Gordon, where are the CDs?

In 1945-6, the British government brought in a system of child benefit, this paid parents a cash payment of 5 shillings per week per child. Today in 2007, for your first child, you get £18.10 a week (38 dollars) per week, and £12.10 (25 dollars) for every additional child.

In October, a branch of the British government called the "National Audit Office" asked another branch "Her Majesty's Revenue and Customs" for information about the Child Benefit system. So the full records of all claimants (7.25m families, 25 million individuals), were burned to two CDs(/DVDs) and sent by courier.

The problem is these CDs, containing personal and bank details, never arrived. Civil servants then Police detectives were scrambled to try to find them but the disks were not found. Yesterday, a whole month after the CDs were lost, the British Chancellor made a statement to Parliament, and today the Prime Minister has apologised to Parliament.

Now it could be that the CDs are in the back of some post office somewhere. However, if they have fallen into the wrong hands, then potential identity thieves have had a month's free head-start to attack people's accounts, apply for credit cards, undertake social engineering scams and so on.

Now these government people are idiots, yes, but lets deal with the wider problems.

1. End the War on Encryption

The political debate so far has blamed the method of transfer, a basic courier service rather than transferring the CDs by using police or whatever.

However, the data on the CDs should have been heavily encrypted, so even if they were lost, they would be useless to anyone.

In the past, the wide and automatic use of encryption was not feasible because encryption and decryption took so much processing power.

However, in 2007, computer processors are very powerful indeed, the processing requirements of encryption and decryption are minuscule. Everything that moves should be encrypted by default - all laptops, all portable storage, all network data.

There is one thing standing the way of easy and prevalent encryption in the UK, the British government itself. It has started a war on encryption. The government was not too keen on citizens or businesses using encryption before, but on October 1st, a new law came into force about how they want us to hand over our encryption keys to them (you must be joking, they can't even secure their own data).

Terrorists will just delete their private keys, after all if they are willing to blow themselves up then deleting a file or two is hardly an inconvenience. Legitimate uses become strangled in the layers of redtape and bureaucracy. You reduce the use of something by 95% for every form that you add to it.

So far the new law has been applied to a bunch of raving vegetarians who have had their computers seized. It remains to be seen if the government gets into the data or not (I suspect they will not).

Laws like this will always fail because you cannot combat technological problems with legal instruments; only technological solutions can solve technological problems. This law may well become irrelevant very soon because it is unworkable, like the law against putting a picture of the queen upside down (accidentally broken almost every time someone has to put a large number of stamps on envelopes).

Let's look at one loophole, the 'notary problem', i.e. data encrypted with keys not held on the local system. Imagine that people start keeping their private keys on foreign machines, say with some other crazy vegetarians in Switzerland or somewhere deep in Siberia, and open secured connections when decrypting data. When the police raid and take away the machines, this will tripwire the remote system to no longer accept the secure connection. There is nothing the local crazy vegetarians can do (or be made to do) to decrypt the data, it is out of their hands.

2. We Need Distributed Identification

The second problem is that holding such a large amount of sensitive private data on citizens in a single place is just a bad idea. Almost every government department is amassing large amounts of private data in lots of different places. The government is not qualified or resourced to do this, so lapses in security of the scale of the above event will become increasingly common-place.

Adding more gaffer-tape and cotton wool to a broken system is not the answer. It is time to move beyond this centralised data piling and move towards distributed identification. Citizens should be able to control their own data. Democratic control of data means there is not a single point of failure. No government can or should be trusted with our identification.

OpenID has proved that such a distributed identity system can work. A similar system for e-citzenship, perhaps based directly on OpenID, is required.

In some people's minds, this will raise the paternalistic question, 'What about people who cannot control their own data?'. I do not believe such people exist, or they won't by the time such as system could be implemented. Using a distributed e-citzenship provider to log onto your e-government services need not be any harder than the current e-government services already being implemented, and in many ways easier as you will not need many different sets of log-on details and passwords.

People manage to have their own bank accounts, you have to have one and the government does not do that for you. Having an OpenID-style credentials is no different than that, in fact it could be that, banks (among others) could offer themselves as OpenID-style identification and authentication providers, not forgetting of course that the whole idea of distributed identification is a diversity of identification providers, i.e. that anyone can offer themselves as providers (you can even host your own identification) and you can move between providers at will, this competition helps to keep the identification providers honest and secure, at least they cannot do any worse than the government. When the government has a monopoly on identification then it has no real incentive to be secure, as we can see by these week's news.

3. A National Identity Register is a clear and present danger to the British people.

The government doesn't really care about security of our data of course, they only care about control. So instead of distributed authentication, they are trying to build one massive tower-of-babel database that every tom-dick-and- harry will be able to use to stalk you or steal your data.

A single system with all the information that the government can gather about us, including fingerprints of the vast majority of the population who have never committed any crime, where you went to school, where you have worked, what taxes you have paid, what benefits you have claimed, what property or cars you own, what countries you have travelled to and so on.

This system is a giant single point of failure that foreign crackers or disgruntled no-ones will be able to use for criminal activity. Almost every large IT government project for the last 10 years has backfired, this will be no different, only on a far bigger scale.

Discuss this post - Leave a comment

Entry on Digg.com