[LINK] Leakage Problem Means Cards Will Never Be Secure
Bernard Robertson-Dunn
brd at iimetro.com.au
Thu Sep 28 09:02:21 AEST 2006
<brd>
This guy seems to be a bit of an extremist. The things I have a problem
with are:
"impossible to ever completely secure any smart card" and "there is no
truly secure computer environment and probably never will be" So? it's
also impossible to guarantee that you won't get hit by a meteor when you
go out. Everything is a matter of risk.
And in the case of the access card, the data they are considering
putting on the card (either in the face or in the chip) is no different
from (or in fact less than) that already likely to be in their wallet
next to the Access Card.
The back end systems that support the card will be subject to the same
constraints as any other government system with respect to security,
privacy, data matching etc.
My reaction to this report is "what's in it for him?"
</brd>
Leakage Problem Means Cards Will Never Be Secure
Sue Bushell
26/09/2006 12:26:50
A fierce and prominent opponent of the Hawke government's 1987 plans to
introduce a national identity card says nothing has changed
technologically in the intervening years that would make a smart card
today any more secure than the Australia Card proposed then.
Yet Benbow Consulting Director Gary Benbow says governments are turning
a deaf ear to warnings the data leakage problem makes it impossible to
ever completely secure any smart card.
His comments came in the wake of revelations that 585 Centrelink staff
had been sanctioned for privacy violations, while another 19 had been
dismissed and 92 had resigned over a two-year period. Earlier in the
year it was revealed that the Child Support Agency had discovered 405
breaches of privacy, including 69 cases where sensitive information had
been given to former spouses.
Despite the security lapses, the Howard government wants to issue a
smart card to up to 17 million Australians in phases from 2008 to
replace 17 health and social security cards, including the Medicare and
Veteran's cards. The government argues this will allow better service
delivery to customers. It insists the card will not compromise privacy
because databases will remain "siloed" and because citizens will be
safeguarded by the newly established Access Card Consumer and Privacy
Taskforce, chaired by former Australian Consumer and Competition
Commission head Professor Allan Fels.
Plans for the card were announced by Prime Minister John Howard in July
last year in the wake of the London bombings. The PM, a vehement
opponent of the proposed Australia Card, argues much has changed since
the Hawke government's proposal to introduce the Australia Card bitterly
divided the nation in the mid-1980s. Benbow disagrees.
"I think the smart card (proposal) is atrocious," he says. "I was a
vocal advocate against the Australia Card, and I still am. There's
nothing that's changed because linking data makes data more accessible.
I think what we've seen during the Centrelink debacle, where people
trolled through files, is that anywhere that you can get to everybody's
history through a unique identifier, where the infrastructure is not
there to support privacy, is a problem.
"And we still have lots of areas for leakage of data in corporations. It
doesn't have to be online either. It can be in a development
environment, it can be data that is copied and sent into an off-site
location, it can be the hard copy, it can be through wireless. There's a
whole stack of ways that data can be leaked out of a server with or
without knowledge. It is just horrendous to think that we are going
about linking everyone's known data."
Benbow, with a strong background in IT audit, insists there is no truly
secure computer environment and probably never will be. For instance he
says he has just completed an audit of a major government and found
security there to be "okay". But he says he faced strong pressure to
give the go-ahead to the department's plans to link "very, very
sensitive high-level confidential information" across the whole of
government.
Yet he says even the computer systems of the world's best intelligence
agencies, like MI5, the CIA and the KGB, suffer data leakage, usually
emanating from "a person with two legs and two arms" and the motivation
to compromise the data.
"Whenever you have a person involved you cannot give a 100 percent
guarantee," he says.
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au
More information about the Link
mailing list