Risks of Data Portability
Peter Swire and Yianni Lagos have pre-published a law journal article on the risks of data portability. It specifically addresses an EU data protection regulation, but the security discussion is more general.
…Article 18 poses serious risks to a long-established E.U. fundamental right of data protection, the right to security of a person’s data. Previous access requests by individuals were limited in scope and format. By contrast, when an individual’s lifetime of data must be exported ‘without hindrance,’ then one moment of identity fraud can turn into a lifetime breach of personal data.
They have a point. If you’re going to allow users to download all of their data with one command, you might want to double- and triple-check that command. Otherwise it’s going to become an attack vector for identity theft and other malfeasance.
Petréa Mitchell • October 24, 2012 6:06 PM
If it were a simple command, you’d want to use a different means or extra layer of authentication for a couple reasons– there’s stopping identity theft, and then there’s the problem that dialogs asking “Did you really mean to do that?” are useless. (Not just an opinion, something that’s been found in usability research.)
But then again, I don’t see providers making this a simple, easy-to-access command. I’d expect it to be buried behind three layers of inscrutable menus.