Monday, November 26, 2007

Personal Data

Last week, the UK government revealed that it had lost personal information on 25 million people - all 7.5 million families in the country. The information included names, dates of birth, addresses, national insurance numbers (like US social security numbers), and bank account details.

This catastrophe can hardly have been worse. It's potentially the worst loss to terrorists and criminals since the Jul 7th bombings, and even worse a loss to financial stability than Northern Rock. It abuses the trust of nearly 50% of the country.

What's more, the institutional failings revealed are breathtaking. Why on earth was an obviously untrained 23 year old even allowed access to the data? Why didn't anyone - neither HMRC, the NAO or the IT company that provided it - seem to care that it wasn't encrypted? How could it possibly have been sent via the unregistered post? And why weren't the lessons learned from many similar, if smaller scale, recent incidents in the same government department?

Once the dust has settled, and hopefully managers have been fired for rank incompetence, there are two basic lessons to learn - how to manage personal data, and how to secure identities.

Controlling personal data

I already blogged that citizens should own and manage their own data, not the government. Citizens should also be able to see which government departments are using their data, and how, and when. Any time the government wants more access to my data, they should have to personally ask me - because it's mine!

Proving your identity

In the age of MySpace and Google, whoever thinks that their date of birth is a secret? Or their home phone number and address? Because that's all you need to log into my phone banking service.

This security model is absurd, we can't trust our identities to supposed 'secrets' that can be discovered by anyone in the world in 30 seconds flat. We must find something more trustworthy - whether physical (e.g. fingerprints), or mental (e.g. a password) - or ideally, both.

It's outrageous that the government should abuse our trust by losing personal information about every family in the country. But it's also outrageous that this simple personal information is enough for serious identity fraud to take place.

Some good can still come from the HMRC catastrophe, provided we learn the lessons and build a new security model for the 21st century - a model that places data control where it belongs (i.e. with each individual), and that provides a safer way to prove identity.

No comments: