Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion
‎08-14-2019 09:52 AM
‎08-14-2019 09:52 AM

Large Biometric spill in UK

I'm sure the GDPR police will be all over this.

 

Interesting comment towards the bottom of the article is the establishment of a system that would lower the number of databases that would house your biometrics.  Maybe a digital medical record that also stores our biometrics and can only be accessed with our prior approval?

Reply
3 Replies
canLG0501
Newcomer III
‎08-14-2019 10:56 AM
‎08-14-2019 10:56 AM

Well written article.  The best point mentioned, "we need some kind of unified platform where we limit the numbers of parties who actually hold such data, with others accessing those trusted holders on an “as a service” basis."  The notion of least privilege and access control never grow old.

Reply
0 Kudos
rslade
Influencer II
‎08-14-2019 03:26 PM
‎08-14-2019 03:26 PM

I like the Guardian article better, but there still seem to be lots of questions to ask.

A million people (maybe only a million UK citizens?) but more than 28 million
records?

And, as Forbes points out, this is biometric data: you can't exactly change your
password. A fairly huge hit impacting the use of biometric data itself. With the
number of individuals affected by this, you start to get to the point that you have
to make alternative access control arrangements for a significant section of the
population ...

And the irony that this was a company that provided security services to police,
defence agencies, and banks? Who watches the watchers who are watching the
watchers?

(OK, in this case it seems to be research and possibly not a real breach, but still ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
If you want to keep a secret from me, put it inside a Facebook
event invitation.
- https://twitter.com/brittanymooreok/status/567069226104786944
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
Caute_cautim
Community Champion
‎08-14-2019 04:17 PM
‎08-14-2019 04:17 PM

Looks like it goes back to the fundamentals as Ross Anderson famously stated to a Select Committee in the UK:  https://publications.parliament.uk/pa/cm201314/cmselect/cmhaff/70/7004.htm

 

"The only way to ensure data does not leak is not to collect it." 

 

Seems there is a great need for a Trust Network - but exactly who do you trust? 

 

Regards

 

Caute_cautim

Reply
0 Kudos