will have to repeat yourself. Often. Proper Nouns and unique identifiers are warm blankets to control addicts. As control addicts are controlled by their need to control, they will surround themselves with the cheap, fuzzy terrycloth Unique IDs announcing to the world: I Wear Armor!
/Bill Burroughs was a god among cockroaches. Of course, he was the god of cockroaches...
:)
Posted by: Bob Kelly | August 31, 2006 9:47 PM
Sounds like your still on target with Halting State. Although it might be tempting to make it even more Orwellian...
Posted by: guthrie | August 31, 2006 10:19 PM
There is a reason why GP's handwriting is illegible (except to them). Its so that the inevitable spying on neighbours' health problems can't happen when the support staff are looking at the files. People always want to spy on their neighbour. The NIDDB etc. just makes that easier. These cases in the Home Office are just the tip of the iceburg for the current system. If ID cards ever happen it will make it even more so.
Posted by: Dave Clements | August 31, 2006 10:27 PM
I saw a newspaper report I think last week saying that there was now a countrywide (Scotland) network of licence plate recognition cameras on the main roads, that the police are using to track criminals.
I know someone who works in computer stuff and he's pretty sanguine about all the cameras and tracking systems, since he reckons it will be too hard to actually find teh real info they will want. He's gone a bit quiet since I pointed out that it will all be kept on file and used to shut you up if you stick your head above the parapet.
Posted by: guthrie | August 31, 2006 10:31 PM
Inland Revenue in NZ has disciplined staff who accessed tax records of famous taxpayers when they had no need to (just being nosy). Nice to know that governments sometimes try to look after such data properly.
Posted by: Errol | September 1, 2006 2:25 AM
What? not even a mention of people who emailed the link to you? :)
B>
Posted by: Bruce Murphy | September 1, 2006 9:13 AM
It's in The Reg, Bruce. Which I have been in the habit of reading daily ever since in launched (some of my friends write for it :)
Posted by: Charlie Stross | September 1, 2006 11:49 AM
When a Limerick (Ireland) woman (who may have been on benefits, unsure) won several million on the Euromillions lottery, some civil servants were disciplined for looking up her records without reason. I was amazed they had built in that feature to the database accessing software at all.
Posted by: Stephen | September 2, 2006 1:15 AM
And yet you took almost a day to post about it. Given the subject matter, I could only assume that since you hadn't written anything after a day, you weren't reading it :)
Posted by: Bruce Murphy | September 2, 2006 4:23 PM
When I first heard about this on Radio 4 (2 days before The Register's story) I was amazed to hear DTI representatives and Home Office ministers denying the need for a California style Breach Law.
At least then a truer picture of how unsecurely corporate and public databases hold info will be made public. Perhaps having to inform people of each and every information breach will be so expensive they will actually take real steps to secure their data.
Then again perhaps this will eliminate hundreds of small businesses as they cannot afford the kind of security required. A conundrum?
Posted by: David Somers | September 3, 2006 5:15 PM
It shouldn't eliminate small businesses any more than they've been eliminated by the security required to prevent people stealing the tens of thousands in cash they generate. They just use banks.
Posted by: Bruce Murphy | September 4, 2006 10:55 AM