Computer Weekly readers' give their views
Online use of ID cards poses serious risks
With regard to your news story "ID checks to go online"
(Computer Weekly, 21 February) the online use of ID cards presents
major risks.
Risk 1: if the biometrics are not checked against the national
identity register, then the cards could be stolen or forged. If the
biometrics are checked (perhaps using a cheap USB-connected
fingerprint reader), then Risk 2 (below) becomes really
serious.
Risk 2 (the big one): anything a computer can scan, encode and
transmit, it can also store or send elsewhere. So a Trojan program,
installed by a virus perhaps, or in a publicly accessible computer,
could capture card details and biometrics and use them for on-line
fraud.
Now the legitimate user is in trouble. If your password is
compromised, it's no great trouble to change it; if your ID card is
compromised, it will take a lot of effort to get a new one. If
biometrics are compromised, there's no solution.
The moral is: never use a mechanism for online ID that cannot
readily be changed, unless it is very secure indeed.
Martyn Thomas, Visiting professor of software engineering,
Oxford University
MiFID should be seen as an opportunity
Christian Annesley celebrates that some key requirements of the
Markets in Financial Instruments Directive (MiFID) have been
included as directives rather than regulations ("The clock is
ticking..." Computer Weekly, 14 February).
This, he claims, allows for "a greater degree of discretion in
implementation". He seems to be focusing on the cost of compliance
with the provisions of MiFID rather than the substantial benefits
that will accrue from it passing into law.
The original Level 1 paper was entirely a directive. The
commission has now decided to enshrine the majority of the
provisions of MiFID in non-discretionary regulations.
Far from being a problem, this should be seen by affected UK
organisations as an opportunity. By November 2007, all 28 countries
implementing MiFID will have a common basis on which to conduct and
report financial transactions.
The opportunity for UK financial services companies is that they
will be able to transact business for clients across the EU (and in
Iceland, Norway and Switzerland) with a consistent set of
regulations and without having to be approved to trade in each
separate jurisdiction.
The most far-sighted of our clients, many of which are major
investment banks, are looking to take advantage of this
opportunity, not complaining about the cost of implementation.
If, as Annesley implies would be desirable, the majority of the
provisions were discretionary directives with "relaxed evolution
into national law", then each of the 28 countries would very likely
implement their own set of regulations and MiFID would fail to
deliver its primary objectives of transparency and delivery of best
execution to all types of client.
Mike Vieyra, Gissing Software
Christian Annesley replies:
One of the key issues for IT directors in relation to MiFID is
that time is running out to prepare for the directive's arrival.
With the late delivery of the Level 2 draft, there are now less
than 21 months until MiFID is due to come into force.
In some respects, this shrinking timeframe will require a
pragmatic response from IT directors to ensure their firm's
obligations under MiFID are met.
But, as the piece made clear, that doesn't mean that the
creation of a single European market for financial instruments
won't offer opportunities to far-sighted investment banks to
develop systems that put them ahead of the competition. All the
evidence suggests it will.
Theft of information costs companies
billions
The government's decision to amend the Computer Misuse Act and
introduce stiffer penalties for internet crimes has been a long
time coming ("Government gets tough on computer crime",
ComputerWeekly.com, 2 February).
As a former computer crime detective at Scotland Yard, I fully
support the tougher stance the government is adopting.
Both private and public sector organisations have been lobbying
for specific regulation to address crimes such as denial-of-service
attacks. Recent attacks, such as the one on the Million Dollar
Homepage, have highlighted the desperate need for the government to
take action.
However, I am concerned that the new bill has perhaps not gone
far enough and addressed the theft of information. Intellectual
property theft is a huge issue for businesses across all sectors
and impacts on small businesses as much as, if not more than, large
stock-listed companies. It is also one that costs UK businesses
billions of pounds every year.
The new bill is certainly a step in the right direction.
However, until the government takes serious steps to criminalise
the theft of information, dishonest people will continue to
threaten and jeopardise businesses.
Simon Janes, International operations director,
Ibas
Offshoring has turned the spotlight on
business
Regarding the article "Offshore effect hits UK job market"
(Computer Weekly, 14 February), there is little denying that
offshoring has contributed to the decline of lower-end jobs in the
technology space.
But there is also evidence that higher-level jobs, such as
project management, have been boosted since the start of the
offshoring phenomenon.
Nowadays, there is undeniably a need for IT people to have a
grasp of business issues. Gone are the days when IT was a
standalone function within an organisation - it must be thought of
from the wider business perspective.
So, as lower-level jobs diminish, offshoring increases the need
for professionals in disciplines such as project management,
technical architecture and testing, where it is crucial to think
about IT from a business perspective. If software development is
offshored, for example, there must be a facility onshore to test
the system or application thoroughly at the deployment
location.
Also, the increase in offshoring lower-skilled jobs means
fast-tracking to higher-skilled positions with less of a
requirement to "do your time" on the low-level menial tasks for IT
professionals.
In our experience, the clear division of activities that occurs
with offshoring establishes the need for mature processes and
emphasises key activities that are so necessary to deliver
high-quality systems.
All in all, we see some positive changes resulting from both
outsourcing and offshoring and look forward to working in a more
mature IT market.
Adam Ripley, IS Integration
Answer back
Do you disagree with someone's opinion on this page? Or do you
have something to say about a Computer Weekly article? If so, we
want to hear from you.
E-mail computer.weekly@rbi.co.uk
Please include a daytime telephone number.