Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

IDs FOR SALE! IDs FOR SALE! Who wants to Buy One?

The Financial Times this morning has a video that just gobsmacked me.  I know I've been vocal in the past about ID protection but I'm now at the point that I've been terribly enlightened...and saddened!  

An American journalist takes us to see another journalist in Russia who visits a store that sells databases on everyone.  I mean everyone!  Poor old Vladimir is no exception.  These databases come from all, and I do mean all, of the public service agencies; we know that public corporation databases have been available on the black market for years so now the criminals have access to the lot!  It's all very real! It's not science fiction anymore. Perhaps it's all too late!

Can we do anything to stop this happening here? The first thing that we need to do is to stop putting our head in the sand and saying that it can't...or that it won't happen.  Nothing can go wrong, we are different. That's just bullshit.

Dealing with the sheer number of agencies that have our details increases the risk that just one of them has a bent employee. So we shouldn't trust any of them.  I would rather see a single agency that manages ID - the exposure to the bent employee risk has to be less than the alternative.

And don't tell me that putting your eggs in one basket increases the risk either. If you leave the basket in a safe place and it's not moved, the eggs will be fine.

Although, the video has made me rather shell shocked!

6828

Channels

Security Regulation & Compliance

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (2)

A Finextra member
A Finextra member 26 November, 2009, 21:28Be the first to give this comment the thumbs up 0 likes

Sorry but the video is by Charles Clover, Nov 24 "Russia's Information Black Market".  Use the slider on the right hand side to navigate to the right bulletin.

Report abuse
John Dring
John Dring - Intel Network Services - Swindon 30 November, 2009, 09:49Be the first to give this comment the thumbs up 0 likes

I think the link you want is:

http://www.ft.com/cms/s/0/07dedd34-d921-11de-b2d5-00144feabdc0.html   but it is a slow one, so get it streaming and pause it to buffer it up, and you need full screen to read the subtitles!

I tend to agree.  I don't really see the big deal with a national ID programme (in the UK) since most 'normal' people will have a driving licence or passport with photo id etc on it anyway.  (A DNA database is a different thing.  Too easy for a speck of DNA to get injected into a crime scene and then you are in the position of proving innocence).

But the problem is really with all the other data that is farmed about you in the form of credit agreements, insurance policies (and the associated provided inside leg measurements) and these are not sources that are going to be put into the control of one big brother anytime soon - they are pushed around and traded without your consent, or rather with your forced and implicit consent, in order to get the credit/cover etc you need.  So eventually, this data will seep out to the public domain and will be (or is already) available if you know where to go.  Forcing a digital watermark/signature in the data might help identify the origin of the data, but it doesn't help once its  been leaked.  DRM protecting it seems the best option - time limiting the accessability of it should work for bulk data, but until then it can always be extracted into another format.

Maybe we should all have different Avatars for online registrations? At least then it would be more difficult to aggregate the info sources.  Each Avatar could supply a personal key (token) which only you hold the key to allow the onward distribution?  Then we would all need a Personal Security Device (PSD) to hold these private keys.

Just rambling now.

Report abuse
Join the discussion
Blog group founder

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more