EU security agency draws 'privacy baseline' for ID cards Europe urgently needs to develop a strategy for protecting the privacy of data held through national ID card schemes, a European security agency warns. ENISA (the European Network and Information Security Agency) argues that the "vast disparity between privacy features in electronic ID cards across Europe" is creating a recipe …
Amazing, here we are, less than 12 months from UK cards starting to be distributed and yet our bunch of plonkers STILL won't tell us how or if they intend to implement privacy on the ID card's data content.
The safest approach is to assume the anybody can and will read everything on the card without the owner's knowledge and, using whats on the card, can and will read everything on the database.
Welcome to the goldfish bowl, citizen.
When RFID tags are the size of grains of pepper, and virtually impossible to see (now, folks)... when RFID tags are so ubiquitous that their unit price is comparable to ground pepper (now, folks)... when tag readers/writers become commodities (soon, folks)... who, valuing their privacy, will leave home without a pocketful of pepper, to be trailed like electronic chaff from a black helicopter... and when there is so much chaff in the streets and in the air that every lampost, mall door, and till overloads the uberdatabase... presumaby the tourists will be simply able to sneak under the radar.
"The safest approach is to assume the anybody can and will read everything on the card without the owner's knowledge and, using whats on the card, can and will read everything on the database."
Should go
"The safest approach is to assume the anybody can and will read everything on the card without the owner's knowledge and, using whats on the card, can and will read everything on the database and that all of the data is incorrect."
That should be the safe approach to the database, becouse hey even if there's a 1% margin of error that's a fair few people, and seen as they intend on harvesting the national register from existing sources I recon 1% is a best case.
"Mr Smth"
"No it's Smith"
"I'm afraid you're wrong, you're Mr Smth"
"No I'm not. Here all my utility bills."
"Bootboys take this man to the catacombs he's obviously some kind of terrorist! Why else would you have so many fake documents saying you were Mr Smith eh Mr Smth?"
I look forward to "Sorry you can't get health care becouse the computer says you're dead."
"But I'm clearly not dead."
"I'm afraid I'll have to report this to the Bootboys."
"Good I'd like to clear this up."
Taser fire and a quick ride to the catacombs
"So 'Mr Jones' how did you get this card?"
"You issued it to me!"
"O really, and why would we issue a card for someone whose dead?"
"I'm not dead!"
"No and there in lies the problem, see you can't be Mr Jones, becouse the database clearly says that Mr Jones is dead."
But at least it would be easy for the boot boys to fix that problem, just kiill the error (person.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
