Saturday, March 08, 2008

What are the "right safeguards" Tom?

Have just read a post by Tom Watson, Cabinet Office minister, on his blog about how the case for a DNA database is strong so long as it has "the right safeguards". There we have it again, the "safeguards" line. So here's a little challenge to Tom, which I doubt he will answer, what are those "safeguards" Tom? Seriously, I know it's a great phrase, but what does it actually mean on a database that will have 40 million records of every British subject on it?

A system that will have multi-user access; accessible APIs for cross reference querying; a network cable plugged into the back of what presumably will be a clustered solution with network storage; a system that Microsoft is involved in; a system who's APIs will be accessed across TCP networks in most cases using tunneling across multiple exposed entry points on the PSTN.

Sitting there and simply saying there will be safeguards is not the same as there being safeguards. So come on Tom, what are the "right safeguards". What will stop someone phreaking a local loop into say, a Council office, and then using that weak access point to come into the GSI and access the database?

What will stop the accidental "delete from" query being run or a rogue piece of code exploiting some buffer overflow in MsSql server or Windows 2003 in general? The biometric passport has already been cracked, so this idea that the ID Register will be some Fort Knox of information security is nonsense.

I've said Eugene H. Spafford's rule once and I'll say it again. "The only system that is truly secure is one that is switched off and unplugged, locked in a titanium safe, buried in a concrete vault on the bottom of the sea and surrounded by very highly paid armed guards. Even then I wouldn't bet on it." So Tom, instead of using political rhetoric and bland generalised words about safeguarding why not start talking about details.


Mostly Ordinary said...

I agree with you unless no-one is ever going to access it by it's very nature it's open to abuse. These people appear to believe hacking is sole domain of nerds trying to brute force the password like a scene out of the 80's movie Wargames. In fact they vast majority of security breeches are undertaken by people with legitimate access to it.

For me it isn't the spurious claims that they can't hack the encryption on the cards (for it's those you'll qualify against) it's the simple fact I've yet to see a compelling use for them. If the Police, amongst others, want to detain you to determine your ID they are entitled to do it so unless shops and banks are going to screw biometric devices to the counters what's the point? And, if the end game it to let commercial organisations use ID cards to reduce fraud and strengthened their bottom line why can't they pay for it?

I think you can boil down why Labour love ID cards into one phrase 'if you can't measure it, you can't manage it' and it's us they are trying to measure.

Anonymous said...

Out of interest how big would each file be? and how many disks would it span if someone just copied it for sale?.
The whole phone book easily fits on one disk.
I would also add that this "secure" system would be a honey pot every bugger in the world would be at it.

Anonymous said...

Dizzy Mon ami .. Tom will not have an effing clue what you are talking about ;-)

DOppenheimer said...

The government’s record on this and so many other capital projects involving people’s personal data has been proven – The government is not up to the job!

Anonymous said...

Apparently, there are currently 4 million people on the DNA database.

The Govt has admitted that 500,000 of the 4 million entries are erroneous.

Is that the kind of safeguarding Watson is referring to?

Anonymous said...

The Government has a very cunning (almost Baldrisk-like) plan. All the DNA information will be downloaded onto discs and given to very security conscious members of staff to look after - usually by putting them in their briefcases which are hidden under the front seats of their cars so no one who doesn't have the authority to know, will know where they are. Simple really. You know you can trust 'em!

Anonymous said...

a system that Microsoft is involved in

Heh. It's a good point, though. How does Watson know "the right safeguards" are in place? Is it because he knows what he's talking about, has thoroughly investigated the system and has satisfied himself that it's secure? Or is it because some bloke from Microsoft told him they were, shortly after pocketing a barrowload of taxpayers' cash? Because a year ago, Microsoft told the rest of the world, with a straight face, that Vista was quite good...

dizzy said...

mitch, I would imagine, on a 40 million + database the really space user would be indexing. Depends on how it is designed.

Pete Chown said...

I second Mostly Ordinary's comment. It would be possible to design an ID scheme where it is hard to produce a forged card. For example, imagine a card which carried a digital signature of some biometric data concatenated with your name. This would be difficult to forge in a useful way. You could copy it, but what you really want is a card that carries the same biometric data as your real card, and a different name.

The problem is with insiders. If you want such a card, you don't bother with any of this cryptographic stuff, you just hand £100 to the person who issues the cards.

Once you've got your card, you are in a better situation than a present-day crook. You can go and open bank accounts, and because you show an ID card with a certain name on it, people will assume it's correct. You've stolen an identity much more completely than is possible at the moment.