Occasional reflections on Life, the World, and Mathematics

Data and security


Security in the UK

Crime statistics in the UK are a mixed lot. On the one hand, the overall levels of crime victimisation are fairly similar to those in the US, Canada, and Western Europe, a bit on the high end overall. Homicide rates, on the other hand, despite recent well-publicised drops in the US, are still drastically lower (by a factor of about 3) in the UK and most of Western Europe (and Canada). Presumably this is attributable, at least in part, to the smaller number of guns. Gun murders in the UK are the lowest in the world, as a proportion of population, about a factor of 20 lower than in the US. (This does not directly contradict the “only outlaws will have guns” NRA rhetoric, if we generalise from a recent report in the NY Times, explaining that the classic random-mugging-murder is now extremely rare in New York, leaving mainly revenge killings and turf wars between drug gangs, and kinds of intimate crimes that are the meat of crime fiction. Gun bans, presumbly, have relatively little impact on the former — and the RMMs — but quite a lot on the jealous spouse and Double Indemnity types of crimes.)

While getting tough on lawbreakers, the hapless government of Gordon Brown is now having to answer for its own role in aiding and abetting identity theft. Supposedly a “junior official” of Customs and Revenue copied the entire database of families receiving the state Child Benefit (7.5 million families, comprising about 25 million individuals), including names, addresses onto compact disks, and sent them by unrecorded internal post to the National Audit Office. They did not turn up at the other end. As they say, it’s an ill will indeed that blows no good. Until this blunder sprawled over all the newspaper headlines, I had no idea that there was a Child Benefit, a monthly payment to parents (or anyone else raising a child) worth about £80 a month for families with one child. (It’s funny that we got caught out on this, because we were irked to discover, shortly before we left Canada, that we’d missed out on applying for a similar benefit there. For some reason governments don’t go out of their way to inform new immigrants of these things.) Anyone moving to the UK should be aware of this: official information is available here. My understanding, though, is that it’s generally only available for Europeans (which I’m not, but the rest of the family are).

If you wanted to contrive a damaging political scandal, without anyone really getting hurt, it would be hard to better this one. All the ingredients are there: Incompetence, money, long-term uncertainty, vast number of potential victims, new technology (making everyone particularly uneasy), and, most important, children. Furthermore, there are reports that

  1. The Audit Office requested an anonymised version of the database, but C&R refused, claiming it would be too costly. (Oops.)
  2. C&R suggested the auditors come visit them to peek at the database. Too much trouble, they said. (Oops again.)

Why are they e-mailing CDs anyway? Anyone with even a tiny bit of technological literacy could have used SSH to transfer the files over the Internet, and saved them the price of a stamp.

The Chancellor of the Exchequer, Alastair Darling (I can’t escape the feeling that there are names you meet at the top levels in politics here that would simply provoke too many giggles in the US or Canada) whose head might be expected to roll, explained that it really wasn’t his fault. In an inversion of the Eichmann defense, he explained that he just makes the rules. “There are rules that mean you can’t download this info and stick it in the post… In asking ourselves what has gone wrong here the rules appear to have been breached with catastrophic results.” Sounds reasonable. It’s not his fault if someone doesn’t follow the rules. This reminds me a bit of the reaction of the day-care teacher in Berkeley who instructed me, after my then two-year-old daughter ran out of the school unnoticed (fortunately I was still right outside the building when she came out), “You need to tell her that she’s not allowed to do that.” She did not return to that daycare centre. Yes, the “junior official” ought not to have flouted the rules; but it should not be a matter of rules. The junior official should not have access to an extremely sensitive database, that he can download onto two CDs and send throught the mail. Once he can do that, he might just as well copy the database onto two other CDs and sell them to criminals. Who is to say that another junior official did not do that?

Of course, Mr Darling could reasonably protest that he only just took over the ministry a few months ago. The blame must really fall to his predecessor in the office, who put the database system into place over the past year. It’s a hard argument to make, though, since his predecessor is now the prime minister.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud

%d bloggers like this: