[Dave Birch] If you ask anyone who actually knows anything about security about risks, they’ll always tell you the same thing: insiders are the biggest threat. They might add that insiders who don’t understand how to use the most basic computer security measures and don’t understand how software that is integral to Web 2.0 works. A Japanese policeman has been sacked after the personal information of thousands of people relating to criminal investigations was leaked on to the internet from his computer. The officer revealed the details via peer-to-peer (P2P) file-sharing software on his PC. He had allegedly installed the Winny file-sharing software on to his machine and was unaware that sensitive data was being made available to other users via the P2P network, leading to the personal details of 12,000 people related to criminal investigations being shared and along with 6,600 police documents (including interrogation reports, victim statements, and classified locations of automatic licence plate readers). What’s more, the files included a list of the names, addresses and personal information concerning 400 members of the notorious criminal gang Yamaguchigumi yakuza. I wouldn’t try opening a bank account and taking out a loan in one of their names, to be honest, as they may take a more robust approach to identity theft than the Information Commissioner.

Technorati Tags:

Fortunately, the same thing won’t be happening in the U.S. because congressmen are pushing for laws against file sharing networks claiming that file sharing is a national security threat. Why? Because, just as in the Japanese example, government employees, violating strict policies against the use of P2P software, installed it anyway and made confidential files available. Now, while I’m sure this would never happen in the UK (the government, for example, instituted a strict policy that the 330,000 people with access to the Children’s Index shouldn’t log on in internet cafes) there are still some lessons to be learned. TechDirt explains the origin of the proposed U.S. regulation: basically, because some government employees were stupid and didn’t obey rules, this has translated in politicians minds into “file sharing system providers must be punished”. Amusingly, to me anyway, one of the congressmen (Rep. Jim Cooper) accused Limewire’s CEO of being naive (amusing, since Cooper doesn’t appear to understand what he’s talking about) and claiming that Limewire provided the “skeleton keys” to accessing material that harms national security. If that’s true, then so are Google, Dell and AT&T. This is yet another case where politicians want to regulate a technology they don’t understand with potentially very bad consequences: the world of identity is not exempt.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: