UK Liberty

Can’t be bothered with encryption

Posted in database state by ukliberty on December 5, 2007

MSN News (Press Assocation):

Confidential information on millions of investors is regularly being sent through the post to HM Revenue and Customs without proper security.

Investment managers in the City are required to mail personal data on their clients to HMRC on unencrypted computer disks in spite of the recent outcry over the disappearance of two disks containing information on 25 million child benefit claimants.

HMRC said encrypting the data would be a “recipe for chaos”, as it would not be practical to decrypt information from thousands of different financial institutions using different coding programs.

But the body representing individual savings account (ISA) and personal equity plan (PEP) managers said the current situation was putting savers at risk of identity fraud.


The intention is to stop people exceeding tax allowances on their investment accounts.

A spokeswoman for HMRC said it would be impractical to ask investment managers to encrypt the data before they sent it. “It’s not a question of cost, but practicality. You can’t have one side having one encoding system and one having another – it’s a recipe for chaos.”

Blimey!

What the HMRC could do is say that “we want the data encrypted in this format” – say, something common/standard like AES or PGP. Then neither side need worry about what the other side has got.

Funnily enough individuals and organisations around the world have been doing this for years!

Interesting comment from Brian Gladman, who wrote some papers on UK Government Cryptography Policy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: