Having been in IT for many years, I find it easy to get complacent about new technologies, products and developments. I am bombarded with emails about them. Quite frankly my email in box has such a high level of background noise that I have developed a well tuned band pass filter and to tune out most emails. I pay attention but I simply don’t have the time to sit with each vendor or email author and deeply understand their product/technology or opinion piece. This strategy came to a crashing halt last week when a journalist from a well know publication here in the UK asked for my comments about a government lead initiative to create a biometric ID database.
This is nothing new, and has been rumbling on for a few years as governments get used to the new world (world 2.0 anyone?) following well known events that began with 9-11 in the US and have come to haunt us in the UK. I will state now that I have no problem with governments taking a stand and proactively dealing with the threats we appear to face. In fact I work with agencies in the UK to address this directly, so I certainly do my bit.
What really concerns me is this:
Big government has created a nice new shiny database stacked with millions of records. Each record contains the most personal data known to an individual – their biometric identity.
This is you.
It is completely unambiguous. It IS who you are and it is unique to you – a very personal data set.
In parallel with this splendid technical implementation that no doubt uses advanced database technologies, in the UK we have a set of legislation that government has enacted to assure us our data is secure. This comprises information commissioners (or Tsars for the trendy) and politicians standing up and declaring that our data will be safe and secure, and nothing would be able to compromise it.
Many would switch off at this point and instantly declare they have no faith in the honesty of politicians and therefore the data will be abused from day one. That’s the paranoid perspective. I take a view that these people do the right thing and that they, mostly, want the data to be secure and believe that the data will be secure.
What really worries me are the individuals further down the management chain. My concern is the junior levels of the security services or policing community that will abuse their positions and be tempted to just “take a peek” at the data to help solve yet another crime, or even more worryingly to exploit the data for coercion or worse.
At this point the data has been exposed and your, mine or someone else’s most valuable, personal data as been let out and is unprotected from abuse. Identity theft of this kind is more severe than anything that currently happens in the shady world of digital crime.
This is my scary thought.