[Dave Birch] One of the reasons why a digital identity infrastructure ought to be more than just building a big database of everyone and then letting everyone have access to it is that the infrastructure will inevitably be abused by those on the inside, no matter how much effort goes into keeping out the bad guys on the outside.
Missouri Citibank employee Brandon Wyatt… accused of tapping Citibank's computers for customer information, then using it to set up checking accounts online with competing banks, including Bank of America, Washington Mutual and AmTrust. Wyatt allegedly wire transferred customer funds from Citibank to the new accounts, then cashed them out with additional transfers, checks, debit card purchases and ATM withdrawals. His take, according to federal prosecutors in St. Louis, was at least $380,000.
It's hard to see how you can stop this from happening completely in an economic way, but what you can do is make sure that there is an audit trail so that someone how decides to have a go at this kind of fraud has a reasonable expectation of being caught. Although I have to say that armed bank robbers have a reasonable expectation of being caught (and a reasonable expectation of a long sentence if they are caught) but they still do it. Anyway, my point is that if you take people personal data and put it in a honeypot, there is only one outcome. A database is not an infrastructure.
As I am sure that we all understand, the problem of insiders obtaining personal data (stealing or, more accurately, copying identites) in financial systems is the least of anyone's worries because at the end of the day all that is stolen is money. There are far more important systems, where there are much greater ramifications to identity crime.
A hacker in Chile calling himself the 'Anonymous Coward' published confidential data belonging to six million people on the internet. Authorities are investigating the theft of the leaked data, which includes identity card numbers, addresses, telephone numbers, emails and academic records.
As I asked the Home Secretary at her update on the ID card, what is the "break the glass" plan when this happens? When people do this kind of thing for political purposes they don't care about the personal consquences. If a disgruntled civil servant decides to publish the entire contents of the national identity database on the web as a protest against government policy on something or other, they know they are going to get caught. But they don't care. Political conscience aside, sometimes, people do this kind of thing just because they are, well, people.
This brings up another problem that ties into this, or what is known as medical identity theft. While medical identity theft hardly ties into Britney Spears getting her information "peeked at," it has become a huge problem. The tie would be the ease in which naughty employees, with no business looking at it, were able to do so.
If you could look up the medical records of neighbours, employers, celebrities or "love rivals" on the web, then you would, not because you are evil but because you are human. We need to be realistic about human behaviour in the systems we build. If we don't want people to snacking on personal tidbits in a the data fridge, a sternly-worded magnet on the door isn't going to help: we shouldn't leaving them in there at all.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]