Monday, December 10, 2007

Brown knew about security risk to child benefit records three years ago

It's not particularly surprising to hear that Gordon Brown, whilst at the Treasury, was warned that there were serious security risks to data that the department and its executive agencies held.

In a leaked letter that was sent by internal auditors with an assessment of the security of the child benefit records system it said that "Fraudulent/malicious activity was not being detected". What is worse is that the letter went on to say that, "Live support staff had root access and could do anything without being detected with obvious risks." Jesus wept.

So much for it all just being a rogue junior official and a one off because procedures were not followed. The letter is pretty damning evidence that the entire system is flawed and has been for some time, and that the Prime Minister knew about it.


Barnacle Bill said...

I'm sure our sub-prime minister, Mr Bean, will invoke the Canoe-Man defence on this one!

True Blue said...

Who has the "leaked letter and when is it going to be published ?

excalibur said...

It would be interesting to see Gordon Brown's response to this letter, if indeed he thought one necessary.

It's quite obvious to anyone who knows anything about IT systems, that discgate wasn't down to one junior official, but incompetence and complacency embedded over years. The behaviour of HMRC regarding the production of these discs shows a deep-seated lack of initiative and a complete disregard for the consequences of having this data compromised.

Chris Paul said...

I suppose it depends whether the govt did anything about the report in 2004 doesn't it?

Doesn't look like the report covered posting by numbskulls using privateers??

It's about maleovolent geeks?

excalibur said...

Numbskulls and privateers should be accounted for easily in good system design. The system can be as good as it can be but if the management of it resides in Crapsville, it's worthless.

Malevolent geeks are another story, but the problem here was a lack of geeks rather than a surfeit. The lost discs are hardly the result of a contest to see who is the geekiest of them all. I'll hazard a guess that self modifying assembly code plays no part in this story.

As for the bigger picture, ministers and senior civil servants should beware of geeks bearing gifts. Well, not geeks, but systems salesmen although the dim often see them as the same.

mitch said...

I wonder how many copies of those disks now exist?.Probably turn up on a boot sale for a fiver like everything else.
Would it be illegal to buy a copy? is the info copyrighted?

Barnacle Bill said...

Just beware of chris paul bearing gifts, or should that read Tom Watson?

Not only but also said...

Thousands of driver details lost

The drivers' details were on two discs

The Driver and Vehicle Agency in Northern Ireland has lost the personal details of 6,000 people.

Link to Beeb article

The HMRC business really wasn't just a one off or confined to HMRC. The problem's endemic.