Comment

Network security: is this scandal the end of the ID card nightmare?

by Manek Dubash | posted on 22 November 2007


A big week for news, this, as the story breaks that the Government has just lost detailed records belonging to half the UK's population.

Manek Dubash

Security cannot help but be one of the recurring themes here and in most places in the IT industry. It was once a bolt-on but now it's at the stage where it's embedded in everything the industry does. Without that vital security tick on the checklist, vendors can't sell it.

Things clearly move differently in Government. Or do they?

It's hard to tell from the outside as the Government's mechanisms are shrouded in secrecy -- even though it's our data that its civil servants are handling. What seems to have happened is that a relatively junior individual needed to transport the entire child benefit database from Washington in the north-east to London. He or she burned the database onto two CDs, hired TNT to send a bike and shipped it to the smoke.

Only it didn't arrive.

The reasons for this transfer are not visible from here but sending physical media on an insecure mode of transport, unencrypted, is a blunder of the first order.

Speed is one issue: our calculations show that three hours would have been plenty to send the data over the wire, assuming a modest 1Mbit/sec. data rate, whereas Autoroute calculates that it takes six hours to get by road from Washington to London. Er -- isn't this why we have broadband everywhere? And would it not also have been way more secure -- assuming the entire database was in fact what was required?

But this isn't the biggest issue. The technology to stop this kind of thing happening has been around for years: it's called access control. Why did the individual have privileges to access all that data?

While ministerial apologies are all very well, that this was allowed to happen shows poor security management and oversight. As we've seen on many occasions, the technology is not the problem -- it's a lack of security awareness and education.

Looking ahead, what does this incident mean for Government pledges -- which it makes in support of its blighted ID card scheme -- that our data is safe in its hands?

People are clearly becoming more switched on to the need for security -- and how governments have problems staying leak-proof. Surveys are already showing plummeting support for the idea -- and for the Government.

Has the ID card scheme just hit a brick wall?


Technorati tags:   
Security isn't an option! - You can discuss this article on our discussion board.
 Network Weekly is a weekly round-up of networking, telecoms and storage news, edited by Manek Dubash.