Main

Comment Archives

January 30, 2008

Keeping your bank details secure - how hard can it be?

This week's Downtime has called for an end to discussion about the attack on Jeremy Clarkson's bank account, but the incident does a lot to demonstrate the difference between privacy and security.

Continue reading "Keeping your bank details secure - how hard can it be?" »

Context and CCTV

The Information Commissioner has published fresh guidance about acceptable use of CCTV cameras. The most notable part of this is a recommended ban on microphones to record conversations. Why is this such a big deal?

Continue reading "Context and CCTV" »

The risks of social networking

The risks associated with social networking sites are becoming a hot topic, but a recent incident demonstrates a new low for employer attitudes towards staff use of the Internet.

Continue reading "The risks of social networking" »

February 1, 2008

The half-life of personal information

Last year's data loss incidents have sparked a fascinating discussion that compares personally identifiable information with radioactive waste - and who is supposed to pay to clear it up.

Continue reading "The half-life of personal information" »

February 4, 2008

Biometric travel controls at Heathrow T5

BAA is trialling the biometric identification systems that will be used throughout the new Terminal 5, but is this an appropriate solution, and what exactly is the problem?

Continue reading "Biometric travel controls at Heathrow T5" »

February 27, 2008

Turning security into a game of Trivial Pursuit

Many online and telephone services rely on asking daft personal questions to authenticate users, particularly when a password has been lost or an account locked out. It's quite common to rely on a mother's maiden name, first pet's name or other significant personal data to prove the identity of the caller. We've already discussed the problem of using publicly-available data for this purpose, but there's another problem: remembering the answer you gave when you established these challenge-response questions. How did you spell your first pet's name? What was the exact model of your first car, or the name of your first love? And will you get locked out if you can't remember these facts? Courtesy of Wired magazine, we now have the chance to play personal security Trivial Pursuit. Enjoy!

Continue reading "Turning security into a game of Trivial Pursuit" »

March 6, 2008

Last in line for the DNA database

A little while ago, the Association of Chief Police Officers (ACPO) renewed the debate about building a compulsory DNA database for all UK citizens. The Home Office has rejected this idea, and two individuals are challenging the existing of the UK DNA database at the European Court of Human Rights. What's all the fuss about?

Continue reading "Last in line for the DNA database" »

March 10, 2008

Analysing the State of Play for ID Cards

Now that the dust has settled on the publication of the IPS 2008 Delivery Plan and Sir James Crosby's report, what are the implications for the National Identity Scheme?

Continue reading "Analysing the State of Play for ID Cards" »

April 7, 2008

The end of biometric security at airports?

Media attention is shifting away from London Heathrow's new Terminal 5. A backlog of 28,000 bags is being cleared via Milan, and the number of cancelled flights seems to be gradually coming down. But what about the biometric security controls?

Continue reading "The end of biometric security at airports?" »

April 8, 2008

The Seven Deadly Sins of the Internet

The Vatican recently fired up a debate about updating the Seven Mortal Sins (pride, envy, gluttony, lust, anger, greed, sloth) for the modern age. I read with interest - and a very great deal of disappointment - that controversial online ad service Phorm has admitted to "over zealous" correcting of its Wikipedia entry. This really does not bode well for Phorm's chances of shaking off accusations that it is a privacy-invasive service, and one would hope that the responsible individual there is now re-evaluating their likely career prospects.
I'd like to propose "Over zealous editing of Wikipedia" as the first of a new set of Mortal Sins for the Internet, which begs the question about what the others might be. Please submit your suggestions for the other six as comments!

April 9, 2008

Phorm opens itself to independent scrutiny

Online advertising company Phorm has responded to its critics' demands by allowing an inspection of its plans by a respected security expert. Unfortunately, he doesn't like what he's seen.

Continue reading "Phorm opens itself to independent scrutiny" »

April 22, 2008

Why I won't be at Infosecurity (but there's a competition if you are)

Infosecurity starts today, and it will doubtless be the biggest, busiest and boldest conference yet. So why am I feeling rather underwhelmed at the prospect?

Continue reading "Why I won't be at Infosecurity (but there's a competition if you are)" »

April 23, 2008

Identity systems will save the world

At Monday's Enterprise Privacy Group meeting, a debate arose around the value of identity management - and in particular the Identity Metasystem - in the grand scheme of human endeavour. Why do we fret about identity when there are lots of apparently bigger issues out there? But stacked up against climate change, curing cancer and ending world hunger, identity management is a lot more important than you might think.

Continue reading "Identity systems will save the world" »

May 6, 2008

CCTV fails to cut crime - so let's take identity out of the equation

A senior police officer has stated that the pervasive use of CCTV in the UK has failed to cut crime and is an 'utter fiasco'. with only 3% of London's street robberies being solved using security cameras.

Continue reading "CCTV fails to cut crime - so let's take identity out of the equation" »

May 28, 2008

Why we don't need a security breach notification law

Data Protection guru Chris Pounder has put forward an excellent argument that there is no legal requirement for a security breach notification law in the UK because we already have a requirement for this under the Data Protection Act (1998). I'd also argue that there is no need for such a law because there's simply no point in it. Unless you're a pilot.

Continue reading "Why we don't need a security breach notification law" »

June 19, 2008

Controlling the carbon footprint

A new market is developing in environmentally-friendly low-carbon energy management solutions for businesses. Whilst visiting a public authority recently I witnessed an innovative solution to controlling energy use by their air-conditioning systems. Here's how they've done it...

Continue reading "Controlling the carbon footprint" »

June 20, 2008

Dilbert on workplace surveillance

Today's Dilbert focusses (geddit?) on workplace surveillance.

July 8, 2008

Reputational failure

Online auction house eBay's reputation-driven trust scheme is a much-admired and much-emulated model. Or at least, it was until recently when eBay made a significant change to its operation.

Continue reading "Reputational failure" »

July 22, 2008

Aux Champs Elysees

Apologies to all for the lack of posting recently, it's been silly season in preparation for the summer - but finally that's here! Today I depart for a 350-mile cycle ride to London and then on to Paris, in aid of Action Medical Research and Riding for the Disabled. The team has raised well over £30,000 so far, so please sponsor us here - and you can follow our progress here.

Normal service will be resumed next week!

August 26, 2008

Meet the new loss, same as the old loss

Another day, another data loss, and another struggle for an original headline. However, the RBS / NatWest / Amex loss of 1m sets of personal information isn't as straightforward as it might at first look.

Continue reading "Meet the new loss, same as the old loss" »

August 29, 2008

If you're planning to lie, at least try to be convincing

New Forest District Council has been rapped by the Information Commissioner for posting up personal information on its planning website. The problem is not new, and a number of councils have been warned about this in the past. However, having been warned before about this, New Forest's response to the criticism was: "... signatures and other unique information are not now available for public scrutiny".

Out of interest, I went to their planning portal, punched in a postcode and pulled down the documents from a random applications. Guess what? There's the signature, together with all the other personal information. In the very first document I downloaded. So, is the New Forest District Council lying, or do they not understand their own system? Let's hope the enforcement notice is in Monday's post - because I'm off to steal a pony's identity.

sig.tiff

(Partial signature reproduced here)

About Comment

This page contains an archive of all entries posted to The Privacy, Identity & Consent Blog in the Comment category. They are listed from oldest to newest.

Background is the previous category.

Education is the next category.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type