snark maiden
"Staff at 30 local authorities have been responsible for security breaches of the government database that will help make up the national ID cards programme. The public sector workers viewed personal records on the Customer Information System (CIS) run by the Department for Work and Pensions (DWP). The database contains personal data for the majority of UK citizens, including benefit recipients, pensioners and anyone with a national insurance number. The breaches were discovered following routine checks, and found that staff at 30 local authorities have accessed personal records, “without business justification”, since 2006. The DWP CIS database will form the majority of the biometrics-based national identity register under the government's ID cards scheme."
care of NCC, a security consultancy.

So, the 'it's so secure  you don't need to worry' national identity database that will have biometric data (good luck getting a new fingerprint issued after it gets compromised) that I've been viewing as a honeypot that will attract every idenity thief who can get online, is also going to leak like a sieve to internal users. There are supposed to be stern punishments that will deter people from just rummaging around the national ID database; let's see if they get applied this time then.

Tamper-proof CVs?

snark maiden
Three little words that send shivers down your spine: government IT project...

All 14-year-old children in England will have their personal details and exam results placed on an electronic database for life under a plan to be announced tomorrow... Officials said last night that the introduction of the unique learner number (ULN)was not a step towards a national identity card...The new database — which will store a “tamper-proof CV” — will be known as MIAP (managing Information Across Partners). To be registered on the new database every 14-year-old will be issued with a unique learner number. Unlike the current unique pupil number now given to children in school but destroyed when they leave, the ULN will be used by government agencies to track individuals until they retire. Ultimately, it will create a numbered database for every citizen aged 14-plus in the UK.

OK, it's from the Times so it may not be accurate but I just love the idea of a tamper-proof CV - and the way it will shut down most of the more venal recruitment consultants... I don't think I need to say why the database itself is a bad idea, not to mention unnecessary as everyone posts all those details on FaceBook anyway...

Mistakes in Identity: The Register

I've written a lot about developments in identity systems this year; this time I've been writing not about new features but about old problems and whether the new approaches will make a difference. It turns out that some of the old systems provide good principles. If someone changes the address on your credit card but not the address you've set with an online identity provider, the credit card company can cross-check with your preferred address - or they can just choose to trust you. The less information a company keeps, the fewer liability issues. Small pieces, widely distributed; stealing all of my identity would be like a treasure hunt. Plus, why Dale Olds from Novell thinks identity might be the wrong word to use for all of this: read on at Developer Register...

Web 2.0 is metadata

full steam ahead
Why Web 2.0 will end your privacy
Are they investing in Web 2.0 sites because they're cool? Nope - because they can do contextual advertising. Which will be the next big thing; Microsoft's adCenter will allegedly detect your gender from your surfing habits and allow advertisers to deliver 'relevant' ads on the next page you visit.

But that's not quite all the answer. The VCs are investing because they all want whatever turns out to be the next Google: Google's VC had another 199 projects you've probably never heard of, and that was just in that 12 months. There's the me-too element and the 'new and shiny' bubble element. There's the fact that if you're under 21, 60+% of the content you look at online is generated by someone you know (news as entertainment rather than information again). Tim O'Reilly has been saying for a long time that the future of Web applications is metadata (Amazon ratings, flickr tags, digg 'dugs' and the rest), and that the smart companies get us to make the metadata for them.

And the other side of the coin is Identity 2.0, as it seems to be called. Add together the US laws on ID theft that mean companies have to disclose how many personal details they lose in laptop thefts, stolen backup tapes and good old-fashioned hacker break-ins, the post-SarbOx emphasis on compliance and regulation and the fact that the head of compliance is more likely to be on the board than the head of IT. Not many companies want the responsibility of keeping a lot of customer data unless it's sanitised and anonymised. Technology and privacy advocates are finally going in the same direction: put the user back in control of what data they disclose to a site and tell them where what they say is going (at least in the first instance). Over the next year or so we'll start seeing more ways to log in with tools like InfoCards that give you at the very least more of an idea about who is tracking what about you.



RSS Atom
Powered by
Designed by Tiffany Chow