Tuesday 20 November 2007

Me and twenty-five million others.

Well, isn't this just lovely? If you live in the UK, you could hardly fail to have heard about this today, but, for the rest of youse, here are the salient points.

The National Audit Office were doing some sort of audit on Her Majesty's Revenue & Customs. So some flunky at HMRC helpfully burnt some of the data to be audited on to a couple of CDs and put them in the post, presumably because neither HMRC nor the NAO have heard of the Internet. The CDs never arrived at NAO. After they failed to arrive, it turned out that they had just been sent by standard unregistered unrecorded delivery. They're as missing as missing can be. Oops.

On the discs are HMRC's entire Child Benefit database: the names, addresses, previous addresses, bank account details, dates of birth, National Insurance numbers and children's names and dates of birth of 7.25 million families — that's about 25 million people. Oops again.

Oh, but don't worry: they're password protected. In the Windows sense, no doubt.

Gordon Brown has proven one tiny way in which his government is better than Blair's: the Chancellor, Alistair Darling, announced this in the Commons today. Under Blair, he'd have announced it in four months' time.

Another improvement over the usual: Paul Gray, the chairman of HMRC, has resigned. It's sad that it's actually become unusual for someone responsible for an almighty country-screwing travesty to accept that responsibility, but it has, so thank you to Mr Gray for doing the decent thing.

And one final little blessing: the courier company used were TNT, not the Royal Mail. The police say that they currently have no reason to believe that the discs are in nefarious hands rather than simply lost by incompetent ones. And the police are probably right about that, for the next couple of hours — now that the Chancellor's told the world what's on those discs, we'd better hope against hopes that whoever finds them isn't a bastard. But, if the Royal Mail had been entrusted with them in the first place, we could be absolutely one-hundered-percent confident that the discs had been stolen by professional criminals.

As it happens, I know a professional auditor. He travels the world, auditing firms. As I understand it, that's the usual way of doing things: you're going to audit someone, you go round and audit them, in their office. Asking them to send you information and promise really sincerely that it's genuine just doesn't quite cut it, and we should be concerned that this appears to be how the National Audit Office is doing things. But the NAO is in London and HMRC's Child Benefit Headquarters is in Newcastle, and we all know how London civil servants feel about setting foot in [shudder] The North.

Mr Darling said they should not even have been sent in the first place, as a junior official breached all Her Majesty's Revenue and Customs standing procedures by transferring them via couriers TNT to the NAO.


This just isn't good enough, is it? These systems are supposed to have at least some protection from criminals, but it turns out that the only thing stopping a lower-rung tax monkey from burning the entire database to disc is a rule that, you know, you're really supposed to obey, if you'd be so kind. What if someone decides to break the rules? Why is this data even accessible from a PC with a burner on it? Why are HMRC's computer systems not set up simply to disallow the copying of certain classes of data? Come to that, what's with the bank account numbers? They're used by automatic computer systems to make automatic payments, so, once they've been input, there is simply no reason why a human being need ever see them. What these missing discs should contain under "Bank account number" is "XXXXXXXX". You know, like on all my credit card receipts. Jesus wept.

I've said for a while now that it's no good opposing the ID Database scheme, because defeating it just for now isn't good enough: the idea keeps coming round again and again, under different governments, so the very concept, not just today's suggested implementation, needs to be utterly defeated. And the way it'll be utterly defeated is that, once it's been running for a few years and proven to be unworkable, unreliable, corrupt, insecure, and useless for good things but very useful for bad things such as locking up innocent people, then the public will turn against it. You need the streets to be piling up with rubbish before anyone'll vote for Thatcher.

I wonder if this be the start of it. It surpasses even my cynicism: I'd imagined that the Government would need to actually get the ID Database up and running before they started to give practical demonstrations of just what a Bad Thing it is. Apparently not.

No comments: