Have just read a post by Tom Watson, Cabinet Office minister, on his blog about how the case for a DNA database is strong so long as it has "the right safeguards". There we have it again, the "safeguards" line. So here's a little challenge to Tom, which I doubt he will answer, what are those "safeguards" Tom? Seriously, I know it's a great phrase, but what does it actually mean on a database that will have 40 million records of every British subject on it?
A system that will have multi-user access; accessible APIs for cross reference querying; a network cable plugged into the back of what presumably will be a clustered solution with network storage; a system that Microsoft is involved in; a system who's APIs will be accessed across TCP networks in most cases using tunneling across multiple exposed entry points on the PSTN.
Sitting there and simply saying there will be safeguards is not the same as there being safeguards. So come on Tom, what are the "right safeguards". What will stop someone phreaking a local loop into say, a Council office, and then using that weak access point to come into the GSI and access the database?
What will stop the accidental "delete from" query being run or a rogue piece of code exploiting some buffer overflow in MsSql server or Windows 2003 in general? The biometric passport has already been cracked, so this idea that the ID Register will be some Fort Knox of information security is nonsense.
I've said Eugene H. Spafford's rule once and I'll say it again. "The only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards. Even then I wouldn't bet on it." So Tom, instead of using political rhetoric and bland generalised words about safeguarding why not start talking about details.