By now, everyone has probably heard about the data loss debacle in the United Kingdom. The British government lost the child benefit records for 25 million people. These records include addresses, dates of birth, bank account information, and national insurance numbers. In total, 40% of the British population has been exposed to the risk of identity theft.
Obviously, this should never have happened. One government agency requested some anonymized data for statistical purposes. Instead, a different department sent them the whole dataset in an unencrypted format. Encrypting the discs would have made it nearly impossible for thieves to access the data; anonymizing the data would have made such theft unprofitable. The failure to do either is the height of idiocy, but it is probably what we need to expect from the civilian parts of government when it comes to data security. Security is hard; it requires clever people with good training, and it requires oversight to ensure that insiders are competent and not cheating. People who are naive and naturally helpful can always be exploited by attackers.
In response to this situation, two sets of things need to be done. The first is to correct the specific failures that cause this kind of problem: require encryption of sensitive documents in transit, limit who has access to such sensitive databases, and tighten the procedures surrounding their use. The second is to limit the amount of such data that is available to steal in the first place. That could involve using paper records instead of digital ones – making mass theft dramatically harder to accomplish. It may also involve not creating these kinds of huge databases, as useful as they may seem when working properly.
It is fair to say that there will always be people out there able to break into any information that a large number of civil servants have access to. This would be true even if all civil servants were capable and virtuous people, because a lot of the best computer talent is applied to breaking flawed security systems. Given that bureaucrats are human, and thus subject to greed and manipulation, the prospects for keeping a lid on government data are even worse. Acknowledging the realities of the world, as well as the principle of defence in depth, suggests that limiting the volume of data collected and held by all governments is an appropriate response to the general security risks highlighted by this specific incident.