In a recent post, I asked if Americans were truly the most stupid people on the planet.
They may well be, but when it comes to incompetence, it appears that some folks here in Britain are not far behind, at least in the “Whoops! Apocalypse” stakes.
And at least the American morons tend to do us all the dual favours of:
- Killing themselves off and therefore removing themselves from the gene pool
- Killing themselves in ways that are so dumb, they are at least entertaining.
…whereas the incompetence demonstrated yesterday in the announcement by a very sweaty Alistair Darling on behalf of the HMRC that the personal details (including bank accounts) of some 25 million citizens have effectively been “lost in the post” was not only NOT funny, it was FRIGHTENING!
Of course the minute you add any form of Government into the formula, you effectively get “Incompetence Squared” and this is certainly true about HM Revenue and Customs. But even with this huge “I2” factor, it’s fair to say that the HMRC have outdone themselves in a spectacular fashion.
This fiasco would be bad enough if it was genuinely a one-off or first offense. Unfortunately it’s just the latest in a rather long line of security-related database fuckups by the HMRC specifically and the Government in general.
Here are just a few of the HMRC highlights:-
- September 2005 – HMRC loses a CD-Rom containing unencrypted data concerning a company called UBS and it’s employees
- 15th December 2005 – HMRC admits that the personal details of up to 13,000 civil servants have been stolen.
- 8th October 2007 – An HMRC laptop holding sensitive data on an estimated 400 individuals is stolen from the boot of a car.
In every case, the reaction of the government was pretty much the same; make a token apology, pay lip service to “improving procedures” and then hunker down to ride out the shitstorm.
The problem is that you can put all the procedures in place that you want, but if they are not going to be enforced in a consistent manner then they are a complete waste of time, because no-one will follow them. People are like water – they tend to take the path of least resistance and if the protection procedures are not enforced then they will be ignored.
…which is why history keeps repeating itself.
The one tiny silver lining in this dark cloud (at least in my humble opinion) is that – with luck – this balls-up may spell the death of the National Identity database farce. Forget the grave issues of personal privacy, enormous cost and inconvenience – it should be blatantly clear to anyone with half a brain that the Government simply cannot be trusted to protect this information – and their track record bears this out.
And for the few that (against all the evidence) may remained unconvinced, keep an eye on Westminster to see what the government response will be to the following questions:-
- How exactly did such a “junior” civil servant obtain access to such a vast quantity of sensitive information?
- Why was the junior civil servant allowed to burn this info onto CD-Roms without using any form of 128 or 256-bit encryption?
- Why is the Government still exchanging information between departments on DISK?
- Having established that the first (unrecorded) deliver of disks from the HMRC to the National Audit Office had failed, why did the HMRC then send out a SECOND copy of the disks, still unencrypted?
- Alistair Darling stated that if someone was an innocent victim of fraud as a result of this incident, they would have protection under the banking code and would not suffer any financial loss. In other words the government will cover the loss…with our taxpayers money?