Getting To Your Data
-
How would you like to come into work and be hit with this requirement? Store unique data for millions of people from a biometric system, secure it from attack as well as ensuring that the integrity of the data stored is maintained. Ensure that the signatures or hashes for a fingerprint, retinal scan, etc. are what really matches the individual. and on top of that, you need to easily and smoothly interact with a variety of databases from other countries and potentially private companies.
Not an easy task, according to Peter Hustinx, in charge of European Data Protection. One that current databases might not be up to in the areas of data protection. Speaking for someone that has had to exchange data between multiple entities, it can be a real pain to deal with. Even a relatively simple transfer has many places where it can fail, exist unsecured, etc.
I know that there are lots of moving parts in a system like this and the database is only a small part of the whole. Still if you were the guy or gal running this database, you'd be worried about security all around. Just think if the fingerprint hash for the CEO were replaced with one from Joe Criminal and it were somehow used in banking?
Or worse, the hash for a child molester were placed with that of yours? Can you imagine the consequences if you scanned your fingerprint for some purpose and ended up getting arrested? And then had to clear the charges against yourself against a database that everyone will tend to trust?!?! That might not be a quick, easy, or enjoyable process to go through, especially if your name is anything close to the name of the real person.
The interconnection will not be that tight at first, but there are still plenty of security issues to work out. Most people will likely never even have their biometric verified if it is limited to passport or border control. Especially anytime that data gets transferred between servers.
Might need to brush up on those encryption skills for SSIS.
Steve Jones
-
http://www2.ntu.edu.sg/SCERN/Oct2004/art7.htm
Seems a better solution.
On the note of security itself:
This all has the odd references to The return of Martin Guerre or even a History of Violence. I know I'm making art references surrounding the security issue, which I actually feel this is more of an identity issue.
How do we prove we are who we say are?
I think we also get into the issue of why anyone would want to be someone else?
But as with any solution there will always be a way to curcumvent it. I have many ideas on how to secure them but as an android I favour once said, ''they will all end in certain doom".
If I were the DB admin, I doubt I could sleep. The only way to be relatively (and that wuoldnt be good enough for me) sure is to keep disparate sources for the data completely separate to one another.
1) One Copy on a Drivers licence DB.
2) Another on a foreign travel DB.
3) A third for Medical Reasons.
4) Possibly a hard copy repository, safety deposit box like situtation.
5) And obviously the original from the person in question.
Also going as far as keeping the systems incompatible to one another. But to compare them for verification purposes the outputs would have to be accessable to one another.
But then the GIGO situation can occur. The dirty data from the input, which could come from some college guys wanting to have fun to more sinister purposes.
I guess duplication is not an issue, for one could have them all compared to each other but I could imagine that could take some time.
You also would have to compare the different sources against one another. That would make me feel better.
Finally if you had these sources from different points in time, like the medical 'print' done at birth then at 10, that would definately help solidify the data. But we get into the issue of crossing the line for the purpose of medical services.
Anyway, that's my take on the issue and feel I point to someways of limiting various types of techiniques of ruining the data. Now if it were going to be used for a more positive aspect of humanity rather than the opportunity to prove the more base aspect I would be a lot happier.
Somehow I find all of this a little unsettling, for it implies a large percentage of humanity would steal from you were it not for the countless millions spent on such a social programs.
Cheers on a now more gloomy monday.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply