The Coalition Government’s detailed planning to destroy most of the IT infrastructure and data for ID cards, following the decision to axe Labour’s ID cards plans, has revealed disturbing news about how data was mishandled.
As the BBC reports, equipment is having to be destroyed because it looks like data was wrongly stored on it:
Destruction of [some] equipment might have been avoided if the data it collected had been stored centrally as it was meant to be. But there is evidence that some was accidentally stored locally, the document reveals, so off to the dump it must go…
However, other data which it was promised would not be stored centrally did end up being stored in just that way:
Anti-ID card campaigners often warned about the dangers of storing all of the ID data in one place – making it potentially vulnerable to hacking, only to be assured by ministers from the previous government that this would not happen.
So it is fascinating to read that there are two separate locations in the UK where all of the biometric and biographical information gathered by the ID card scheme is, or has been, stored.
Although Labour’s ID cards plans may be in the political – and soon technological – graveyards, this news – which has only come to light because of the detailed organisation for ending ID cards plans – leaves us an important lesson for the future. Regardless of public promises made about how data will be stored and safeguarded, reality often turns out differently. No security is perfect; no staff list is impervious to wayward staff; no technological plan is resistant to change and modification.
That is why the very acts of deciding not to gather some data, or not to collate different sources into one place, is so often an important firebreak that protects our privacy.
4 Comments
I understand the coalition will legislate in order to have access to our bank accounts and will bring the information together so that it can be jointly accessed by both HMRC and the DWP. That suggests it would be all be stored in one place. However, if the information is then downloaded by functions of HMRC and DWP, I presume they would also store the information locally.
Yes, I too was about to mention the coalition’s wish to hold the financial details of just about every individual, on a central database. Now when the LibDems trumpeted the scrapping of Contact Point , the child protection database, it was said that the information was ‘locally; available, but the problem LibDems had was with it being held on one giant database. So why the sudden change of tact? The deficit maybe?
Why on earth are they destroying equipment? If you overwrite all the data on a harddrive with random data enough times, it becomes unrecoverable even to advanced forensic techniques. The harddrives can then be wiped and reused. The US government considers overwriting everything 7 times to be sufficient, security-wise, and if we wanted to be paranoid it wouldn’t be hard to overwrite everything 30, 50, or even 100 times. This just really seems like a horrible example of government waste to me. Also, if they send these off to a rubbish dump without overwriting them like this, even if they’re smashed up, those same forensic techniques could potentially retrieve data from them. A great opportunity for well funded, well organised criminal gangs to perform some identity theft.
Given that I joined the Lib Dems over their opposition to the National Identity Database, I’m happy to see this happening.
However, I’m very unhappy with the fact that the Government is violating its own Coalition agreement by not scrapping the NHS Summary Care Record centralised database system, whose benefits are iffy at best and into which patients have been conscripted without giving explicit consent. This scheme has also been criticised by the GMC’s GP council. We should be living up to our promises on this.