Can the British government be trusted with people's data?

The short answer to this question is a certain resounding NO!!!

by Michael Smith

More and more data losses come to light on an almost daily basis as to agencies and contractors of the British government and most of those losses could have been prevented or at least mitigated in one way or the other.

The great majority of all losses include memory sticks, removable hard drives and laptops where none of the data appears to have been encrypted. This is negligence bordering on the criminal.

In other instances there was data that was encrypted decrypted and then, unprotected, stored on a cheap USB memory stick which was, subsequently, lost. That is criminal.

The fact is that there is no need to have any data without encryption and security, especially nowadays.

USB sticks with automatic 256 AES hardware encryption are are multiplying as regards to makers and types and there becoming cheaper as well. So there is no excuse – and many should not be an excuse at all – to handle data, sensitive, personal data, entrusted to the government in such a slipshod manner.

One GB sticks with full 256 AES hardware encryption can be had for around the £30 mark and the personal details and data of its citizens, even if the British are in truth but subjects, should be worth at least that much to the government. The truth is, though, that they appear to be not. They rather stick the stuff on a £5 stick that has no encryption and can be opened by any Tom, Dick or Harry when lost.

While the government will prosecute people, like small membership organizations, rather quickly should someone there send the details of their members to another officer of the organization unencrypted and get them lost, for instance, when it comes to their own shortcomings there is one law and one set of rules for them and a completely different, stringent, one for everyone else.

The British government is pressing on hell-bent with the idea of this and that database for this and that information about the people, Aside from the voluntary ID card that by now is being talked of as a compulsory one, and the database for that one, the latest is one with the details of the emails, phone calls and sites visited of every person in the United Kingdom. We can just imagine how safe all that data is with them.

Safe? What is that? The pass people's personal details about on CDs, memory sticks, removable hard drives and laptops like some people pass out candy at a party. About most of those things that get lost in the post, by people mislaying them or laptops from the MoD and such getting stolen (or just mislaid), not being encrypted, there seems to be a culture of total disregard for security prevailing in the circles of the British government.

In no other developed country there appear to be even half as many security and data breaches as there are in the United Kingdom but still it is all being treated with a lackadaisical attitude that beggars belief.

Each and every time there is such a breach one or the other minister or such comes out and makes silly statements and then promises that it will not happen again and – well, guess what? The next day or so the same happens again and sometimes in the very same service.

There is no reason, absolutely none, for not using encrypted devices and cryptology per se on drives and what-have-you. Neither programs, such as PGP or similar, not the devices with automatic 256 AES hardware encryption cost the earth.

Private industry and even non-governmental organizations and charities even take better care of data than does the government, and while nothing is ever 100% secure, whether hardware encryption, public keys and such, they at least offer some protection.

Network security and such is, obviously, an entire different story and to be honest, I would not even like to put those to the test either.

© M Smith (Veshengro), October 2008