Data leaks: Forecasting the end of privacy?
Flowing Data ran an interesting post this week about leakage from large databases. It’s now almost a weekly event for us to report that the personal details of millions of private individuals have been compromised in some way by government or commercial institutions.
Their graphic (linked here) highlights the most worrying data-spills on a timeline covering the last decade. Notice how the frequency increases over time. Extrapolating, it wouldn't be too surprising if absolutely all supposedly private information will be in the public domain by the middle of the next decade. Our only hope is that with such huge quantities of information available, criminals will spend so much time wading through data that they won’t have time to empty our bank accounts.
I have a concern that we are focussed on data leaking out of databases and might just be overlooking a more worrying feature - the ability to insert/amend data that is malicious. Imagine if you would that DNA evidence can be 'planted' into police master databases prior to a criminal act and physical DNA planted at a scene.
No worries eh?
No imagine that a false criminal police record is created too.
Now take into account how difficult it is to prove to credit agencies that you are the victim of identity fraud.
Worried yet?
Now apply for your next job as a teacher, nurse, doctor, in fact any post that requires a background check via "secure databases'
....and now apply for benefits because you have not got a job - and find that you have more than £16k+ in a bank - but haven't really.
Getting messy?
Posted by: Charles Dowie | Mar 19, 2008 10:55:42 AM
Professionals such as doctors, accountants and lawyers have a long tradition of keeping confidentiality about their patients and clients. They have it dinned into them when they are training and it becomes an instinct. The leaky organisations have no such professional attitude to personal information. It's not 'in their blood'. We need to change attitudes; a healthy dose of indivudal fear of the consequences of a leak would be a good start.
Posted by: Frank Upton | Mar 19, 2008 1:03:38 PM
leaky as cheap colanders and as effective as a paper umbrella these data banks are unworthy of the sensitive data and confidence that some have invested in them. They are transparently worthless. One non smoking/drinking/drug addicted non criminal record friend discovered he was a Yoyo offender in and out of Prisonss etc with all the vices he had avoided in reality being ascribed to him in virtual. His name is extremely unusual so it was not an easy error to make. Thus it follows in virtual he is Not Of Good Character....suffice to say he is unhappy about what happened. All of which just confirmed my worst fears ......
Posted by: lisaxian | Mar 19, 2008 4:20:27 PM
Anything on computers will leak. Perhaps in my early days of IBMs STRETCH it was safe and only a select few got anywhere near the massive computer, but with networks of Pcs grabbing the data is often a trivial task. TEMPEST, Optical TEMPEST, Hardware/software keyloggers, hacking, the "Three Bs"(Blackmail, Beating and Bribery) can all be utilised to grab the data. The only security is that often it just isn't worth the time, money and effort to grab the data.
Posted by: Mike Orton | Mar 19, 2008 7:02:03 PM
A panic article? If business and government applied simple rules for data security then there would be no need for concern. Simple data encryption makes accidental loss a low risk. Restrict access to full databases and use decent secure VPN connections to access remote systems.
Sure it is not 100% secure, but then we often hear about banks putting your printed data in the bin. There has to be a balance between benefit and risk.
Far greater threat to your personal data is what you do with it yourself. Social networking sites and online CV posting can give a criminal all they need for ID fraud.
Posted by: Paul Campbell | Mar 20, 2008 8:34:33 AM
Here in Minnesota,USA..our local heating and electric Co.has in these past 3 months decided that they are having a 'Electronic Check Conversion' which means when we pay our heat bill by check we give Xcel Energy Co. authorizing to a electronic with draw out of our Bank accounts...without getting our permission in writing.
Now hows that for freedom.....they take out our cash without our permission from our accounts..how many people know your bank acct. number after this mess.
JOHANN DOHMANN, USA
Posted by: JOHANN DOHMANN | Mar 25, 2008 3:19:44 AM
Any corruption in the system can be fixed if the will to fix it does exist as well. The problem is there is a lack of willpower prevalent in our societies.
Example: A new law is passed that those who steal data serve a mandatory 10 years hard labor.
Result: Less people will be tempted to compromise data and those who do serve 10 years as an example to the rest.
Example: A new law is passed mandating execution for first time offenses for drug manufacture and distribution (in high quantities.)
Result: Less drugs are available as the graveyards fill and less people seek out a career as meth makers and drug mules for the cartels. Drug demand remains high for a while but supply is much less and prices are off the charts, therefore less drugs will be used in the long run.
Example: Illegal immigration is an unstoppable wave aided by corrupt businesses, politics, and 5th columnist who masquerade as human rights activists. A new law makes any illegal immigrant liavble for up to 10 years hard labor for the state that can lay hands on them first. They are sentenced to do the "work that Americans won't do" for no wages whatsoever and the state makes revenue renting them to businesses.
Result: Word spreads quickly through the illegal community and they flee the country. Those caught and sentenced serve as an example for those who are contemplating the soft invasion of our nation. The invasion rate slows to a small trickle and the repatriation rate is off the charts.
Solutions are not hard. It is the will to implement and enforce solutions in the face of so much corruption that is hard. Giving in is the easy cowardly way and it invites further troubles. A stiff reputation warns most troubles away.
Posted by: Agrippa | Mar 25, 2008 5:53:28 AM
What you should really anger you is the data kept on you that you DON'T know about. Like every search-engine query (required by U.S. law to be retained for warantless government inspection). Every purchase you make at your grocery store (if you use a debit or credit card). Records of when and where your car travels into a congestion-charge zone, or on a toll road. We have gone much further they George Orwell could have imagined. God help us!
Posted by: David from San Diego | Mar 25, 2008 8:50:02 AM
Stealing data is already a criminal offense, though with some problems of jurisdiction. I would like to see consent for government holding ever more data (DNA, ID schemes) accompanied by serious criminalization of data loss, with responsibility running three or four rungs up the organizational ladder. Then perhaps we might see people wondering if they really wanted to hold so much data instead of routinely keeping it on a just-in-case basis. Perhaps a few major civil class actions would do the trick.
Posted by: Andrew | Mar 25, 2008 12:45:44 PM