So the Revenue have lost some data. As the Independent puts it:
What kind of personal data is contained on the lost discs?
A frightening amount of information: names, addresses, dates of birth, child benefit numbers, national insurance numbers and bank or building society account details.
And the world has gone ballistic. So let me add a note of quiet sanity.
Can anyone tell me that all the fuss is about? ALL the above data on me would be readily available to anyone who wanted to find it with relative ease, at little cost and in minutes, I suspect.
It's not for one minute enough to aid theft of my identity. It is not going to give anyone an increased chance of cracking my bank account over and above the risk that anyone could at any time seek to do so using data form other sources.
So there's only one way in which to view the resulting drama: it is a completely political story on an admin mess up. OK, a big mess up. But let's put this in proportion. Child tax credits was a bigger mess up. And no one resigned. Carousel fraud was much bigger, and no one resigned. Tax evasion is bigger still and I can't hear the resignations.
All that's happened is some fairly low grade data has been mislaid. No one even knows it has been stolen. It's news. I agree. But then so is "Man bit dog" news. But these things it is not:
1) A resigning issue;
2) An IT failure (it was a physical admin failure);
3) A disaster;
4) A sign that the government is out of control of IT. The miracle is that every month people are paid what is due to them.
And if that's the case what is this:
1) A gift to the Tories, undeniably;
2) Clear evidence that the Revenue is under-staffed and under trained.
And that last one issue is the thing you can lay at the door of Gordon Brown and Alastair Darling. The disaster is that we are not spending enough on good public services.
This the real issue. Can we talk about it, please?
Thanks for reading this post.
You can share this post on social media of your choice by clicking these icons:
You can subscribe to this blog's daily email here.
And if you would like to support this blog you can, here:
1. I think there is a material difference between a determined identity thief with a target and just happening upon a list of 25m records to browse through.
2. I’d say it is an IT failure that someone (described as “junior”) can actually access all such records and more importantly download them and burn a disc with them on. I know of no individual in my much smaller organization with c 20,000 records of service users who could do such a thing without the explicit assistance of a senior officer in the one department concerned.
3. What it is a sign of is the dangers inherent in systems that hold so much information about so many people. It is nigh on impossible to make such systems completely fool proof. And one therefore has to question whether it is right to store such data in the first place centrally.
4. One has to question why NAO required such data in any case and whether transfer of such data between government departments and agencies is within the terms of their DPA registration and whether users of the service are made aware of that fact. Surely one department should have internal audit procedures that can then be verified as procedures by NAO without the original data actually being transferred between them.
“Quis custodiet ipsos custodes” right enough!
[…] Richard Murphy says there’s nothing to worry about: […]
Richard,
Thanks for the injection of sanity.
As one of those long suffering faceless bureaucrats at HMRC, it’s nice to know that the whole world isn’t making a drama out of a crisis.
Yes, someone didn’t follow procedures, and that’s a problem. It’s be nice though if the powers that be, and the public, would give as much credit for the things that go right (like http://www.manchestereveningnews.co.uk/news/c/1024144_aleef_bosses_jailed_for_fraud and http://www.cambridge-news.co.uk/news/city/2007/09/28/7f501e1f-3303-4b4a-93dc-0c29289e6fed.lpf for example), as they do criticism for things that go wrong.
Almost as if to prove my point that this issue is about political exploitation of Alastair Darling (who is, I think, fair game, but not on losing CDs) I get comments from the Tory Right (Those Missing Records) and a Lib Dem (Jock).
Rim Worstall fell off the edge of reason long ago, so I’ll ignore him.
Jock’s comments are just plain daft. What’s his solution? Abolish government, or IT, or tax, or audit checks on government? None would benefit society, and he must know it.
Both should be ignored by anyone living in the real world. That’s the one where mistakes happen.
Richard
This is about competance and trust, this government has lost both the trust of the electorate and its reputation for competance. Darling needs to go in recognition of the colossal failure this disaster represents.
Jock’s questions are all valid and if you were anything more interesting than a cheerleader for a complex and inefficient welfare state and its steady work for tax planners you would have addressed their substance rather than dismissing them out of hand.
The role and desirability of government are not settled, there is a debate raging chum, in fact it is central debate of our times. Your lot are losing.
Richard,
I’ve got news for you. Everything Jock says is 100% accurate.
Can you seriously not see the difference between a single ID fraudster targetting YOU and spending hours/days finding out all sorts of information about you and then utilising that to duplicate your ID, vs sufficient details falling into the wrong hands to allow ID fraudsters to do this to 25 million people?
I presume you are blissfully unaware that there is a well known internet based black market for this kind of information? If /anyone/ a bit dodgy gets hold of these CDs then that information, which PATENTLY IS ENOUGH TO PERFORM ID FRAUD will end up in that black market.
Do you have any idea how much that could cost the country?
You stating categorically in your article “It’s not for one minute enough to aid theft of my identity.”.
Sorry this is utter bullshit, and I’m pretty convinced you know it. If you believe this then please publish the following information about yourself on this page;
name
address
postcode
bank account number
sort code
childrens names
child benefit number
phone number
date of birth
childrens date of birth.
So far I can only find your name….. If you don’t publish this information then please remove that sentence as it will be obvious that /even you/ don’t believe it…
Z.
[…] Recent Comments Tax Research LLP on Crisis, what crisis?Gareth on Crisis, what crisis?Those Missing Records on Crisis, what crisis?Jock on Crisis, what crisis?Strive Notes » Isle of Man media fails in its duties? on Isle of Man – what use is a captive press? […]
Tired and emotional and Zorro are the last to get comment of this sort on here.
The first reason is that both provided no information on their identity.
Second, the comments are mock hysteria. This is not a disaster. That’s a complete mistatement of the situation. I can say that as I am well aware of fraud and theft issues. And controls. I am after all a chartered accountant who has had come considerable experience in audit.
But the reality is that those who want radical social change that will destroy the concept of walfare want to exploit this as an opprtunity to destroy society as we know it.
And I oppose the far Right perception of society. There’s a simple reason. It’s evil. And these comments seem to promote that evil.
Richard
Jock’s comments are just plain daft. What’s his solution? Abolish government, or IT, or tax, or audit checks on government? None would benefit society, and he must know it.
Since you know I’m a Lib Dem member presumably you have visited my blog – not that I expect everyone on whose blog I comment to do so – but if they’re going to make assumptions about me then I’d hope they’d have a look first.
As it happens, though a Lib Dem member I am pretty much a libertarian. A “geo-libertarian” in fact – one who believes that the only tax should be on consumption/occupancy of economic land (“geo” after Henry George) and that it should be redistributed as a cash citizen’s income without government pretty much spending any of it first.
So yes, I’d be quite happy for an end to the sort of government and tax and benefit systems that demand such huge amounts of personal data be held. This is all exacerbated by the complexities of the current system and so long as we continue to rely on things like incomes as our main tax base can only become more and more intrusive into our affairs.
In a land tax system you would of course need a land register, but it only needs some way of contacting the owner of a piece of land etc and need not contain stuff like dates of birth or bank account information, and is required anyway if you want to stake a claim on that land.
And audit – why does NAO need to audit the original data at all? In fact, if you need all the data it’s not really an audit is it (as in a sample taken to make sure everythings working as it should be). You could easily design an internal audit system that was verifiable by an outsider such as the NAO rather than them actually needing huge amounts of personal data being transferred between departments. If this is the way NAO/District Audit work, they should be overhauled as well and urgently.
And of course the difference between government IT and private IT is that if the private IT data holder were to do this then when I sued them it would be them and their business that paid the price. With the government, who am I supposed to sue without it costing all of us as tax payers? Nothing wrong with IT per se, just the way it is used and abused. PEBCAK we call it in IT support – “Problem Exists Between Chair and Keyboard”. I’m afraid when that is some Kafkaesque government office junior I have far less confidence that the right procedures will be enforced, because I am not a customer, except in their publicity brochure and so they ddon’t really have a financial interest in me taking my business away from them. Cos I can’t!
[…] Crisis, what crisis? […]
I agree totally with your point about proper staffing – we can’t have it both ways.
Apropos public spending and tax levels, it was interesting to read in Time this week that Denmark ranks third in the World Economic Forum’s competiveness rankings despite being very near the top of the league in terms of tax rates. A very interesting antidote to the tired old guff that gets wheeled out about potential damage to our economy if we dare tackle fundamental inequalities in our tax system.
You can find the article at http://www.time.com/time/magazine/article/0,9171,1684528,00.html
Richard – this is a VERY big deal. Fact is the ability of a person to step around an appallingly designed business process matters. A lot. The issue is one that any security specialist worth their salt could solve very easily. On the available facts, this is security 101 ‘stuff.’
All serious practitioners I know consider this to be an IT failure given that IT is so embedded in business process and especially in government’s various strategies.
The resignation of HMRCs chair should be enough to convince you that this is serious stuff. Especially as this was an apparently voluntary decision.
Government is not so stupid as to recommend people check with their bank unless they considered there to be a risk. The collected information is quite enough for fraudsters to engage in any amount of nefarious activities and the fact 25 million records are potentially affected only magnifies the risk.
I don’t think this gifts the Tories a thing. Government IT failures have been going on for many years. The Tories are not immune from that charge.
It is absolutely a matter of public confidence and trust.
Dennis
I’ve just done a blog saying sometimes you and I disagree.
This is one of those occassions.
It’s significant. Sure.
It’s not a disaster. That’s my point.
And I reiterate the point I’ve made: anyone can get hold of this stuff fairly easily anyway if they really want to. OK, so this is bulk supply but candidly I don’t think it changes the risk of fraud one iota. That’s already in existence.
So I still see this as a political issue. And the comments by the libertarians who have been exploiting this prove my point. If they had their way they’d use this as an opprtunity to close down benefits and the whole system of government. That’s a very real risk to a great many people in this country. Dammit, they threaten society as we know it.
So let’s keep it in proportion. Risk is part of any process. And no one has died here. Nor is anyone likely to lose much here. Maybe one or two will sacrifice their jobs. That’s life.
But in a few days this will be a non-event, so long that is that the bigger picture is seen – which is that this is much more than an IT cock up (although it’s that), but an exposure of political risk to those who want to radically transform society in their own self interest to the detriment of the majority and expecially the weak.
It’s the failure to see that which is so scarey in my opinion – and many others I know – none of whom are lying awake at night in contrast because their addresses may (and I stress, may) have been made available. Let’s also remember that point too. There’s a 90% chance this stuff will turn up in due course.
Richard