Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Staff Caught Snooping On Citizen Data

Posted by samzenpus on from the lets-have-a-look dept.

An anonymous reader writes "More than 1,000 UK government staff have been caught snooping on citizen data — including criminal records, social security, and medical records. From the article: 'The U.K. government is haemorrhaging data — private and confidential citizen data — from medical records to social security details, and even criminal records, according to figures obtained through Freedom of Information requests. Just shy of 1,000 civil servants working at the Department for Work and Pensions (DWP), were disciplined for accessing personal social security records. The Department for Health (DoH), which operates the U.K.’s National Health Service and more importantly all U.K. medical records, saw more than 150 breaches occur over a 13-month period.'"

2 of 120 comments (clear)

  1. Re:Shocker by Anonymous Coward · · Score: 5, Informative

    Auditing systems only work to stop legitimate users of a database from making inappropriate queries, the database and system administrators, and in most cases network administrators have carte blanche access to anything and everything they are responsible for, and it is always a simple procedure to bypass any audit traps that may be in place.

    Take the example of an Oracle DB on a Unix system, it is a pretty trivial task to make a copy of the entire hard disk (and database contained therein) without leaving a trace of your actions. These systems are both too simple and too complex to prevent access from a lower level of abstraction.

    We put a huge amount of trust in system operators, and there is really no other way. At the end of the day, someone needs lowlevel access to the system to run diagnostics and perform maintenance, even in some security enhanced configuration like IBM AIX or z/OS, there is going to be a hardware maintenance mode, if not accessible by the site admin, it will be accessible by someone at IBM.

  2. Re:Shocker by niftydude · · Score: 5, Informative

    Not just private information. I used to consult to a roads authority that I'll keep nameless for now.

    They had remote controllable ccd cameras all over the place to keep track of traffic flow etc.

    Whenever I went in, one of the cameras would almost always be pointing at the girl who used to sunbathe in her back yard in a property very close to a major intersection.

    Incredibly creepy.

    --
    You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.