« Counter-Terrorism Bill 2008 published - pre-charge detention sleight of hand obscures destruction of duty of confidence etc. | Main | Intelligence and Security Committee and unpublished Annual Reports - the Checks and Balances on the Secret State are not working »

HMRC tax record security only for a minority of the privileged, but not for the rest of us

The Daily Telegraph reports on another disturbing Soviet style bureaucratic practice of Her Majesty's Revenue and Customs: they seem to have two classes of tax record - one for the ruling elite of "celebrities, Members of the Royal Family and Members of Parliament", and then another, less secure category for all the rest of us.

This does not appear to be on any physical risk based criterion e.g. protected witnesses, members of the Special Forces or Intelligence Agencies, undercover policemen, or victims of stalkers etc, but simply on vague notions of celebrity or political office.

N.B. it should be made clear to terrorists, that Members of Parliament, even members of the Government, who are supposedly serving the Public, not just themselves, are not a worthwhile target, since we, as a society will simply replace them democratically, whilst mourning any individual casualties.

This is not the first time that such creepy and sycophantic behaviour has been detected with centralised national bureaucratic databases - it seems that there are similar plans afoot to exempt "celebrities" and possibly others, from having to register their details on the Children Database / ContactPoint , as well.

Why have Labour politicians instituted and approved such institutional discrimination ?

Online tax system 'too risky' for the famous
By Robert Winnett, Deputy Political Editor
Last Updated: 2:04am GMT 26/01/2008

The security of the online computer system used by more than three million people to file tax returns is in doubt after HM Revenue and Customs admitted it was not secure enough to be used by MPs, celebrities and the Royal Family.

Thousands of "high profile" people have been secretly barred from using the online tax return system amid concerns that their confidential details would be put at risk.

This provoked anger from consumer groups and accountants who said the same levels of security should be offered to all taxpayers regardless of their perceived fame.

The word "anger" does not come close to the level of fury and hatred which this policy will provoke amongst the majority of the public who are being treated as inferiors by the HMRC bureaucrats and Labour party politicians.

HMRC was responsible for losing 25 million child benefit records and the latest admission will concern millions of people entrusting the online system with their confidential financial records.

From this year, anyone wishing to file a self-assessment tax return after October will have to do so online or face stiff penalties.

However, HMRC has a list of those excluded from the new rules who must send hard copies of returns for "security reasons".

The HMRC Child Benefit database scandal shows that the internal couriers and postal delivery systems are less secure than encrypted electronic data transfers, so what are these alleged "security reasons" ?

Hundreds of thousands of people are expected to use the electronic system to make the Jan 31 deadline this week.

Tax records contain bank details, national insurance numbers, salary and details on investments and savings - all valuable to fraudsters.

This is true, but the media reports always tend to forget the physical safety and possible life threatening aspects of the illegal disclosure of name and home and work address details of people at high risk from stalkers, terrorists, organised criminal gangs and foreign intelligence agencies.

[...]

The system was uncovered by the Tory MP Andrew Robathan, who received a letter saying he could not file online. He challenged ministers.

"Given our discussions on the efficiency of HMRC recently, how come I have also been sent a letter from HMRC saying I cannot file online?"

Jane Kennedy, a Treasury minister, told him: "There are categories of individual for whom security is a higher priority. Not just MPs - there are several categories - and HMRC does not have the facilities for them to file online."

The full Question and Answer exchange during Thursday, 24 January 2008 Oral Answers to Questions -- Treasury Topical Questions, is available here via TheyWorkForYou.com

Jane Kennedy's full response was:

The hon. Gentleman raises a fair point. There are categories of individual for whom security is a higher priority. [Hon. Members: "Oh!"] Not just Members of Parliament—there are several categories of people in that position, and HMRC does not have the facilities for them to file online. However, it is working to see what can be done to change that in future.

This statement by the junior Labour Minister, is morally, ethically and politically wrong !

In a statement to The Daily Telegraph, HMRC confirmed the policy. "HMRC online services are designed with security as an integral part of the service. We use leading technologies and encryption software to safeguard data and operate strict security standards.

"A tiny minority of individuals' records, including MPs, have extra security measures over and above the very high standards of confidentiality with which HMRC treats all taxpayers' data.

"The separate arrangements mean they are unable to use the online service."

The extra security applies to those in the public eye. Their details are thought to be stored on a highly-restricted database with extra levels of security.

HMRC stressed that all taxpayers' details were secure.

These statements by the Labour Minister and HMRC are illogical rubbish.

Either they are wasting public money on extra staff and computer equipment for this alleged "highly-restricted database" which are not really needed, because the standard procedures for protecting the tax records are adequate, or there is a serious flaw in those standard procedures.

Why should there be institutional favouritism within the tax system for any celebrities or politicians ?

If there is such favouritism, is there also corruption ?

The online form filling aspect via the Government Gateway, now subcontracted out to Atos Origin, which is mostly, but not exclusively used for online tax returns, is SSL / TLS encrypted, at least as well as any other online credit card or internet banking application.

Like most such online credit card or internet banking applications, the Government Gateway does not force individuals to make use of client side Digital Certificates so as to reduce the chances of a Man-in-the-Middle attack on the encrypted session between your web browser software and the Government Gateway secure webserver.

However such Digital Certificates are available for Individuals, Agents i.e. tax accountants etc. and for Companies and Organisations which send in tax returns on behalf of their clients or employees.

Unfortunately the registration process relies on only using Microsoft web browser software with ActiveX controls enabled - a security anathema to many people, including us.

The Cabinet Office asserts that this content is safe. You should only install/view this content if you trust The Cabinet Office to make that assertion.

On their past record, why exactly should you trust Cabinet Office ?

However, for there to be any practical extra risk, at this stage, to the online tax return form, there would also have to be sneaky Man-in-the-Middle attack proxy servers working within the majority of UK based Internet Service providers.

Any such criminal attacks would not discriminate between "celebrities" and the rest of us.

If HMRC have any evidence of such attacks, then why have they not reported these to the Police or to SOCA ?

Once the Government Gateway servers have securely delivered the online tax return forms to the HMRC's own computers, then that is where the majority of the security and confidentiality risks to tax records begin, amongst the supposedly trustworthy HMRC staff.

There is a case for having specialist groups of trained staff dealing with, for example people with complicated tax returns, perhaps Non-UK Domicile residents etc., but that should not mean that the levels of security and privacy are higher for such a category of tax payers, than for the rest of us.

Is this further evidence that too many HMRC insiders, have potential access, to too much data ?

If we can summon up enough energy, will mighty try another tedious Freedom of Information Act Request / Internal Review / Appeal to the Information Commissioner etc. cycle, to try to shed some transparency on this scandal e.g.

  1. What are the names of these special categories ?

  2. Approximately how many people are in each category ?

  3. Who exactly makes the decision to put someone into one of these special categories ?

  4. When, if ever, is an individual removed from such a special category ?

  5. Does a special category extend to an individual's entire family as well ?

  6. How long this discriminatory policy has been in place ?

  7. Who exactly authorised this policy ?

  8. What about the previous 24 year tax record history of an individual, before they became a "celebrity" or politician ?

  9. Are these special category tax records included in the datasets handed over, through the statutory gateway, to the DWP Longitudinal Study ?

  10. What is the annual cost of these extra infrastructure and personnel resources to handle these special categories ?

We will be stunned if HMRC actually bother to answer our simple questions, in full, within the statutory 20 working days laid down by the Freedom of information Act 2000.

We urge readers of Spy Blog to ask their own questions and to submit their own FOIA requests.

According to the HMRC FOIA web page

If you would like to submit a request for information under the terms of the Freedom of Information Act please email Michael Armstrong.

Alternatively you can write to the Unit at the following address:

Freedom of Information Unit
Room BP5001
Dunstanburgh House
Longbenton
Newcastle upon Tyne
NE98 1ZZ

We are not sure if the email form to "Michael Armstrong" is to a real named official, or to a pseudonym.

An indication of how a low a priority Freedom of Information is to HMRC, is that they still do not appear to have integrated the former Inland revenue and HM Customs and Excise FOIA publication schemes.

The former Inland Revenue FOIA scheme contact details are still online here

Therefore It might also be worth sending a copy of any FOIA request to:

The Freedom of Information Act Unit
Information Resources
Inland Revenue
Room 66
100, Parliament Street
London SW1A 2BQ

Tel: 020 7147 2412
Fax: 020 7147 2197
Email: ccp.disclosure@ir.gsi.gov.uk

Posted by on January 26, 2008 8:51 AM |

Post a comment