UK gov't loses 4 million citizens' personal info

Ah, Britain: the UK government lost four million citizens' person information last year and they're getting worse, not better. Of course, as soon as they force us all to carry biometric cards that link and log all our personal information, this problem will surely be solved? After all the answer to the difficulty of managing data is to just shovel more data in the hopper, by the shedload, and make sure that the kind of data grows ever-more sensitive and important. Right? Right?
The U.K. government has lost the personal information of up to four million citizens in one year alone... And the trend has not stopped - in the latest revelation, HM Revenue Customs, which infamously lost the details of 25 million child benefits claimants last November on two unencrypted discs, experienced 1,993 data breaches between 1 October last year and 24 June.
UK gov't loses personal data on 4M people in one year (via /.)

29

  1. I have a question… Is “lost” really the right term to use here?
    All of the records/details are still available to the government, it’s just there is now an additional copy (or 12) floating around, somewhere.

    So you could almost think of them as being stored in a “write-only” backup system. :-)

  2. “The U.K. government … up to four million citizens in one year alone … HM Revenue Customs … lost the details of 25 million child benefits claimants”

    So… did branches of the govermnent other than the Revenue *find* 21 million people’s details to bring the total back down to “just” 4 million?

  3. See, this is what happens when you put Basil Fawlty in charge of your massive Orwellian program.

  4. And now…fanfare for Her Majesty’s government…

    They have lost details of EVERY SINGLE prisoner in the UK along with more detailed information on around 33,000 recidivists – with yet more specific information on 10,00 ‘priority’ offenders.

    Bless them, they’re so like additive-riddled four year olds, running around bumping into each other and blaming all and sundry. It’s just a shame they run the country I live in.

    Of course, as Fleming puts it – (paraphrasing)
    “The first time is happenstance, the second coincidence, the third is enemy action.”

    Now seeing as our beloved rulers here aren’t exactly being friendly to the populace (I cite CCTV everywhere, no-smoking ban, draconian law-making), perhaps they’re flogging off this data to the business folks they shouldn’t be in return for the cash they donates. Telling us they’ve lost our personal information sounds a lot better then ‘we flogged it’. Maybe I’m just a cynic.

  5. In fact now would be a great time to ‘get in on the ground (or upper if you’re a second-storey man) floor’ of criminality as all the old lag’s doors will be blocked by prison and parole related junk mail. You’ll have a competition-free business opportunity. I can just see the junk mail now…

    “Been locked up for thirty years? You need patio doors! Rid yourself of institutionalised claustrophobia with a skylight!”

    Heh heh. No, seriously, it’s really scary living here now.

  6. I find it ironic that a government so bent on collecting what should be private information can be so very incompetant at keeping it safe.

    The similarities to the TSA are thought-provoking.

    -abs, still wishes he could just sign “-abs” and not have to turn this into a sentence.

  7. but abs, look at the top of your post, we are all sure the same person who started the post finished the post. Or are you holding out on us?

  8. I find it intriguing that there are so many reports from Britain, but almost none from other countries. I can think of the following explanations:

    • 1. The UK government and officials are among the most careless people on the planet.
    • 2. There are powerful mechanisms in place that ensure that these data breaches come to light.
    • 3. These databases exist only in the UK and nowhere else.

    Since I find 3 to be highly unlikely and 2 to be much more probable than 1, I expect the situation in other countries to be similarly catastrophical. This would mean that their officials or lawmakers are simply more advanced in keeping those incidents under the carpet.

    Regards,
    Christiane

  9. I’m beginning to think that more information loss/theft is a *good* thing in a twisted sort of way. The reason that having a few pieces of data about me is useful is because the financial services industry is careless about who they give money to in my name.

    I know I get credit card applications in my mailbox for the previous two residents of my house. This happens because they also participate in the trading of personal information. They bought those names and addresses – they’re no better than the identity thieves in this respect.

    Eventually, we’re going to have to solve the problem of identity theft by going after the incentive for the theft, i.e., make the people who give out loans to the wrong people financially and criminally liable. It is impossible for me to monitor 24 X 7 X 365 the 7 billion people on this planet who might want to impersonate me. They on the other hand can be more cautions when someone approaches them pretending to be me. I know which *I* think is the easier approach to fixing this problem.

  10. Know what’s fun?

    Trying to figure out what someone could DO with that information (and all the other information ‘lost’ in the last few years).

    You may say ‘not much’, but I see possibilities. However, possibilities are distinct from likelihoods.

  11. It is kind of funny that the only thing saving us from tyranny is incompetence. It’s hard to get good help these days …

  12. “the only thing saving us from tyranny is incompetence.”

    this is exactly the kind of observation that characterized daily life in the Second World.

  13. You can get 6 million citizens’ records over here in Germany, for less than 400 euros, with bank account data and personal preferences and all… It’s all over the local news… Anyone up for pooling money to help the UK out?

    SCNR

  14. #3 posted by DoppelFrog

    I have a question… Is “lost” really the right term to use here?

    +1

    Also the term “lost” seems to imply that everything will be OK if only the data is “found” again.

  15. Meanwhile plans are being drawn up by the Home Office and security services for what The Register charmingly calls “a snooping silo“.

    The project has been pushed hard at Whitehall by the intelligence agencies MI6 and GCHQ. One ISP source described their demands as “science fiction”. It’s envisaged that the one-stop-shop database will retain details of all calls, texts, emails, instant messenger conversations and websites accessed in the UK for up to two years.

    Workable or not, they’ll be eager to throw a ton of money at the project. “Security” in the UK seems to have metastasised into the kind of money pit that defence is in the US, a vast sink draining public finances that would be better spent elsewhere.

  16. Surely part of the issue is that it’s so much easier to mislay data files (i agree, it’s not lost) than it used to be.

    The portability and size of the media is going to make this sort of thing more common. 10 or 20 years ago you’d notice if the details of 33,000 prisoners got left somewhere. Now-adays they’re being sent around on little keyring sized devices

  17. I’ve read claims that many of these high-profile data “losses” are actually just the intelligence community snatching data for their TIA-like database ventures in order circumvent the bureaucracy and expedite the process. Wayne Madsen is one of the people claiming this so take it for what it is worth.

    I would imagine the recent security laws already grant a fair amount of leeway with what can be legally collected by the intel folks but I can also imagine that such laws are more likely to serve as back-dated justifications for doing whatever they want whenever they want to do it. I’d speculate that they are far more likely to just take what they want up front and get around to the paperwork when they feel like it, if ever.

    I can absolutely see how this practice would have two benefits: rapid population of intel databases while simultaneously building a public case that we must have national i.d./biometric chip-in-the-brain shit to counteract such data “losses”.

    I have no idea if such practices are actually occurring but they seem plausible and I think it would be a mistake to insist on framing these stories entirely as incidents of incompetence without considering alternative scenarios.

  18. Christiane – the difference with the UK might be because a lot of the handling of such data here is performed by contractors not by government departments. The one reported today was ‘lost’ by PA Consulting.

    We might possibly have more data to lose than, say, the US because of the social security and health systems

    But then it is just possibly just a lack of I.T. competance… although there have been stories of classified documents (paper ones) being left in taxis/bars/trains for many many years

  19. how about identity trading? Identity theft is seen as a negative, what about encouraging young people to mash and mix their identities up (as far as government records go) and render the big brother data bases useless? Kids have nothing to lose and a built-in alibi. A new youth culture of the katamari collective. Let’s see the cops bust someone at a party where everyone has the same name.
    Devalue the social uniqueness in ID.

  20. I have a question… Is “lost” really the right term to use here?

    Perhaps “crowdsourced” is more accurate?

  21. Let’s be clear about how the solution to this problem is proper working practices that minimize the opportunity for this kind of thing to happen by accident.

    eg. I’m sure Microsoft will take the opportunity to propose expensive, “security” solutions involving PCs that rigorously only boot windows verified by digital signatures and public key cryptography, protected by kill-switches being required by law, in exchange for making some token gesture towards protecting data like XORing the contents of USB disks with 0xAA 0x55, and the government are stacked full of idiots who would credulously pay hand over fist for such a scheme.

    Following Borges and Lovecraft:

    1. The database is housed in a machine room, composed of an indefinite and perhaps infinite number of hexagonal galleries, with vast air shafts between.

    2. The machine room is locked.

    3. The most merciful thing in the world is the inability of the civil servants to correlate all the database contents.

    i) Civil servants can only retrieve individual records at a rate appropriate to their purpose. They can retrieve a hundred records a day, not the entire database.

    ii) They can run aggregate queries on the database and retrieve the scalar answers, without needing to have the actual data.

    iii) They are only allowed to access the data from terminals in offices with the USB ports unplugged.

  22. The data is not lost it is liberated! Data does not like to hide away it goes stale very fast, hence the credit offers to people moved on and children.

    No, nobody can liberate data like us Brits.

    My gripe is with the politicians and the press blaming the “current government”, the data is being lost by the civil servants; defence, police, inland revenue, DHS, you name it they have lost it.

    Technology will not help, computers were designed to make the work easier and the IT departments try to make it harder again, the answer, take your data home where it can be freed again!

Comments are closed.