Monthly Archives: November 2007

The 25 Million ‘Lost’ Records and Other UK Data Losses

0
Posted by Lloyd Morgan on November 27, 2007 – 9:02 am
Filed under Politics, Sci/Tech

So, Her Majesty’s Revenue and Customs (HMRC) decide to send the National Audit Office (NAO) the details of 25 million people on a couple of “password-protected” discs which then go missing during transit via a third-party courier. Fair enough, no bad feelings. [Story]

Alistair Darling - Don't Trust These EyebrowsThese details include the names, addresses, bank details and national insurance numbers for all members of the 7.25 million households that have a child under the age of 16. That’s just under half of the population - pretty impressive really.

Moral of the story? Don’t trust a man with eyebrows like this (Alistair Darling, right). No, seriously - don’t.

So without further ado I present you with my latest compilation: ten more UK data loss incidents from recent history, courtesy of The Register:

  • 400 passport details and addresses lost by HMRC (2007)
  • All 11 Million customers of the Nationwide Building Society had their “confidential customer data” lost (2007)
  • 15,000 names, addresses, DoBs, national insurance numbers and pension details of policy holders from Standard Life lost by HMRC (2007)
  • 26,000 Marks and Spencer staff members’ salary details, addresses, dates of birth, national insurance and phone numbers lost (2007)
  • 500 Eden Project staff had their (undisclosed) data lost by Moorepay (2007)
  • An undisclosed number of confidential medical records were discovered on hard drives sold on eBay (patients from Dudley NHS Trust) (2007)
  • 11,000 children treated or born in a Nottingham Hospital had their records lost (2007)
  • 15,000 Met Police Officers had their payroll and pension data lost by LogicaCMG (2006)
  • “70 Top Secret Files” from the Ministry of Defence were found on a laptop at a landfill site. These included terrorism contingency plans for MoD bases (2005)
  • 1,354 government computers (594 by MoD) “stolen or mislaid”. Unknown/undisclosed data (1997 - 2002)

Steve Martin - Alistair Darling's Love Child or Long Lost Brother?Many of the above have one thing in common: when many of them were first announced, the question of whether or not the data was appropriately encrypted was usually avoided - typically cited as being a security risk if the issue were even discussed.

I have two problems with this: one, whoever has the data already knows if it is encrypted or not; two, if it is encrypted, telling us that it’s encrypted doesn’t suddenly make it easy for the criminals to break into the data. If it’s encrypted, it’s encrypted. That’s all there is to it and therefore your data is safe. This leads me to one conclusion: it’s not encrypted. (See also: “UK’s Privacy Chernobyl” - Bruce Schneier’s recent post.)

As a side note, has anyone else noticed how the comic Steve Martin (above, left) looks strangely similar to Alistair Darling? Are they related? If so, all is forgiven: give us a joke.

Even Rocky Had a Montage

0
Posted by Lloyd Morgan on November 13, 2007 – 10:25 pm
Filed under Everything Else

Spotted in Cambridge, UK:

Church Sign: Jesus - The World's Greatest Comeback

This would have worked so much better if there was a speaker next to it playing the ‘Rocky’ theme tune, don’t you think?

Dah-dah-dah, dah-dah-dah, dah-dah-dah, dah-dah-dah, dah-dah-dah dah-dah-dah… etc.

Who on earth comes up with this stuff?

Your Privacy and Data on Facebook

0
Posted by Lloyd Morgan on November 6, 2007 – 11:48 am
Filed under Politics, Sci/Tech

A few months ago I found the ‘Does What Happen in the Facebook Stay in the Facebook?‘ video on the front page of Digg. Yeah, it’s mostly sensationalist scare tactics about how Facebook is supposedly involved with some big CIA-based ECHELON / Carnivore-esque conspiracy, but a couple of things that the video points out are really worthy of note. Specifically the wording of their publicly available Terms of Use and ‘privacy’ policy:

By posting User Content to any part of the Site, you automatically grant [...] to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose on or in connection with the Site or the promotion thereof [...]

In all honestly I expected nothing less, but actually reading it and taking the time to understand the implications of uploading your material makes me want to never upload a photo again, lest a Virgin Mobile incident (or worse) happens to me or someone I know. Especially when they class ‘User Content’ as:

Photos, profiles, messages, notes, text, information, music, video, advertisements, listings, and other content that you upload, publish or display [...]

And even more so when you read this:

Facebook may also collect information about you from other sources, such as newspapers, blogs, instant messaging services, and other users of the Facebook service.

How depressing? But in all honestly I’m not going to change my ways - if you upload anything anywhere, expect it to be seen by anyone and be used for any purpose. To finish, have some choice quotes from Digg when the aforementioned video was posted there:

  • I like looking at drunken half naked girls on a daily basis. Long live Facebook.
  • What is this, six degrees from Kevin Bacon?
  • Big Brother is watching you poke.
  • If you look at all those dotted lines and trace that pattern on to a piece of Reynold’s Wrap it is the secret directions to make a tin foil cap, which will protect you from imaginary things that do not exist!
  • If you don’t want someone to know something about you…. don’t post it on THE INTERNET.
  • HOLY CRAP CONSPIRACY.
  • OH MY GOD THE GOVERNMENT IS GOING TO KILL US ALL
  • OH NO THEY KNOW I LIKE A MOVIE!!!!