Microsoft’s Kim Cameron writes on the big UK identity breach, calling it an “Identity Chernobyl.” Choice observation:
Isn’t it incredible that “a junior official” could simply “download” detailed personal and financial information on 25 million people? Why would a system be designed this way?
To me this is the equivalent of assembling a vast pile of dynamite in the middle of a city on the assumption that excellent procedures would therefore be put in place, so no one would ever set it off.
There is no need to store all of society’s dynamite in one place, and no need to run the risk of the collosal explosion that an error in procedure might produce.
Similarly, the information that is the subject of HMRC’s identity catastrophe should have been partitioned – broken up both in terms of the number of records and the information components.
Were our REAL ID Act implemented, we would have similar piles of identity dynamite placed around the country waiting to explode. The proposed regulations implementing REAL ID punted on the security and privacy issues, perhaps “on the assumption that excellent procedures would therefore be put in place” by states.
Final REAL ID regulations are expected Real Soon Now.