UK ID Card Scheme Data Deleted For £400K 149
DaveNJ1987 writes "It will cost the British government only £400,000 to destroy the data for its failed ID card initiative. The data compiled by the National Identity Register, which was scrapped last year by the coalition government, will be disposed of for the relatively small sum — in government figures — Home Office minister Damian Green confirmed."
Re:Let me do it (Score:3, Insightful)
This is the problem. They want to be absolutely sure that nobody can get hold of the disk drives and extract the data. At least that's what I'm guessing.
Really they could just shoove the computers in some dark area of Whitehall and nobody will touch them.
Third party (Score:4, Insightful)
Re:Let me do it (Score:5, Insightful)
They could lock them in the bottom drawer of a filing cabinet in a disused lavatory with a sign on the door that says "Beware of the Leopard", and eventually, someone will find them.
My guarantee of data destruction - thermite. It's the only way to be sure.
Well, ok, there are a lot of ways. You could extract the platters and scrub all the ferrite off with soapy water. You could just do a 1-pass wipe and it puts it beyond the capability of all known data recovery labs. There's those specialist industrial shredders designed just for disk drives that reduce them to a small heap of granules.
But thermite is more fun.
Re:No surprise (Score:2, Insightful)
Personally as a UK citizen I'd much rather they paid someone who knew what they were doing to do it properly than just "wiped the disks".
For a start, you do realise that for data like this destruction of the physical storage medium is a requirement, right? (It's right there in the article)
Re:No surprise (Score:3, Insightful)
If you read TFA you'll see Labour pissed away £330m on ID cards, so 400K is peanuts by comparison. Also, the same "friends in the city" were the people labour spent that money with.
Re:Let me do it (Score:5, Insightful)
The same guarantee that everybody else offers - cast iron, 100% and fully contractually enforceable. At least enforceable against the tiny limited liability shell company with no assets that you've spun off to do the actual work.
See, it's not how you do the work, it's how you do the business that matters.
Re:No surprise (Score:2, Insightful)
I can see why. Many European countries have independent GPs. None have the crazy health costs that the US has. Overall health isn't that much worse than they're in the UK, and when you focus on the neighborhood (France, Denmark, Belgium, Netherlands) they do better than the UK in fact.
One of the reasons for this is that GPs treat a large number of patients, with common afflictions. Statistics ensures that this has predictable volumes, and also predictable costs. In a sense, they're like band-aids. You can manage on numbers alone. Specialized rare health care is harder to manage on an economic base, which is why closer government oversight could be desired.
Re:No surprise (Score:5, Insightful)
Ok, I spot someone that's never dealt with systems at the high end.
There's a lot of prep work to unpicking things, and removing servers from secure areas, auditing them, planning to have them securely transferred and held in areas that are inaccessible with heavy physical security.
Logged/scanned to provide proof of transit, vetting everyone who handles the data volumes. Ensuring you have all sources of the data, auditing the backups, and pulling all of those, so on, so forth.
Everyone involved in this process will have to be security audited (most likely taken from an existing group of vetted people), and their services carry a premium.
There is a huge difference between destroying the data on your home gaming machine, and the sheer detail involved in transport and destruction of sensitive governmental machines.
£400k is actually a pretty lean number for dismantling the structure of this old project, considering that the infrastructure was sufficient to handle the predicted scale out to cover the entire UK population.