Self Assesment (was Re: Backdoor government key escrow?)

Derek Fawcus dfawcus at cisco.com
Sat, 11 May 2002 15:07:04 +0100 

On Sat, May 11, 2002 at 08:57:06AM +0100, Joe Harrison wrote:

> BUT only certificates issued by a choice
> of two little-known companies (Chambersign or Equifax) are acceptable for
> VAT filing.

As I recall these are also the certificates that they allow for use in
electronic filing of your self assesment tax return.

Anyway,  I recently received a letter from the Inland Revenue containing
a self Assesment 'User ID'.  Mind given that they also require one to
enter your tax payer reference as a password,  I'd claim they have the
terms 'user id' and password swapped.

So apart from the evident lack of security in them mailing me a password,
they also state that I have to destroy it if I'm not going to use it.
This does seem a bit stupid to me;  send out without me requesting it
a security token (in plain text),  and in a form that doesn't even allow
me to know if it's been compromised.  It's printed on plain paper,  not
even in the form that my payslips arrive in,  never mind the fashion in
which my Bank will send me a notification of my cash card PIN.

The one small comfort,  is that when looking over the appropriate web
site,  I seem to recall it stating that the id will be invalidated if
not used within a time period (28 days?).  Pity I can't invalidate it
immediatly.

However,  the thing that really got me was when looking at what info
was available on that web site with loging in.  It stated in a FAQ
that the use of this electronic filing service was subject to terms
and conditions.  Now the only set of terms and conditions I could
find absolved the government from all errors that may arise in the
use of their service and/or software for electronic filing.

It was one of those "This software//service is not warrented to perform
it's intended function" type of statements.  So if I was to use their
electronic form filling service,  and their back end software made a
mistake in calculating the correct numbers,  then they say the fault
is mine.

Nice!

DF