Wednesday, 16 May 2018

Identity Theft !

It seems that eight thousand New South Wales residents have reason to be worried that the tools to enable identity theft are in the hands of potential criminals. That information was given to a government department in the course of accessing the important service it provided and the security breach occurred when bandits tried to extort a fifteen thousand dollar dividend by locking down the website and denying all access until the ransom was paid.  In the course of gaining entry, they had access to client confidential information.

That government department website was Family Planning New South Wales and what was accessed was the name and address, contact, date of birth and reason for the service required.   The majority of callers would be seeking an appointment or sought advice on abortions, contraception or other medical services.   Fortunately, other information including sensitive medical records were kept within an inner system which was immune from this attack.

What has become very clear is that it is impossible to guarantee the total security of any computer system that holds information that could be off value to criminals.  The very nature of the electronics involved have weaknesses that can be exploited by talented hackers and we know that foreign governments employ the most talented people to try and penetrate the systems in other countries for commercial and military information.  Security is an ongoing battle to plug leaks in a system that is ever expanding and this expansion is creating new penetration opportunities.

The problem is that we can not do without computers and they are now so embedded in every aspect of commercial life that we can be sure that the base information that enables identity theft is recorded in dozens of places where it has been freely given in the course of accessing the services we need to live our lives.   The information service providers need to accurately identify us in providing essential services is exactly the same as bandits require to assume our identity for criminal purposes.

The weakness of personal identification is that we need to establish who we are simply by providing details to a third party who has limited means of checking that those details are correct.  If we are to achieve a higher degree of personal security we will have to accept a degree of privacy invasion that many will find disturbing.   That will probably involve our countenance held on a data base so that when we present at any form of commerce and state our name that image will be called up on a computer screen and compared with the person requesting service.  It may also involve us placing our hand on that screen so that a comparison of our unique fingerprints can add to photographic recognition.

The technology has evolved to make that possible but the privacy loss would be immense, and yet the first steps in that direction are already in place.   When we are asked for ID we cheerfully produce our driving license for facial recognition, and that is secured by holograms and other security devices.  Driving licenses are as difficult to forge as banknotes.

The day is rapidly coming when that phone we hold in our hand will become imperative in establishing our identity where security is an issue.  Facial recognition and the transfer of fingerprint comparison can make birth dates and passwords totally irrelevant.   Its just a matter of coming to term with the privacy loss involved.

No comments:

Post a Comment