[LINK] Leakage Problem Means Cards Will Never Be Secure
Karl Auer
kauer at biplane.com.au
Thu Sep 28 09:49:01 AEST 2006
On Thu, 2006-09-28 at 09:02 +1000, Bernard Robertson-Dunn wrote:
> <brd>
> This guy seems to be a bit of an extremist. The things I have a problem
> with are:
>
> "impossible to ever completely secure any smart card" and "there is no
> truly secure computer environment and probably never will be" So? it's
> also impossible to guarantee that you won't get hit by a meteor when you
> go out. Everything is a matter of risk.
OK - so let's NOT have the Government saying "this system will be
secure". It won't be. It will be a classic honey-pot. Monolithic,
hyper-valuable data is a FAR bigger risk than the same data, spread out
over disconnected systems.
> And in the case of the access card, the data they are considering
> putting on the card (either in the face or in the chip) is no different
> from (or in fact less than) that already likely to be in their wallet
> next to the Access Card.
It isn't the card. When will people finally understand that? It's the
back-end, a back end that will contain every Australian, linked to a
number, and that will be expended over time to include functionality
that either has not yet been thought of or has been thought of but not
presented to the people for discussion, consideration or approval.
Actually it is slightly the card. It won't be an ID card, they keep
saying, but there is NOTHING in place to prevent it becoming exactly
that, just as the Social Security card has become in the US. The law
should explicitly FORBID its use as ID - by making requesting *or
showing* the card for ID purposes an offense. And there is NO need for
it to have any identifying data visible on it at all (though owners may
wish to place some private identifying mark of their choice on the card,
it doesn't have to be their name).
> The back end systems that support the card will be subject to the same
> constraints as any other government system with respect to security,
> privacy, data matching etc.
My God, and that makes you feel good? That's a big part of the problem!
Did you actually READ about the Centrelink data thefts? Imagine anyone,
in any Government department, can find out anything about you that any
other Government department knows. The trade in illegal information will
be immense.
This is the database equivalent of leaving all the ports on a firewall
open all of the time, rather than just opening those you need, when you
need them.
> My reaction to this report is "what's in it for him?"
Maybe the same thing that is in it for everyone - a desire to stop a bad
system being badly implemented and resulting in general badness for all.
Oh, and the chances that it actually reduces fraud are quite slim. There
will be a dip, then it will be back to business as usual by the
fraudsters.
Extremist? No - but it's odd how quickly anyone who disagrees with this
Government's plans gets that label applied. Wanting freedom and privacy
didn't used to be a "extreme" position. How utterly, utterly depressing
that it has become so.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
More information about the Link
mailing list