Wednesday 21 November 2012

Cybersecurity – good news at last, from midata

Cybercrime
The magnificent power of the web is a double-edged sword. It makes it easy for us all to do our banking on-line. And it makes it easy for cybercriminals to defraud us. Huge brains are working on the side of law-abiding web users and they're holding the line. Thanks to them, fraud is held down, just, to acceptable levels. That could change. Huge brains are working on committing fraud and if they make any serious progress, eBanking and eCommerce in general could have to stop – there is no law of nature that says that eCommerce must be feasible. The web is a dangerous place to do business.

midata
Nevertheless, the Department for Business Innovation and Skills (BIS) want to "empower" consumers by getting us all to store all our transactions on-line, on the web, in the cloud, on the servers of unknown so-called "trusted" third parties or their sub-contractors. Is that a good idea? Given the incidence of cybercrime, aren't BIS behaving irresponsibly? With midata, they're inciting their parishioners to take serious and unnecessary risks. They're trying to take powers to force banks, phone companies, energy companies, retailers and others to put all our transaction data on the web.

"Oi, you two, Tesco, Sainsbury's, get over 'ere",
BIS are effectively saying,
pointing at the flames,
"and bring the petrol".

Impact assessment
Luckily, this proposed legislation requires an impact assessment, listing the putative benefits and the associated risks, please see Impact Assessment for midata – in case of any enquiries, ring Craig Belsham or David Miller.

You remember David Miller. He's the BIS economist who said at the 9 August 2012 open forum that it's very difficult to say if midata would boost the economy. It might. It might not.

Anyway, they're onto it. Under Key assumptions/sensitivities/risks on p.4 it says:
Consumer transaction data held by firms can be valuable commercial information. There is a risk that the existence of a power to compel firms to release this data to consumers may reduce their incentive to collect the information. To minimise this risk the power will only refer to ‘raw’ factual information. Any extension of the sectors beyond energy, mobile telecoms and personal banking/ credit cards will be subject to criteria aimed at promoting price transparency. Consumers will have more of their information in an easily accessible format this could pose a risk of an increase in identity theft or fraud.
"Consumers will have more of their information in an easily accessible format this could pose a risk of an increase in identity theft or fraud" – quite. So, is midata off the menu? Too risky?

Not a bit of it.

Solved
Turn to para.123 on p.48:
123. Consumers will increasingly have more of their information in an easily accessible format. With increasing amounts of this data held on home computers or with third party intermediaries, it may increase the likelihood of identity theft or fraud. This may lead to consumers increasing their own cyber security to mitigate this risk. The Government and members of the midata Interoperability Board are undertaking a programme of work to identify and address these issues, which will conclude before any secondary legislation is brought forward.
"The Government and members of the midata Interoperability Board are undertaking a programme of work to identify and address these issues" – sorted. It's hard to think of any sizeable organisation in the world from the Pentagon on down who won't be ringing Craig and David.

No comments:

Post a Comment