Jump to content

Talk:Loss of United Kingdom child benefit data (2007)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by MrVoluntarist (talk | contribs) at 20:27, 21 November 2007 (Orwellian title?: new section). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

WikiProject iconUnited Kingdom Unassessed
WikiProject iconThis article is within the scope of WikiProject United Kingdom, a collaborative effort to improve the coverage of the United Kingdom on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.United KingdomWikipedia:WikiProject United KingdomTemplate:WikiProject United KingdomUnited Kingdom articles
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.

Not News

There is no reason for this on the front page and it is not important to the world. —Preceding unsigned comment added by Rukaribe (talkcontribs) 13:04, 21 November 2007 (UTC)[reply]

I disagree. Such examples of massive security failures should be valuable to anyone, worldwide, who cares about the privacy and confidentiality of their own personal information. National ID agendas are being pushed by governments worldwide, and the continual barrage of such reckless and massive information security failures should underscore why even our governments are wholly incapable of sufficiently securing sensitive data, and hence why such agendas should be permanently shelved. At least shelved until simple information security practices, such as prolific usage of effective data encryption, effective application of SoD principals, and sufficient continual logging and subsequent auditing of information access, becomes commonplace. Erth64net (talk) 19:30, 21 November 2007 (UTC)[reply]

There is a reason for it as it affects millions of people in Britain and people around the world might want to look at what's going. p.s there are other stuff that appear on the front page that is of little concern to anyone else somewhere in the world. User:Pathfinder2006 —Preceding comment was added at 13:30, 21 November 2007 (UTC)[reply]

I would have thought that data security was of interest to any one and any nation using IT systems. —Preceding unsigned comment added by 217.205.224.155 (talk) 14:08, 21 November 2007 (UTC)[reply]

Image

Can someone supply an image of the HMRC building at Washington, as that was the location of the original foul up, not Nottingham? Yorkshiresky (talk) 23:25, 20 November 2007 (UTC)[reply]

Have a browse through the Geograph entries for the area, see if you get lucky. Those images are all under a cc-by-sa-2.0 licence, so feel free to upload an image to Commons if you can find one. GeeJo (t)(c) • 17:56, 21 November 2007 (UTC)[reply]

Without going into original research, what could this potentially mean?

Even if there are not references for this at the moment - what is the potential scale of this? What could the effects be? I'd like to get an idea of the magnitude of this from someone who knows more about this kind of thing than I do, whilst equally observing WP:NOT#FORUM, so that it could be added to the article later if proven true.--h i s s p a c e r e s e a r c h 06:01, 21 November 2007 (UTC)[reply]

same shit happened in the U.S. not too long ago. —Preceding unsigned comment added by 68.161.204.86 (talk) 07:52, 21 November 2007 (UTC)[reply]

I'm not entirely sure that its worth having the opposition quoted so extensively when compared to the size of the article. Could we not just have links to comments that have been made regarding what the implications are. MLA (talk) 09:37, 21 November 2007 (UTC)[reply]

That would be just linking to news articles in the external links, which isn't the best MoS. Because the event was so recent it is difficult to select what is important and what is not. General practice seems to be to include a lot, and when time passes and that which is significant presents itself in the real world, then we can be selective in what we include in the article. Better too much than too little at this stage, I feel. SGGH speak! 10:00, 21 November 2007 (UTC)[reply]
I would caution against putting MoS concerns above neutrality though - I happen to disagree with a lot of MoS as much of the decision making there is for the editor rather than the reader but I do understand the value of direct quotes so long as a particular political spin is not the main thrust of the article. MLA (talk) 10:12, 21 November 2007 (UTC)[reply]

Stupid, incompetent and disgraceful...

While the politics do not interest me, the sheer stupidity and incompetence of the personnel and system revealed by this incident do - another example of Occidental "dumbing down"! And lest anyone take umbrage, consider this: how long has the UK been in the business of administrating? Is it conceivable that an SOP (Standard Operating Procedure) by any name does NOT exist for such data transfers? So unless this was an outright theft with inside help/information, this incident is disgraceful. Shir-El too (talk) 13:52, 21 November 2007 (UTC)[reply]

an sop exists and it was broken, hence the resignation. but i agree with you. when managers talk about mission statements and visions and forget to manage people then things mess up. i blame the trend in management schools that began in the 70s Mongreilf (talk) 15:54, 21 November 2007 (UTC)[reply]

All that data on 2 CDs?

Hang on a sec. One CD-ROM holds 700MB. So that's 1400MB for both disks. Divided by 25 million. That's 56 bytes per entry. How can you get full names, addresses and bank details into 56 bytes? AJKGORDON«» 11:08, 21 November 2007 (UTC)[reply]

The reference (#1) used to support the CDs claim does not say explicitly that CDs were used. So I've changed it to 'computer discs' which is the word that's been used in official communications. Pre1mjr (talk) 11:44, 21 November 2007 (UTC)[reply]
The 25 million figure quoted includes parents and children. (As one of those affected) I know that they would not have the bank account details of the children, just the parents. The addresses of the parents and children would be the same (otherwise the parent couldn't claim the benefit) and you're not allocated a National Insurance number in the UK until your 16th birthday the children on the disks wouldn't have NI numbers. So its not as much data as you might think. Kelpin (talk) 19:12, 21 November 2007 (UTC)[reply]
They are disks, probably DVDs:

http://cgi.ebay.co.uk/The-Missing-Disks_W0QQitemZ150185957181QQihZ005QQcategoryZ16164QQssPageNameZWDVWQQrdZ1QQcmdZViewItem —Preceding unsigned comment added by 84.69.128.23 (talk) 13:40, 21 November 2007 (UTC)[reply]

And it could even be hard drives. The information currently released gives so little to go on. At the moment you just have to take the word of Darling blown up by media spin. Not the sort of thing WP can report as hard facts... Dsergeant (talk) 11:55, 21 November 2007 (UTC)[reply]
Data compression perhaps? personally, I'm wondering what "password protected" really means. If the data was say AES encrypted and a passphrase is required, then the data is likely to be safe no matter what. If the data was in a say an older version WinZip file with a password, it's fifteen minutes work to crack. Toby Douglass (talk) 12:03, 21 November 2007 (UTC)[reply]
It would be very interesting to know the exact format of the data. Obviously, it should have been compressed and encrypted (ie with an industry-strength 128-bit key), but I wonder if these lowly officials were up to such a thing. I fear they might simply have dropped a rather large Excel file onto the DVD burner...--Oscar Bravo (talk) 15:07, 21 November 2007 (UTC)[reply]
According to the Indy, though the discs are believed to be password-protected, the infromation was not encrypted in any way. At all. Skittle (talk) 16:57, 21 November 2007 (UTC)[reply]

What really matters...

...is whether the data in the disks was strongly encrypted or not. If it was, with the relevant keys being sent later or using public-key crypto, then there is actually nothing to worry about, and i think it even shows proper procedure on their part: Sending the data itself in a inexpensive way, while still guarateeing total security.

On the other hand, if they use weak crypto (which is the standard in many office applications) or no crypto at all, then i still think that most of the public indignation is being misdirected: Data theft might have occurred not only now, but many times before, with thieves easily intercepting the disks in the mail (or even the government staff responsible for mailing), copying them, and sending them along unscathed to their intended recipients, raising no suspicions. If they send the disks in regular mail packages without any special precautions, as they apparently do, then this might not be too difficult. It just so happens that this time the thieves themselves might have goofed up and failed to restore the chain after intercepting the data. —Preceding unsigned comment added by 83.132.232.124 (talk) 17:13, 21 November 2007 (UTC)[reply]

Orwellian title?

"Misplacement" is classic PR-speak, almost like it's deliberately worded to make it sound less bad. Wikipedia is no the UK's PR wing. The title should be data loss and on the main page, it should say it loses the data instead of misplaces it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Loss_of_United_Kingdom_child_benefit_data_(2007)&oldid=172971820"