[LINK] Leakage Problem Means Cards Will Never Be Secure

Bernard Robertson-Dunn brd at iimetro.com.au
Thu Sep 28 09:02:21 AEST 2006


<brd>
This guy seems to be a bit of an extremist. The things I have a problem 
with are:

"impossible to ever completely secure any smart card" and "there is no 
truly secure computer environment and probably never will be" So? it's 
also impossible to guarantee that you won't get hit by a meteor when you 
go out. Everything is a matter of risk.

And in the case of the access card, the data they are considering 
putting on the card (either in the face or in the chip) is no different 
from (or in fact less than) that already likely to be in their wallet 
next to the  Access Card.

The back end systems that support the card will be subject to the same 
constraints as any other government system with respect to security, 
privacy, data matching etc.

My reaction to this report is "what's in it for him?"

</brd>

Leakage Problem Means Cards Will Never Be Secure
Sue Bushell

26/09/2006 12:26:50

A fierce and prominent opponent of the Hawke government's 1987 plans to 
introduce a national identity card says nothing has changed 
technologically in the intervening years that would make a smart card 
today any more secure than the Australia Card proposed then.

Yet Benbow Consulting Director Gary Benbow says governments are turning 
a deaf ear to warnings the data leakage problem makes it impossible to 
ever completely secure any smart card.

His comments came in the wake of revelations that 585 Centrelink staff 
had been sanctioned for privacy violations, while another 19 had been 
dismissed and 92 had resigned over a two-year period. Earlier in the 
year it was revealed that the Child Support Agency had discovered 405 
breaches of privacy, including 69 cases where sensitive information had 
been given to former spouses.

Despite the security lapses, the Howard government wants to issue a 
smart card to up to 17 million Australians in phases from 2008 to 
replace 17 health and social security cards, including the Medicare and 
Veteran's cards. The government argues this will allow better service 
delivery to customers. It insists the card will not compromise privacy 
because databases will remain "siloed" and because citizens will be 
safeguarded by the newly established Access Card Consumer and Privacy 
Taskforce, chaired by former Australian Consumer and Competition 
Commission head Professor Allan Fels.

Plans for the card were announced by Prime Minister John Howard in July 
last year in the wake of the London bombings. The PM, a vehement 
opponent of the proposed Australia Card, argues much has changed since 
the Hawke government's proposal to introduce the Australia Card bitterly 
divided the nation in the mid-1980s. Benbow disagrees.

"I think the smart card (proposal) is atrocious," he says. "I was a 
vocal advocate against the Australia Card, and I still am. There's 
nothing that's changed because linking data makes data more accessible. 
I think what we've seen during the Centrelink debacle, where people 
trolled through files, is that anywhere that you can get to everybody's 
history through a unique identifier, where the infrastructure is not 
there to support privacy, is a problem.

"And we still have lots of areas for leakage of data in corporations. It 
doesn't have to be online either. It can be in a development 
environment, it can be data that is copied and sent into an off-site 
location, it can be the hard copy, it can be through wireless. There's a 
whole stack of ways that data can be leaked out of a server with or 
without knowledge. It is just horrendous to think that we are going 
about linking everyone's known data."

Benbow, with a strong background in IT audit, insists there is no truly 
secure computer environment and probably never will be. For instance he 
says he has just completed an audit of a major government and found 
security there to be "okay". But he says he faced strong pressure to 
give the go-ahead to the department's plans to link "very, very 
sensitive high-level confidential information" across the whole of 
government.

Yet he says even the computer systems of the world's best intelligence 
agencies, like MI5, the CIA and the KGB, suffer data leakage, usually 
emanating from "a person with two legs and two arms" and the motivation 
to compromise the data.

"Whenever you have a person involved you cannot give a 100 percent 
guarantee," he says.


-- 

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au





More information about the Link mailing list