Editor's Blog: Missing data, missing brains

The fallout from the loss of sensitive data held by Her Majesty's Revenue and Customs on 25 million people is only just beginning to be felt.

From my point of view, it's rare indeed that the subject of two silicon.com campaigns - scrutinising the technology behind the controversial ID cards project and our Full Disclosure campaignwhich calls for improving data protection - collide on the front page of every national newspaper. But this week they have.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

From the perspective of a publication that has been following every twist and turn of both issues for some time, several points suggest themselves.

First, this story isn't all about the technology. This is a failure of imagination and in passing a failure of technology and process.

Certainly technology could have helped here. Indeed it would have been a wise move to architect the system so such a download was impossible unless authorised by a senior official. And some encryption wouldn't have gone amiss, either, if they really needed to download it to a CD.

A system is only as strong as the weakest link, and boy, were there some weak links here.

The loss of the data has led some to call for the scrapping of the ID card project too and reinforced a sense government technology projects will always end in failure. The argument goes something like this: imagine what catastrophes they would be able to engineer if we gave them access to our fingerprints and other biometrics.

silicon.com has been watching the government's ID card project from the start - and what we've seen so far hasn't filled us with optimism about the rollout of the project. We've certainly had our questions about the wisdom of that initiative and now would be a great time for the government to reassess what it really thinks it stands to gain.

But the bigger issue is the government's attitude towards the data it holds. That failure of imagination I mentioned earlier.

And the data they hold? That's our data, by the way, not theirs.

No one should think it's a good idea to download a database containing the confidential details of 25 million individuals and then send in through the post on a CD.

We might hand information about ourselves over to them in exchange for access to services, such as child benefits. But we - and the government - must recognise we are only lending that data to them and that they have a responsibility to protect it. They must treat it with the care and respect it deserves. That's the biggest problem here - the failure to recognise that data as sensitive and worthy of better protection.

At the moment there is a sense that once we hand over data they can do whatever they want with it - download it onto a CD and stick it in the mail.

Perhaps one small step forward that may come out of this whole mess is the government departments and businesses that hold data on us will realise they need to rethink their attitude. Imagine that.