The Register summarises identity theft among large organisations in March, big figures that those looking to implement nationwide identity schemes should probably take some note of. The HO FAQ addresses these in a couple of places:
What’s the benefit of having biometrics? "Use of biometrics will also make it much more difficult for a fraudster to obtain a second identity card as the biometrics can be checked against those already on the National Identity Register to see if they are already registered. It will also provide an additional means of associating an individual to a particular identity card, which greatly increases the security and robustness by supplementing more traditional methods such as photographs and signatures."
Won’t an identity card be attractive to fraudsters and organised criminals? "Yes just as current identity documents are. This is why we will have strengthened identity checking procedures, biometrics and improved physical security measures both for existing identity documents and for identity cards."
So the government line tends to amount to not much more than "biometrics, biometrics, biometrics". Quite why the HO thinks it can guard customers' -- sorry, citizens' identities more securely than a large company, I'm not sure - maybe if their track record in technical projects had some semblance of success, I might be inclined to believe them... There are surely more constructs needed to ensure the necessary security than mere hardware aren't there? How much attention to education regarding the system should there be, for instance? What penalties/responsibility should there be for being careless with your own data, say?
As the Reg article points out, "The vast majority of incidents can be traced to ... just plain stupidity among those who 'own' our personal data." Shouldn't the government be planning some contingency for what happens if (/when) details are stolen and usable on a wide scale, rather than just assume they're not going to be?
1 comment:
Indeed, "never attribute to malice what you can to stupidity", although perhaps in some cases, a fair pinch of both can be assumed. My main fear is that a naive approach to data-collation (the National Info Register) combined with overly-paranoid, under-evidenced actions and laws will lead to the worst of all worlds - most importantly, without sufficient safeguards or back-up plans. Hacking together fix after fix for "unforeseen" problems in an inflexible design usually leads to a crippled system, a seething mass that the fun-loving public will end up doling out for, because it's "necessary" once in place. Remember - there's no going back...
Post a Comment