Friday 25 October 2013

Next week's news

Just to remind you, some time over the next 168 hours, as promised, we shall see the first ever fruits of the Government Digital Service's identity assurance programme. We shall all be able to amend our tax codes through an on-line connection to HMRC.

Extraordinary, but they won't have the field to themselves.

Remember midata, the latter-day South Sea Bubble being blown by the Department for Business Innovation and Skills? They've been "fanning the flames of innovation" round at the midata Innovation Lab and some time over the next 168 hours we are promised a glimpse of the fruits of their labours, too.

At last, new apps to empower us and improve our lifestyles and make the economy grow.



There's not a single mooncalf left in the world who believes that these apps will be free, is there?



Suppose, just for the sake of argument, that the DMossEsq blog is right and that there is no such thing as a secure website.

Then it would be a mistake for any supplier to try to sell you a service on that basis – the secure website sales pitch undermines trust in any supplier using it. At least two of GDS's "identity providers" do just that. Mydex and Verizon both promise you security. That's a mistake. There are no unicorns for them to deliver.

Better, surely, to say that every effort will be made to keep your personal data secure, but security can't be guaranteed.

We have a sad new example of the problem. Experian Sold Consumer Data to ID Theft Service. It should be made clear that Experian didn't mean to sell consumer data to ID thieves and that they're co-operating fully with the police investigations. But it happened.

Experian, like Mydex and Verizon, are UK "identity providers", on whom GDS's identity assurance programme depends.



The best you can hope for is that security breaches will be kept to an affordable minimum. How do you achieve that? Answer, you make the supplier of the on-line service responsible for losses.

How have the UK retail banks managed so well to maintain public trust in on-line banking? By paying – when you are defrauded, the banks have to compensate you.

That works (para.6).

No comments:

Post a Comment