More “facts” on HMRC’s missing CDs

It has emerged that the extra security protection on the missing child benefit CDs might have been nothing more than Winzip release 8.


Interviewed on BBC Radio 4’s Today programme on 21 November 2007, a day after his statement to the House of Commons on the missing CDs, the Chancellor of the Exchequer Alistair Darling had implied that the CDs had a level of protection beyond that of a password, but he declined to give any details.

The Chancellor told the “Today” programme:

“They [the missing CDs] are password protected but they are not encrypted. There are other procedures which I really don’t want into go into for obvious reasons. There are other things that … (a stumble) …. something on these CDs which would prevent, would actually put a barrier to, finding out what was on them. But they are not encrypted in the way you describe.”

Now HMRC has confirmed that the missing CDs were “protected” by Winzip 8.0 which allows for compression and password-protection but not encryption. Files can be self-extracted without the use of Winzip – hardly impenetrable security.

It’s Winzip 9.0 that contains the US government-approved Advanced Encryption Standard which is said to be secure if a passcode is of adequate strength – a 10-character password does not qualify.

Since HMRC’s CDs went missing the organisation requires that staff use more secure passwords so that there are now at least 20 characters and at times 30. And for further protection HMRC now employs a head of data security.

If the extra security that Alistair Darling was referring to so enigmatically on the “Today” broadcast was merely Winzip 8, he was being disingenuous in the extreme or, more likely, was poorly briefed.

Darling’s statement to the House of Commons on the involvement of a “junior official” in the downloading of child benefit information onto CDs is also looking increasingly disingenuous. His statement implied that the CDs were lost because a junior official at HMRC and another at the National Audit Office circumvented procedures.

HMRC is now conceding that the problem could be traced to faulty system design: staff were able to load the child benefit data onto a desktop computer, albeit one in what is called a secure environment, for compliance reasons – to check whether those in receipt of child benefits were entitled to them.

Even today senior management at HMRC does not know how it was possible for its staff to download a full copy of child benefit database onto a desktop, without any serious security restrictions.

It may be that the work of the Revenue, now that it includes tax credits, Customs and Excise, and national insurance systems, is simply too complex for senior managers to comprehend. An incident that followed the announcement of the missing CDs gives an insight into the potential for internal chaos.

A member of the public contacted an MP to say:

“I have just had an apology letter dated 21 November, 07 from Dave Hartnett, Acting Chairman of HM Revenue & Customs, apologising about the error of losing my personal child benefits data, including my bank account…which I was expecting.

“However, it’s ironic…I’ve also received seven other apology letters that should have been sent to other members of the public in the same predicament.

“I’ve got all their national insurance numbers, their child benefit ref. number, name and address. It really is…an absolutely awful mistake when they are trying to re-instill confidence.

“I have of course reported this to the HM Revenue & Customs helpline…I spoke to a gentleman… he made me aware I was not in the minority…this had happened to a number of individuals and [he] asked me to relay the national insurance numbers”.

Links

Missing CDs – HMRC’s reply on whether it over-reacted

Winzip 9.0 review

Data fiasco keeps getting worse

Ex-HMRC chief lands £200,000 Whitehall job

Data privacy and security breaches still continuing despite the HMRC scandal publicity

Four immediate thoughts about the catastrophic HMRC data loss

Alistair Darling’s statement to the House of Commons on 20 November on the missing CDs

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Well we are getting closer to the truth now:

"HMRC is now conceding that the problem could be traced to faulty system design: staff were able to load the child benefit data onto a desktop computer, albeit one in what is called a secure environment, for compliance reasons - to check whether those in receipt of child benefits were entitled to them."

But the fundamental question this statement raises is why appropriate audit tools were not built into the system in the first place. It is blindingly obvious that any financial system needs audit functionality - both in terms of the financial elements (to ensure correct calculations and payments) and in terms of user and operational security (to prevent fraud by staff and allow validation of access control mechanisms).

So why was such functionality not part of the system? An appropriate system design would have obviated the need for the database to be downloaded to a PC (with all the security and fraud implications inherent in such behaviour) and could have automatically provided appropriate data for audit and validation purposes without compromising the data protection and secutity needs of the public.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close