Tag Archives: Gordon Brown

Now you CD it, now you don’t

Bank Account DataIt is good to see that Paul Gray resigned from his position as chairman of Revenue and Customs. (It was even better to see Alistair Darling squirm, but that was a more vindictive delight). I’m wary of gratuitous scape-goating with this business of the CDs that have gone missing containing the details of 25m people and 13m bank accounts. However, whatever way I look at it I come back to the thought that there are two ways to secure data, and both start right to the top.

The first way to secure data is physical: you make it physically impossible for your staff to export data. You install PCs without CD drives and disable the CD drives on the PCs which have them. While you are at it you disable the USB ports and impose limits on sending emails with attachments. You place limits on the changes that most people can make to their PCs, and provide them with a help desk and an audited order process to use when they want to do something outwith their permissions. None of this is hard and none of it is particularly expensive, though all of it makes things inconvenient for your staff. Not as inconvenient as having to clear up the mess when the details of 13,000,000 bank accounts get into the wrong hands, of course, particularly when the banks turn sulky and say “we’ve done nothing wrong and we aren’t paying for your mistake Mr Darling”. The banks have every right to be irritated since they do make sure that it is very hard for any member of their staff to steal data. This approach does require that those at the top take security seriously and ensure that adequate security policies are written and that the technology is configured to support those policies. Not rocket science, more a question of those at the top prioritising security, employing competent staff and saying “Make it so”.

The second way to secure data is through cultural norms. You make it impossible for someone to think it’s ok to copy personal data on to CDs and bung them in the post. Likewise you make it impossible for someone to think it’s ok to use real data as test data for new systems, or to dispose of confidential waste other than by shredding it, or to walk away from their desk without activating a password controlled screensaver, or to write passwords on post-it notes, or to look up someone’s personal data without a valid reason, or to leave a laptop in a car or an unlocked cupboard. You make it socially acceptable for someone to say “no, I’m sorry, I’m not swiping you in to the building with my card” or “no, you can’t use my account if you’ve forgotten your password”. This sort of security-focused culture is hard to create where it does not exist already, but it is relatively easy to maintain. The code-breaking at Bletchley Park remained a secret until the 1970s despite the fact that over 10,000 people worked there. A culture of treating data security responsibly is, without a shadow of doubt, down to the leaders to create, take seriously, pay for and maintain.

Slackness about data appears to be endemic at HMRC, which is the point that I am making. According to the Guardian “The chancellor explained that in September the records of 15,000 Standard Life customers had been lost in transit from HMRC offices in Newcastle; in the same month a laptop and other materials were also lost.” The article also mentions 41 missing laptops.

So no matter how I slice and dice this one, I cannot let Gordie off the hook. HMRC was his bailiwick before it was Darling’s. This is the government who’s attitude to security was sufficiently cavalier for the personal details including names, addresses, religious beliefs and sexual orientation of tens of thousand of doctors to be posted unsecured on the internet. This is the government who wants to put you full medical history on the NHS spine. This is the government who want to impose ID cards on us all.

Data is incredibly powerful when it gets into the wrong hands.

The problem is, it’s already in the wrong hands.

Casinos, clutter and compliments

Throwing good money after badThis pleased me today: Brown scraps super-casinos.

Making gambling easier is such a bad idea I don’t know where to start. Colour me patronising, but there is a huge difference between putting a fiver on the gee-gees once in a while, and losing hours and days of your life and plunging profoundly into debt somewhere which is basically a forest of slot machines.

You see, the “Super-Casino” is not a matter of James Bond, Monte Carlo and sophisticated elegance, it is a matter of how many slot machines can you fit into one place and still have room for a bar. The bar is part of the business model – if people are sober they are more likely to know when to stop. At its simplest, what happens in Supercasinos is that people are drugged and robbed. Consensually, of course, but even so that’s what it boils down to.

The Blair government’s insouciant encouragement of the Supercasinos in the UK was one of the many things they did which disgusted me and made me uncomfortable here. It was a telling symptom of that particular regime’s impoverished imagination, lack of moral compass and cynical opportunism. Remember Cool Britannia? How smug and shallow was that?

Anyway – I’m not going to rant about something which is over and done with. I’m wary of Gordon Brown, but in this case I think he’s done well. It’s a bugger for Manchester and the other bidders, but it was their own greed that done them in, and in the long term the people there will be much better off without it.

At the moment it feels as if the kiddies have been sent home and the grown-ups are at last running the place.

I wonder how long it will last?

I’m still de-cluttering. Today I got rid of three whole things and formally met some up-hill neigbours at the same time. Freecycle is a wonderful thing. I’ve been waving to these neighbours whenever I’ve seen them for two years but, being English, we haven’t actually – you know – spoken to each other. That would be forward of us. Well they wanted some of my stuff so I took it round, and now we’ve actually met, which is pleasing.

My boss asked me how old I was today and seemed really scunnered when I told him. He said “if you’d told me you were in your late 20s, I’d have thought you looked a bit rough but believed you”. It’s a compliment, I guess, but I had to laugh at the inelegance of it.

If I could ask Tony and Gordon…

At the suggestion of Mums 4 Medics, I have just spent a happy 15 minutes asking Tony and Gordon how they feel about being treated by consultants who have had 6,000 hours specialist training instead of 30,000 hours, and other questions relating to MMC and MTAS.

But then I had to stop.

All I wanted to ask was stuff like “how can you look yourself in the mirror?” and “in what world is 1,000,000 people marching to London to say ‘not in my name’? a mandate to start and illegal war?” and “why don’t you just drop dead you complacent piece of shit?”

So I had to stop.

You might have better luck.

Ask Tony and Gordon

And for their next trick….

Here’s a question for you, and it’s a serious one.

Ms Hubris will be reshuffled out of the DoH when Commissar Brown inherits the throne in the summer.

What happens next? Which of Brown’s rottweilers will be pointed at the NHS? What will their brief be?

And most importantly, what should we be doing now to brace ourselves for the change-over?