![]() | This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||
|
There is no reason for this on the front page and it is not important to the world. —Preceding unsigned comment added by Rukaribe ( talk • contribs) 13:04, 21 November 2007 (UTC)
There is a reason for it as it affects millions of people in Britain and people around the world might want to look at what's going. p.s there are other stuff that appear on the front page that is of little concern to anyone else somewhere in the world. User:Pathfinder2006 —Preceding comment was added at 13:30, 21 November 2007 (UTC)
I would have thought that data security was of interest to any one and any nation using IT systems. —Preceding unsigned comment added by 217.205.224.155 ( talk) 14:08, 21 November 2007 (UTC)
Can someone supply an image of the HMRC building at Washington, as that was the location of the original foul up, not Nottingham? Yorkshiresky ( talk) 23:25, 20 November 2007 (UTC)
Even if there are not references for this at the moment - what is the potential scale of this? What could the effects be? I'd like to get an idea of the magnitude of this from someone who knows more about this kind of thing than I do, whilst equally observing WP:NOT#FORUM, so that it could be added to the article later if proven true.-- h i s s p a c e r e s e a r c h 06:01, 21 November 2007 (UTC)
same shit happened in the U.S. not too long ago. —Preceding unsigned comment added by 68.161.204.86 ( talk) 07:52, 21 November 2007 (UTC)
I'm not entirely sure that its worth having the opposition quoted so extensively when compared to the size of the article. Could we not just have links to comments that have been made regarding what the implications are. MLA ( talk) 09:37, 21 November 2007 (UTC)
While the politics do not interest me, the sheer stupidity and incompetence of the personnel and system revealed by this incident do - another example of Occidental "dumbing down"! And lest anyone take umbrage, consider this: how long has the UK been in the business of administrating? Is it conceivable that an SOP (Standard Operating Procedure) by any name does NOT exist for such data transfers? So unless this was an outright theft with inside help/information, this incident is disgraceful. Shir-El too ( talk) 13:52, 21 November 2007 (UTC)
Hang on a sec. One CD-ROM holds 700MB. So that's 1400MB for both disks. Divided by 25 million. That's 56 bytes per entry. How can you get full names, addresses and bank details into 56 bytes? AJKGORDON «» 11:08, 21 November 2007 (UTC)
http://cgi.ebay.co.uk/The-Missing-Disks_W0QQitemZ150185957181QQihZ005QQcategoryZ16164QQssPageNameZWDVWQQrdZ1QQcmdZViewItem —Preceding unsigned comment added by 84.69.128.23 ( talk) 13:40, 21 November 2007 (UTC)
...is whether the data in the disks was strongly encrypted or not. If it was, with the relevant keys being sent later or using public-key crypto, then there is actually nothing to worry about, and i think it even shows proper procedure on their part: Sending the data itself in a inexpensive way, while still guarateeing total security.
On the other hand, if they use weak crypto (which is the standard in many office applications) or no crypto at all, then i still think that most of the public indignation is being misdirected: Data theft might have occurred not only now, but many times before, with thieves easily intercepting the disks in the mail (or even the government staff responsible for mailing), copying them, and sending them along unscathed to their intended recipients, raising no suspicions. If they send the disks in regular mail packages without any special precautions, as they apparently do, then this might not be too difficult. It just so happens that this time the thieves themselves might have goofed up and failed to restore the chain after intercepting the data. —Preceding unsigned comment added by 83.132.232.124 ( talk) 17:13, 21 November 2007 (UTC)
"Misplacement" is classic PR-speak, almost like it's deliberately worded to make it sound less bad. Wikipedia is no the UK's PR wing. The title should be data loss and on the main page, it should say it loses the data instead of misplaces it. —Preceding unsigned comment added by MrVoluntarist ( talk • contribs) 20:27, 21 November 2007 (UTC)
Yes I was just about to comment on the title. It isnt brilliant is it? Any better suggestions anyone? 137.222.229.74 ( talk) 23:08, 21 November 2007 (UTC)
Is it worth mentioning that a significant number the British public seem pretty furious about this? There's vast numbers of comments and letters being sent to news websites and papers condemning the Government over this. —Preceding unsigned comment added by Froggity-Frog ( talk • contribs) 10:53, 22 November 2007 (UTC)
Ok so 1% are writing letters, whats that in a figure? Its a lot when you think of it that way. Kennedygr ( talk) 13:54, 22 November 2007 (UTC)
Excuse my ignorance but what can a fraudster do with the information?
You can get DOB, childs name and address through public records (birth certificates and electoral register).
From what i've read the only risk to your bank account is if your banking security details are your childs name? 172.207.192.97 ( talk) 15:28, 22 November 2007 (UTC)
So when I pay by cheque, they know my name, address, bank account number and can find my DOB. The only thing extra this data has is NI number. 172.207.192.97 ( talk) 17:53, 22 November 2007 (UTC)
The article currently says "TNT stated that, as the delivery was not recorded, it would not be possible to even ascertain if it had actually been sent, let alone where it went. They also stated that they would not accept any responsibility for the loss of the discs.", and proceeds to cite a BBC source. Can anyone find a TNT disclaimer at that source? I'm asking because I removed that reference yesterday for a citation request, and now see the reference has been added back. mdf ( talk) 03:40, 23 November 2007 (UTC)
How do we incorporate the latest on this: that apparently the loss is not due to a low-level functionary acting outside his authority or contrary to procedure, but that senior management was consulted and acquiesced in the decision to send 2 discs by regular post? http://news.bbc.co.uk/1/hi/uk_politics/7109103.stm
WikiReaderer ( talk) 16:42, 23 November 2007 (UTC)
http://news.bbc.co.uk/1/hi/uk_politics/7111056.stm 86.21.74.40 ( talk) 19:18, 24 November 2007 (UTC)
Sorry to be a spoilsport but I am a bit concerned that the title of this article is POV; in particular the use of the word "scandal". I am not saying that it is not a scandal - I am a UK resident and it is clearly a really, really bad screw up that someone has made - but for Wikipedia should we not try to be a bit more neutral? The full impact of it has yet to be felt, so I am not sure how we could know whether or not it is scandalous yet. I would suggest a move to 2007 UK child benefit data loss or something. Any thoughts? Batmanand | Talk 10:25, 25 November 2007 (UTC)
Two CDs worth of data takes about an hour or so to transfer over the Internet. Why not encrypt and FTP? it seems strange to me in the first place that physical disks were sent in the post! Toby Douglass ( talk) 13:18, 26 November 2007 (UTC)
According to a post in the latest RISKS digest, [1], they were password encrypted using Winzip version eight, which is known to be be very weak, subject to a range of attacks. WinZip version *nine* introduced AES, and would have been safe. Toby Douglass ( talk) 09:29, 31 December 2007 (UTC)
Methods of Encryption
What kind of " Key-scheduling" or hashing method used to derive the encryption key on both, old & new, versions of Winzip? And what are the modes of encryption? ECB? CBC? or LRW? 88.105.125.238 ( talk) 21:40, 30 January 2008 (UTC)
Is this article biased?
The tone in the section of the article on the encryption feels biased, like reading a Reddit post on Edward Snowden instead of being purely factual and unbiased as Wikipedia aims to be. For instance, the used of quotes around password protection and 'anyone competent with a computer'. 81.155.42.240 ( talk) 09:19, 2 April 2015 (UTC)
eg. Instead of saying "Anyone competent in computing would be able to break this protection by downloading readily-available tools.", an unbiased article should say "There are multiple tools online such as <GIVE AN EXAMPLE> capable of breaking this encryption so the data could easily be decoded." 81.155.42.240 ( talk) 09:19, 2 April 2015 (UTC)
Didn't a very senior civil servant tender his resignation since he had overall responsibility for the department? AleXd ( talk) 16:59, 27 March 2008 (UTC)
Did the disks ever turn up? -- Richardrj talk email 12:07, 22 May 2008 (UTC)
Nope. -- Magus213 ( talk) 16:13, 21 October 2008 (UTC)
Delivery people lost the CD's and nothing happened, what a partisan twaddle. 23:26, 11 March 2010 (UTC)
![]() | This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||
|
There is no reason for this on the front page and it is not important to the world. —Preceding unsigned comment added by Rukaribe ( talk • contribs) 13:04, 21 November 2007 (UTC)
There is a reason for it as it affects millions of people in Britain and people around the world might want to look at what's going. p.s there are other stuff that appear on the front page that is of little concern to anyone else somewhere in the world. User:Pathfinder2006 —Preceding comment was added at 13:30, 21 November 2007 (UTC)
I would have thought that data security was of interest to any one and any nation using IT systems. —Preceding unsigned comment added by 217.205.224.155 ( talk) 14:08, 21 November 2007 (UTC)
Can someone supply an image of the HMRC building at Washington, as that was the location of the original foul up, not Nottingham? Yorkshiresky ( talk) 23:25, 20 November 2007 (UTC)
Even if there are not references for this at the moment - what is the potential scale of this? What could the effects be? I'd like to get an idea of the magnitude of this from someone who knows more about this kind of thing than I do, whilst equally observing WP:NOT#FORUM, so that it could be added to the article later if proven true.-- h i s s p a c e r e s e a r c h 06:01, 21 November 2007 (UTC)
same shit happened in the U.S. not too long ago. —Preceding unsigned comment added by 68.161.204.86 ( talk) 07:52, 21 November 2007 (UTC)
I'm not entirely sure that its worth having the opposition quoted so extensively when compared to the size of the article. Could we not just have links to comments that have been made regarding what the implications are. MLA ( talk) 09:37, 21 November 2007 (UTC)
While the politics do not interest me, the sheer stupidity and incompetence of the personnel and system revealed by this incident do - another example of Occidental "dumbing down"! And lest anyone take umbrage, consider this: how long has the UK been in the business of administrating? Is it conceivable that an SOP (Standard Operating Procedure) by any name does NOT exist for such data transfers? So unless this was an outright theft with inside help/information, this incident is disgraceful. Shir-El too ( talk) 13:52, 21 November 2007 (UTC)
Hang on a sec. One CD-ROM holds 700MB. So that's 1400MB for both disks. Divided by 25 million. That's 56 bytes per entry. How can you get full names, addresses and bank details into 56 bytes? AJKGORDON «» 11:08, 21 November 2007 (UTC)
http://cgi.ebay.co.uk/The-Missing-Disks_W0QQitemZ150185957181QQihZ005QQcategoryZ16164QQssPageNameZWDVWQQrdZ1QQcmdZViewItem —Preceding unsigned comment added by 84.69.128.23 ( talk) 13:40, 21 November 2007 (UTC)
...is whether the data in the disks was strongly encrypted or not. If it was, with the relevant keys being sent later or using public-key crypto, then there is actually nothing to worry about, and i think it even shows proper procedure on their part: Sending the data itself in a inexpensive way, while still guarateeing total security.
On the other hand, if they use weak crypto (which is the standard in many office applications) or no crypto at all, then i still think that most of the public indignation is being misdirected: Data theft might have occurred not only now, but many times before, with thieves easily intercepting the disks in the mail (or even the government staff responsible for mailing), copying them, and sending them along unscathed to their intended recipients, raising no suspicions. If they send the disks in regular mail packages without any special precautions, as they apparently do, then this might not be too difficult. It just so happens that this time the thieves themselves might have goofed up and failed to restore the chain after intercepting the data. —Preceding unsigned comment added by 83.132.232.124 ( talk) 17:13, 21 November 2007 (UTC)
"Misplacement" is classic PR-speak, almost like it's deliberately worded to make it sound less bad. Wikipedia is no the UK's PR wing. The title should be data loss and on the main page, it should say it loses the data instead of misplaces it. —Preceding unsigned comment added by MrVoluntarist ( talk • contribs) 20:27, 21 November 2007 (UTC)
Yes I was just about to comment on the title. It isnt brilliant is it? Any better suggestions anyone? 137.222.229.74 ( talk) 23:08, 21 November 2007 (UTC)
Is it worth mentioning that a significant number the British public seem pretty furious about this? There's vast numbers of comments and letters being sent to news websites and papers condemning the Government over this. —Preceding unsigned comment added by Froggity-Frog ( talk • contribs) 10:53, 22 November 2007 (UTC)
Ok so 1% are writing letters, whats that in a figure? Its a lot when you think of it that way. Kennedygr ( talk) 13:54, 22 November 2007 (UTC)
Excuse my ignorance but what can a fraudster do with the information?
You can get DOB, childs name and address through public records (birth certificates and electoral register).
From what i've read the only risk to your bank account is if your banking security details are your childs name? 172.207.192.97 ( talk) 15:28, 22 November 2007 (UTC)
So when I pay by cheque, they know my name, address, bank account number and can find my DOB. The only thing extra this data has is NI number. 172.207.192.97 ( talk) 17:53, 22 November 2007 (UTC)
The article currently says "TNT stated that, as the delivery was not recorded, it would not be possible to even ascertain if it had actually been sent, let alone where it went. They also stated that they would not accept any responsibility for the loss of the discs.", and proceeds to cite a BBC source. Can anyone find a TNT disclaimer at that source? I'm asking because I removed that reference yesterday for a citation request, and now see the reference has been added back. mdf ( talk) 03:40, 23 November 2007 (UTC)
How do we incorporate the latest on this: that apparently the loss is not due to a low-level functionary acting outside his authority or contrary to procedure, but that senior management was consulted and acquiesced in the decision to send 2 discs by regular post? http://news.bbc.co.uk/1/hi/uk_politics/7109103.stm
WikiReaderer ( talk) 16:42, 23 November 2007 (UTC)
http://news.bbc.co.uk/1/hi/uk_politics/7111056.stm 86.21.74.40 ( talk) 19:18, 24 November 2007 (UTC)
Sorry to be a spoilsport but I am a bit concerned that the title of this article is POV; in particular the use of the word "scandal". I am not saying that it is not a scandal - I am a UK resident and it is clearly a really, really bad screw up that someone has made - but for Wikipedia should we not try to be a bit more neutral? The full impact of it has yet to be felt, so I am not sure how we could know whether or not it is scandalous yet. I would suggest a move to 2007 UK child benefit data loss or something. Any thoughts? Batmanand | Talk 10:25, 25 November 2007 (UTC)
Two CDs worth of data takes about an hour or so to transfer over the Internet. Why not encrypt and FTP? it seems strange to me in the first place that physical disks were sent in the post! Toby Douglass ( talk) 13:18, 26 November 2007 (UTC)
According to a post in the latest RISKS digest, [1], they were password encrypted using Winzip version eight, which is known to be be very weak, subject to a range of attacks. WinZip version *nine* introduced AES, and would have been safe. Toby Douglass ( talk) 09:29, 31 December 2007 (UTC)
Methods of Encryption
What kind of " Key-scheduling" or hashing method used to derive the encryption key on both, old & new, versions of Winzip? And what are the modes of encryption? ECB? CBC? or LRW? 88.105.125.238 ( talk) 21:40, 30 January 2008 (UTC)
Is this article biased?
The tone in the section of the article on the encryption feels biased, like reading a Reddit post on Edward Snowden instead of being purely factual and unbiased as Wikipedia aims to be. For instance, the used of quotes around password protection and 'anyone competent with a computer'. 81.155.42.240 ( talk) 09:19, 2 April 2015 (UTC)
eg. Instead of saying "Anyone competent in computing would be able to break this protection by downloading readily-available tools.", an unbiased article should say "There are multiple tools online such as <GIVE AN EXAMPLE> capable of breaking this encryption so the data could easily be decoded." 81.155.42.240 ( talk) 09:19, 2 April 2015 (UTC)
Didn't a very senior civil servant tender his resignation since he had overall responsibility for the department? AleXd ( talk) 16:59, 27 March 2008 (UTC)
Did the disks ever turn up? -- Richardrj talk email 12:07, 22 May 2008 (UTC)
Nope. -- Magus213 ( talk) 16:13, 21 October 2008 (UTC)
Delivery people lost the CD's and nothing happened, what a partisan twaddle. 23:26, 11 March 2010 (UTC)