I'd suggest there are a number of key issues to keep in mind when considering the massive loss of data by British MoD. Here's a few to begin with:
1. The data/security paradigm changes when data are moved from hard/paper copy to a machine-readable form. Most people still think of security and access in paper-based terms, not that of electronic data which is a very different animal. Had the records been stored on traditional paper-based record systems then there would have been no breach of security.
2. Data in electronic form acquires a range of new and powerful properties when compared with that of the same records stored on hardcopy/paper. For example, stealing 600,000 plus paper-based records would be nigh on impossible, but this electronic 'loss' is not even theft as far as we know--just incompetence and mishandling. Those handling or using this data do not understand this differences between the electronic data and hard copy paradigms (especially a problem in government bureaucracies). Ipso facto, if they did then this data security breach would not have happened. Unfortunately, this lack of understanding is not unique; even those in the data processing/security game have a very poorly understanding of the problem: for they usually concentrate on specific security issues and technicalities, not why or whether certain facts or information should or should not be committed to electronic storage, or what the implications are if the data falls into unwanted hands.
3. It is questionable whether certain forms of sensitive data should actually be transferred into an electronic format, especially if bound into fully collated databases (as here). If electronic records are absolutely essential then the data can be held in multiple parts in distributed databases--one part alone being useless without others. (The fact that this data is not secured and managed in such a way that its loss would be trivial ought to be of great concern. Computer science just hasn't evolved sufficiently to always guarantee security and simultaneously make it easy and foolproof to implement: only electronic encode that which is essential.)
4. Governments, control freaks and penny-pinching accountants etc.--those with a police state mentality--want all records conveniently to hand, often for very questionable reasons including very little practical justification or need. In this instance, not only have they collected and collated vast amounts of sensitive personal data and stored it in an easily 'losable' form but the very act of doing so is one of utter irresponsibility. That such data and on such a grand scale has the potential to be--and has been 'lost' [or stolen etc.] in this way ought to be treated as an act of malfeasance.
4.1 Essentially, what has happened here is that an act of treason has been committed against the 'collective of citizens' [who constitute part of the state]--those who gave their personal data on the understanding that their government would keep it secure but who failed though negligence, inter alia.
4.2 There's little doubt that this incident will be hushed up, and there will be an scapegoat or two or possibly not even that. Moreover, I'll bet it happens again sometime soon, remember this is not the first of such incidents. With Britain going to a universal ID card what would happen if Al-Qaeda or similar organization were to ever get such a file? Even a friendly power such as the USA would be only too happy to snap up such valuable data, no questions asked.
5. Whether relevant or not, Governments, bureaucrats and security services have a Nazi-like obsession in collecting vast amounts of data on citizens and there is no obligations on those collecting it to even tell citizens that they are doing so let alone let the citizen see or review the data. Whether storing so much detail about citizens in vulnerable electronic format (such as in single but comprehensive databases) is warranted o
What? Do you really believe a politician made the decision on whom to outsource data management too?
Are you familiar with the concept of a civil service at all? Do you know who runs the day-to-day operations for the MoD?
Clue: Decisions like "Which subcontractor should we hire" are not made by the Secretary of State for Defence.
.
That's not the main point, I'd suggest the following are key:
1. The data/security paradigm changes when data are moved from hard/paper copy to a machine-readable form. Most people still think of security and access in paper-based terms, not that of electronic data which is a very different animal. Had the records been stored on traditional paper-based record systems then there would have been no breach of security.
2. Data in electronic form acquires a range of new and powerful properties when compared with that of the same records stored on hardcopy/paper. For example, stealing 600,000 plus paper-based records would be nigh on impossible, but this electronic 'loss' is not even theft as far as we know--just incompetence and mishandling. Those handling or using this data do not understand this differences between the electronic data and hard copy paradigms (especially a problem in government bureaucracies). Ipso facto, if they did then this data security breach would not have happened. Unfortunately, this lack of understanding is not unique; even those in the data processing/security game have a very poorly understanding of the problem: for they usually concentrate on specific security issues and technicalities, not why or whether certain facts or information should or should not be committed to electronic storage, or what the implications are if the data falls into unwanted hands.
3. It is questionable whether certain forms of sensitive data should actually be transferred into an electronic format, especially if bound into fully collated databases (as here). If electronic records are absolutely essential then the data can be held in multiple parts in distributed databases--one part alone being useless without others. (The fact that this data is not secured and managed in such a way that its loss would be trivial ought to be of great concern. Computer science just hasn't evolved sufficiently to always guarantee security and simultaneously make it easy and foolproof to implement: only electronic encode that which is essential.)
4. Governments, control freaks and penny-pinching accountants etc.--those with a police state mentality--want all records conveniently to hand, often for very questionable reasons including very little practical justification or need. In this instance, not only have they collected and collated vast amounts of sensitive personal data and stored it in an easily 'losable' form but the very act of doing so is one of utter irresponsibility. That such data and on such a grand scale has the potential to be--and has been 'lost' [or stolen etc.] in this way ought to be treated as an act of malfeasance.
4.1 Essentially, what has happened here is that an act of treason has been committed against the 'collective of citizens' [who constitute part of the state]--those who gave their personal data on the understanding that their government would keep it secure but who failed though negligence, inter alia.
4.2 There's little doubt that this incident will be hushed up, and there will be an scapegoat or two or possibly not even that. Moreover, I'll bet it happens again sometime soon, remember this is not the first of such incidents. With Britain going to a universal ID card what would happen if Al-Qaeda or similar organization were to ever get such a file? Even a friendly power such as the USA would be only too happy to snap up such valuable data, no questions asked.
5. Whether relevant or not, Governments, bureaucrats
Slashdot Mirror
I'd suggest there are a number of key issues to keep in mind when considering the massive loss of data by British MoD. Here's a few to begin with:
1. The data/security paradigm changes when data are moved from hard/paper copy to a machine-readable form. Most people still think of security and access in paper-based terms, not that of electronic data which is a very different animal. Had the records been stored on traditional paper-based record systems then there would have been no breach of security.
2. Data in electronic form acquires a range of new and powerful properties when compared with that of the same records stored on hardcopy/paper. For example, stealing 600,000 plus paper-based records would be nigh on impossible, but this electronic 'loss' is not even theft as far as we know--just incompetence and mishandling. Those handling or using this data do not understand this differences between the electronic data and hard copy paradigms (especially a problem in government bureaucracies). Ipso facto, if they did then this data security breach would not have happened. Unfortunately, this lack of understanding is not unique; even those in the data processing/security game have a very poorly understanding of the problem: for they usually concentrate on specific security issues and technicalities, not why or whether certain facts or information should or should not be committed to electronic storage, or what the implications are if the data falls into unwanted hands.
3. It is questionable whether certain forms of sensitive data should actually be transferred into an electronic format, especially if bound into fully collated databases (as here). If electronic records are absolutely essential then the data can be held in multiple parts in distributed databases--one part alone being useless without others. (The fact that this data is not secured and managed in such a way that its loss would be trivial ought to be of great concern. Computer science just hasn't evolved sufficiently to always guarantee security and simultaneously make it easy and foolproof to implement: only electronic encode that which is essential.)
4. Governments, control freaks and penny-pinching accountants etc.--those with a police state mentality--want all records conveniently to hand, often for very questionable reasons including very little practical justification or need. In this instance, not only have they collected and collated vast amounts of sensitive personal data and stored it in an easily 'losable' form but the very act of doing so is one of utter irresponsibility. That such data and on such a grand scale has the potential to be--and has been 'lost' [or stolen etc.] in this way ought to be treated as an act of malfeasance.
4.1 Essentially, what has happened here is that an act of treason has been committed against the 'collective of citizens' [who constitute part of the state]--those who gave their personal data on the understanding that their government would keep it secure but who failed though negligence, inter alia.
4.2 There's little doubt that this incident will be hushed up, and there will be an scapegoat or two or possibly not even that. Moreover, I'll bet it happens again sometime soon, remember this is not the first of such incidents. With Britain going to a universal ID card what would happen if Al-Qaeda or similar organization were to ever get such a file? Even a friendly power such as the USA would be only too happy to snap up such valuable data, no questions asked.
5. Whether relevant or not, Governments, bureaucrats and security services have a Nazi-like obsession in collecting vast amounts of data on citizens and there is no obligations on those collecting it to even tell citizens that they are doing so let alone let the citizen see or review the data. Whether storing so much detail about citizens in vulnerable electronic format (such as in single but comprehensive databases) is warranted o
What? Do you really believe a politician made the decision on whom to outsource data management too?
Are you familiar with the concept of a civil service at all? Do you know who runs the day-to-day operations for the MoD?
Clue: Decisions like "Which subcontractor should we hire" are not made by the Secretary of State for Defence.
That's not the main point, I'd suggest the following are key:
1. The data/security paradigm changes when data are moved from hard/paper copy to a machine-readable form. Most people still think of security and access in paper-based terms, not that of electronic data which is a very different animal. Had the records been stored on traditional paper-based record systems then there would have been no breach of security.
2. Data in electronic form acquires a range of new and powerful properties when compared with that of the same records stored on hardcopy/paper. For example, stealing 600,000 plus paper-based records would be nigh on impossible, but this electronic 'loss' is not even theft as far as we know--just incompetence and mishandling. Those handling or using this data do not understand this differences between the electronic data and hard copy paradigms (especially a problem in government bureaucracies). Ipso facto, if they did then this data security breach would not have happened. Unfortunately, this lack of understanding is not unique; even those in the data processing/security game have a very poorly understanding of the problem: for they usually concentrate on specific security issues and technicalities, not why or whether certain facts or information should or should not be committed to electronic storage, or what the implications are if the data falls into unwanted hands.
3. It is questionable whether certain forms of sensitive data should actually be transferred into an electronic format, especially if bound into fully collated databases (as here). If electronic records are absolutely essential then the data can be held in multiple parts in distributed databases--one part alone being useless without others. (The fact that this data is not secured and managed in such a way that its loss would be trivial ought to be of great concern. Computer science just hasn't evolved sufficiently to always guarantee security and simultaneously make it easy and foolproof to implement: only electronic encode that which is essential.)
4. Governments, control freaks and penny-pinching accountants etc.--those with a police state mentality--want all records conveniently to hand, often for very questionable reasons including very little practical justification or need. In this instance, not only have they collected and collated vast amounts of sensitive personal data and stored it in an easily 'losable' form but the very act of doing so is one of utter irresponsibility. That such data and on such a grand scale has the potential to be--and has been 'lost' [or stolen etc.] in this way ought to be treated as an act of malfeasance.
4.1 Essentially, what has happened here is that an act of treason has been committed against the 'collective of citizens' [who constitute part of the state]--those who gave their personal data on the understanding that their government would keep it secure but who failed though negligence, inter alia.
4.2 There's little doubt that this incident will be hushed up, and there will be an scapegoat or two or possibly not even that. Moreover, I'll bet it happens again sometime soon, remember this is not the first of such incidents. With Britain going to a universal ID card what would happen if Al-Qaeda or similar organization were to ever get such a file? Even a friendly power such as the USA would be only too happy to snap up such valuable data, no questions asked.
5. Whether relevant or not, Governments, bureaucrats