UK ID Card Scheme Data Deleted For £400K

DaveNJ1987 writes "It will cost the British government only £400,000 to destroy the data for its failed ID card initiative. The data compiled by the National Identity Register, which was scrapped last year by the coalition government, will be disposed of for the relatively small sum — in government figures — Home Office minister Damian Green confirmed."

Let me do it

[dintech]

I'll show them how to destroy it for half the price.

Re:

[91degrees]

What sort of guarentee can you offer that it will be adequately destroyed?

This is the problem. They want to be absolutely sure that nobody can get hold of the disk drives and extract the data. At least that's what I'm guessing.

Really they could just shoove the computers in some dark area of Whitehall and nobody will touch them.

Re:

[dintech]

I'm glad you asked. I was going to send all their kit to Nigeria [bbc.co.uk]. I'm sure that data will be safe there.

Re:Let me do it

[Dr_Barnowl]

They could lock them in the bottom drawer of a filing cabinet in a disused lavatory with a sign on the door that says "Beware of the Leopard", and eventually, someone will find them.

My guarantee of data destruction - thermite. It's the only way to be sure.

Well, ok, there are a lot of ways. You could extract the platters and scrub all the ferrite off with soapy water. You could just do a 1-pass wipe and it puts it beyond the capability of all known data recovery labs. There's those specialist industrial shredders designed just for disk drives that reduce them to a small heap of granules.

But thermite is more fun.

Re:Let me do it

[Hognoxious]

More likely they'll just delegate it to a junior civil servant who'll get drunk after work and leave it in a taxi.

Of course if you really want to destroy it just send it through the post, with a prominent label saying "FRAGILE".

Re:Let me do it

[santax]

That's how I got rid of the first wife! No need to murder anyone, just put her in a box, stamp Fragile and Alaska on it and you're good.

Re:

[Opportunist]

If they don't break her, they'll forget her in some godforsaken postal storage place for "misplaced" crates that are too heavy for a single postman to carry and since they cooperate usually as well as the average Popes...

Re:

[JasterBobaMereel]

...This is government collected and stored data, it is not on one hard drive, or one system, it is scattered on multiple systems, backed up of many others, and parts are now in other databases, this is why it costs this much, most of this is search fees to find output where the data is from audit trails ....

Melt it

[mangu]

There's those specialist industrial shredders designed just for disk drives that reduce them to a small heap of granules.

A cheaper alternative would be a flowerpot and some charcoal [ntlworld.com]. Or they could send them to a commercial aluminium recycler to make it look more profesional.

Re:

[tom17]

But how did you get down the stairs?

Re:

[SharpFang]

The biggest problem is the destroying the data stored in wetware of employees who collected and accessed it.

I heard they contacted the Church of Scientology on techniques of secure brainwashing, but there are concerns both about quality, security and moral side of the process.

There are opinions that disposing of the employees using the big shredder is both safer and more humane.

Re:Let me do it

[fuzzyfuzzyfungus]

Never. Ever. Ever. fuck with an angry thermite colony...

Even fire ants won't burn their way through an engine block just to get at you.

Re:

[Lazareth]

I wonder how much it would cost them to get it placed at ground zero of a bomb test by their own military... Bonus points if it is nuclear.

Re:Let me do it

[Rogerborg]

What sort of guarentee[sic] can you offer that it will be adequately destroyed?

The same guarantee that everybody else offers - cast iron, 100% and fully contractually enforceable. At least enforceable against the tiny limited liability shell company with no assets that you've spun off to do the actual work.

See, it's not how you do the work, it's how you do the business that matters.

Re:

[nosferatu1001]

KYC woud mean I would not do business with the shell, as it would be unable to meet the contract conditions.

Proper KYC exposes those shell games very quickly, and you're simply removed from the list of approved providers.

Re:

[Apatharch]

I know it's not the done thing to actually read the article, so:

The destruction will be carried out by a a CESG accredited and approved supplier, securely and in accordance with established secure destruction policy, procedures and guidelines, Green said. These include compliance with the HMS IA Standard No. 5-Secure Sanitisation of Protectively Marked Sensitive Information. Physical equipment holding the data will be degaussed and physically shredded.

Re:

[sjames]

Now with t25 and ultrafresh!

It sounds like the usual government standard, either way over-do or be completely ineffective. There can be no middle ground.

Why not just degauss the tapes and overwrite and then re-deploy the drives in other secure projects? If used in a RAID, it's actually desirable to use drives of varying ages and production lots anyway. As long as they are deployed to a secure project, they'll eventually get shredded when they have served for their entire useful life.

Re:

[Saint Gerbil]

At least they are doing it properly rather than the "leave on train" strategy of recent years.

Re:

[Anonymous Cowpat]

Really they could just shoove the computers in some dark area of Whitehall and nobody will touch them.

"Shall I file it?"
"Shall you file it? Shred it!"
"Shred it?!"
"No-one must ever be able to find it again!"
"In that case, Minister, I think it's best I file it"

Re:

[Xest]

"What sort of guarentee can you offer that it will be adequately destroyed?"

They can watch as he sets to work with his sledgehammer.

Re:

[nosferatu1001]

No you didnt. The NIR had nothing to do with the passport service.

Re:

[teh kurisu]

I don't think they ever actually started putting passport applicants on the system. It was meant to start in 2008, but the date got pushed back to 2011/2012, so the system was scrapped before it started.

Airside airport workers were the only people ever to be added to the system against their will, I think. Foreign nationals were also added, as a condition of being allowed to live in the country.

Re:

[Shrike82]

I'll show them how to destroy it for half the price.

I'll do it for a quarter! Seriously, just give me all the paper files and the hard disks of any computers and I'll stick them in a skip and set the whole mess on fire. Could turn it into a street party celebrating the end of a sinister Orwellian initiative!

Re:

[HungryHobo]

might want to throw some termite into the mix to be sure.
I like the street party idea though.

Re:

[Anonymous Coward]

termites?

Re:

[HungryHobo]

yes!
hungry metal eating termites!
of course they might eat the skip too so RUN!

Re:

[TheoGB]

'Orwellian'? Those poor French bastards! Oh the humanity!

(FWIW my main disagreement was on the basis of costs and the security of your information so it's fine by me that it's gone.)

Re:

[Opportunist]

An Orwellian bonfire... I was expecting this to be held at the Parliament, somehow...

Third party

[clickclickdrone]

I see they've hired some 3rd party firm to do it. That stuff, both kit and data will turn up in a year or so's time. Guaranteed. Laptops on eBay and the data sold to ID thieves.

Re:

[L4t3r4lu5]

Actually, no. I'm just going to run DBAN on the servers, single pass zeroes.

My original quote was a 20 stack of writeable CDs and 2 days time... £500 max. They told me that wasn't the way bidding for government contracts work, so I said £400k.

I can do it for 20.

[Anonymous Coward]

Select All > Delete!

JUST PRESS CTRL+A, then mash the delete key. Press enter to confirm. DONE.

$20 please.

Re:

[Anonymous Coward]

Shows what you know.

You have to empty the Recycle Bin!

Coalition Government?

[djdevon3]

What they call coalition government we call bipartisanship, right?

Re:

[KarlIsNotMyName]

Sort of. There's more than two sides to be agreeing or disagreeing in the UK and other European countries.

Re:Coalition Government?

[Serious Callers Only]

What they call coalition government we call bipartisanship, right?

No, it's a coalition government - rule by more than one party in the same cabinet/government. Quite common in Europe, unheard of in the states (though you do have cohabitation between a president and a congress or senate hostile to them quite often).

A true coalition in the States would have (for example) Obama appointing Dick Cheney or Ron Paul as his vice-president, and working with him day to day and appointing advisers from other parties, but the systems are so different that it's hard to compare. Typically a coalition is made up of one large party and one or more small ones to make up the numbers, so in the strongly bipartisan system of the states, it's unlikely to happen.

Re:

[Serious Callers Only]

sorry, for bipartisan in that last sentence, read bipartate...

Re:

[aslate]

I thought I'd add the caveat that whilst it's quite common in Europe it's highly unusual in the UK, with only a few instances of a coalition government forming and even fewer where it has actually lasted a substantial period of time.

No idea whether the current one is going to ride the next year's worth of pain and come out the other side or not.

Re:

[I8TheWorm]

Early on the Vice President job went to the Presidential candidate with the second most votes. Sadly, the Founders seem to have envisioned a political system with no parties, but they surfaced nonetheless. Having a President and a Vice President from different parties caused too many problems though so the system was changed. We're actually in our fifth party system, the current one starting in the 30s under the New Deal.

Congress is made up of multiple parties, but voters here in the US tend to think the

Re:

[Cimexus]

See Australia for a good example of where coalition government is relatively common. In practice, Australia is thought of as having two major parties (like the US), but one of those parties is in fact two parties (Liberals and Nationals) in a coalition. Usually just referred to as 'the Coalition'. The other large party is actually a single party (Labor), although they kinda operate in an informal coalition with the Greens.

I've lived in both Australia and the US for a long time and I must say the #1 flaw in

Re:Coalition Government?

[TheRaven64]

No. To have a coalition government, you need more than two parties. It is one of the outcomes when no single party manages to gain an overall majority. In this case, the largest party was the Conservatives, the second largest was Labour, and the third-largest the Liberal Democrats, with a smattering of smaller parties and independents. The government was formed by a coalition of the Conservatives and Liberal Democrats. The Prime Minister is the head of the Conservative Party, the Deputy Prime Minister is the head of the Liberal Democrat Party, and the cabinet is made up from members of both parties. Government policy is driven by both parties, although more by the Conservatives.

Another alternative in this situation would be a minority government, where the Conservatives (with the largest bloc) attempted to form a government by themselves, but had to persuade members of other parties to vote with them or abstain for every issue they wanted passed. This is a bit fragile: last time it happened in the UK, it only lasted a few months before a vote of no confidence in the government passed, triggering a general election.

Re:

[Cimexus]

Note that Australia currently has a minority government as described above. And by the slimmest of margins: 74 Liberal/National seats vs 76 'Labor + several random independents' seats.

Essentially, if even a single Labor member (or Labor-aligned independent) votes against the party line on a single vote, the Government loses. A very fragile, and very uncommon situation. I will be surprised if it lasts the full 3 years until the next election is due.

Re:

[laddiebuck]

Or a war. The National Government that formed for the Second World War was a coalition, for instance, but of all parties in the House.

If they send me the data and drives

[maroberts]

I will be happy to light a large bonfire for half of the £400k quoted.

They need prvate contractors

[Chrisq]

They need private contractors. Government officials are not capable of wiping their own arses, let alone data.

Re:

[Nineteen-Delta]

That's where all the taxpayer money goes. - half to set up the comittee to decide, then 7/16ths to find contractors to tender for the job. Then the last few thousand actually gets spent on the labour of destrying the data - which would fit on a few hard drives at most, it goes in the crusher, and job is done in ten minutes. Its about time that someone responsible did the job themselves, and saved £400,000 - you could even do it by destrying the data and preserving the media, so the drives can be recy

Re:

[malkavian]

Interesting. This is based on what personal experience of yours? And what role did you have in the plan?
I can guarantee you that for something of this scale and sensitivity, £400k is a drop in the ocean.
I'm actually pretty impressed with that figure.

Re:

[malkavian]

For the comment on 'fit on a few hard drives at most', do a quick capacity plan.
This was intended to scale for about 60 million people. With all the data stored (pictures, other biometrics, text etc), think about 1 meg per person (probably more with other things like audit trails, update trails, historical info etc.).
Gives you about 60,000 GB of data. Add in indexes (can be close to data sizes) for about 1.2 PB.
Add in redo log sizes, backup sizes etc and you're definitely into the several PB range.
Now the

Re:

[Arlet]

Gives you about 60,000 GB of data. Add in indexes (can be close to data sizes) for about 1.2 PB

2 times 60,000 GB is only 0.12 PB.

Re:

[sjames]

1000GB = 1TB, NOT 1 PB!

So about 60 TB for the raw data and lets go nutz and say the audit trails quadruple it to 240 TB.

That is thousands of 70GB drives (based on the principle that teeny over-priced SCSI drives are commonly used in this application for some reason when enterprise grade SAS drives in the 500GB range would work fine).

If you must actually destroy them, the pricing to do so is reasonable. However, a secure wipe will also destroy the data. If the drives are then re-deployed in other secure proj

Re:

[Anne Thwacks]

Indexes and indices are different things (at least in my part of the world).

Re:

[malkavian]

Interesting. Come from pretty hefty positions in the private sector (where I was deemed more than sufficient to do what I do), and now work in the NHS (ethical/personal reasons), I can assure you there are a goodly many people who are very capable (some who hands down beat people I've met in the private sector) in the Governmental arena.
Yes, there are some "dead weight" ones. But that happens anywhere with strong union presence.

Re:

[sjames]

Yes, there are some "dead weight" ones. But that happens anywhere with strong union presence.

In non-union shops, the dead weight doesn't go away, it just tends to fail up or becomes part of someone's headcount in middle management turf wars.

Re:

[forgot_my_nick]

> They need private contractors. Government officials are not capable of wiping their own arses, let alone data.
Who let you out of the Daily Mail comments section?

Re:

[JasterBobaMereel]

They need private contractors to do this so when the data turns up later they can blame the contractor ....

I'll do it for free!

[Opportunist]

I get reimbursed by the customer for the data anyway.

C'mon, you don't think that whoever does it for these peanuts isn't gonna do that too, do you?

PC LOAD LETTER

[Compaqt]

Wasn't there another way to destroy the data?

(Taking it out to a field and sledgehammering it?)

Really for £400K

[OrangeMonkey11]

Did anyone think of just taking a couple of 50Gallons oil drums fill them with gas and shredded old tires put the drives in them and let these burn for a while; I realized that this does not sit well with many people due to the fact that it's bad for the environment. The other solution just melt all the data drives down along with a bunch of steels.

reasonable

[DaveGod]

I don't have the breakdown but (and I may be giving too much benefit of the doubt) the £400k should cover far more than pressing delete on a database. There's destroying the storage medium, security to make sure nobody's walking out with data... Not forgetting the costs of actually dismantling equipment, and I wouldn't be surprised if there are significant figures for an early property lease termination penalty, dilapidations and staff redundancies.

To digress a little, no it is not uncommon for staff

Paper shredder for hard drives

[stimpleton]

This'd work: Paper shredder for hard drives [youtube.com]

Re:

[Tim C]

Personally as a UK citizen I'd much rather they paid someone who knew what they were doing to do it properly than just "wiped the disks".

For a start, you do realise that for data like this destruction of the physical storage medium is a requirement, right? (It's right there in the article)

Re:

[Arlet]

For a start, you do realise that for data like this destruction of the physical storage medium is a requirement, right? (It's right there in the article)

1. Pick up servers
2. Drop in industrial shredder
3. ???
4. Profit 400.000 pounds

Re:

[nedlohs]

??? isn't quite good enough, since you missed more than one required step. And a "we did something" isn't good enough. Sure you could likely destroy it for less money if you removed all the red tape.

But do you want the government to have requirements and standards and documentation for such things? Or do you want them to just say "yeah, we deleted it. Trust us"?

Re:

[Arlet]

Paperwork is all routine and doesn't actually cost all that much. The actual physical work is done by minimum wage employees after some basic training.

Re:

[nedlohs]

Licensing fees usually aren't so trivial, inspections usually aren't so trivial. Liability probably isn't so trivial.

If it was then someone would have bid less, surely?

Re:

[Arlet]

If it was then someone would have bid less, surely?

Nah, somebody bidding less than 400k would be considered unreliable.

Sigh, what about the COST of the DESTROYED items

[SmallFurryCreature]

If I destroy equipment NOT only do I have to pay for the destruction but for the write-off for the equipment.

If I blow up your car the cost to you is NOT 1 stick of dynamite. It is the stick of dynamite, the cost of your car, the bill for the fire department and the kick up your arse for failing so badly at cost calculation.

Re:

[Arlet]

If I destroy equipment NOT only do I have to pay for the destruction but for the write-off for the equipment.

The TFA mentions the sum of 400k GBP only for the destruction of the data. I would expect the equipment write-off to be a separate sum, probably bigger.

Re:

[SausageOfDoom]

The underpants gnomes stare at you in disgust.

Re:

[X.25]

Personally as a UK citizen I'd much rather they paid someone who knew what they were doing to do it properly than just "wiped the disks".

For a start, you do realise that for data like this destruction of the physical storage medium is a requirement, right? (It's right there in the article)

Obviously, reliable destruction of data costs 400,000 GBP, right?. Please, don't be silly. It's really amusing how people are trying to justify silly things politicians are obviously doing to setup cash for their cronies.

Do you know how seized drugs are often destroyed?

Blast furnace.

Please tell me which data storage medium will survive blast furnace?

And then tell me what can possibly cost 400,000 GBP.

For 400,000 GBP I can build a whole damn system which will reliably destroy data.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[X.25]

And old tampons are flushed down the toilet. Chalk and cheese.

So, you are implying that data storage medium should not be destroyed reliably in blast furnace because... they're not the same as drugs?

Thus, it's wiser to spend 400,000 GBP to destroy them by doing exactly what?

Re:

[Gonoff]

Shredding them - as is supposed to be done with all old public computer storage devices in the UK - and that is just part of the process.

Re:

[sjames]

Blast furnace or massive industrial shredder doesn't make much difference (the shredder may be cheaper). The expensive part is hiring well vetted people to remove the drives from the machines and inventory them accurately, secure transport to the destruction facillity and maintaining the audit trail that shows each removed drive ended up in the shredder AND that the drives removed and shredded were all of the drives that contained that data. It would be a shame to do all of that and then have the un-audited

Re:

[nosferatu1001]

So the secure transport is free?

The time to derack the servers is free? Oh, and the accredited,SC level people just appear on a whim?

You appear to be dense enough to assume it is all about the final step. It isnt.

Re:

[BasilBrush]

If you think that adds up to nearly half a million pounds, you're a cretin.

Re:No surprise

[malkavian]

Ok, I spot someone that's never dealt with systems at the high end.
There's a lot of prep work to unpicking things, and removing servers from secure areas, auditing them, planning to have them securely transferred and held in areas that are inaccessible with heavy physical security.
Logged/scanned to provide proof of transit, vetting everyone who handles the data volumes. Ensuring you have all sources of the data, auditing the backups, and pulling all of those, so on, so forth.
Everyone involved in this process will have to be security audited (most likely taken from an existing group of vetted people), and their services carry a premium.
There is a huge difference between destroying the data on your home gaming machine, and the sheer detail involved in transport and destruction of sensitive governmental machines.
£400k is actually a pretty lean number for dismantling the structure of this old project, considering that the infrastructure was sufficient to handle the predicted scale out to cover the entire UK population.

Re:

[X.25]

Ok, I spot someone that's never dealt with systems at the high end.
There's a lot of prep work to unpicking things, and removing servers from secure areas, auditing them, planning to have them securely transferred and held in areas that are inaccessible with heavy physical security.
Logged/scanned to provide proof of transit, vetting everyone who handles the data volumes. Ensuring you have all sources of the data, auditing the backups, and pulling all of those, so on, so forth.
Everyone involved in this process will have to be security audited (most likely taken from an existing group of vetted people), and their services carry a premium.
There is a huge difference between destroying the data on your home gaming machine, and the sheer detail involved in transport and destruction of sensitive governmental machines.
£400k is actually a pretty lean number for dismantling the structure of this old project, considering that the infrastructure was sufficient to handle the predicted scale out to cover the entire UK population.

Oh my goodness! This sounds just like a job for a fucking law-enforcement agency, and not a crony private company.

I am shocked!

Re:

[Nemyst]

And yet there probably will be a leak anyways. Makes you wonder whether all that trouble is actually worth it...

Re:

[petes_PoV]

And then tell me what can possibly cost 400,000 GBP.

What costs this much? A few months of a couple of "security consultants" off the approved suppliers list, for a start. Billed at the usual rate for government jobs. It will take them at least that amount of time to attend the meetings, write the proposals, agree the process, appoint the auditors, find all the copies (except for a few which will later leak out), benchmark some data destruction methodologies and finally outsource the whole mess to the lowest bidder who will take the data and fly-tip it somewh

Re:

[I8TheWorm]

Blast furnace may be used some of the time, but often it's a simple bonfire. Cheaper for sure. Less safe for those tending it as well, but a budget is a budget.

Re:

[guruevi]

Not really, all you need is a certificate that the data cannot be recovered. DBAN it and resell it on e-bay. Even if they physically destroyed the disks, they're probably getting the whole set of computers, laptops, network equipment etc. from those offices - remove the hard drive, plug a new one in, sell on e-bay. There are services out there that do physical data destruction for free if you donate the computers.

Re:

[Anonymous Coward]

If you read TFA you'll see Labour pissed away £330m on ID cards, so 400K is peanuts by comparison. Also, the same "friends in the city" were the people labour spent that money with.

Re:

[Anonymous Coward]

As opposed to Labour, who'd set up an organisation for it overseen by a committee with 3 layers of management, and then lose it on a train later? The Tories are arses, but they're nowhere near as putrid as the last lot. This thing was designed to scale up to the whole UK population of 60 million. It's likely they've got to close down an entire data centre.

Re:No surprise

[Dan1701]

You clearly do not grasp the sheer idiocy, incompetence and utter lack of any skills whatsoever which characterises the British civil service. These days there IS no IT department apart from the outsourced PFI numpties who charge for each and every action performed. This is why whole database dumps get transferred all over the place; there isn't anyone who has the handy database skills to run a quick SQL query and put out only the required data into a twin-key encrypted package, because the way the PFI deal was written every such action costs the Government money.

Add to this the last Government had a number of highly embarrassing incidents of data loss, where USB sticks were let on trains, and in one case CD-ROMs of sensitive data were encrypted, but the password for the encryption was written onto the media disks themselves. The civil servants were complying with the regulations, but doing so in such a way that no hassle over passwords would occur. The same civil servants that did this are still employed, and the UK Home Office (which is dealing with this data) has the reputation of being the dumping ground for all the most incompetent, most useless and most stupid civil servants in Government.

Outsourcing data disposal like this is the safest way to ensure complete destruction without any little unofficial backups being taken and sold on, or people "forgetting" to wipe the disks before ebaying them, and so on. 400K is peanuts compared to the cost of cleanup after a data leak.

Re:

[slim]

I'm pretty certain there are those in the Conservative party that would love to outsource most of the NHS. The thing stopping them is that the NHS is a sacred cow.

They're effectively working on that right now. GPs are being given the "choice" to do their own admin, so they'll outsource their admin to private companies. Rawnsley said on the radio only this week that there's "no reason why NHS GPs should be civil servants".

Re:

[Anonymous Coward]

I can see why. Many European countries have independent GPs. None have the crazy health costs that the US has. Overall health isn't that much worse than they're in the UK, and when you focus on the neighborhood (France, Denmark, Belgium, Netherlands) they do better than the UK in fact.

One of the reasons for this is that GPs treat a large number of patients, with common afflictions. Statistics ensures that this has predictable volumes, and also predictable costs. In a sense, they're like band-aids. You can m

Re:

[Anne Thwacks]

After 13 months of Tory rule, you have forgotten the Labour party's previous practices.

Re:

[BasilBrush]

No. Labour were bad. Tories are ten times worse.

Re:

[X.25]

"Having IT wipe the disks" is not the way to do this.

And since you seem to know all about data destruction, please tell us what is the right way to do it.

Thanks.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[TheoGB]

I like the circular notion of documenting the disposal of someone's personal information.

"No Mr. Smith, your data was fully deteled. I have the document right here to prove it: 'Mr. A. R. Smith, born 17th Feb 1963, married to Mrs. C. J. Smith, degree from Cambridge, DNA sample number 0900303093029298992,' etc., etc. and here at the bottom, 'Deleted' and it's stamped by three separate officers. Yes sir, your data has definitely been destroyed."

Re:

[Anne Thwacks]

Since you obviously you have detailed knowledge or our secret procedures. I regret to inform you that I am required to kill you.

Yors sincerely
Mr A. Hitman, 003.5

Re:

[X.25]

It isn't simply about destroying the data, it's about making sure it is documented and verified. Same way that a small screw on an aeroplane will cost far more than the one you get in the shop even though they are same thing.

Ah, I see. So, the procedures used for destruction of drugs are not good enough? I mean, it doesn't get documented and drugs are obviously not destroyed good enough.

But I am sure that private cronie company is much better in documentation and following strict procedures than a law enforcement agency.

I see. Your logic is flawless.

You still didn't answer me - how is the data then supposed to be destroyed "correctly", according to you?

Re:

[marcello_dl]

May I?

How to destroy data correctly:

1. announce that your web access filters will be disabled for a few days due to upgrade.
2. give the HDs to destroy to your staff as "old drives for backup purposes"
3. wait two days.

The drives will be by then filled with porn and malware. Of course this is nowhere near a multi pass wiping but the staff will guard their new hd closely, so...

4. profit!!!

Re:

[squizzar]

In line with some of the posters below: Presumably this mythical IT department has other stuff to do. I know governments are inefficient, but still I reckon you'd be taking a bunch of people away from other necessary work. Secondly, which IT department? I'd guess there are many IT departments that operate for the different parts of the government, you think anyone is going to give their people over to a project outside their remit for free? Do you take on staff to do the job, leaving yourself the diffi

Re:

[nosferatu1001]

They dont have the right equipment, nor hold the appropriate certification, to perform secure data destruction.

The right way to go about a *specialist* task is to hire the appropriate *specialists* in their field. Not general IT staff who have neither the time, qualification or equipment to do the job properly

Re:

[AmiMoJo]

Rubbish. Data destruction is a standard task for most IT departments. What company doesn't want its data wiped when disposing of PCs?

It is also fairly easy, easier in fact for the IT department than an external company. The IT department should know where the data has been saved, where the backups are etc. Ideally it should be encrypted too in which case destroying the key is the first step. After that the usual multi-pass wiping and optionally a degauss and physical media destruction for HDDs. Optical disc

Re:

[malkavian]

Interesting. So you're an expert on Public sector software.
Some of it is a travesty, yes. An awful lot of it is actually pretty decent. And some of the internally developed stuff is absolutely top notch.
I work in the NHS, and the amount of stuff I've had to turn down from commercial vendors because they frankly don't have a clue is astonishing. Stuff written by places like medical physics departments go into the devices that actually get used front line in medical equipment.

Interesting to see you're so

Re:

[Alioth]

The rankling thing about the ID card project (apart from the masses of irrelevant and intrusive data it was to collect) was that the outgoing Labour government said it was "self financing". So, does the financing fairy come along and sprinkle some pixie dust around, and as if by magic the hundreds of millions needed show up?

No, what they mean is ID cards were to be paid for by those who hold them. Given that the cards were to eventually be compulsory, how is this different from having cards given out for "f

Re:

[rich_r]

Oooh, you're Andy Coulson, AICMFP.

Or possibly Walter Mitty.