[LINK] Leakage Problem Means Cards Will Never Be Secure

Bernard Robertson-Dunn brd at iimetro.com.au
Thu Sep 28 11:06:33 AEST 2006 

Roger Clarke wrote:

> At 9:02 +1000 28/9/06, Bernard Robertson-Dunn wrote:
> 
>> And in the case of the access card, the data they are considering 
>> putting on the card (either in the face or in the chip) is no 
>> different from (or in fact less than) that already likely to be in 
>> their wallet next to the  Access Card.
>>
>> The back end systems that support the card will be subject to the same 
>> constraints as any other government system with respect to security, 
>> privacy, data matching etc.
> 

> The very considerable pressure that we've had on the project has to be 
> sustained, information has to be forced into the open that they don't 
> want to see made public, the design has to be beaten into a shape that 
> is practicable and no more privacy-threatening than is actually 
> warranted, and controls have to be put into place that make it difficult 
> for the next round of social control devotees to re-purpose the scheme 
> to what they really wanted it to be in the first place.

I don't have a problem with the desire to make more information public.
The government (and its agencies) is actually trying very hard to
achieve the goals you have mentioned. Unfortunately it seems to be
between a rock and a hard place in that it doesn't want to talk too much
about how the system will work but it needs to re-assure the community
that its concerns are being met.

I know this because I have a place on the committees developing both the
business requirments and the technical solutions.

However, I'm not permitted to discuss anthing that goes on in these 
meetings and there is no way I'm going to ask you to "trust me, I know 
things you don't and it will all be OK". Its up to the government to 
address community concerns and I'll let you be the judge of how well 
they are doing that.

> And don't believe that nonsense about privacy laws acting as an 
> effective constraint on this or any other government system.  The 
> Privacy Act was designed to be rubbery from the outset.  Its power is 
> continually stripped back by scores of provisions that go through 
> Parliament without discussion every year and that authorise additional 
> privacy-invasive uses of data.

The privacy act is not the only one relevant here. There are issues of 
data matching, protection and security, which people are taking very 
seriously.

One of the interesting things is that the people working on this system 
are all members of the community, the same as you and I. They are just 
as interested in protecting their own privacy as the rest of us.

-- 

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au

More information about the Link mailing list