Wednesday, August 05, 2009

Identity Scheme security breaches - it begins

If I've said it once, I've said many times, the weakest link in the Government's crazy Identity Register plan is the human beings that use it. Whether they deliberately breach security, or they just make a mistake and delete something, it's the user where the security issues lie more than anything else.

And lo, it came to pass, nine people have been sacked for snooping on the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the government's multi-billion-pound ID card programme.

The most hilarious thing is what the DWP spokesman said,
"The small number of incidents shows that the CIS security system is working and is protected by several different audit and monitoring controls, which actively manage and report attempts at unauthorised or inappropriate access."
Yes, that's right, unauthorised accesses should not be considered a problem because they spotted them. Only problem is, how do they know if the information gleaned from an unauthorised access hasn't been passed on through another, unmonitored, channel.

Oh that's right, they don't!

No comments: