{"id":898,"date":"2007-11-22T22:08:17","date_gmt":"2007-11-23T06:08:17","guid":{"rendered":"\/?p=898"},"modified":"2007-11-23T09:34:47","modified_gmt":"2007-11-23T17:34:47","slug":"britains-hmrc-identity-chernobyl","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=898","title":{"rendered":"Britain&#39;s HMRC Identity Chernobyl"},"content":{"rendered":"<p>The recent <a href=\"http:\/\/politics.guardian.co.uk\/homeaffairs\/story\/0,,2214459,00.html?gusrc=rss&amp;feed=networkfront\">British Identy\u00a0Chernobyl\u00a0<\/a>demands our close examination.\u00a0<\/p>\n<p>Consider:<\/p>\n<ul>\n<li>the size of the breach \u2013 loss of one person&#39;s identity information is cause for concern, but HMRC lost the information on 25 million people (7.5 million families)<\/li>\n<li>the actual information \u201clost\u201d \u2013 unencrypted records containing not only personal but also banking and national insurance details (a three-for-one\u2026)<\/li>\n<li>the narrative \u2013 every British family with a child under sixteen years of age made vulnerable to fraud and identity theft<\/li>\n<\/ul>\n<p>According to Bloomberg News,<\/p>\n<blockquote><p>Political analysts said the data loss, which prompted the resignation of the head of the tax authority, could badly damage the government.<\/p>\n<p>\u201cI think it\u2019s just a colossal error that I think could really rebound on the government\u2019s popularity\u201d, said Lancaster University politics Professor David Denver.<\/p>\n<p>\u201cWhat people think about governments these days is not so about much ideology, but about competence, and here we have truly massive incompetence.\u201d<\/p><\/blockquote>\n<p>Even British Chancellor Alistair Darling said,<\/p>\n<blockquote><p>\u201cOf course it shakes confidence, because you have a situation where millions of people give you information and expect it to be protected.<\/p><\/blockquote>\n<p style=\"font-weight: bold; font-size: 1em\">Systemic Failure<\/p>\n<p>Meanwhile, in parliament, Prime Minister Gordon Brown explained that security measures had been breached when the information was downloaded and sent by courier to the National Audit Office, although there had been no \u201csystemic failure\u201d.<\/p>\n<p>This is really the crux of the matter. Because, from a technology point of view,\u00a0the failure <em>was<\/em> systemic.\u00a0<\/p>\n<p style=\"font-size: 1.5em; float: right; margin-left: 20px; width: 40%; line-height: 1.2em\">From a technology point of view, the failure <em>was<\/em> systemic.<\/p>\n<p>We are living in an age where systems dealing with our identity must\u00a0be designed from the bottom up not to leak information in spite of being breached.\u00a0 Perhaps I should say, &#8220;redesigned from the bottom up&#8221;, because\u00a0today&#39;s systems\u00a0rarely meet the bar.\u00a0 It&#39;s not that data protection wasn&#39;t considered when devising them.\u00a0 It is simply that\u00a0the profound risks were not yet evident, and guaranteeing protection was not seen to be as\u00a0fundamental as\u00a0meeting other design goals\u00a0&#8211; like making sure the transactions balanced or\u00a0abusers were caught.<\/p>\n<p>Isn&#39;t it\u00a0incredible that &#8220;a junior official&#8221; could simply &#8220;download&#8221;\u00a0detailed personal and financial\u00a0information on 25 million people?\u00a0 Why would a system be designed this way?\u00a0<\/p>\n<p>To me\u00a0this\u00a0is the equivalent of\u00a0assembling a vast pile of dynamite\u00a0in the middle of a city on the assumption that excellent procedures would therefore be put in place,\u00a0so no one would ever set it off.\u00a0\u00a0<\/p>\n<p>There is no need to store all of society&#39;s dynamite in one place, and no need to run the risk of the\u00a0collosal explosion that an error in procedure might produce.\u00a0\u00a0<\/p>\n<p>Similarly, the information\u00a0that is the subject\u00a0of HMRC&#39;s identity catastrophe\u00a0should have been partitioned &#8211; broken up both in terms of the number of records and the information components.<\/p>\n<p>In addition, it should have been encrypted &#8211; even rights protected from beginning to end.\u00a0 And no official (A.K.A insider) should ever have been able to get at <em>enough<\/em> of it that a significant breach could occur.<\/p>\n<p>Gordon Brown,\u00a0like other\u00a0political leaders,\u00a0deserves technical advisors savvy enough to explain the\u00a0advantages of adopting\u00a0new approaches to these problems.\u00a0 Information technology is important enough to\u00a0the lives of citizens that political leaders\u00a0really\u00a0ought to understand the implications of different\u00a0technology strategies.\u00a0\u00a0Governments need CTOs that are responsible for national technical systems in much the same ways that chancellors\u00a0and the like are responsible for finances.<\/p>\n<p>Rather than being advised to apologize for systems that are fundamentally flawed,\u00a0leaders should\u00a0be advised\u00a0to inform the population that\u00a0the government has\u00a0inherited\u00a0antiquated systems that are not up to the privacy requirements of the digital age, and put in place solutions based on breach-resistance\u00a0and privacy-enhancing technologies.\u00a0<\/p>\n<p>The British information commissioner, Richard Thomas, is conducting a broad inquiry on government data privacy.\u00a0 He is quoted by the Guardian as saying he was demanding more powers to enter government offices without warning for spot-checks.<\/p>\n<blockquote><p>He said he wanted new criminal penalties for reckless disregard of procedures. He also disclosed that only last week he had sought assurances from the Home Office on limiting information to be stored on ID cards.<\/p>\n<p>&#8220;This could not be more serious and has to be a serious wake-up call to the whole of government. We have been warning about these dangers for more than a year.\u00a0\u00a0<\/p><\/blockquote>\n<p>I have never understood why any politician in his (or her) right mind wouldn&#39;t want to be on the privacy-enhancing and future-facing side of this problem.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are living in an age where systems dealing with our identity must be designed from the bottom up not to leak information in spite of being breached<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[21,17,2,3,40],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/898"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=898"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/898\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}