"But 200 computer terminals in five "back offices", where officials processed applications and ran background checks, will be spared the crusher. Instead, workers will have to "provide file locations of extracted data" so that the Home Office team can put together an "audit record of data deletion"."
Seems to me that this is where the compromise will be. Asking "workers" to "provide file locations of extracted data"? What's the chance that some locations will be missed? And why do they not already have a registry of all locations where private data is copied?
Also, it's far easier to compromise a computer (do it remotely over the internet) then some piece of card scanning hardware (more likely to need physical access).
But, in another twist, the document also reveals that not all identity data will be destroyed - some will be kept for the purposes of investigating fraud.
Security theatre, and like security theatre at airports it masks the reality that in all probability nothing of substance is actually happening.
And of course we trust all of these people to get it right and for nothing to slip through the cracks. The threat is as much about what happened in the past as what happens now. What guarantees are there that some employee didn't make their own copy of the data and take it offsite? What about backups?
There's quite a complex set of processes behind the way HM Government systems are managed. They can't just throw backups away, they have to prove that they've been disposed of in-line with HMG policy.
As for guarantees, there are no more than there would be that someone at Google hasn't done that, but what HMG does have is a fairly strong vetting standard, that these people will be under.
The 'proof' is just a form being filled in, I doubt there is a government overseer who does a directory listing and then observes the destruction of that specific drive.
And none of this theatre can rectify historic breaches.
The only people who have the ID cards are the ones who volunteered in the first place. They clearly don't care about their privacy so why bother going to all this effort?
I'm totally for getting rid of them. I just don't think they need to go through all this effort for the sake of people who don't care about their own, or anyone elses privacy. Just Ebay the machines.
Seems to me that this is where the compromise will be. Asking "workers" to "provide file locations of extracted data"? What's the chance that some locations will be missed? And why do they not already have a registry of all locations where private data is copied?
Also, it's far easier to compromise a computer (do it remotely over the internet) then some piece of card scanning hardware (more likely to need physical access).