UK ID Card Scheme Data Deleted For £400K

DaveNJ1987 writes "It will cost the British government only £400,000 to destroy the data for its failed ID card initiative. The data compiled by the National Identity Register, which was scrapped last year by the coalition government, will be disposed of for the relatively small sum — in government figures — Home Office minister Damian Green confirmed."

Let me do it

[dintech]

I'll show them how to destroy it for half the price.

Re:Let me do it

[91degrees]

What sort of guarentee can you offer that it will be adequately destroyed?

This is the problem. They want to be absolutely sure that nobody can get hold of the disk drives and extract the data. At least that's what I'm guessing.

Really they could just shoove the computers in some dark area of Whitehall and nobody will touch them.

Re:Let me do it

[Dr_Barnowl]

They could lock them in the bottom drawer of a filing cabinet in a disused lavatory with a sign on the door that says "Beware of the Leopard", and eventually, someone will find them.

My guarantee of data destruction - thermite. It's the only way to be sure.

Well, ok, there are a lot of ways. You could extract the platters and scrub all the ferrite off with soapy water. You could just do a 1-pass wipe and it puts it beyond the capability of all known data recovery labs. There's those specialist industrial shredders designed just for disk drives that reduce them to a small heap of granules.

But thermite is more fun.

Re:Let me do it

[Rogerborg]

What sort of guarentee[sic] can you offer that it will be adequately destroyed?

The same guarantee that everybody else offers - cast iron, 100% and fully contractually enforceable. At least enforceable against the tiny limited liability shell company with no assets that you've spun off to do the actual work.

See, it's not how you do the work, it's how you do the business that matters.

Re:Let me do it

[Hognoxious]

More likely they'll just delegate it to a junior civil servant who'll get drunk after work and leave it in a taxi.

Of course if you really want to destroy it just send it through the post, with a prominent label saying "FRAGILE".

Re:Let me do it

[fuzzyfuzzyfungus]

Never. Ever. Ever. fuck with an angry thermite colony...

Even fire ants won't burn their way through an engine block just to get at you.

Re:Let me do it

[santax]

That's how I got rid of the first wife! No need to murder anyone, just put her in a box, stamp Fragile and Alaska on it and you're good.

Third party

[clickclickdrone]

I see they've hired some 3rd party firm to do it. That stuff, both kit and data will turn up in a year or so's time. Guaranteed. Laptops on eBay and the data sold to ID thieves.

Re:No surprise

If you read TFA you'll see Labour pissed away £330m on ID cards, so 400K is peanuts by comparison. Also, the same "friends in the city" were the people labour spent that money with.

Re:Coalition Government?

[Serious+Callers+Only]

What they call coalition government we call bipartisanship, right?

No, it's a coalition government - rule by more than one party in the same cabinet/government. Quite common in Europe, unheard of in the states (though you do have cohabitation between a president and a congress or senate hostile to them quite often).

A true coalition in the States would have (for example) Obama appointing Dick Cheney or Ron Paul as his vice-president, and working with him day to day and appointing advisers from other parties, but the systems are so different that it's hard to compare. Typically a coalition is made up of one large party and one or more small ones to make up the numbers, so in the strongly bipartisan system of the states, it's unlikely to happen.

Re:No surprise

[malkavian]

Ok, I spot someone that's never dealt with systems at the high end.
There's a lot of prep work to unpicking things, and removing servers from secure areas, auditing them, planning to have them securely transferred and held in areas that are inaccessible with heavy physical security.
Logged/scanned to provide proof of transit, vetting everyone who handles the data volumes. Ensuring you have all sources of the data, auditing the backups, and pulling all of those, so on, so forth.
Everyone involved in this process will have to be security audited (most likely taken from an existing group of vetted people), and their services carry a premium.
There is a huge difference between destroying the data on your home gaming machine, and the sheer detail involved in transport and destruction of sensitive governmental machines.
£400k is actually a pretty lean number for dismantling the structure of this old project, considering that the infrastructure was sufficient to handle the predicted scale out to cover the entire UK population.

Re:No surprise

[Dan1701]

You clearly do not grasp the sheer idiocy, incompetence and utter lack of any skills whatsoever which characterises the British civil service. These days there IS no IT department apart from the outsourced PFI numpties who charge for each and every action performed. This is why whole database dumps get transferred all over the place; there isn't anyone who has the handy database skills to run a quick SQL query and put out only the required data into a twin-key encrypted package, because the way the PFI deal was written every such action costs the Government money.

Add to this the last Government had a number of highly embarrassing incidents of data loss, where USB sticks were let on trains, and in one case CD-ROMs of sensitive data were encrypted, but the password for the encryption was written onto the media disks themselves. The civil servants were complying with the regulations, but doing so in such a way that no hassle over passwords would occur. The same civil servants that did this are still employed, and the UK Home Office (which is dealing with this data) has the reputation of being the dumping ground for all the most incompetent, most useless and most stupid civil servants in Government.

Outsourcing data disposal like this is the safest way to ensure complete destruction without any little unofficial backups being taken and sold on, or people "forgetting" to wipe the disks before ebaying them, and so on. 400K is peanuts compared to the cost of cleanup after a data leak.

Re:They need prvate contractors

[forgot_my_nick]

> They need private contractors. Government officials are not capable of wiping their own arses, let alone data.
Who let you out of the Daily Mail comments section?

Re:Coalition Government?

[TheRaven64]

No. To have a coalition government, you need more than two parties. It is one of the outcomes when no single party manages to gain an overall majority. In this case, the largest party was the Conservatives, the second largest was Labour, and the third-largest the Liberal Democrats, with a smattering of smaller parties and independents. The government was formed by a coalition of the Conservatives and Liberal Democrats. The Prime Minister is the head of the Conservative Party, the Deputy Prime Minister is the head of the Liberal Democrat Party, and the cabinet is made up from members of both parties. Government policy is driven by both parties, although more by the Conservatives.

Another alternative in this situation would be a minority government, where the Conservatives (with the largest bloc) attempted to form a government by themselves, but had to persuade members of other parties to vote with them or abstain for every issue they wanted passed. This is a bit fragile: last time it happened in the UK, it only lasted a few months before a vote of no confidence in the government passed, triggering a general election.