To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39169789,00.htm

Dear silicon.com... Tax man's stamp bill, more lost data, unencrypted laptops…
Reader Comments of the Week

By silicon.com

Published: Thursday 24 January 2008

What's got silicon.com readers reaching for their keyboards this week? Reader Comments of the Week showcases how our users are responding to the latest tech news and views on the site...

Tax man's stamp blowout
Taxpayer stung by £2.25m HMRC apology

The HMRC are saying they have sent letters for 9p each. If you take the cost of printer ink, paper, envelopes, staff and equipment costs, 9p is probably the real cost of producing a letter without postage. Add on cost of postage of 9p and the true cost is likely around £5.5m.
-- Robin Marks, London

Editor's choice

silicon.com editor Steve Ranger flags up his picks on the site this week...

♦ Q&A: Pen Hadow, explorer
♦ The Brampton Factor: Why big government IT projects fail
♦ Video: How to keep the best-performing staff
♦ Photos: When tech chiefs rock out...
♦ Photos: Apple flying high at Macworld

Given the potential for error in the light of such basic failings in this department and possibly others, I suspect the £2.25m is a mere drop in the ocean compared to the real damage that has happened and is probably still happening. This story is a lot bigger than a missing CD and yet its significance seems to have gone largely unreported so far.
-- Alistair Thomas, Worcs, UK

I trust that this is being absorbed by savings elsewhere in HMRC's operating budget! Seems like those insulated from reality civil servants in their cushy jobs just don't care how much of our money they fritter wastefully away.
-- Chris Goodman, Fareham

A simple sum but only part of the true cost: HMRC would have sent about seven million letters to the seven million households involved.

7m x 32p = £2.25m

In other words, they've only reported the (approx) cost of the stamps.
-- Richard, UK for now

Data outrage
Thousands more UK patients' details lost

Yet again data has been copied from a mainframe store onto a portable storage device.
Questions to be answered:
Why was it necessary to copy the data?
Who authorised it and, presumably, dictated the form of portable device to be used and what security was required?
The ability to copy data onto portable devices, be it CD, DVD or portable drive should be extremely limited.
-- Chris Goodman, Fareham

I agree wholeheartedly with Chris - why is this data being moved around anyway? If there is a real need, why are they being moved unencrypted, by people so careless they can lose a USB stick? OK, we know there are some problems with sending stuff over the internet but with VPNs there is a reasonable amount of security. This incompetence really must stop.
-- Jeremy Wickins, Sheffield

Modern solid state devices can be much more robust than anyone would give them credit for. I left a USB flash drive in my shirt pocket and my wife washed it. A month later, I found the flash drive in the sump of the washing machine. The contacts were corroded, but a quick clean off and dry out and it was good as new. All the data stored on it was totally unaffected and it is still working perfectly.
-- Anonymous, London

Encryption warning
Whitehall staff banned from removing laptops

Fine to ban a removal of laptops from the premises but what about the use of CDs and memory sticks?

If these are still allowed into the offices then it is a pointless ban.
-- Jane, The Golden Coast

Encryption is all very well but, as we all know, what is encrypted can be decrypted by any determined hacker.

The question is really why do so many individuals need a laptop in this day of networking when a desktop is invariably quicker and more secure?
-- Chris Goodman, Fareham

The big databases should be kept securely locked up and encrypted on a mainframe computer or proper mass storage. The laptops should only hold relevant (encrypted) extracts of the data.
-- Charles Smith, London

Why doesn't the Date Protection Act make it possible for these negligent people to be prosecuted? If they were carrying data that included their own details they would, presumably, take their responsibilities a little more seriously.
-- Anonymous, UK

About time! I hope they use something like TrueCrypt or BitLocker. Better yet, an encrypted virtual machine image. I'd much prefer these instead of just leaving encrypted archives on the drive and then decrypting them to an unencrypted sector.
-- Joe Whitehead, USA

Please note, comments may be edited for clarity, grammar, spelling, punctuation and style. The views expressed are not necessarily the views of silicon.com. You can write to silicon.com by posting a Reader Comment below, or emailing editorial@silicon.com.