Schneier on Security

It's an interesting read once you get past the scary photograph ;)

Although we are not on a National Health Service program here in the USA, health insurance companies would love to have this access...

@The misuse of data
Data may be misused in many ways. The examples above show how data may be misused as a result of being leaked.
However, sometimes the misuse will be by someone who has legitimate access to a database: for example, a ‘mole’
inside the DVLA provided an animal rights group with information about friends, family and acquaintances of the
owners of a guinea pig farm in Staffordshire, after being given the registration numbers of cars visiting the farm.
It is not entirely absurd to imagine that supermarket loyalty-card data might one day be used by the government to
identify people who ignored advice to eat healthily, or who drank too much, so that they could be given a lower priority
for treatment by the NHS. Whether this should be considered a misuse of the data is debatable, but it would certainly
constitute unwelcome ‘function creep’ for the individuals whose data were initially collected for wholly different
purposes.

@George,

"It is not entirely absurd to imagine that supermarket loyalty-card data might one day be used by the government to
identify people who ignored advice to eat healthily"

Not in the least absurd, I have been banging on about this for some time.

If you think back some time ago a large U.S. Store had records of what was purchased by people. A man who had slipped on a wet floor and injured himself got around to trying to get compensation. His representative was told that he was probably a drunk, simply due to the fact that he bought beer in the store on a regular basis.

It is known that Tony Blair / Gorden Brown have approached Equifax for consumer and other information, primarily for the National / Passport ID people to make up an applicant dossiers.

It has also seriously been sugested that the same data be used to assess the relative wealth of individual "micro" areas in an attempt to work out how much council tax (Land Tax) should be paid, so extending the idea would be relativly trivial.

After all local Health Authorities (Primary Care Trusts) are known to currently ration resources to people who are deamed to be overweight or smoke to much if they do not "mend their ways" over a six or more month period.

A wise mentor once explained to me the difference between domain-specific knowledge of how to do things and abstract research for academic sake. Despite the fact that they're engineers, these folks seem to have done a smashing job of the latter. Their results are clear, reasonable, intelligent and target the specific issues without wasting time on implementation complexities. Now if we could only get someone to listen to this.

Loosely writing, "security" is defined by security policies and is measured by level of security policy adherence. But what is "privacy?" We could define it similarly, but I think the notion is even more fuzzy in most people's minds.

So, can security be complimentary to privacy? It depends :-}

> It's an interesting read once you get past the scary photograph ;)

Those are infrared lights, if I'm not mistaken. Scary indeed.

Yes, it's an interesting article but does anybody seriously believe that our political masters care? I work with IT professionals yet whenever I raise privacy concerns, the response is almost always along the lines of "if you've nothing to hide, you don't have to worry". If people in IT don't get it, then what hope is there that privacy issues will percolate up from the public consciousness to popular political status?

Practically speaking, this report is like a candle in a storm at night.

@Embittered

"Practically speaking, this report is like a candle in a storm at night"

Many a mariners life has been saved by a candle on a stormy night guiding them to a safe harbour...

Unfortunatly the "wreckers" also used candel lanterns on stormy nights to lure mariners to their deaths on rocks and beaches where they could then plunder the flotsam and jetsum that was the result of the wreck...

Which would analagy would you prefer?

@Clive Robinson

"Which would analagy would you prefer?"

Well it seems to me that the wreckers are government and big business. Also, nobody is bothering to protect the candles that could guide us to safety and privacy.

"plunder the flotsam and jetsum"

Yeah, that sounds pretty much like the state of our privacy (I am also from the UK)

http://news.bbc.co.uk/1/hi/uk/6108496.stm

What we need is a mainstream blockbuster film to show the effects of indefinitely-stored, all areas data collection. Call it 'Permanent Record.'

Ominous Tagline -
"We all have something to hide from someone. You may not even know what it is...yet."

@What's All This Then:

I'm reminded of the first season Babylon 5 quote:

"Everyone lies, Michael. The innocent lie because they don't want to be blamed for something they didn't do, and the guilty lie because they don't have any other choice."

There are lots of good stuff and considerations in this.

But clearly also many considereations that is almost naive in their approach.

For instance:

"R10 Data collection and use systems should be designed so that there is reciprocity between data subjects and owners of the system. This includes transparency about the kinds of data collected and the uses intended for it; and data subjects having the right to receive clear explanations and justifications for data requests. In the case of camera surveillance, there should be debate on and research into ways to allow the public some level of access to the images captured by surveillance cameras."

Great - so you are allowed to see whats on the surveillacne camera in your bedroom. This will only have two effects - a) you can see how few rights you have and b) Even more criminals can attack you.

We are only awaiting the first face recognition-triggers assassination or terrorist bomb. It will come .. and UK is the likely first place for it to happen with all this absurd "People love surveillance" propaganda.

Surveillance cameras and any sort of biometrics identification is last resort as these create more abuse and crime than they remove. They have a role to play when the threat alert escalate, but not in ordinary everyday transactions as people (the victims) have no defense against this kind of attacks.

Surveillance cameras should for instance be physically block from filming until a non-invasive sensor (such as an infrared or acustic sensor) has detected an emerging person that refuse to respond to digital challenges for authentication and authentication.

Laws, rights and privileges which include the word "reasonable" are not defective. That is the most effective way to exclude the victims from the process of defining the extent of their oppression.