This forum is in read-only mode for archive purposes, please use our new forum at https://community.justflight.com
Forum Home Forum Home > Just Chat > Just Chat - General Discussion
  New Posts New Posts RSS Feed - You can run... but can you hide?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

You can run... but can you hide?
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
MartinW View Drop Down
Moderator in Command
Moderator in Command
Avatar

Joined: 31 Mar 2008
Location: United Kingdom
Points: 26722 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinW Quote  Post ReplyReply Direct Link To This Post Topic: You can run... but can you hide?
    Posted: 28 Oct 2008 at 9:28am
Pointy will find Panorama interesting. Smile
 
What this guy blagged on the presenter was frightening. PAYE numbers, national insurance numbers the lot. In two hours, the blagger got loads of very personal and private information on the presenter. It's easier than ever he said, since data basess have been consolidated nationwide. The HM Revenue and customs have done little to set up a secure system.
 
As the CCTV capital of the world and with more data being held on us than ever before, Britain has been called a surveillance society. For Panorama's programme You Can Run... But Can You Hide? reporter Simon Boazman set out to find out just how much privacy exists in Britain today, how much data is held about him as an individual, if that information is secure and if he could cut his data trail.
 
Back to Top
VulcanB2 View Drop Down
Chief Pilot
Chief Pilot
Avatar

Joined: 02 Apr 2008
Points: 13365 		Post Options Post Options   Thanks (0) Thanks(0)   Quote VulcanB2 Quote  Post ReplyReply Direct Link To This Post Posted: 28 Oct 2008 at 12:59pm
...and the idiots then want a national ID card system with biometric data on it?

With data being this available, you can bet that system will be, too.

With biometric data, it would be possible for a rogue state to produce targeted biological weapons that only affect a certain demographic, and is safe for others. Don't think there aren't states who wouldn't pay highly for that kind of data.

It shouldn't be permitted.

What scares me is that there is no public out-cry over this lot. The government talks of national security - you're looking at it. We should be demanding an immediate parliamentary investigation into these leaks, and how/why this data is accessible, then it should be tackled as severely as terrorism currently is.

Best regards,
Vulcan.
Back to Top
MartinW View Drop Down
Moderator in Command
Moderator in Command
Avatar

Joined: 31 Mar 2008
Location: United Kingdom
Points: 26722 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinW Quote  Post ReplyReply Direct Link To This Post Posted: 28 Oct 2008 at 7:03pm

With biometric data, it would be possible for a rogue state to produce targeted biological weapons that only affect a certain demographic,

 

I'm not sure if that’s technically possible but if so very unlikely I would have thought.

 

The Panorama episode was a bit worrying, especially the bit regarding the new children’s database, with children registered on the database from the age of 12 without the parents knowledge. And the 5 criteria used to asses a child’s mental and physical health very subjective and open to interpretation. With that many able to access such a massive database, it increase the likely hood of a nefarious individual appearing and accessing the DB with ill intent.

 

A full-scale debate on the implications of such things required the sound of it. You can't stop the march of technology, but we can do our best to insure that personal privacy and the security of information isn't compromised.
Back to Top
VulcanB2 View Drop Down
Chief Pilot
Chief Pilot
Avatar

Joined: 02 Apr 2008
Points: 13365 		Post Options Post Options   Thanks (0) Thanks(0)   Quote VulcanB2 Quote  Post ReplyReply Direct Link To This Post Posted: 28 Oct 2008 at 7:26pm
The fact that so many people get access when it is entered on these computer systems is wrong. No system should ever be like that.

Look at how councils are abusing RIPA - these same people have access to these other systems, too, simply because of the way it is all managed. It's wrong.

To say that all these people have access but won't be allowed to use it is NOT how you conduct security. They should not have access of any form, even if it means they're faced with a login prompt.

300,000 people I think it is, could potentially have access. Yes, I may say "potentially", because it will be resting on a tick box that says "YES/NO" to access. That however isn't security. Having access that far is too far in this context.

I was listening to the radio the other day, and they were debating this system, and its security. The minister who is supposed to be over looking this said that security is a serious part of the system, but "didn't want to say how it worked in case it weakened the system".

Well, I can tell you right now that "security through obscurity" is no security, and that a system reliant upon secrecy isn't secure.

If the system was truly secure, she would have been able to say "access is via secure links, and the data is only accessible to authorized users via the use of smart card authentication and secure token".

No security should ever be able to be comprised simply because you know how it works. No wonder governmental IT security is a mess - it seems few people actually understand what it is.

You have several barriers to break:

* The secure link
* The smart card
* The secure token
* Users password

Breaking any in any combination (except a full house) does not break the others. Further restricting access when the user is on holiday, or after working hours is yet another layer of security to be broken.

The golden rule of IT security: "Security is a process, not a product".

Best regards,
Vulcan.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down