Thursday, May 04, 2006

Boarding passes: tickets to everything

Interesting Guardian Article featuring Adam Laurie, on identity leakage via a discarded boarding pass. Well worth reading, as it highlights a number of important aspects and consequences of the ubiquity of data-collection and data-sharing.

"The problem here is that a commercial organisation is being given the task of collecting data on behalf of a foreign government, for which it gets no financial reward, and which offers no business benefit in return," says Laurie. "Naturally, in such a case, they will seek to minimise their costs, which they do by handing the problem off to the passengers themselves. This has the neat side-effect of also handing off liability for data errors.

This raises 2 points - firstly, that as noted, privacy offers little direct return on investment - thus, companies easily become blasé about privacy for the same reason that many companies are blasé: about network security - there's no direct benefit to spending the cash. Privacy and security both inherently only cost when the status quo is disrupted and something goes very very wrong - but usually by then, it's too late.

Secondly, handing data entry off to consumers entails a further aspect - that of convenience. As with many IT systems, convenience is often offered in place of security, rather than in addition to it (although that's not to say the two are inherently mutually exclusive). As the data being used to construct profiles of individuals moves further along the chain and certain attributes are filtered out, so there is less requirement to maintain stringency and accuracy in both integrity of the data, and access to it.

The Guardian rightly draws parallels with the ID Scheme. Think carefully about where data will end up, even with safeguards at each individual level.

No comments: