Tuesday, November 20, 2007

Great Inland Revenue Disaster

And with one almighty clanger the whole of Britain said "How can we trust these people on ID cards ?"

But don't think that'll stop them, any more than voters rejecting it stopped the EU constitution or the North East referendum will stop them trying to break up England into 'regions'.

On tonight's PM programme Jane Kennedy, Secretary to the Treasury was arguing that the IR systems were old and therefore less secure, whereas the shiny new e-enabled identity scheme was more modern and therefore would be more secure. At which my daughter said "It's like the Titanic, the 'unsinkable' ship".

Of course it makes very little difference how old the system is, given that at the heart of just about every system is a database - unless you encrypt the database and build decryption into the access method. Strong encrypting/decrypting takes time and computer resource, slowing response times and making bulk querying of the data a big job for even modern computers. Third parties can send data to HMRC via a "secure gateway", although it would take a long time to shove 25 million records down a pipe. A disk is probably as good a way as any - if you encrypt the data and use a trusted courier. I wouldn't like to be in the shoes of the poor chap who dropped this particular testis.

Systems were in fact a lot more secure twenty years back, when pretty much everything was on a mainframe or midrange. If you did wander out with a tape under your arm you'd still need an IBM tape machine and some kind of large computer. Now an ill-intentioned person could get all those client details onto a keyring flash drive or with a quick CD burn, and have all the resources to dice and slice the data available at home. I wonder if and how HMRC stop flash drive usage, given that USB runs the keyboard and mouse on modern PCs ?

(Ms Kennedy's qualifications for making her statement include "residential child care officer at Liverpool City Council (LCC) (1979-1983) and care assistant at LCC Social Services (1983-88). Other past roles include Branch Secretary (1983-88) and Area Organiser (1988-92) of the National Union of Public Employees (NUPE)").