|
|
> But it's just the tip of the iceberg...only two days ago a USB
> stick containing full names of every prisoner including expected
> release dates, was lost; about 125,000 pieces of personal data.
> Laptops and Top Secret papers are routinely left on trains or
> stolen from cars etc. Govt security is like a sieve. Welcome
> to socialism.
I don't think we've been socialist since the 70s, but moving swift
on...
I think the problem here is two fold. Firstly, governments seem to
think that collecting terrabytes upon terrabytes of data will make
everyone safer. Secondly, they secure the information they already
have very poorly.
The first point is simply not true. Data collection is an easy
problem, data analysis is much harder. The problem is that there is so
much information and so many people that the number of false positives
will be enormous.
Let's say that in a hypothetical police state the government had real
time access to all credit-card transactions. They run reports every so
often trying to work out which people are more likely to commit
crimes. One of these report might be for people who are recently
divorced, child custody has been awarded to the other partner and have
bought petrol and matches in the last couple of hours.
Presumably, the only reason why someone would have that pattern of
behaviour is because they want to burn down their ex-partners house!
How many times is that going to throw a false positive? How many other
reports might you want to run where the false positive rate is going
to be ridiculous?
The idea of a digital police state is a fiction because the analysis
problem is very hard. When you drag-net large amounts of information,
the quality of that intelligence is usually low. It's much better to
have a smaller volume of high-quality information than masses and
masses of low quality data.
A case in point, after 9/11 the FBI was able to reconstruct the
whereabouts of the terrorists involved very quickly. Finding the
relevant data was easy when they knew what they were looking for.
Using the same data to find these people in advance is much harder.
The second problem is that a secret really isn't a secret if almost
anyone can get at it! The problem is that people just aren't treating
data securely seriously. It seems any junior civil servant can get
their hands on very sensitive data. At the moment, these data losses
are just that - accidental losses. It isn't long before a disgruntled
public servant starts selling data to the highest bidder.
I think the only remedy to this irresponsibility is to start putting
people in jail. I don't meant the guy who physically lost the data
either, I mean the directors of the companies responsible.
Furthermore, the government has a role to play in negotiating better
contracts. Contractors should be made to jump hoops on data security.
At any rate, the government is not doing enough about the issue. We've
been having these data breaches for nearly a year now. But then the
government isn't doing much about _any_ issue, other than saying
Gordon Brown is the right man for the job.
Simon.
|
|