Now the 25 million child benefit records CDs. We cn, if we\’re to be fair, cut them a little slack. This was a once a year operation so we might not expect them to set up a secure information transfer system. I\’m bending over backwards to be fair here, but the cost of installing encryption at both ends, training the requisite number of people to use it and so on….once a year we\’ve got to provide a DISC: ok, not worth it.
Government officials have halted the transfer of personal data of millions of people after admitting they have lost more computer discs.
..
The loss of information, including national insurance numbers, names, addresses and birth dates, was confirmed in a confidential memo last week from the Local Government Association to councils.
At least 45,000 names and personal details are known to have gone missing from one council, with the DWP admitting last night that more authorities have lost discs.
…
They contain personal details of five million people who receive council tax benefit and four million who claim housing benefit. The records are then checked against details held by the DWP.
It is a statutory obligation for councils to provide the information every month and any that fails to do so is threatened with grant cuts.
But even that defence, the rarity of the procedure, fails as an explanation here. I don\’t know how may councils there are: 300?400? Each supplying this information each month? Say, just for round numbers, 5,000 information sets a year? Surely that\’s enough to justify a secure data transfer system over the net? FTP or whatever it is that you tecchies call it?
Trivial to use either encrypted email or to encrypt the zip files for trivial cost. The real issue is that the data set is wide open for junior staff to make bulk accesses. All it takes is one bent member of staff to leak the whole lot. Already we have storiesof NHS staff using the Spine as entertainment by looking up medical records of celebritites.
No, not ftp! That is insecure as well. scp (with protocol 2) would be better, but the most secure method of all is to not need the information in the first place.
How about just paying Securicor, or some other agency, to deliver it by hand? Rather than mail or electronic transfer, just pick up and drop off in person by guys in helmet with sticks.
FTPS is pretty much secure. You can get free servers and clients (although you should have an SSL certificate that costs a few hundred quid a year).
Installation? Someone with network admin skills should need a day at most to set it up on a server, then you need to rollout an FTP client (if you’re running a windows network, this is mostly trivial).
It also has some cost saving benefits – faster to prepare, could be done automatically (for repeated runs).
What PT says (again).
The figure for how many local councils there are is very difficult to track down, there are different ways of defining them (parish councils? county councils?) but 300 – 400 seems to be a good ballpark.
“No, not ftp! That is insecure as well.”
Not if the zipped file is encrypted properly.
scp/ssh as Ed said. Public/private DSA/RSA encrypted keys to manage authentication. Have it happen at the network level so a local server connects, creates a share for the local network of the remote filesystem and manages local network access according to the security policy. This is pretty routine stuff. Using fusefs a Linux/Unix machine can mount a remote share so it looks just like a normal directory.
Sending CDs around the place is stunningly atavistic. It’s as though computer networks are too new fangled for the civil service.
I think you’re all missing the obvious here. The point of having an on-line database is that it’s, er, on-line. One grants restricted “views” of the database on a person-by-person basis, allowing those who need to to run their queries over the net. Secure access with the usual PKI technologies. This allows logging of all queries run and data transferred (like the PNC).
No matter how you try to secure a wholesale dump, once it’s out it’s out.
“Sending CDs around the place is stunningly atavistic. It’s as though computer networks are too new fangled for the civil service.”
Never, as they say, underestimate the bandwidth of a box of DVDs in the post.
“No matter how you try to secure a wholesale dump, once it’s out it’s out.”
This is the biggest worry about the whole thing. The insecurity of CDs can be fixed, but that’s the easy bit. The hard bit is a proper permissions matrix. Clearly all those billions given to EDS achieved nothing in the way of Security 101.
Tim,
I work with Housing Benefit cases. What is really surprising about this is that the information is only passed on a monthly basis. Calculating eligibility fopr Housing Benefit is like trying to eat spaghetti with a compass, or mop up spilt milk with a JCB; just as you think you’ve got it, it slips away from you.
It would not be at all surprising if this disclosure is used by some local authorities to evict troublesome tenants who refuse to accept that the councils have cacked up their HB applications.
And if you want a really, really stunning piece of oppressive legislation, I would reccommend Regulation 100 (4) of the Housing Benefit Regulations 2006 –
“Where in consequence of an official error, a person has been awarded rent rebate to which he was not entitled or which exceeded the benefit to which he was entitled, upon the award being revised any overpayment of benefit, which remains credited to him by the relevant authority in respect of a period after the date on which the revision took place, shall be recoverable.”
Yes, indeed – They can acknowledge it’s their cock-up; but the tenant still has to pay.
@ Martin – isn’t that just an extension of the principle that if your bank transfers £1,000,000 into your account by mistake, you don’t get to keep the money?
To set up a system that would allow efficient, secure access to a database (whether by direct, online lookup or via file transfer) on the scale required is a problem whose scale makes it all but doomed to failure, if the history of government-funded IT projects is any guide.
The ideal system would be either a distributed database system performing real-time synchronisation, or putting all the users inside a VPN.