cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Large Biometric spill in UK

I'm sure the GDPR police will be all over this.

 

Interesting comment towards the bottom of the article is the establishment of a system that would lower the number of databases that would house your biometrics.  Maybe a digital medical record that also stores our biometrics and can only be accessed with our prior approval?

Tags (2)
3 Replies
Highlighted
Newcomer III

Re: Large Biometric spill in UK

Well written article.  The best point mentioned, "we need some kind of unified platform where we limit the numbers of parties who actually hold such data, with others accessing those trusted holders on an “as a service” basis."  The notion of least privilege and access control never grow old.

Tags (2)
Community Champion

Re: Large Biometric spill in UK

I like the Guardian article better, but there still seem to be lots of questions to ask.

A million people (maybe only a million UK citizens?) but more than 28 million
records?

And, as Forbes points out, this is biometric data: you can't exactly change your
password. A fairly huge hit impacting the use of biometric data itself. With the
number of individuals affected by this, you start to get to the point that you have
to make alternative access control arrangements for a significant section of the
population ...

And the irony that this was a company that provided security services to police,
defence agencies, and banks? Who watches the watchers who are watching the
watchers?

(OK, in this case it seems to be research and possibly not a real breach, but still ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
If you want to keep a secret from me, put it inside a Facebook
event invitation.
- https://twitter.com/brittanymooreok/status/567069226104786944
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Large Biometric spill in UK

Looks like it goes back to the fundamentals as Ross Anderson famously stated to a Select Committee in the UK:  https://publications.parliament.uk/pa/cm201314/cmselect/cmhaff/70/7004.htm

 

"The only way to ensure data does not leak is not to collect it." 

 

Seems there is a great need for a Trust Network - but exactly who do you trust? 

 

Regards

 

Caute_cautim