cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

GDPR says it's illegal for anyone to do this--except the EU government ...

The European Parliament voted to interconnect various border-control, migration, and law enforcement systems, thus creating a gigantic, biometrics-tracking, searchable database of EU and non-EU citizens.

 

The new database will be known as the Common Identity Repository (CIR) and is set to
aggregate records on over 350 million people with identity records (names, dates of birth, passport numbers, and other identification details) and biometrics (fingerprints and facial scans).

 

(Skynet?  Collosus?  The Mark of the Beast?)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
7 Replies
CISOScott
Community Champion

I don't think Google will be happy that the government is trying to muscle in on their business...

Caute_cautim
Community Champion

Did anyone get a choice i.e. opt out?  Or is it mandatory by being an European?   Similar to the Chinese Facial recognition database they are creating too.

I wonder how this stacks up against GDPR or is it a case of you are in the Union and you will abide?

 

Regards

 

Caute_cautim

 

HTCPCP-TEA
Contributor I

To be fair, the EU's Data protection authorities have actually taken issue with this, and are sticking by their opposition. 

 

Unfortunately, they are being ignored. 

 

Can anyone say Loophole?????

 

From what I can see, the whole CIR initiative is effectively making several separate databases inter-operable, and therefore they will remain separate. Allegedly, you are still protected under the whole GDPR, though it does become more ambiguous. 

 

Easiest point to nail the whole initiative on is the lack of Opt-Out, but I would imagine they will write in any exclusion necessary by the time it comes into play (forecast for 2023).

 

Though looking at Article 6 in GDPR alludes to the additional processing of data being lawful in that it is "necessary for the performance of a task carried out in the public interest.....". There is scope to misinterpret such regulations....

 

 

For perspective, it is being touted are comparable to databases used by Chinese Government, US Customs and Border Protection (CBP), The FBI, and India's Aadhar System. 

 

Caute_cautim
Community Champion

@HTCPCP-TEAA wonderful perspective you paint in reality:  Perhaps we should put this conversation in multiple places, because the implicit implications are frightening and need debating.  

 

We have a huge clash of technology and government needs coming up vs Privacy and Human Rights.

 

But it appears no one is prepared to have that debate, and I will attempt to illustrate what I mean:

 

Take 5G which is an exponential explosion and demonstration of Internet of Things, Embedded devices, communications, wireless technology and interconnection on a level, people have not truly witnessed before. The implications are frightening, because the average human on the street, will simply enjoy the technology and capabilities, but not understand the level of trust that is required, ethical practices which are needed to maintain some semblance of remaining legal, private, within human rights balanced against the demonstrated requirements of the EU, Chinese and many other nations.  

 

Take for example the drive towards digital identity, first of all it was related to saving costs, and making it easy to obtain and verify ones identity for births and deaths, obtaining a bank account, passport etc etc and many other use cases.  But now we have technologies such as 5G at our doorstep, which make it easier in the fields of medical devices, embedded to help people hear, see, keep your heart going, tracking hip implants - you can go on naming it, but it will happen given the opportunity.    

 

The use of technologies immutable records such as Blockchain, will occur, whether or not we like, this information will be gathered with or without our mutual consent to do so.   This information whether we like or not or simply accept will be used for marketing, advertising, surveillance, tracking, insurance purposes, geographical sampling etc etc - whether we listen to the platitudes of leaders or not, the capability is very hard to resist, and the implications are awe inspiring, but as colleagues here have stated previous, the alignment with Orson Wells famous book called "1984" was a science fiction, but we are literally on the stepping stone of this actually happening, and everyone accepting it gleefully like sheep simply accepting it as the "norm".

 

With the EU accepting the gathering of information, within distributed databases, one has to wonder where is the basic rights to ensure that our individual confidentiality will be maintained, and the integrity of the data collected not manipulated and made available or have the right to opt out. 

 

Maybe those who chose to come off the grid, and live on an island and live off the sea or land, had the right approach a long time ago?

 

I am not against, the use of technology, Augmented Intelligence, data analytics, for the benefit of man kind, but we are at the precipitous cliff edge of simply following like sheep on a massive group basis, and just accepting it as the norm.

 

Surely everyone has some basic rights as a human being, let alone the implications of devices being embedded into our bodies, to overcome or enhance any weaknesses - but who has access, how is that information being used, or will be used or sold to others, without our full understanding. 

 

Where do you draw the line, between enhanced safety, privacy and out right surveillance of each and every individual on this planet?

 

Regards

 

Caute_cautim

HTCPCP-TEA
Contributor I

100% Agree. 

 

The debate of such a topic should be mandated by law! I joke about mandates but the whole topic needs to be explored to a much wider and more deeper degree. 

 

"1984" - what a wonderful piece of writing to refer to, and again I'd have to tip my hat to you around the accuracy of the reference. 

 

"Joe Everybody" on the street won't see the negatives or pitfalls of such conveniences unless nation state owned media feed them such information.  Frankly, why would they care? They have been giving up their own information for decades without hesitation, in order to receive even the smallest service or convenience. Getting them to stop would mean changing the fabric of their lives, for a large part. Cultural change is what is needed most. 

 

I fear the road ahead is dark, but alas, it's still a road and must be traveled. 

dcontesti
Community Champion

So it is very 1984ish but then so is the recent law (CLOUD data Act -- Clarifying Lawful Overseas Use of Data Act) implemented (rather silently) in March/April 2018.

 

It allows the US Gov't to access data (emails, etc.) of US citizens regardless of where the information is stored.

 

Wiki Link: https://en.wikipedia.org/wiki/CLOUD_Act

 

The catch on this one, is that it allows foreign governments to access data held in US locations.  

 

So the lines are blurring between my personal privacy and my human rights and with all the new privacy laws coming at us, it will most likely only become more complicated.

 

Regards

 

d

 

 

 

 

Caute_cautim
Community Champion

@rslade    1984 thoughtcrime plain and simple

 

And we thought TikTok was bad, and the Chinese surveilance strategy.

 

Regards

 

Caute_cautim