Monday, 26 November 2007

Child Benefit repercussions are decades away

A careless discus

In my third year in secondary school, I believe it was; there were frantic competition heats to determine the athletes who would carry the banners for the houses, in one situation we had one hot-headed, determined and stubborn senior who could not stand the thought of being beaten.

Someone had just thrown a school record with the discus when he took his turn, fuming, fulminating and furious to beat that thrown, the discus left his grip and impacted on a colleague’s forehead; he did not die, but he spent the best part of three weeks in hospital.

The greatest lamentation that came from the senior was when he thought he had killed the chap and probably one visit to the hospital and he moved on with his life, the young chap however, struggled with his schoolwork and it probably affected him rather very negatively.

The intention was to throw the discus to a particular target area, but this now not just a foul, it included an accident that had ramifications well beyond those contemporary events – the import of this recollection would be evident later in this blog.

Identity theft and usage

Over 20 years ago, I harboured the idea of joining the 18-month waiting list for an interview to get a British passport in Lagos but I had one missing piece of information, my long birth certificate.

I wrote a letter to my cousin in London with all the details she would require to get the long birth certificate and send it to me, unfortunately, that letter was intercepted by their lodger who for 3 years before I arrived in the UK was going about as me with my National Insurance number.

So, my NI number was already available for me to use by the time I had arrived, but the danger was if he was claiming unemployment benefit whilst I was working, I could have ended up in really deep shit.

In another case, someone in our close-knit extended family thought another cousin of mine who had academic problems would never escape Nigeria, so he took all his details and stealthily acquired my cousin’s passport.

The truth was exposed almost 10 years later when a visit to the consulate in Nigeria revealed documents that also stated his father had long been deceased when even today this esteemed mentor is a spritely septuagenarian. It got resolved but not without the schism and agonies that encompass such situations of the misuse of data and identity theft.

Not working together at all

However, back to the developing scandal of the Child Benefit data loss that affects 25 million individuals. It is mind-boggling that all that information can be so easily gathered and put on 2 CDs then sent by courier where the insurance value of the loss has not been properly assessed apart from the cost of the CDs.

The embarrassment that has already taken the scalp of the head of Her Majesty’s Revenue and Customs (HMRC) and it appears this is not the first time discs have been lost in transit between critical government agencies.

The fact that they had all gotten comfortable with this abuse of the Data Protection Act belies the fact that individuals would have been roasted if they had been fast and loose with this kind of information.

In so-called broadband Britain, it beggars belief that there is no secure high-speed connection between critical government agencies as the HMRC and the National Audit Office (NAO) to transfer what is essentially 1.4 billion characters or 1.4 Gigabytes, the maximum data content of 2 regularly available CDs.

This puts the agencies almost 15 years behind the times and one cannot count the number of failed IT contracts and white elephant IT projects that have not addressed this fundamental IT issue and laws could have been enacted to ensure a number of procedures were in place to use those lines.

This episode is no doubt systemic in its nature and failure to safeguard data, the ramifications of which we have not begun to appreciate.

The possibilities are amazing

A few months ago, when I chatted to my credit-card company, a few personal questions were asked and I know that there are some answers that would never change like where I was born, my mother’s maiden name, my date of birth and they added a few other questions – these data sets are immutable for as long as the person is still living or is not registered dead.

So, this rush to safeguard bank accounts is really a red-herring, the data thieves do not have to pilfer from these accounts, rather they can establish accounts and business transactions with the data and get you into serious trouble and they can do that with the children’s data 5, 15, 25 or 35 years down the line because the information on birth certificates would not change – they become clones of you using your data.

Some people would say biometric data should become the gold standard for identity, but that works for pennies; if your finger-print can open access to billions, your life begins to bear an unquantifiable risk depending on who wants access to that bullion.

Then what were these data-sets doing in the hands of an accountancy firm that says the data was erased from their systems? Because if they were auditing the data, a lot can be done with the derived information giving then a window on British society that many organisations might just kill for.

Precautions

I shred every piece of paper bearing my name and address and more so anything containing more personal information, but as I walked down the corridor of my office last week I saw a lady trying to piece together shreds from a strip-shredder and I have begun to think of getting a confetti shredder – I do worry.

Online information should be safeguarded with usernames and passwords; they should be different for each function just in case the revelation of one leads to a flood-gate of untrammelled access to other information.

Avoid storing those passwords on your computer by using intelligible sentences not clich├ęs; interspersing the words with numbers or currency characters and periodically change those passwords.

Use different email addresses separating them into personal which you give friends and family, business for professional purposes and general for all other registration, loyalty or activities that do not fall into the first two categories – I have seven.

In the end, if someone is careless with your data where you do not have control over how it is used, just like the discus thrown some 30 years ago, there is not much you can do about getting hit in the head.

I think we have not heard the last of this – Brown and Darling are not having a romancing time with the British public lately.

No comments: