Security Begins At Home (Office)

Well, it's happened again; though the Department of Work and Pensions says there's nothing to worry about, millions of private identities are on the loose - again.

This time, a data stick containing the passwords of people who used the UK Government's Gateway system for everything from tax returns to fine payments was found - wait for it - in a pub car park. Do you want to know how many times the identities of UK citizens have been lost since the amazing bungle that saw 25 million child benefit claimants' details lost in the post last year?

According to the Daily Mail, the Information Commissioner says it's 277. That's data loss incidents, not lost identities.

A couple of months ago, I tried calculating the number of identities government contractors have lost for an article I was writing. My estimate was that about half of us have had our details lost (some of us multiple times) by the very people who should know better - contractors cleared to work on or engaged in managing supposedly secure UK government systems. But are these systems even secure in any meaningful sense when it's clearly possible to simply copy live, sensitive data to a USB pen drive, slip it in your pocket and leave the building so to speak, or when it's possible to take a laptop containing such data home and leave it to be stolen from the back of your car overnight?

The concept of "secure" when applied to government data systems seems increasingly to be a nonsense. What the hell was someone doing with live data in a pub car park anyway? This leads me to a very grave question; one I'd seriously rather not be asking, but one that needs asking.

How long until someone reads the data they find on a lost USB stick or stolen laptop, and realises it's worth far more than simply punting the hardware around the pubs or on eBay? What happens when someone with serious terrorist intentions buys such data and picks YOUR identity at random to buy the equipment for an atrocity? How do you explain to the very nervous anti-terrorism officer screaming and pointing a loaded machine gun at you that you're an innocent, law-abiding dupe, and that it's the government itself that's ultimately responsible? The answer is, you can't.

The rate at which the government is haemorraging our identities is horrific: 277 data loss incidents divided by 12 months is an average of 23 incidents a month or about 5 a week. Under any circumstances, this is completely unacceptable. In such apparently dangerous times, it's deeply and criminally incompetent to the point of recidivism. It's getting to the point where I'm seriously beginning to fear that not only will politicians but the civil service itself lose the confidence of the British public. What happens then? I shudder to think what stupidity may pass for a solution, or what dangerous new influences the country may fall under as we look for a quick fix to a terrible mess.

Instead of our Home Secretary insisting that we, the poor sods who form the great mass of innocent potential terrorism victims, must be monitored ever closer, the state should be watching those whose job it is to keep us safe. Because no one in Whitehall seems to have figured out who those people are, I'll spell it out. They must begin with the people we have no choice but to trust with all our identities. Ultimately, that's themselves.