WRITTEN ON December 11th, 2007 BY William Heath AND STORED IN Data nitwittery, Foundation of Trust, What do we want?
Oh Lord. Yet another isolated incident.
The Driver and Vehicle Agency in Northern Ireland has lost the personal details of 6,000 people. The data was on two discs and went missing after being sent to the agency’s headquarters in Swansea. The DVA said the data was being provided in response to a safety recall by a number of manufacturers. The head of the agency said the information was not encrypted. It included details of 7,685 vehicles and more than 6,000 vehicle keepers.
You’d hope it was a case of “it’s all coming out now” as people queue up to confess all to Richard Thomas. But no, these were declared lost on 5 Dec. Unencrypted, again. Unbelievable.
[Deep beath] Wibbi CESG swallowed its pride and asked departments routinely to use the free and widely available Winzip, version 9 or later of which includes the excellent AES-based encryption algorithm built in by the people’s very own straight-talking security expert Dr Brian Gladman, formerly of their ranks? C’mon spooks. ‘Fess up, say sorry, and let’s try to get it right. We’re all in this together you know.
Actually, this sounds like the classic error in the design of the “system”:
When the DVA system and its security features were procured, the design brief probably ignored the need to communicate with other organisations.
I’ve often seen this, especially in government systems.
Unfortunately, it’s very difficult to persuade government customers to consider including any elements (ie. organisations) which they do not control.