![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
That massive HMRC leak of data
Nov. 21st, 2007 11:52 amThis is a classic example of a story the reporting of which is itself the problem. The data has been lost; with reasonably high probability it's been lost to people unable to do anything with it, in which case nothing has actually happened. If it is lost to people able to do things with it, it increases the background risk of identity theft, but there is nothing whatsoever that any given individual can do given this information - it's even less useful than the 'avian flu exists; refrain from handling dead wild birds if at all possible' news items of the start of the year. The useful mitigation has to be done at the level of large-scale identity users, essentially the banks.
But the information has been presented in a way that clearly has worried people; and to worry twenty-five million people about something which ought to be giving sleepless nights to two dozen teams in the back offices of major banks doesn't seem a publicly valuable act ... raising blood-pressures by on average one quarter-micron of mercury will statistically cause some number of heart attacks, which will statistically cause some number of deaths that would be considered front-page, questions-in-the-House bad news if caused by men with knives.
I'm not sure this particular large data-leak can't be spun as a strong argument for ID cards. It means that it can be argued that bad-guys-unspecified have the NI numbers, dates of birth and bank information for near enough everybody, at which point any organisation prepared to let somebody do something to my detriment given only my NI number, date of birth and bank information is presumptively negligent.
I don't think this troubles me too much - I am fairly happy to open bank accounts by appearing in person with a cheque, a passport and a gas bill - but it's clearly troublesome for people for whom getting to the bank is hard, or for whom the cost of getting a passport is significant.
There's certainly an argument that I can imagine being made, of the shape 'previous proof-of-identity systems which we believed adequate are compromised; requiring time-consuming authentication processes from everybody is expensive; what we need to do is to move to some other method of authentication, for example these beautiful high-tech public-key-authentication-on-secure-processor ID-cards what the selfless people at EDS have prepared for us'.
But the information has been presented in a way that clearly has worried people; and to worry twenty-five million people about something which ought to be giving sleepless nights to two dozen teams in the back offices of major banks doesn't seem a publicly valuable act ... raising blood-pressures by on average one quarter-micron of mercury will statistically cause some number of heart attacks, which will statistically cause some number of deaths that would be considered front-page, questions-in-the-House bad news if caused by men with knives.
I'm not sure this particular large data-leak can't be spun as a strong argument for ID cards. It means that it can be argued that bad-guys-unspecified have the NI numbers, dates of birth and bank information for near enough everybody, at which point any organisation prepared to let somebody do something to my detriment given only my NI number, date of birth and bank information is presumptively negligent.
I don't think this troubles me too much - I am fairly happy to open bank accounts by appearing in person with a cheque, a passport and a gas bill - but it's clearly troublesome for people for whom getting to the bank is hard, or for whom the cost of getting a passport is significant.
There's certainly an argument that I can imagine being made, of the shape 'previous proof-of-identity systems which we believed adequate are compromised; requiring time-consuming authentication processes from everybody is expensive; what we need to do is to move to some other method of authentication, for example these beautiful high-tech public-key-authentication-on-secure-processor ID-cards what the selfless people at EDS have prepared for us'.
