It’s so easy to get caught up in the protection of data (or lack thereof) that it is easy to forget about the other primary goal of information assurance–getting correct information to the right place in good shape, accurately and on time, to preserve the confidence of the public in government’s ability to manage its own affairs.

“THOUSANDS of servicemen and women, including many fighting on the front line, are being underpaid because of failures in a new computerised pay system.”

…”The computer system, known as Joint Personnel Administration (JPA), was introduced in March last year in the Royal Navy and saw a flood of complaints from sailors not being paid their full pay. The RAF was taken on to the system in October last year, followed by the Army in April this year. The £250m system was implemented by EDS, which was widely criticised for its computerisation of the Child Support Agency.

One of the key problems with the system is that it requires senior officers to log in to authorise payments, which means that if they are away on operations, the whole procedure grinds to a halt. “The system is based on the design for a civilian pay system and takes no account of the complexities of the armed forces pay system,” one officer said.”

It’s a good thing that the British are so patient–these people are armed. It’s a very bad thing that we can’t get JPA right–ADP would have taken this on as an outsourcing project for a lot less than £250 million.

Hey Guv,

Just so you know, from what I’ve read (somebody please help me with the source–one of you must know) if you upgrade to WinZip 9.0 or above it comes with PGP encryption. If you then choose a password with 10 or more characters, you’ll probably be okay in regards to common criminals or the curious who come across your disc or file. Zip your files, communicate the password over the phone, send the disc by a trustworthy courier (or electronically), and this will work in the interim until you sort out something for the longer term. Oh–and don’t send more data than you need to.

Update: Ian Brown Says:
December 6th, 2007 at 9:59 am e
No. WinZip 9.0 contains AES (the recent US govt-approved Advanced Encryption Standard) which is secure *if* a password of adequate strength is used. A 10-character password does not qualify and could be guessed trivially by password cracking software. Key management is much harder than just using an appropriate cipher.

Tom Fuller Says:
December 6th, 2007 at 10:35 am e
Hi Ian,

Thanks for this.

How many characters should the password contain, and what proportion should be non-alphabetic–do you happen to know? I think that a lot of mid-level government staff would be able to use this information.

In related news,

“The Information Commissioner, Richard Thomas, said that a number of public bodies and private companies had contacted him over the fortnight since the HMRC incident was revealed to confess that they too had lost data.”

“Hundreds of people in police witness protection programmes have been put at risk by the loss of millions of child benefit records, The Daily Telegraph can reveal.”

Expect to see a lot more of this: “Now imagine that a company that you knew had just lost the details of 25 million of its customers, including some who are at risk of violence because of something they’d done for you in the past, was setting up a scheme to bring all of your biometric details together – every valuable confidential piece of information that identifies you as you – and was going to charge you £100 to join.

Want to sign up? No, me neither.

The National Identity Register is just that, a Government database to be used as the final authority for confirming identity. It will be shared with other Government agencies and even though it’s specifically prevented from holding some information (tax and medical records, for example), we’ve never had an electronic register of every British person before.”

When it comes to data warehousing, it’s becoming painfully evident that bigger is not always better.

The iconoclastic Tim Worstall starts the ball rolling here, and refers us to Ben Goldacre’s Guardian column here: “But it’s not. The leak last week wasn’t because of unauthorised access, it couldn’t have been stopped with biometrics; it happened because of authorised access which was managed with a contemptible, cavalier incompetence. The damaging repercussions for 25 million people will not be ameliorated by biometrics.

So will biometrics prevent ID theft? Well, it might make it more difficult for you to prove your innocence. And once your fingerprints are stolen, they are harder to replace than your pin number. But here’s the final nail in the coffin. Your fingerprint data will be stored in your passport or ID card as a series of numbers, called the “minutiae template”. In the new biometric passport with its wireless chip, remember, all your data can be read and decrypted with a device near you, but not touching you.”

Ben Goldacre also has a piece here that refers to an academic paper enchantingly titled “Impact of Artificial “Gummy” Fingers on Fingerprint Systems” by Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino of the University of Yokohama. “This paper reports that gummy fingers, namely artificial fingers that are easily made of cheap and readily available gelatin, were accepted by extremely high rates by 11 particular fingerprint devices with optical or capacitive sensors. We have used the molds, which we made by pressing our live fingers against them or by processing fingerprint images from prints on glass surfaces, etc. We describe how to make the molds, and then show that the gummy fingers, which are made with these molds, can fool the fingerprint devices.”

Here’s the story on the day after…

I have said this before on this blog. There are countries where a national identification card is completely non-controversial. There are possible benefits to society from a well run and properly managed system.

But in my heart of hearts I do not believe that this country’s government (and I do not distinguish between political party here) is capable of building and operating an ID management system at this point in time without disastrous consequences to information assurance.

Via Kable: “Buckinghamshire and Milton Keynes Fire and Rescue Service is planning to use handheld technology for fire risk inspections. It intends to replace its paper based scheme with electronic forms on handheld devices, which make it possible to transmit the reports immediately to headquarters servers.”

Progress marches on. However, “Information captured is stored on the device until completed and automatically updated to a Fire Safety Management application provided by Consilium, which manages Fire Safety Inspections and produces statutory reports.”

A couple of things I hope they’ve thought of: What happens to the data in the device after the Consilium Fire Safety Management application is automatically updated? Does it stay on the device? Is it transmitted securely? And, of course, what happens if a device is left in a pub?

I don’t (at first glance) see that this information needs MI5 level of security, but the providers of this information do have rights under the Data Protection Act, and as property is money these days, I should hope there is some provision regarding this.

Here’s what I’ve hijacked from Kable’s website–click here if you want to see GC News in all its glory.

* I was going to applaud this until I realised that I don’t know what my rights are under the Data Protection Act–so instead I’ll just sit here feeling jealous of those who are better informed: “Individuals’ awareness of their rights under the Data Protection Act has reached an all time high, according to new research published from the Information Commissioner’s Office (ICO). It said that 90% of individuals know that they have a right to see information that an organisation holds about them compared to 74% three years ago. The nationwide survey, released on 14 November 2007, reveals that 87% of individuals know they have the right to correct inaccurate personal information held about them – a 10% increase from three years ago.

* “The Home Office has announced that a new UK Border Agency will unite immigration, customs and visa checks, backed by a £1.2bn passenger screening programme. The screening system programme includes a £650m contract, signed on 14 November 2007, with consortia Trusted Borders for a passenger screening IT system, which will work alongside the rollout of fingerprint visas. Raytheon Systems, the prime contractor for Trusted Borders, will work with Accenture, Detica, Serco, QinetiQ, Steria, Capgemini, and Daon. The electronic security system will screen all passengers before they travel to the UK against immigration, customs and police watch lists. International air, rail and sea ports will be covered, with all high risk routes into the UK covered by mid-2009. According to the Home Office, trials of the new system led to more than 1,000 criminals being caught and more than 15,000 “people of concern” being checked out by immigration, customs or the police.”

* “A government led ID management standards policy group will meet for the first time next week. The group, which includes a number of public sector organisations such as the Home Office, CESG – the information assurance arm of GCHQ – and the Central Sponsor for Information Assurance, will meet on 22 November to discuss how to coordinate ID management standards policy and understanding across the public, private and voluntary sectors. A major role of the group will be to establish a baseline for key ID management business standards and act as a change control authority to oversee how organisations implement standards and where they should be aiming.” *Sigh.* Maybe my invite was lost in the post.

* Well, I actually agree with the substance of this (Can I do that?): “The Department of Health has accepted the health committee’s recommendations on electronic health records. In an official response to the Commons health committee’s report on electronic health records in the National Programme for IT (NPfIT), the Department of Health said that in most cases it agreed with the recommendations and was already taking action on several. Among these was that it should set clear timetables for the delivery of patient adminstration, e-prescribing and shared local record systems. Delays in this area have been one of the major sources of discontent with the progress of NPfIT. Among the other recommendations accepted by the department are that:

it should let patients know as clearly and quickly as possible that explicit consent is required for organisations to share their detailed care records (DCRs);
the summary care record (SCR) should have a standardised front screen;
only patients should have the right to break the “sealed envelope” of confidential records;
there should be an independent evaluation of the planned security system for national applications; and
there should be custodial sentences for unlawful access to patients’ personal information. ”

In contrast, it has turned down the MPs’ recommendation that the Secondary Use Service, which makes anonymised data available for research, should not have access to data from “sealed envelopes”. “Patient consent to the use of anonymous or effectively pseudonomised data is not required by law, and the use of such data for secondary uses, such as research, is both accepted and actively promoted by the relevant professional and regulatory bodies,” the department said in its response document. It also turned down recommendations that access to the SCR should be through the new health insurance card, and that implementation of shared records should be devolved to primary care trusts.”

* Maybe next time it will work: “The government has dismissed the Electoral Commission’s call to pull back from e-voting. The government has rejected the Commission’s view that no further e-voting pilots should take place until the government has a comprehensive electoral modernisation framework covering the role of e-voting. It has turned down a number of proposals made by the Commission following the pilots that took place during May 2007.”

* I guess I’m not the only skeptic on e-voting: “Digital rights advocacy group ORG issued a statement on 13 November 2007 stating its “deep concern” at the government’s response to an Electoral Commission report on the May 2007 e-voting and e-counting pilots. ORG observers were accredited by the Electoral Commission to monitor the pilots - and observed serious failings in the process. The group said the government has ignored the fundamental failings observed in trials so far. This includes analysis by computer security experts that the technology is not yet sufficiently robust, and that remote voting systems threaten the privacy, allowing third parties to coerce and influence voters.”

* Someone’s stretching the truth here: “The government’s information watchdog has ruled that a visa application website breached the Data Protection Act. An investigation by the Information Commissioner’s Office (ICO) has found that the Foreign and Commonwealth Office (FCO) breached the Data Protection Act with its online visa application website.” Well, yeah, but when you tell us that “The security breach became apparent in May on a website operated in India by FCO contractor VFS. It meant that personal information about people applying for visas to enter the UK was visible to other people visiting the website. The FCO said that it immediately closed down its VFS operated online application websites in India, Nigeria and Russia. The recommendations of a subsequent report into the failures were accepted by the government…” Aren’t you stretching the definition of immediately? As we noted in August, didn’t the person who reported this to you continue to report this to you for a year? Didn’t they have to email you screenshots of other people’s information before you pulled down the website?

* Finally, for those social networking fans among you: “British servicemen and women are being warned off social networking sites like Facebook and MySpace. According to The Register, advice circulated in mid-October warned service staff not to post “your service connections on chatroom and dating sites”. Military bosses are worried that terrorists will use social networking sites to identify and target military personnel. The warning continued: “Be particularly careful if you are on Facebook, MySpace or Friends Reunited.” The document warned that organisations like al-Qaeda will continue to target “soft targets”. The Sunday Telegraph found nearly 900 Royal Marines on Facebook, and 72 members of the Royal Anglian Regiment.” Yeah, but what happens if you Poke a service member?

Via Kable: “The Land Registry has pulled potentially sensitive documents from its online service. As from midnight on 5 November 2007, online access to documents such as mortgage deeds and leases will be removed. Members of the public wishing to inspect or have copies of any such documents can do so by applying in writing to Land Registry. The move followed a report in The Daily Mail that criminal gangs have stolen £12m over the past two years by exploiting loopholes in the website. They gained access to documents such as title deeds to make it possible to sell properties they did not own.”

It’s a pity legitimate users of Land Registry information will no longer have access to these details, I guess, but what were sensitive documents like these doing lying around in the open air in the first place? Did any review of this take place?

After the fact, the Land Registry tried to ‘put this in perspective,’ saying that the £12 million in fraud was a small percentage of the fee income it generated.

WAKE UP. The £12 million in fraud in all probability represented a very large percentage of the total wealth of the individuals who were defrauded, each of whom had to go through a long and laborious compensation exercise and probably had to get the services of a solicitor to help them. Of course it had minimal impact on the Land Registry. It’s not their money. It’s not their information. It’s not their privacy.

It doesn’t seem as if anybody has noticed yet, but what Web 2.0 (really, it’s Web 1.05, in my opinion) is all about is databases accessible from the Internet.

A weblog such as this is a database with scripting that generates a valid URL and a time/date stamp when a field is entered. A wiki is the same thing, but instead of publishing the time and date stamp, it allows rewriting. Mashing up of data is just porting data from two different databases to a third location and doing useful work on the data at its new home.

All of the recognisable Web 2.0 success stories are variations on the theme: MySpace and Facebook, blog farms. Flickr and YouTube, modified blog farms–databases all.

I won’t really start thinking of Web 2.0 as Web 2.0 until it does what it says on the tin by incorporating off-net data into their offerings, and start sending fused data streams outwards, both on and offline. When SMS and Skype seemlessly integrate into a web offering, we’ve got something. When UpMyStreet automatically texts me to stay out of this neighbourhood because of night-time crime statistics, then we’re onto something. Similarly, when I receive an SMS in a bar telling me that someone with my Facebook profile is in the same bar and is available for conversation, then Web 2.0 is here. Because for me, Web 2.0 is all about moving information off the Internet and into the real world and vice versa.

Sadly, the information assurance issues regarding databases are significant and so far less than amenable to easy solution. Databases will take notes of changes made to them, but unless the data is archived before the change is accepted, those notes are only useful in assigning responsibility for errors and crime. Archiving large scale databases prior to accepting any change would be a bit impractical.

If anybody can talk us all through a practical guide to effective information assurance for databases, the comments field is all yours…. here’s hoping.

Via Kable, “Home Office minister Meg Hillier has insisted on the need to debate the future of the National DNA Database. Responding to parliamentary questions from two Conservative MPs on 15 October 2007, Hillier said the growth of the database, which now holds records of more than 4m people, has made a debate on its future development necessary.”

Benefits to society so far: “Hillier claimed that the database had been used to solve 452 homicides, 644 rapes and more than 8,000 domestic burglaries.”

Example of possible downsides: Tory MP Stephen Crabb “highlighted the case of 75 year old Geoffrey Orchard, who was wrongfully arrested and received a written apology from the police, but who remains unable to get his DNA information removed from the system.”

So let’s have the debate. I suggest on the BBC (they may be looking for cheap programming these days). Let’s by all means have some of the great and the good participate. But let’s also have some of the Awkward Squad and some ordinary citizens as well.

I suppose I should pretend I did all the research that produces the following, but I just opened the email from Bruce Schneier’s Cryptogram. If you’re serious about these issues (and why else would you be reading this?), click here to subscribe.

Quotes from this issue:

“Although it’s most commonly called a worm, Storm is really more: a worm,
a Trojan horse and a bot all rolled into one. It’s also the most
successful example we have of a new breed of worm, and I’ve seen
estimates that between 1 million and 50 million computers have been
infected worldwide.”

UK Police Can Now Demand Encryption Keys: “Cambridge University security expert Richard Clayton said in May of
2006 that such laws would only encourage businesses to house their
cryptography operations out of the reach of UK investigators,
potentially harming the country’s economy. ‘The controversy here [lies
in] seizing keys, not in forcing people to decrypt. The power to seize
encryption keys is spooking big business, ‘ Clayton said.

“‘The notion that international bankers would be wary of bringing master
keys into UK if they could be seized as part of legitimate police
operations, or by a corrupt chief constable, has quite a lot of
traction,’ he added. ‘With the appropriate paperwork, keys can be
seized. If you’re an international banker you’ll plonk your headquarters
in Zurich.’”

“Microsoft updates both XP and Vista without user permission or
notification. Microsoft can do this; that’s just stupid company stuff.
But what’s to stop anyone else from using Microsoft’s stealth remote
install capability to put anything onto anyone’s computer? How long
before some smart hacker exploits this, and then writes a program that
will allow all the dumb hackers to do it? ”

London’s 10,000 security cameras don’t reduce crime:
http://www.thisislondon.co.uk/news/article-23412867-details/Tens+of+thousands+of+CCTV+cameras%2C+yet+80%25+of+crime+unsolved/article.do
or http://tinyurl.com/286pab
This is a follow-up to a 2005 article:
http://www.thisislondon.co.uk/news/article-16856213-details/CCTV+’does+not+stop+crime’/article.do
or http://tinyurl.com/2tfjyf

Just go and subscribe, or read them on his weblog.