It has recently been in the news that some hackers, supposedly from China, have managed to take a copy of the entire UK register of electors from the computers of the Electoral Commission. This is obviously very unfortunate as it is a legal requirement
to register to vote so nearly all of us have had our details stolen.

What surprised me is that such a national database exists at all since registering to vote seems to be handled entirely by one's local Electoral Registration Officer, typically an official working for a Borough or County Council. Can anyone think of a
reason for the Electoral Commission to copy all these local registers and integrate them into a national database? It seems a huge and unnecessary risk - as they have no doubt belatedly realised.

This is one of the things that led to me supporting the NO2ID movement some years ago. We were protesting against the proposals of the then Labour Government to introduce compulsory identity cards. It wasn't the cards themselves that most of us
objected to, it was the necessity of setting up a national database containing all of our personal data in one place. That would have given the Government of the day huge new capabilities, as well as being an extraordinarily attractive target for
hackers.

--
Clive Page

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28/03/2024 18:50, Clive Page wrote:

It has recently been in the news that some hackers, supposedly from
China, have managed to take a copy of the entire UK register of electors
from the computers of the Electoral Commission.  This is obviously very unfortunate as it is a legal requirement to register to vote so nearly
all of us have had our details stolen.

What surprised me is that such a national database exists at all since registering to vote seems to be handled entirely by one's local
Electoral Registration Officer, typically an official working for a
Borough or County Council.   Can anyone think of a reason for the
Electoral Commission to copy all these local registers and integrate
them into a national database?  It seems a huge and unnecessary risk -
as they have no doubt belatedly realised.

This is one of the things that led to me supporting the NO2ID movement

some years ago.  We were protesting against the proposals of the then
Labour Government to introduce compulsory identity cards.  It wasn't the cards themselves that most of us objected to, it was the necessity of
setting up a national database containing all of our personal data in
one place.  That would have given the Government of the day huge new capabilities, as well as being an extraordinarily attractive target for hackers.

The Government already have the lists: passports, National insurance,
Electoral register, NHS number, driving licence. Google have far more.
The National ID was just simplifying IT systems.

So the ID battle was lost decades ago. The fight now is about
transparency of government. How we monitor them, and how they use the
data they have on us. They are fighting against this.

I thought the registers had always been open to credit agencies, etc. So
China having access is a bit of a non-event. On the other hand, if China
had got hold of everyone's voting history, that would be embarrassing.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 28 Mar 2024 18:50:29 +0000, Clive Page <usenet@page2.eu> wrote:

It has recently been in the news that some hackers, supposedly from China, >have managed to take a copy of the entire UK register of electors from the >computers of the Electoral Commission. This is obviously very unfortunate
as it is a legal requirement to register to vote so nearly all of us have
had our details stolen.

What surprised me is that such a national database exists at all since >registering to vote seems to be handled entirely by one's local Electoral >Registration Officer, typically an official working for a Borough or County >Council. Can anyone think of a reason for the Electoral Commission to copy >all these local registers and integrate them into a national database? It >seems a huge and unnecessary risk - as they have no doubt belatedly realised.

The electoral roll is used for a lot more than just voting. The police and security services have access to it. It's used by the court system to call people for jury service. Credit providers have access to it in order to
verify that the details you supply them are correct. Registered political parties are legally entitled to a copy of the full register. And the
unedited register is available publicly. All of those uses require (or at least, would be very difficult without) a central database.

Mark

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28/03/2024 18:50, Clive Page wrote:

It has recently been in the news that some hackers, supposedly from
China, have managed to take a copy of the entire UK register of electors
from the computers of the Electoral Commission.  This is obviously very unfortunate as it is a legal requirement to register to vote so nearly
all of us have had our details stolen.

What surprised me is that such a national database exists at all since registering to vote seems to be handled entirely by one's local
Electoral Registration Officer, typically an official working for a
Borough or County Council.   Can anyone think of a reason for the
Electoral Commission to copy all these local registers and integrate
them into a national database?  It seems a huge and unnecessary risk -
as they have no doubt belatedly realised.

It shouldn't be if their security was up to scratch. It is very likely a
pay peanuts get monkeys problem much like with NHS IT.

This is one of the things that led to me supporting the NO2ID movement
some years ago.  We were protesting against the proposals of the then
Labour Government to introduce compulsory identity cards.  It wasn't the cards themselves that most of us objected to, it was the necessity of
setting up a national database containing all of our personal data in
one place.  That would have given the Government of the day huge new capabilities, as well as being an extraordinarily attractive target for hackers.

You seem to be unaware that various private national databases held by commercial firms of everyone who has ever owned a house, had a credit
card or mobile phone contract already exists. I got exposed to a much
greater extent when Experion got hacked. The amount of detail they had
on me was quite amazing when I got to examine it.

Ironically proving to them that I was me to take advantage of a free 2
year anti-fraud package that they offered to those affected proved quite challenging. One of the security questions was state the address where
you lived for a few months nearly 30 years ago. Another was when did you
last renegotiate your mobile phone contract (can you remember that?).

You have no choice at all about the banks, insurers & phone companies
passing your info to these companies to further their business aims.

Passport system already has detailed biometrics and full personal data
for all of us that have passports. Only those with no bank accounts, no
driving license and living off grid have no digital footprint.

List A List B "proof" of identification in the UK is a complete joke.
The only people it catches out are elderly old ladies like my mum. By
the official rules I can only prove who I am for half the year...

Criminals have no trouble faking the required "ID" documents well enough
to fool a poorly trained bank clerk.

--
Martin Brown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-28, Pancho <Pancho.Jones@proton.me> wrote:

On 28/03/2024 18:50, Clive Page wrote:

This is one of the things that led to me supporting the NO2ID movement
some years ago.  We were protesting against the proposals of the then
Labour Government to introduce compulsory identity cards.  It wasn't the
cards themselves that most of us objected to, it was the necessity of
setting up a national database containing all of our personal data in
one place.  That would have given the Government of the day huge new
capabilities, as well as being an extraordinarily attractive target for
hackers.

The Government already have the lists: passports, National insurance, Electoral register, NHS number, driving licence. Google have far more.
The National ID was just simplifying IT systems.

So the ID battle was lost decades ago.

No. "The government" is not one thing. It is not one computer system
in one building. The tax man having access to your financial details
and the NHS having access to your health records and border control
having access to your travel records is not the same thing as the
Borsetshire County Council allotments officer being able to sit
in his office and access all of those records from his desktop.

The fight now is about transparency of government. How we monitor
them, and how they use the data they have on us. They are fighting
against this.

I do agree with this, on the other hand. Technological progress is
inevitable. In the long term the only way to keep abuse of it in
check is transparency about how it's used.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30/03/2024 01:54, Jon Ribbens wrote:

No. "The government" is not one thing. It is not one computer system
in one building. The tax man having access to your financial details
and the NHS having access to your health records and border control
having access to your travel records is not the same thing as the
Borsetshire County Council allotments officer being able to sit
in his office and access all of those records from his desktop.

Well if you read the details of the ID card proposed by the Blair government you will find that an integral part of it was the construction for the first time of an integrated database of essentially all government and local government information about
each person in the UK. It was that, rather than the plastic card, that so many of us objected to.

There might have been safeguards, but it was difficult to tell as details were sparse. So if a police constable stopped your car for some reason it is possible that they could access your NHS records or tell if you were up-to-date on your Council Tax
payments. Likewise it is possible that any doctor or nurse treating you might be able to work out what your income was from your tax records. Many of us thought that this sort of thing was very undesirable. Instead of relying on "safeguards" it
would be better not to build such a database at all and, as far as we knew, the proposal was abandoned in the face of widespread disquiet.

Other replies to my post suggest that the central electoral register is needed so that credit reference agencies can check up on people. I'm pretty sure that nobody told me when filling in the registration form that my data would be available to such
essentially private companies for such purposes - I wonder if the Office of the Information Commissioner has given permission for such use? I realise that the electoral register is also used to select people for jury service but that's also an entirely
local process, so no central register is needed.

I still think that this is a case of entirely unnecessary and perhaps illegal mission creep. Too late now, of course, as our data have been collected and been extracted by, perhaps, the Chinese government.

--
Clive Page

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-31, Clive Page <usenet@page2.eu> wrote:

On 30/03/2024 01:54, Jon Ribbens wrote:

No. "The government" is not one thing. It is not one computer system
in one building. The tax man having access to your financial details
and the NHS having access to your health records and border control
having access to your travel records is not the same thing as the
Borsetshire County Council allotments officer being able to sit
in his office and access all of those records from his desktop.

Well if you read the details of the ID card proposed by the Blair
government you will find that an integral part of it was the
construction for the first time of an integrated database of
essentially all government and local government information about each
person in the UK. It was that, rather than the plastic card, that so
many of us objected to.

Indeed. I was also active in No2ID - hence my post above which was
disagreeing with Pancho, who was disagreeing with you.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <l6t018FrebgU1@mid.individual.net>, at 12:33:58 on Sun, 31
Mar 2024, Clive Page <usenet@page2.eu> remarked:

Other replies to my post suggest that the central electoral register is >needed so that credit reference agencies can check up on people. I'm
pretty sure that nobody told me when filling in the registration form
that my data would be available to such essentially private companies
for such purposes -

The relevant legislation is peppered with references to purposes
related to fraud prevention. And that's precisely the service those
companies offer to clients. Not just creditworthiness, but much more
the prevention of identity theft.

I wonder if the Office of the Information Commissioner has given
permission for such use?

It's beyond preposterous that they would not have. Although they aren't
so much "giving permission" as "checking that the law gives permission".

I realise that the electoral register is also used to select people
for jury service but that's also an entirely local process, so no
central register is needed.

I think you'll find that the catchment area of courts isn't restricted
to one District Council, but typically will be several. Where I live the
County Court it's probably five, for example.
--
Roland Perry

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 31/03/2024 12:33, Clive Page wrote:

On 30/03/2024 01:54, Jon Ribbens wrote:

No. "The government" is not one thing. It is not one computer system
in one building. The tax man having access to your financial details
and the NHS having access to your health records and border control
having access to your travel records is not the same thing as the
Borsetshire County Council allotments officer being able to sit
in his office and access all of those records from his desktop.

Well if you read the details of the ID card proposed by the Blair
government you will find that an integral part of it was the
construction for the first time of an integrated database of essentially
all government and local government information about each person in the UK.   It was that, rather than the plastic card, that so many of us objected to.

I doubt it was an integrated database, although given Blair's
operational incompetence it could have been. The idea is more to link
separate systems. So the tax system may query the health system, etc.
You can think of this as a single system, but it wouldn't be. Even with
a universal unique personal ID the communication between systems would
be problematic, would take work to enable.

In large organisations, like the NHS or a large Bank, they have many,
separate, IT system. A major cost of a new system is providing wrappers
so it can talk to other existing systems. These interoperability
wrappers generally provide very limited capabilities. Imagine the tower
of Babel.

There might have been safeguards, but it was difficult to tell as
details were sparse.  So if a police constable stopped your car for some reason it is possible that they could access your NHS records or tell if
you were up-to-date on your Council Tax payments.   Likewise it is
possible that any doctor or nurse treating you might be able to work out
what your income was from your tax records.   Many of us thought that
this sort of thing was very undesirable.  Instead of relying on
"safeguards" it would be better not to build such a database at all and,
as far as we knew, the proposal was abandoned in the face of widespread disquiet.

This is largely a false worry. Access to data is protected by
permissions, even if you know the ID. For instance, you may know another person's bank details, account number, sort code, but you can't look at
their bank statements, even if you both bank with the same company.

Other replies to my post suggest that the central electoral register is needed so that credit reference agencies can check up on people.  I'm
pretty sure that nobody told me when filling in the registration form
that my data would be available to such essentially private companies
for such purposes - I wonder if the Office of the Information
Commissioner has given permission for such use?   I realise that the electoral register is also used to select people for jury service but
that's also an entirely local process, so no central register is needed.

I suspect they did tell you, and that you have forgotten. Did you know
any Bank account opened in the last two or three decades provides
details on your earnings and spending patterns to credit reference
agencies, by default?

I still think that this is a case of entirely unnecessary and perhaps
illegal mission creep.  Too late now, of course, as our data have been collected and been extracted by, perhaps, the Chinese government. >

It is what it is. The point is that for the vast majority of us it is
easy to achieve the effect of Blair's ID without creating a new one. The current available IDs are good enough. Blair's system would have mainly
helped with pathological cases or criminal cases of misattribution of
identity.

I actually believe there are huge dangers from misuse of personal data,
by the government, and others. I just don't think the ID particularly significant.

Integrated IT systems do provide us with very real advantages, we want
them, they are being provided. As I said earlier the spotlight needs to
be on permissions and transparency.

A particular concern I have is the misattribution of significance to
data obtained by “Data Dredging”.

e.g. a legal system which creates laws that everyone breaks but only a
few people are prosecuted for. Speeding for instance. Imagine the
government kept records from roadside TV cameras. Normally they would
just ignore minor speeding events, or not analyse them. However, if they
wanted to target a particular car, for unrelated reasons, they could
search the camera database and look more closely, to find all the times
the driver had broken the speed limit. They could then prosecute the
driver for these crimes. If the driver complained, the prosecutor could
quite correctly point out the evidence was irrefutable.

Data is power, we need laws to control it. Laws drafted by people who understand data, as opposed to our current legislature, which is almost universally controller by people who are technologically illiterate.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)