security

Last week several government databases decided I was living in Leeds again. Whilst I like Leeds, I'd quite like my post to end up in the same building that I'm living in. A few phone calls into the problem and the finger looks to be pointing at either the National Insurance Contributions Office or HMRC. I can't get through to NICO because all their lines are busy. As usual. However, as another department kindly sent me a letter saying they'd been in touch with HMRC about my tax code several days before things started going wrong, this is where I pick up the trail.

The phone number for HMRC in said letter leads to a recorded message telling me to call another number, which I immediately call and after navigating a tortuous path through their answering system I finally get connected to a tired sounding human. Before he can help me he needs to ask a number of security questions including my most recent address. Can anyone spot the fail here. Further fail seems to be a one strike policy on the security questions, and the final fail is a refusal to discuss how one can go about establishing one's identity if the system is indeed wrong, because I am assured that the system is never wrong. Have I woken up in a Terry Gilliam movie? Am I in hell?

The British Council appear to have had an encrypted disk lost in the post. The BBC think this is news but don't appear to understand that nothing appears to have been done wrong.

This appears to be a courier service losing a securely encrypted disk during a routine information transfer. At which point this isn't newsworthy, it's something done right and nothing has been leaked.

Of course there's the possibility that it was the only copy or that the key/password was shipped with the data which would be a minor disaster but these possibilities aren't mentioned.

The author goes on to claim

I have visions of the missing disk being fiercely guarded by a beermat with a quick-sort scribbled on the back that has somehow come to life. I guess it takes special training to remove all the useful information and spout the utterly meaningless.

I wonder what the same journalist would make of the number of encrypted TCP packets that go missing every day without the world exploding.

I'm working my way through a Deep Space 9 box set. It might be a pale imitation of Babylon 5, but Star Trek was something I couldn't get enough of when I was younger. Now I'm not so fond of the utopian visions and hero-cheese chaotic good characters of TOS and TNG, but part of the magic of Star Trek is just how wrong and quickly obsolete the visions of technology is.

(I think I need to modify the quote module with s/wrote/said/g)

I get a phonecall:

Hello, it that Mr Charles [middle name removed for reasons of paranoia] Elwood?

Who's calling?

I'm very sorry, but I can't tell you that until you confirm your identity, are you Mr .....

You've not got the hang of this have you? If you're going to ask me to verbally authenticate myself you're going to have let me know who you are, or who you are calling on behalf of, so I can cross-reference the number.