"The most common method of stealing identities appeared to be data breach notification"

| No Comments | No TrackBacks
| More
I am indebted to Dave Birch's blog for the link to an excellent ZDnet report on a US Analysis of ID Fraud Reports. Dave and I often argue when we meet but I nearly always find his views stimulating rather than annoying and he makes some good points as to why those who know most about the practicalities of running ID systems are not interested in sharing their expertise - my words not his.

Where does this leave UK Government ID policy - given the growing political pressure to combat immigration and linked benefit fraud and health tourism by moving to continental style resident's/entitlement cards?  Also where does it leave the need to rebuild confidence in on-line security, particularly on the part of the small on-line retailers who are disproportionately subject to on-line fraud. 

My immediate concern remains, however, whether the well-intentioned EU Cybersecurity initiatives will end up doing more good than harm. If data breach notification is already the most common means of stealing ID information how will demanding more of it help address fraud? Geothe said that the most dangerous force in thw world is "ignorance in motion". The time to reset the agenda so that the real issues are addressed is now - not in a couple of years time when we will face a rearguard action. Hence the importance of the plans for scrutiny being made via the Digital Policy Alliance

At this point it may be helpful to remind you whose tribal agendas have to be brought together if we are to make a reality of bringing ID related fraud under control in the UK. I know we have recently been told that Cabinet Office has "taken back responsibility for ID policy from DWP" but has Cabinet Office had the authority to do much more than "co-ordinate" and/or delay progress on what it does not like. Below is my attempt to "Map" the UK ID scene - I would be grateful for comment on the errors and ommissions:   
Enhanced by Zemanta

Extract from Philip Virgo's "Map", alias brain dump, of Cybersecurity Players and Issues

 

Section 2.3.3 Identity Assurance (inc electronic IDs, Internet names and addresses)

 

Home Office

Law enforcement and Criminal Intelligence files of identities and aliases

National Fraud Authority and "Fighting Identity Crime Together"

UK Borders Agency: identity of those entering/leaving, acquiring residency/citizenship

SARS, Anti-Money Laundering and related IDs (see also Treasury)

 

Justice

Identities and aliases of those within  justice systems, from prosecutions, through courts, prison and probation to criminal and civil records

BIS 

Lead on EU e-ID initiatives

Export control orders and sanctions on foreign regimes.
Companies House: legal identities for Companies and Directors

Ordnance Survey and Land Registry: legal identities for properties

Post Office/Royal Mail:  address files

UKTI: programme to encourage inward investment in cyber and ID also ID/VISA issues for those it is seeking to attract

 

DCMS including via Ofcom, Phonepay Plus and Nominet

Phone Numbers and Internet names and addresses.


FCO 

GCHQ, CESG, UKTI (shared with BIS) 

DWP

NINO and identity of benefits claimants, incuidng those from other parts of the EU

 

NHS

National Health Service Numbers and a wide variety of other reference numbers

 

Treasury:

Banking Regulation "Know your own customer rules"

HMRC: Legal identities of corporate and individual taxpayers and tax credit claimants

 

Transport :

DVLA, identity of drivers and vehicles .

Cabinet Office

UK OIX Group

"Co-ordination" of identities for citizen dealings with Government

"Co-ordination" of identities for Government employees

Electoral Register (joint with DCLG and Local Authorities)

 

ID tokens in use across UK as common "proofs" of identity/age

Passport

Know Your Customer list:

Local Authority ID Cards (15 use the Bracknell card)

Widely accepted age etc. cards: Citizencard, PASS , OneID4U , ValidateUK

 

Other ID/Authorisation Tokens and Access/Transaction Cards

IDs and Access Cards for public and private sector employees, contractors and agents: from Armed Forces, Police, Emergency Services, Councils, Utilities and others to Charity Collectors

Frequent Flier cards:

Customer Cards (with or without transaction bonuses)

Credit Cards

Debit Cards

 

On-line ID services  Paypal, Google, Microsoft etc.


The list above may help explain why I have more than a little sympathy with those who are expected to produce a coherant policy other than "leave it to the market and use what works and is fit for the purpose in mind".  That is also why I am so cautious about EU ambitions in this space, given that so many wish to get revenge for world war 2 by doing to London what they have just done to Cyprus. I wonder why removing Luxembourg from the money-laundering and tax avoidance scene is such a taboo subject. Has is something to do with ....

Enhanced by Zemanta

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt-tb.cgi/47704

Leave a comment

About this Entry

This page contains a single entry by Philip Virgo published on March 25, 2013 12:56 PM.

A Three Point Budget for Investment Led, Market Driven Economic Recovery was the previous entry in this blog.

Whitehall Department to mandate support for a failed procurement service - yet again is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

 

-- Advertisement --