Entries Tagged "UK"
Page 18 of 18
There was yet another incident where call center staffer was selling personal data. The data consisted of banking details of British customers, and was sold by people at an outsourced call center in India.
I predict a spate of essays warning us of the security risks of offshore outsourcing. That’s stupid; this has almost nothing to do with offshoring. It’s no different than the Lembo case, and that happened in the safe and secure United States.
There are security risks to outsourcing, and there are security risks to offshore outsourcing. But the risk illustrated in this story is the risk of malicious insiders, and that is mostly independent of outsourcing. Lousy wages, lack of ownership, a poor work environment, and so on can all increase the risk of malicious insiders, but that’s true regardless of who owns the call center or in what currency the salary is paid in. Yes, it’s harder to prosecute across national boundaries, but the deterrence here is more contractual than criminal.
The problem here is people, not corporate or national boundaries.
Of course it’s ridiculous. (I wrote about this kind of thing two days ago, in the context of cell phones on airplanes. Banning something with good uses just because there are also bad uses is rarely a good security trade-off.)
But the researchers actually have a point—so to speak—when they say that there’s no good reason for long knives to be pointy. From the BBC:
The researchers said there was no reason for long pointed knives to be publicly available at all.
They consulted 10 top chefs from around the UK, and found such knives have little practical value in the kitchen.
None of the chefs felt such knives were essential, since the point of a short blade was just as useful when a sharp end was needed.
I do a lot of cooking, and have all my life. I never use a long knife to stab. I never use the point of a chef’s knife, or the point of any other long knife. I rarely stab at all, and when I do, I’m using a small utility knife or a petty knife.
Okay, then. Why are so many large knives pointy? Carving knives aren’t pointy. Bread knives aren’t pointy. I can rock my chef’s knife just as easily on a rounded end.
Universal automobile surveillance comes to the United Arab Emirates:
IBM will begin installing a “Smart Box” system in vehicles in the United Arab Emirates next year, potentially generating millions in traffic fines for the Gulf state. The UAE signed a $125 million contract with IBM today to provide the high-tech traffic monitoring and speed-enforcing system in which a GPS-enabled “Smart Box” would be installed in cars to provide a voice warning if the driver exceeds the local speed limit for wherever he may be driving. If the voice warning is ignored, the system would use a GSM/GPRS link to beam the car’s speed, identity and location to the police so that a ticket could be issued. The system would also track and monitor any other driving violations, including “reckless behavior.”
Financing for the Passport Office is planned to rise from £182 million a year to £415 million a year by 2008 to cope with the introduction of biometric information such as fingerprints.
A Home Office spokesman said the aim was to cut out the 1,500 fraudulent applications found through the postal system last year alone.
Okay, let’s do the math. Eliminating 1,500 instances of fraud will cost £233 million a year. That comes to £155,000 per instance of fraud.
Does this kind of security trade-off make sense to anyone? Is there absolutely nothing better the UK government can do to ensure security and safety with £233 million a year?
Yes, adding additional biometrics to passports—there’s already a picture—will make them more secure. But I don’t think that the additional security is worth the money and the additional risks. It’s a bad security trade-off.
And I’m not a fan of national IDs.
The fictional police spy helicopter from the movie Blue Thunder is taking a big step toward becoming a reality. Police in the UK have successfully tested a 160 MPH helicopter that can read license plates from as much as 2,000 feet in the air. The Eurocopter EC135 is equipped with a camera capable of scanning 5 cars every second. Essex Police Inspector Paul Moor told the Daily Star newspaper: “This is all about denying criminals the use of the road. Using a number plate recognition camera from the air means crooks will have nowhere to hide.”
The use of Automated Plate Number Recognition (ANPR) is growing. ANPR devices photograph vehicles and then use optical character recognition to extract license plate numbers and match them with any selected databases. The devices use infrared sensors to avoid the need for a flash and to operate in all weather conditions.
Of course, once the system is in place it will be used for privacy violations that we can’t even conceive of.
One of the companies that sells the camera scanning equipment touts it’s potential for marketing applications. “Once the number plate has been successfully ‘captured’ applications for it’s use are limited only by imagination and almost anything is possible,” Westminister International says on its website. UK police also envision a national database that holds time and location data on every vehicle scanned. “This data warehouse would also hold ANPR reads and hits as a further source of vehicle intelligence, providing great benefits to major crime and terrorism enquiries,” a Home Office proposal explains.
The only way to maintain security is not to field this sort of system in the first place.
The London School of Economics recently published a report on the UK government’s national ID proposals. Definitely worth reading.
From the summary:
The Report concludes that the establishment of a secure national identity system has the potential to create significant, though limited, benefits for society. However, the proposals currently being considered by Parliament are neither safe nor appropriate. There was an overwhelming view expressed by stakeholders involved in this Report that the proposals are too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence. The current proposals miss key opportunities to establish a secure, trusted and cost-effective identity system and the Report therefore considers alternative models for an identity card scheme that may achieve the goals of
the legislation more effectively. The concept of a national identity system is supportable, but the current proposals are not feasible.
From the BBC:
Police in London say they have foiled one of the biggest attempted bank thefts in Britain.
The plan was to steal £220m ($423m) from the London offices of the Japanese bank Sumitomo Mitsui.
Computer experts are believed to have tried to transfer the money electronically after hacking into the bank’s systems.
Not a lot of detail here, but it seems that the thieves got in using a keyboard recorder. It’s the simple attacks that you have to worry about….
The Economist website (only subscribers can read the article) has an article dated January 6 that illustrates nicely the interplay between security trade-offs and economic agendas.
In the 1990s, local councils were scratching around for ideas about to how to revive Britain’s inner cities. Part of the problem was that the cities were dead after their few remaining high-street shops had shut in the evening. Bringing night-life back, it was felt, would bring back young people, and the cheerful social and economic activity they would attract would revive depressed urban areas. The “24-hour city” thus became the motto of every forward-thinking local authority.
For councils to fulfil their plans, Britain’s antiquated drinking laws needed to be liberalised. That has been happening, in stages. The liberalisation culminates in 24-hour drinking licences….
This has worked: “As an urban redevelopment policy, the liberalisation has been tremendously successful. Cities which once relied on a few desultory pubs for entertainment now have centres thumping with activity from early evening all through the night.”
On the other hand, the change comes with a cost. “That is probably why, when crime as a whole has fallen since the late 1990s, violent crime has gone up; and it is certainly why the police have joined the doctors in opposing the 24-hour licences.”
This is all perfectly reasonable. All security is a trade-off, and a community should be able to trade off the economic benefits of a revitalized urban center with the economic costs of an increased police force. Maybe they can issue 24-hour licenses to only a few pubs. Or maybe they can issue 22-hour licenses, or licenses for some other number of hours. Certainly there is a solution that balances the two issues.
But the organization that has to pay the security costs for the program (the police) is not the same as the organization that reaps the benefits (the local governments).
Over the past hundred years, central government’s thirst for power has weakened the local authorities. As a result, policing, which should be a local issue, is largely paid for by central government. So councils, who are largely responsible for licensing, do not pay for the negative consequences of liberalisation.
The result is that the local councils don’t care about the police costs, and consequently make bad security trade-offs.
Sidebar photo of Bruce Schneier by Joe MacInnis.