Anyone still think ID Cards and a National Identity Database will be a good idea?

[Foggy]

I think we should have a National Identity...


I'm fed up with all this PC european nonsense!

We're British,
we used to rule the world,
now we can't be bothered,
leave our mad cows alone,
......


LOL, Paul

[Lazlo]

Quote:

Originally Posted by JasonP

But surely there will be nothing on the ID database that isn't on the card?

There will be quite a lot of information in the database that won't be on the card.

The card was only ever a small part of the problem. Link

Quote:

Originally Posted by JasonP

And people will be able to read that from the card in your pocket from 20 feet away as you walk down the street?

Very possibly

I've heard it suggested that judicious use of a hammer in the correct location will sort this problem. Though I suspect that would be illegal, and I wouldn't suggest doing it for a moment.

[nickb]

It's now 25 million records:

BBC NEWS | Politics | Darling says 25m records 'lost'

[principia]

Seeing what staff do in the NHS with personal data, I'm suprised HMRC didn't just send it as an attachment via hotmail.

[Finless]

Quote:

Originally Posted by turbanator

Probably being used as drinks coasters in their office.

I suppose they did all check their PC's/laptops CD/DVD drives?

[chrisch]

Quote:

Originally Posted by Foggy

I think we should have a National Identity...


I'm fed up with all this PC european nonsense!

We're British,
we used to rule the world,
now we can't be bothered,
leave our mad cows alone,

I agree. All these pollsters in the street asking what does it mean to be British. It means eating Indian food, drinking Belgian lager, having a Polish plumber and taking Spanish holidays. We wear cheap Chinese clothes designed in Italy and drive German cars.

So what sets us apart from Jonny Foreigner?

Not having ID cards that's what. All yer EU types they have em. Bloody Euro PC nonsense. We don't want em over here matey we're not part of your lot...

Laissez-vous nos vaches folles.

Chris

[Scuby]

Note that it does say "password protected", and by that I assume encrypted - and if they've gone to the effort of encryption it'll be proper Government approved (ie CESG tested it and can't break it easily / at all) encryption which only the really really expert criminals would have any chance of ever getting anything off it.

Given that this was simply posted and didn't turn up, no doubt there's an anonymous brown envelope sat somewhere, that will go the way of all the mail the Post Office lose and disappear into a black hole somewhere, never to be seen again. Various parts of the Government send sensitive documents by post all the time. It's standard practice, recommended and approved in all the security procedures.

The real headline should be "one backup copy of database lost, but 1000 other copies are fine". Or "unreadable database now unreadable by someone else".

David

[Lazlo]

Depends how good the password is, and what they used to encrypt it. For example it better not be an Access database, as that can be cracked in about 30 seconds.

As for the "really expert criminals" bit, that would could well describe the type of people who could end up with it.

The POINT of this story is that the disk got "lost" in the first place. How is the the public supposed to have trust in the security of a proposed ID database if the people in charge don't / won't / can't understand that data security is about a lot more than file encryption - it's about maintaining an entire security-oriented philosophy. Every stage of any related process must be secure, and at the end of the day, any system is only as strong as it's weakest link.

Finally, bear in mind that THOUSANDS of people will have access to the ID database.

[gerbil]

Apparently password protected but NOT encrypted. The person who posted this needs to be shot resurrected and then shot again.

[Scuby]

Quote:

Originally Posted by Lazlo

Depends how good the password is, and what they used to encrypt it. For example it better not be an Access database, as that can be cracked in about 30 seconds.

True. But something that fills 2 CDs is so extremely unlikely to be an Access database that its barely even worth considering.

Quote:

Originally Posted by Lazlo

As for the "really expert criminals" bit, that would could well describe the type of people who could end up with it.

Chance of any kind of criminal getting hold of it, or even of the CDs ever being read again are really rather slim. Far more likely that it's just got misplaced somewhere in the postal system, and if that is the case then it's not going to have "confidential data - do not steal" written all over it. Although of course now every dodgy postman and courier is going to be tempted by CD-shaped packages after all this fuss, if nothing else so they can sell it to a newspaper probably for a lot of money, so they can say "if only we were a criminal we could have destroyed the UK" or some such rubbish.

Main problem I have with the story is that it's grossly overplaying what will in all likelihood turn out to be a non-event. Just looked at the BBC News website and it's now turned into a huge "fraud alert" headline... when in practice it's just a bit of sloppy security that will probably have no consequences other than for those responsible for it. Even if someone does get hold of it, they won't be able to make any more use of that than if say 1000 people's account details were stolen - anyone trying to initiate direct debits from 20,000,000 UK bank accounts at the same time will draw rather a lot of attention to themself!!!

Don't get me wrong it's still very sloppy security procedures, but the consequences are being hugely over-played.

David