Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Alan Bell Against Id Cards?

Cronky

By Cronky
in Local News

Recommended Posts

Cambon Mentor

Cambon

Posted
Posted
If the UK gets it's way with ID cards we will all have our lives logged and catalogued for the authorities to peep at. However, with the 'discs' fiasco the public have woken up to the dangers of the authorities holding lots of information about us on huge databases. Thankfully the Conservatives and Liberal Democrats are firmly against the scheme and Gordon Brown seems very weak these days.

 

Ironically, the discs fiasco is actually a case for a centralised database, not against it. It's far easier to secure a central database than a whole bunch of separate ones like exists now.

 

 

 

Actually, it is not. It is, however, a case for IT people not to be involved in the running or security of systems.

Link to comment
Share on other sites
  • Replies 53
  • Created
  • Last Reply
Dodger Newbie

Dodger

Posted
Posted

It doesn't matter how good a system is it can still be hacked! Those with access can make the passwords too obvious, they can have their biometrics cloned and then used to gain access, not even difficult these days.......

 

I don't agree with centralising the information as it means that all your data can be lost/stolen at the same time, why if we need an id card does it need to hold so much information? Why do we need one when we already have a passport?

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
Actually, it is not. It is, however, a case for IT people not to be involved in the running or security of systems.

 

 

How is it not? Centralising your data reduces many of the risks, which is why pretty much everyone does it.

 

And how exactly are you going to have non IT people responsible for IT security?

 

Dodger, generally the "silo's" of government data is the same, just duplicated around different departments/systems. So you've stole one, you've stole it all. Centralising it has got to be an improvement.

 

Wasting my breath like, more unqualified bullshit incoming any second now....

Link to comment
Share on other sites
Albert Tatlock Grand Master

Albert Tatlock

Posted
Posted
How is it not? Centralising your data reduces many of the risks, which is why pretty much everyone does it.

It does also put all of your eggs in one basket. By definition even if it was centralised, many thousands of terminals will still need to connect directly to some version of it. I think it will be many a hackers 'dream target', simply because that's what hackers live to do.

 

The potential rewards of a succesful hack or getting someone on the inside will probably outweigh the risks for many potential hackers/criminals.

 

'Everyone in the world is bent', Mr Bridger (The Italian Job)

Link to comment
Share on other sites
Cambon Mentor

Cambon

Posted
Posted
How is it not? Centralising your data reduces many of the risks, which is why pretty much everyone does it.

 

And how exactly are you going to have non IT people responsible for IT security?

 

Very few institutions keep all there data in one place. They would be absolutely foolish to. If the government kept one central database, how would that look from a terrorism perspective (even just from a really pissed off tax payer's point of view) one bomb would send the whole system into chaos.

 

On the security part, ask any IT auditor. The last person you want with access to information is someone who might know how to use it.

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
It does also put all of your eggs in one basket. By definition even if it was centralised, many thousands of terminals will still need to connect directly to some version of it. I think it will be many a hackers 'dream target', simply because that's what hackers live to do.

 

The potential rewards of a succesful hack or getting someone on the inside will probably outweigh the risks for many potential hackers/criminals.

 

'Everyone in the world is bent', Mr Bridger (The Italian Job)

 

It wouldn't ever be physically in one place, so eggs in one basket and Cambons bizzare bomb scenario doesn't really fit. What you're talking about is a single joined up system of databases rather than the silo's the government have now. Silo's of data are a bitch to secure, you've got different data in different places with different security policies access rules, systems, awful. Far easier to secure a single central system and reduce the risks.

 

On the security part, ask any IT auditor. The last person you want with access to information is someone who might know how to use it.

 

Jesus, where do you start vs this shit? How do you propose to secure databases without experts in database security?

Link to comment
Share on other sites
Owen Newbie

Owen

Posted
Posted

Cambon, I presumt you're referring to vertically partition your data right? If you're a business that means you'll keep your client information in one database, but accounting data will be in a seperate database (rather than having half your clients in one database and half in the other).

 

Vertical partitioning may help segregate data so it's only available to applications that utilise that data, but you have the added cost of keeping both databases in sync with one another and as ai_Droid says, you have 2 databases to secure, not 1. The tenant here is that if someone made off with one of your two databases, it would still be devastating for your organisation. Take the recent HMRC case, the data lost was only a subset of that that HMRC held, so this sort of segregation doesn't actually mitigate the risk of your data ending up in the wrong hands.

 

On a side note, I love your comment "It is, however, a case for IT people not to be involved in the running or security of systems." Would love to know who you would recommend to be responsible for keeping the systems running and secure ...

 

 

--------------------

Tech Blog - Personal Blog - Hobby Blog - Manx Friends profile

Have a Manx website? Post it up at SearchMann

Link to comment
Share on other sites
John Barber Newbie

John Barber

Posted
Posted
That's the point it can be lost, stolen and generally misused! Confidence in the government being able to safely store all our data in one place is NIL! This is what the UK government are looking to do with the National Identity Register (NIR). This is presumably what the IOM government would do if they followed the UK as they generally do, I hope that the don't with this.

 

Some simple points:

 

- the uk doesn't store all the data in one place

- perhaps if it did, it would be more secure?

- they have all this data anyway, spread about different departments, what difference does an ID card actually make?

 

This may well be the case, but only if you can design a system that has absolutely no reliance on, contact with or access by HUMANS. Always remember, to err is divine, to really screw up take a people person.

Link to comment
Share on other sites
Alias Newbie

Alias

Posted
Posted

Just because the government has cocked up database storage and handling before doesn't mean it can't be done safely, in a proper system there would be proper measures in place to monitor the flow of data (noone would have 'global' access) and encryption would be a necessity for the transfer of any data..

 

How do you think nuclear weapons' arm codes have been handled in some countries for the last 40 years? Having all the codse scattered round the country at lower-security sites?

 

A secure system can be put in place: if the government is incapable of commissioning a project that can meet these demands, then you're going to have problems with data loss whether it's centralised or scattered.

Link to comment
Share on other sites
Slim Newbie

Slim

Posted
Posted
This may well be the case, but only if you can design a system that has absolutely no reliance on, contact with or access by HUMANS. Always remember, to err is divine, to really screw up take a people person.

 

That again makes a centralised system more secure, because there's less people involved in looking after it vs silos of data.

Link to comment
Share on other sites
Ushtey Newbie

Ushtey

Posted
Posted

Why not just write everyone's details down in one great big book, give to one person, then whenever you want to check anything, just give them a call.

 

If any information leaks out, you know who to blame, there's only one person to security check, the data's all in one place and with a premium rate phone number it would pay for itself.

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
Why not just write everyone's details down in one great big book, give to one person, then whenever you want to check anything, just give them a call.

 

If any information leaks out, you know who to blame, there's only one person to security check, the data's all in one place and with a premium rate phone number it would pay for itself.

 

You're taking the piss, right?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...