Personal Data Security

[ans]

As you as a moderator are responsible for curbing this breach of forum policy Ans, have you not considered resigning and picking up a £200,000 a year job on another forum?

 

I aint taking a paycut for nobody.

[P.K.]

The solution is to lock it down as much as you can and implement controls, that includes prevending clerks from exporting the data to CD.

 

To summerise, this data leak is a case for stronger security on central systems, not a indication that the government should stop storing our personal data at all.

Unfortunately, by their very nature, you are forced to de-centralise.

 

Because these systems have to available 24/7 a min config would be a base pair. One system accepting updates with the other taking staged mirrors. One goes down (and they do!) so everything is on the second. This now means it is vulnerable so with cheap & cheerful you should really have three systems. One to take over if you lose one while the other is out for sched med or whatever. Of course, you could lose the entire building from either a deliberate attack or a natural calamity such as some doom-brain pressing the EPO button instead of the Faraday airlock open as happened on one of my sites. It went very quiet before every phone started ringing!

 

So you have to have a further remote system. Again probably at least a triple constantly operational for instant switch 24/7 again mirrored on the first. Of course, this could suffer similar damage or be virused by a hack or whatever.

 

So you have to have a third site. Again three systems but isloated and secure as a very last resort.

 

Needless to say all three sites have to have comms in triplicate blah-di-blah-di-blah.

 

Mind you if you're a hardware manufacturer secure 24/7 sites are a license to print money...

[ai_Droid]

So you have to have a third site. Again three systems but isloated and secure as a very last resort.

 

Na, you misunderstand what I mean. I mean a centralised system rather than the physical database, as an alternative to governments current 'silo' approach, where different depts have duplicate personal data on different systems.

 

I wouldn't advocate any central database be in one physical location, I'd expect it to be distributed as you say. You still get the benefits of a central single system though.

[P.K.]

In a way it has to be done like that to prevent abuse.

 

Us guardians of the nations secrets had no end of difficulty in accessing tax records for example. It should be a simple matter to trace anyone working/drawing benefit/whatever but it ain't. Forget "Spooks" (on tonight with Hermione!) there are certain legal niceties, such as search warrants and so forth, that get in the way.

[Dodger]

How did we manage before computers, will society collapse?

 

Money gets stolen all the time?! You seem to accept this?! Do you also then accept that data will be lost? Based on your argument you do!

 

Your stupidity is actually beginning to depress me. Aren't you the guy who publicly winged at the school for over-zelous safety? Now you're suggesting no personal data is ever used ever again because of fears it gets stolen? You can't see how foolish you're being here? If there's a risk, you manage it. You don't give up or ban that practice. This is exactly what you were arguing in favour of in the case of the school.

 

As Ans says, you're repeating the same ill informed crap over and over, there's really nothing more to be gained here I don't think. Fucking glad you're not in my commisioners office though.

 

Your inability to see that data can be compromised depresses me! Once it is lost it can't be brought back, will it be like asbestos and you have to prove where your data was lost, before you can get compensation?

 

I would like to see you stand up in public debate over this, especially as a representative of the people! You keep on with the "everythings fine" approach we can always plug the hole once the data is lost, Sh!t happens! Glad you are not in a position where you can make these decisions!

[Cronky]

I would like to see you stand up in public debate over this

 

Me too. But without resorting to foul language and abuse!

[ai_Droid]

Your inability to see that data can be compromised depresses me! Once it is lost it can't be brought back, will it be like asbestos and you have to prove where your data was lost, before you can get compensation?

 

I've never once said data cant be compromised, you're making shit up once again. There's always that risk, like anything in life. Risk shouldn't prevent you from doing something. Remember the path in peel school? What's the difference? Once it is lost it can't be brought back? What arse is this?

 

I would like to see you stand up in public debate over this, especially as a representative of the people! You keep on with the "everythings fine" approach we can always plug the hole once the data is lost, Sh!t happens! Glad you are not in a position where you can make these decisions!

 

Publicly debate what? That data gets stolen? Of course it fucking does! Everything gets fucking stolen. What exactly is your point? You never get to actually saying it. Are you suggesting that we do away with data? That everything from now on is written in sand or on a chalk board, so there's no chance of any data being stolen?

 

We give data out all the time. A 16 year old clerk in a pension company in athol street has access to our salaries, our health history, our NI numbers, our address, pretty much everything that's sensitive, far more sensitive data held in one place than the goverment holds. Do you shit a brick about that? Every tin pot website hosted fuck knows where that you use has a copy of your name, address, email address, telephone number, purchase history, browsing history and credit card details. Are you fussed? Google has thousands of employees, distributed servers worldwide containing your surfing history, your emails and the entire contents of them, your ewallet and banking information if you use that service, all your photographs if you use picassa, is anyone screaming about that?

 

The government, an audited and responsible authority, wants to hold similar data, and you wet your knickers. You're irrational, you really are.

 

You elude to all sorts of horrors and scenarios, but it's all bollocks. We need data, data exists, why the fuck you're suggesting we somehow 'manage without' is beyond me.

[ai_Droid]

I would like to see you stand up in public debate over this

 

Me too. But without resorting to foul language and abuse!

 

Fuck off.

[Cronky]

Can I just ask you again, if you could please refrain from using foul language.

 

Many Thanks.

[ai_Droid]

Can I just ask you again, if you could please refrain from using foul language.

Many Thanks.

 

Why? You've not granted my request to acutally make a fucking point when posting to the thread. I find your sniping at me for my language offensive too.

 

What is it you'd like me to publicly debate?

[ans]

Can we try to stay a little more civil please? Any salient point you do have to make is kinda getting lost right now.

[Cambon]

Publicly debate what? That data gets stolen? Of course it fucking does! Everything gets fucking stolen. What exactly is your point? You never get to actually saying it. Are you suggesting that we do away with data? That everything from now on is written in sand or on a chalk board, so there's no chance of any data being stolen?

 

We give data out all the time. A 16 year old clerk in a pension company in athol street has access to our salaries, our health history, our NI numbers, our address, pretty much everything that's sensitive, far more sensitive data held in one place than the goverment holds. Do you shit a brick about that? Every tin pot website hosted fuck knows where that you use has a copy of your name, address, email address, telephone number, purchase history, browsing history and credit card details. Are you fussed? Google has thousands of employees, distributed servers worldwide containing your surfing history, your emails and the entire contents of them, your ewallet and banking information if you use that service, all your photographs if you use picassa, is anyone screaming about that?

 

The government, an audited and responsible authority, wants to hold similar data, and you wet your knickers. You're irrational, you really are.

 

You elude to all sorts of horrors and scenarios, but it's all bollocks. We need data, data exists, why the fuck you're suggesting we somehow 'manage without' is beyond me.

 

Hats off to Droid. Post of the year. What he is effectively saying is we should trust the government with all our sensitive data because data security is crap and our data has been lost anyway, so there is nothing to worry about.

 

Seems a perfect end to the security debate to me!

[ai_Droid]

Er, no, I'm not saying that at all:

 

Yes, always the case. But to argue that we should stop using such systems because of this is insane. The same risks exist in practically every other system in use also in any other industry or persuit, the risks come in when you add people. The solution is to lock it down as much as you can and implement controls, that includes prevending clerks from exporting the data to CD.

 

To summerise, this data leak is a case for stronger security on central systems, not a indication that the government should stop storing our personal data at all.

[Cronky]

Er, no, I'm not saying that at all:

 

Good Lad! One whole post without a swear word. Keep this up until break and I'll give you a choccy bicky!

[Dodger]

Cambon is right, you have said that the data will get QUOTE(ai_Droid @ Dec 4 2007, 01:14 PM)

Publicly debate what? That data gets stolen? Of course it f*cking does!

 

THAT IS THE POINT!!!!!

 

A central database with ALL your details is a perfect target, whereas a lot of different computers means that you have to hack them all to get the data. The central database because so many people will want access to data will get bombarded with requests and access will end up being compromised. The other possibility is crashing the system or putting in worms or viruses.

 

Thanks for confirming what we have been saying, very elequently as well