Wednesday, August 06, 2008

Clear - Secure Data?

Secure data is just a dream until companies and governments work out just what they are dealing with. The basic problem is that processes to access and store data are inadequate. This is why until proper processes and procedures are in place we need to accept that "secure" data is just not possible particularly in large scale systems, such as the NHS Spine, which transport data to and from many smaller systems or access points.

The simple example shown in this article where supposedly highly secure data on verified travellers show just how dangerous this problem could be. The company operating the system, FlyClear, is now not accepting new customers as they "upgrade" their systems. Interestingly as late as July 2008 they were still extolling their privacy and how they were secure, including details of an audit performed by Ernst and Young. Their parent company is intriguingly called Verified Identity Pass Inc.

It may also find out the hard way that one error in this type of market can lead to the end of the business. Significantly the system causing the problem was called "Clear" and obviously this is how they liked to view their data.

The Times today also has another example, not new, of how the supposed "Fakeproof" E-Passport can be cloned in minutes.

What this shows is that anything claimed as "uncrackable" or "unbreakable" just isn't at the moment so don't believe it.

Slashdot | "Clear" Air-Travel Pass Data Stolen From SFO

1 comment:

e.street said...

Has the snow come early to Tarland?