Re: Govt loses personal details of half the country!

On 21 Nov, 13:35, Richard Corfield <Richard.Corfi...@xxxxxxxxx> wrote:
On 2007-11-21, Dave Smith <da...@xxxxxxxxxxxxxxxxxxxxxx> wrote:



If data like those collected for the ID card scheme were lost or
stolen, how would they be used for illegitimate purposes?

How much data is going to be collected under this scheme? Would it
connect to other databases? Even if it can't be used to impersonate you,
can it be used to harass or cause other problems?

If you can get a loan with just name, address, date of birth and NI
number and maybe a few easy to forge utility bills then I expect the
information on the ID card database could be misused.

Biometric information as a means of authentication is worrying. Yes it
relates to your finger or eye or whatever that presumably only you have,
but there are limitations. There is only a certain amount of granularity
in the system, so although we may all have different fingerprints given
a large population there will be duplicates as far as the system can
tell.

If this information is ever used for remote authentication or unattended
authentication then it becomes incredibly dangerous as you're no longer
authenticating the finger or whatever but authenticating the electronic
signal generated by the scanner. That can be repeated, and unlike a
password it cannot be changed once someone else has it. If it can be
deduced from the records then getting hold of them would be end-game.

I have no faith in the data on this database being entirely correct.
So many things I've seen so far from errors in aggregated data received
from the government to reports of the mistakes made gives me confidence.
Low percentage errors over a population in the millions mean a lot of
mistakes. (OK, aggregated data amplifies errors)

ID card schemes I've heard of in other places have held information that
I don't think should be held and have been used in ways that are not
good.

- Richard

--
_/_/_/ _/_/_/ _/_/_/ Richard Corfield <Richard.Corfi...@xxxxxxxxx>
_/ _/ _/ _/
_/_/ _/ _/ Time is a one way street,
_/ _/ _/_/ _/_/_/ except in the Twilight Zone



You make some good points, but I would think there are some arguments
in favour of ID cards that are worth considering. There's more
information about the proposed scheme here:

http://news.bbc.co.uk/1/hi/uk_politics/3127696.stm

Dave
.

Relevant Pages

  • Re: Govt loses personal details of half the country!
    ... Biometric information as a means of authentication is worrying. ... relates to your finger or eye or whatever that presumably only you have, ... I have no faith in the data on this database being entirely correct. ... from the government to reports of the mistakes made gives me confidence. ...
    (uk.philosophy.humanism)
  • Re: Govt loses personal details of half the country!
    ... If data like those collected for the ID card scheme were lost or ... Biometric information as a means of authentication is worrying. ... relates to your finger or eye or whatever that presumably only you have, ... I have no faith in the data on this database being entirely correct. ...
    (uk.philosophy.humanism)
  • ASP.NET Forms Authentication Best Practices
    ... ASP.NET Forms Authentication Best Practices ... What happens if your user database is compromised? ... Listing One, where you want to use login.aspx to log users in. ... string FirstName ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Security question ..
    ... What I want to prevent is any access to the database accept through our ... application unless you have elevated permissions. ... Authentication, if he is smart enough to create an NT Auth ODBC connection ... passes through to the database or to use SQL Server authentication. ...
    (microsoft.public.sqlserver.server)
  • User authentication over the web (was: Secure Password in database)
    ... Subject: User authentication over the web (was: Secure Password in database) ... a web server is usually authenticated to users by using SSL or TLS ...
    (SecProg)