In the age of leaky data, there is no such thing as a secure online computer
PCs have a multitude of uses, but, as a string of recent scandals illustrate, private information storage is not one of them
Simon Jenkins
Friday 7 December, 2007
The Guardian
What did you do, Grandad, during the great database scandal of 2007? Oh, I don't know, son, I burbled on like everyone else about progress, terrorism, encryption and teething troubles. What were hospitals or schools, we said, compared with a mega-giga-computer that could hold all the nation's sniffles on a disc and dock their bank balances for every speeding offence? In those days every official was Lenin on a laptop and Mao in a mainframe.
My own moment of truth came years ago in a shanty town outside Bangalore. Satellite TV had invented an encoder that meant that its signal could only be used by paying customers. It was hack-proof. Above a row of corrugated iron huts I saw a hand-written sign that read: "We decode all satellite coders. Inquire within." The ionosphere was open. There was no such thing as secure.
This week Britain's information commissioner, Richard Thomas, confessed that "a stream" of sheepish data custodians had formed outside his door "on a confessional basis" after last month's Revenue & Customs child-benefit data leak. They had all lost material that the public had entrusted to their care. They had taken it home, posted it somewhere, left it on a bus, dumped it in a bin or sent it to some government department.
The Revenue's version of a hi-tech firewall was a police hand-search of shelves on Tyneside, at Buckingham Palace Road, in a Blackpool post room and on various London rubbish tips. Thomas was reduced to telling the Commons that he doubted if the Home Office's "massive [identity] database, recording every time a card is swiped through a terminal" could ever be made secure. There would be thousands of terminals.
Anyone surfing the nether world of computer geekery will encounter an industry now obsessed with security. Books, seminars, consultancies talk of nothing else. Round every corner lurk cybercrooks, supernerds, voice-over-IP attackers and third-party cookie blockers. Rogue attack programmes continuously scan government websites, seeking weaknesses. The American Sans Institute, in a report on this subject, reckons that such a programme will access any personal file within five minutes of breaking through a security barrier. Encryption does not work. As soon as O2 signed a sole-user deal with Apple's iPhone, IT freelancers were offering to convert any iPhone to Vodafone or Orange for under £50.
According to Computer Weekly, the advent of "mulit-gigabit wireless" computer networks will be "a security timebomb". Without a single traceable wire, the ether will be as open as the Library of Congress to anyone caring to download one of the internet's DIY hacking programmes. Nor is this just for nerds. The Russians, as a diplomatic gesture, shut down Estonia's government computer system. The Chinese are said to have attacked the Pentagon's main system earlier this year and penetrated the private office of the German leader, Angela Merkel. Dr No does not need a mountain hideout, just a laptop in Starbucks. Computer Weekly's website is illustrated by a man sending smoke signals from an office, an apt metaphor for modern computer security.
The groups most eagerly awaiting the government's ID computer are criminals and terrorists. The home secretary, Jacqui Smith, will supply them with detailed, supposedly confidential identification, including digitised biometrics, of every British citizen and visitor passing through immigration. There is too much scope for human error. The material "lost" by the Revenue included addresses of 350 police witnesses whose identity had supposedly been changed. NHS hackers will be able to offer employers and insurance agents any patient's full medical records. The government's ContactPoint child database is about to go online at an annual cost of £41m. It will identify and locate all Britain's 11 million children under 18, including those of celebrities. No opting out will be allowed and the base will be legally accessible to 330,000 officials - which means to everyone.
|
