Risk Factor iconRisk Factor

UK Privacy: A New Closet Full of Shoes to Drop

The London Telegraph reports today that the confidential details of 9 million people's investments worth a total of £60 billion continue to be sent by post - and I love this - "HM Revenue & Customs (HMRC) requires these discs to be unencrypted."

The Telegraph article says that the "HMRC requires fund managers to submit details every year of all investors' names, addresses, dates of birth, National Insurance numbers and the amount each individual has invested in Isas and Peps. The intention is to prevent investors exceeding limits on individual savings account (Isa) and personal equity plan (Pep) tax shelters."

"But fund managers are alarmed that HMRC requires this data to be delivered in an unencrypted extended binary coded decimal interchange code (EBCDIC) or American standard code for information interchange (ASCII) text format."

The article goes on to note that there have been least two recent instances where Pep and ISA data has been compromised.

This whole, continuing UK HMSC data security fiasco reminds me of Karl Marx's quote, "History repeats itself, first as tragedy, second as farce." What is it when it repeats a third time?

TJX Pays Up

TJX will pay as much as $40.9 million in a settlement with Visa and the bank that processes TJX's credit card payments over a massive breach of TJX customers' card data, according to an AP wire report.

The money will be used to help U.S. credit card issuers recover costs related to the breach. Issuers of at least 80% of eligible cards must accept the offer by Dec. 19 for the settlement to take effect. TJX's press release about the settlement is here.

As far as I know, the person or persons who hacked into TJX's database still have not been discovered.

Suing Over Weather Forecasts

The Drudge Report has a link to a Orlando Florida television news story that tells of Central Florida's most famous hotel owner, Harris Rosen, who is threatening to sue hurricane expert Dr. William Gray of Colorado State University for his hurricane storm predictions saying they have damaged state tourism.

According to the story, Rosen rhetorically asks Gray:

"Look, doctor, you've made these forecasts and you were wrong once. You made the forecast and you were wrong twice. Are you going to continue to make these forecasts?"

Rosen said he believes Florida lost billions of dollars in business because of Gray's outlook, and claims that surveys show 70 percent of guests not returning to his hotels cited hurricane fears as the reason why.

I don't know why Rosen focused on Gray alone, and not the others who also had less than accurate forecasts the last two years. I also doubt Rosen is going to have much luck in filing a lawsuit, and his real target should probably be the media for over-hyping the accuracy of the forecasts which as one commentator points out "are experimental works in progress." If one could sue for inaccurate weather predictions based on computer generated models, the court system would grind to a halt in about three days.

As a side note, Herbert Saffir, who co-created with Robert Simpson the five-category hurricane-scale, passed away about a week ago.

Protests Against TSA Wanting More of Your Information

In August, the Transportation Security Administration (TSA) proposed that passengers be requested to provide their full names, birth dates and genders when making airplane reservations. Many airlines are against the proposal, however, USA Today reported today. Airlines are unhappy at the prospect, not only because they view the proposal as invasive, confusing, and useless and would likely only serve to irritate passengers, but it will pose unacceptable costs to the airlines as they will once again have to reprogram their reservation systems to collect the information.

TSA is proposing that airlines and travel agents would be required to ask people reserving flights for their birth date, gender and full name. However, you would not be required to give the information. But if you don't, then you might be "more easily mistaken for a terrorist" - wink, wink - and "may be more likely to experience delays, be subjected to additional screening (or) be denied transport," nudge, nudge - or should I say, shove, shove.

Maybe the TSA and UK government ought to get together and just demand one set of data, including your resume, whom you dated in high school, who you first kissed, and the first person you had a crush on in grammar school.

Are We Running Out of Shoes Yet?

The London Telegraph wrote today that, "HM Revenue and Customs sent out letters with national insurance and child benefit numbers printed on the top and many have been dropping through the wrong letter boxes, raising new fears of a security breach."

Ironically, the information was printed on HMRC letters apologizing to those whose names were on those lost CDs. Every every parent who fails to receive an apology letter is being urged to contact the HMRC to ensure that their correct address information is in the HMRC database.

The thought does cross your mind about whether it would be safer not to let HMRC know your proper address - that way, when it loses the next set of CDs, data thieves will have a slightly harder time stealing your identity.

The HMRC, in its defense, says that it isn't to blame if folks don't update their addresses. True, but did it really have to post confidential data in the apology letters? Or was this information also seen as being too expensive to remove?

UK ID Card Fairy Land

A number of UK computer science professors: Professor Ross Anderson, Dr Richard Clayton; Dr Ian Brown; Dr Brian Gladman; Professor Angela Sasse; and Dr. Martyn Thomas, wrote an open letter to Mr. Andrew Dismore MP, who is chair of the Joint Committee on Human Rights in the Commons calling into question the security and privacy of the planned UK ID cards. They write:

"The government, in response to the recent HMRC Child Benefit data breach, has asserted that personal information on the proposed National Identity Register (NIR) will be 'biometrically secured':

'The key thing about identity cards is, of course, that information is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be.' - The Chancellor, Hansard Column 1106, 20/11/07

'What we must ensure is that identity fraud is avoided, and the way to avoid identity fraud is to say that for passport information we will have the biometric support that is necessary, so that people can feel confident that their identity is protected.' - The Prime Minister, Hansard Column 1181, 21/11/07

These assertions are based on a fairy-tale view of the capabilities of the technology, and in addition, only deal with one aspect of the problems that this type of data breach causes."

"Ministers assert that people's information will be 'protected' because it will be much harder for someone to pass themselves off as another individual if a biometric check is made. This presupposes that:

(a) the entire population can be successfully biometrically enrolled onto the National Identity Register, and successfully matched on every occasion thereafter - which is highly unlikely, given the performance of biometrics across mass populations generally and especially their poor performance in the only, relatively small-scale, trial to date (UKPS enrolment trial, 2004). Groups found to have particular problems with biometric checks include the elderly, the disabled and some ethnic groups such as Asian women;

(b) biometrics are 'unforgeable' - which is demonstrably untrue. Biometric systems have been compromised by 'spoofing' and other means on numerous occasions and, as the technology develops, techniques for subverting the systems evolve too;

(c) every ID check will be authenticated by a live biometric check against the biometric stored on the NIR or at the very least against the biometric stored on the chip on the ID card which is itself verified against the NIR. [N.B. This would represent a huge leap in the cost of the scheme which at present proposes only to check biometrics for 'high value' transactions. The network of secure biometric readers alone (each far more complex and expensive than, e.g. a Chip & PIN card reader) would add billions to the cost of rollout and maintenance.]"

The professors ask that before the government proceeds any further, that:

"It is therefore our strongest recommendation that further development of a National Identity Register or National Identity Scheme (including biometric visas and ePassports) should be suspended until such time that research and development work has established beyond reasonable doubt that these are capable of operating securely, effectively and economically on the scale envisaged.

Government systems have so far paid little attention to privacy. Last week's events have very significant implications indeed for future government information systems development."

I wish them luck. But given previous attempts to encourage the use of common sense in UK politicians on matters of IT, I don't rate the odds too high that they will be successful.

Doctor Support for NHS EHR System Drops

According to ComputerWeekly, doctor support for the NHS National Programme for IT (NPfIT) has dropped sharply over the past three years. Only 23% of general practitioners and 35% of other medical specialists surveyed now support the aims of the NPfIT, while in in 2004 it was 56% and 75% respectively. Less than 50% of the doctors surveyed believe that the NPfIT is an important NHS priority, while in 2003 some 80% did so.

The NHS said the survey results did not match up with its own surveys, and that the NPfIT is working just fine, thank you very much.

Of course, the NHS also said it would never have to alter the supplier contracts for the NPfIT implementation, but last week the NHS admitted it was in fact altering them, but it really wasn't a contract renegotiation. The NHS suppliers apparently didn't get the word, however, because they refused to discuss what it was all about, citing â''ongoing commercial negotiations."

The VA August EHR Meltdown: The Reasons Why

Last week, ComputerWorld published a lengthy story about the disruption of the US Department of Veterans Affairs' VistA electronic health record (EHR) system in Northern California last August. According to the story, the outage was caused by "a simple change management procedure that wasn't properly followed."

It turns out that one group of maintainers asked another to make a change to a network port configuration without having the proper authorization to do so, which the second team did. In other words, the system was done in by poor configuration management.

For reasons left better explained by the ComputerWorld article, the VistA back-up systems that were supposed to kick in, didn't.

The outage caused the VistA system to be down for a good part of a day, which caused healthcare workers to revert to paper and pencil. Patient safety was increasingly put at risk, because the VA health system is almost completely electronic. In the VA's words, the outage was "the most significant technological threat to patient safety (the) VA has ever had.â'' It has taken months to put all the paper-based information created that day back into electronic format.

The VA experience provided a glimpse of what may happen if a major outage and back-up systems fail once EHR systems are fully up and running. System designers of EHR systems need to think a bit harder about what happens when the "unthinkable" does indeed happen.

Unintended Consequences: Human-Medical Equipment Computer Interfaces

Spectrum's Senior Associate Editor Samuel Moore sent me a note on an interesting news release titled, "Design of Patient Tracking Tools May Have Unintended Consequences" about a study by researchers at the University of Buffalo regarding the replacement of dry-erase patient status boards by electronic patient tracking systems. The researchers studied how new electronic patient-status boards were functioning in the emergency departments of two busy, university-affiliated hospitals.

What the researchers found was while there were surface similarities between the manual and electronic systems, there were subtle differences in the design of the latter that affected how health-care providers communicated and tracked patient care, sometimes not for the better. As one of the researchers noted,

"The manual whiteboard allows flexibility in tracking patients. For example, maybe the first time the provider sees a patient, she initials the name on the whiteboard, then the next time she circles the initials, then when the patient is discharged, she might put an 'x' in the circle, signals that are a means of communicating with her colleagues in the ER."

"With a computerized system, providers have to find an available computer terminal and log-in. The providers can't just walk up to the whiteboard and make a notation."

Whiteboards also provided immediate visual clues that the electronic tracking system did not, like how busy the emergency room was and how critical resources were allocated.

The researchers note that future electronic patient tracking systems need to investigate workflow and communication issues more carefully, and hope their study will encourage designers to better meet user needs.

Wisconsin Prison Software System Misses Fourth Deadline

The first phase of a new $25 million computer system project to keep track of Wisconsin's 23,000 prisoners will miss its December 2007 deadline - the fourth such schedule slip since the project started in 2003. The project is now at least 18 months late in its first phase: it has three more stages to go. It was originally scheduled for completion in May of 2009, but it is more like sometime in 2011 before it will be finished, assuming the other three stages don't have problems.

The project is fixed price, so the state Department of Corrections claims it hasn't overspent their contracting budget. However, the Department of Corrections did admit it didn't know how much the total project will really cost, since it didn't include the cost of state workers in the project's budget.

If the project slips a fifth time, it may be time for the IT Mercy Rule.

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Load More