Naturally, we are all in favour of tracking down the perps (sorry, been thinking about Judge Dredd again — “I am the law”) across borders, but hold on. Am comfortable about my fingerprints, DNA and personal data being shared with, say, Swiss law enforcement agencies? I may be traducing them unfairly but I have no knowledge of the rigorous data protection and security enforcement procedures within the Swiss government. No, wait, I do…
According to a report from Reuters, sensitive information on counter-terrorism shared by several foreign governments was potentially compromised by a massive data theft at a Swiss intelligence agency. The data heist, according to what European national security sources told Reuters, was by an unnamed IT technician for the NDB, a Swiss intelligence agency.[From Report: Swiss Spy Agency Warns Of Huge Data Leak from Insider | SecurityWeek.Com]
Even in the UK , with the most stringent data protection laws and ruthless enforcement, we find civil servants being disciplined all the time for unauthorised access to databases (and they are only the ones that are caught). Journalists, private investigators and criminals do not seem to have too much difficulty in getting access to personal data held by government departments and agencies as far as I can see.
Around 25 civil servants are being reprimanded each week at the Department of Work and Pensions for breaching rules governing its vast database, figures show.[From Civil servants caught looking at private files in personal data breaches – Telegraph]
Still, at least the UK doesn’t have a national identity scheme with a database that stores everyone’s personal details in a structured and easily-accessible form…
Greek police have arrested a man on suspicion of stealing the personal data of roughly two thirds of the country’s population, police officials in Athens said on Tuesday. The 35-year old computer programmer was also suspected of attempting to sell the 9 million files containing identification card data, addresses, tax ID numbers and licence plate numbers.[From Man arrested in Athens over ID theft of most of Greek population – thestar.com]
Sharing personal data to track down bad guys sounds like an Apple Pie policy (for UK readers: a Bread and Butter Pudding policy), one that you can’t possibly be against. The problem is, of course, that once the data genie is out of the bottle there’s no way of getting it back in again. I remember some of the discussions around TSB Encore project: once you’ve got a copy of my data, there’s no technological way for me to stop you doing anything you like with it (if there was, Hollywood would be using it). So it’s better not to share the data in the first place, except that doesn’t help us catch the bad guys.
I can understand why the Government wants more data sharing to improve the efficiency of public services but I can’t see how this isn’t going to end up in a Data Chernobyl unless we develop a more sophisticated approach to data sharing: encrypted storage, pattern-matching of encrypted data, pseudonymous identity infrastructure and all those other good things.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers