PJC Journal :: Personal Data and Trust in those who hold it.

Main Page

Photos

Archive

Enabling ID Fraud

Libertarian Party

This Month

Month Archive

August 2007
July 2007
May 2007

Year Archive

2008
2007

My blog is worth $211,137.96.
How much is your blog worth?

Should you like what you read here at PJC Journal and would like to assist with the running costs associated with this blog, please feel free to donate to its operation.

Recent Visitors

Yokel - Sun 05 Oct 2008 19:49 BST

zappa88 - Fri 19 Sep 2008 20:54 BST

Harry Hook - Wed 03 Sep 2008 01:31 BST

drug_treatment_center - Mon 01 Sep 2008 12:53 BST

IanPJ - Thu 21 Aug 2008 01:55 BST

Main Page » Enabling ID Fraud

Previous:	Enabling ID Fraud #1
Next:	Huge increase in UK laptop thefts in 2006

Personal Data and Trust in those who hold it.

by IanPJ on Mon 07 May 2007 20:09 BST | Permanent Link | Cosmos

Over the past few months, on both sides of the Atlantic there have been multiple revelations of massive security breaches where sensitive and personal data has been stolen or revealed to the public at large, breaches by hackers, banks throwing data in bins, PC’s being stolen, government databases being hacked, insiders selling information or details sold by DVLA.

Government especially needs to be more aware, as they hold some of the most sensitive data on you and me, and the number of government breaches is going up, not least the latest NHS scandal with the MTAS system which revealed details including name, address, age, religion, sexuality, criminal records (if they had any), and their references. (although this begs the questions as to why the government would want details of their religion, sexuality etc).

More importantly it means that this data also been exposed to the criminal elements of the world, who would most likely use it for fraudulent purposes.

Some of that sensitive data may be personal data that can be used to uniquely identify a person, such as their Social Security Number or driver’s license number. If a person obtains sufficient personal data on an individual, they can perform identity theft, impersonating that individual in order to fraudulently open accounts, obtain credit cards, etc. It can take the individual whose identity was stolen a long time to get things straightened out, and during that time their credit history is tarnished, lives are ruined, businesses destroyed.

The Government needs to understand, and act upon the fact that it is not us, the public, who are to blame for the levels of fraud, but indeed it is themselves and business who do not secure the data that they hold on us, that is causing the levels of crime and fraud that are part of our everyday lives.

Yes, Government departments, Banks and Businesses who hold our data are responsible for the fraud, they are the cause, they are the ones who are not being responsible with our personal data.

Until the Government and Business can be trusted with the data they hold on us, then the arguments for an ID card, ePassports and most importantly the NIR are redundant, and any moves to force people to participate in these schemes are both divisive and dangerous, as there is so much stolen data in the wrong hands that the fraudsters will be queuing up to get the first ID Cards.

Before any compulsory moves are made, both Government and Business need to prove to the populous that they can be trusted to hold this data, and in that we need a series of laws that force government departments, agencies and all business to report publicly any breaches of data security, and those responsible are held to account.

Such moves are already underway in the US, where The Cyber Security Industry Alliance (CSIA), a lobbying group comprised of a number of security vendors, is pressing Congressional legislators to pass a law governing disclosure in the event of a data security breach.

In the CSIA's annual report, the group criticized Congress for failing to pass a comprehensive data security law in 2006 requiring companies with data breaches to notify victims.

There can be few people in the UK today who have not been touched by a breach in one way or another, so I believe that such a legislative move is long overdue here in the UK, if trust is ever going to be a word associated with Government and business again.

Today, the trust is not there, we do not believe what they say, we do not trust what they do.

p.s. With regard to the NHS MTAS system. Any unprotected system that is put on an internet facing connection, without adequate security in place is attacked by the first hackers on average during the first 15-30 seconds of it being made available.

Any Government official who tries to downplay its importance or indicates that it was only very minor, or that no-one knew it was there because it was not advertised on the net needs their head examined, and the dangers of the internet very severely pointing out to them. (perhaps by placing all of their personal details on an unprotected machine, and connecting it to the internet).

Say NO to ID Cards, Say NO to the database state.