Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Prisons Ministry Fined For Lack of Encryption At Prisons

Posted by Unknown on from the not-like-prisoners-are-people-anyway dept.

Bruce66423 (1678196) writes The Guardian reports that the UK Information Commissioner has levied a fine of £180,000 on the Ministry of Justice for their failure to encrypt data held on external hard drives at prisons. The fine is nominal — one part of government fining another is rather pointless, but it does show that there's a little bit of accountability. Of course it's interesting to consider the dangers of this hopefully old way of storing backups; but the question of whether we do a lot better now is quite pointed. To make matters worse, one of the unencrypted backup hard drives walked away.

9 of 74 comments (clear)

  1. stealing identity by WarJolt · · Score: 2, Funny

    I can't imagine the identities of a bunch of ex-cons are that valuable.

    1. Re:stealing identity by Anonymous Coward · · Score: 2, Interesting

      One word: Pension

      The US, UK, Canada and many other countries have an old age pension system that are all very easy to exploit if you have the number. Crooks amass multiple numbers and then collect the pensions. The system is very lax and doesn't check whether someone who claims to be 104 years old is really still alive and at least looks like he is 104 for example.

      Whenever you hear of some Romanian peasant who reached the ripe old age of 120, it is simply because he adopted the identity of his parent, buried the parent without informing anyone and happily collected his parent's pension ever since (and eventually his own too).

    2. Re:stealing identity by JosKarith · · Score: 2

      The identity of 3000 people who have been proven they are prepared to break the law? Or maybe the police reports on the true connection/affiliation of said people? Can't possibly see how that information could of be any use to organised crime...

      --
      'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
  2. Re:Pointless accountability? by ShanghaiBill · · Score: 2

    How does a "pointless" fine show any accountability at all?

    It is not pointless. Bureaucrats care very much about their discretionary budgets and perquisites.

  3. Re:So... outsource ALL OF IT by ruir · · Score: 3, Insightful

    No matter how incompetent civil servants you have, they will save you a lot HELL more money than those money grabbing machines now as Oracle, SAP or Microsoft. By a couple of orders of magnitude.

  4. Re:So... outsource ALL OF IT by Anonymous Coward · · Score: 2, Interesting

    Outsourcing is the main problem with modern British government, you stupid fuck. Profit motive means doing the MINIMUM work for the MAXIMUM personal gain - it is the very opposite of what you need in a prison system, where pretty much none of the humans are informed, rational, voluntary actors.

    And changing providers every few years just to suit your stupid ideology eliminates the efficiency of experience.

    There is almost no British government function that has been improved by outsourcing, and IT projects are the worst in this respect, reaching insane budgets and always under-delivering (in some cases this is good because the citizens would not benefit from the project, e.g. Universal Credit or shared health records). Please take your religion and find a sound-proofed church to preach it in.

  5. Yeah but.. by countach · · Score: 2

    I can picture a scenario that if they were encrypted, the recovery key would be lost, or the person holding it would die or resign or quit and suddenly all the backups are unrecoverable. You can say ok, so the key should be kept somewhere secure, but where? When you answer that question, then why not put the actual backups there? It's not like you could have just one key forever either. That would be insecure to never change it. But to change it means having some filing system to keep the whole list of them from years and years back and storing them so people can find them. Then how are you going to encrypt THAT?

  6. Sir Humphrey Appleby would be proud. by LWATCDR · · Score: 3, Insightful

    " The fine is nominal — one part of government fining another is rather pointless, but it does show that there's a little bit of accountability"
      in the voice of Sir Humphrey Appleby.
    No minister it is not pointless at all. You get to show that their is some accountability at no cost to the government in monetary terms. The error will be shown to be a problem with a contractor that is following his original contract instead of the new updated rules so no one in the civil service will be held responsible and in the end nothing really will change and we can get on with the business of running the government.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  7. Re:So... outsource ALL OF IT by ruir · · Score: 2

    Answered too fast sadly. Besides the possibility of having idiots far more expensive outsourced from the private sector, the fact is that public sector often gets assigned second or third rate consultants because the best ones are assigned to private sector customers.