As we know, Nanny and her acolytes have something of a fetish for gathering data on all of us and putting that data into databases.
Nanny's rationale being that the databases help her to "help" us live "better" more "secure" lives etc etc; eg the "super" NHS database (that has yet to work) and the proposed child "protection" database (that allows all manner of people access to personal details).
Nanny has assured us, on numerous occasions, that the data stored in these databases is secure.
Bollocks!
As we have seen in the UK (eg with the loss of HMRC data on 25 million people), databases are far from secure.
However, the ongoing Wikileaks fiasco wrt 250,000 "classified" US cables knocks the UK security failures into a cocked hat.
Whilst the content of the leaked cables is, to people with half a brain, hardly surprising and in many cases bordering on the trivial; the damage done to US diplomatic efforts is incalculable. People will now treat US diplomats in the same way as they treat journalists, and work on the assumption that whatever is said may well appear on the net one day.
How did this fiasco come to pass?
Post 9/11 the US became more scared and paranoid than it usually is. Now, under such conditions, one would assume that there would have been a "security lockdown" wrt handling diplomatic communications.
Perversely, no, the exact opposite happened.
Working from the premise that sharing data would increase US security, the government of the day undertook to build a central database of all diplomatic communications.
Maybe, in itself, this was a logical idea.
However, the US government then asked themselves the fundamental question wrt databases namely:
"Who do we grant access rights to?"
They chose, for reasons that are beyond any understanding, to grant unfettered access rights to over 3.5 million people.
Yes, you did read that correctly, over 3.5 million people were given access rights to this database!
An accident waiting to happen!
Quite why the US authorities are so "shocked" over this leak is beyond me. Frankly the fact that the leak didn't occur years ago is more surprising.
The lesson to our own Nanny is clear, databases can be abused. To leave the design and security of such databases to politicians (who have zero experience of the real world, work or IT) is asking for trouble.
BTW, one small question, what on earth does the US government want the biometric data of UN personnel for?
Visit The Orifice of Government Commerce and buy a collector's item.
Visit The Joy of Lard and indulge your lard fantasies.
Show your contempt for Nanny by buying a T shirt or thong from Nanny's Store.
www.nannyknowsbest.com is brought to you by www.kenfrost.com "The Living Brand"
Celebrate the joy of living with booze. Click and drink!
Visit Oh So Swedish Swedish arts and handicrafts
Why not really indulge yourself, by doing all the things that Nanny really hates? Click on the relevant link to indulge yourselves; Food, Bonking, Gifts and Flowers, Groceries
What people seem not to understand about computers is that they are not secure, and the main reason is that Government won't allow them to be secure in case private citizens were to keep things on them the government can't read.
ReplyDeleteDatabases are the modern version of the old USSR's little red book.
ReplyDeleteInformation is power; every time you have contact with the state they ask for more information that in no way relates to your query. If you question the need for such information, they usually say it's to do with security checks or because the computer wants to know....I then advise them that the computer is only a machine and not a god and then ask why the person that was told to programme the computer feels the need for such information at which point, I am usually told that with out me giving the drone the info requested, they can't process my request.
It seems to me that Nanny has set everything up to gather information about her citizens and yet sheeple still sing the mantra of "If you have nothing to hide etc etc..." Well, I have nothing to hide but I am sick to death of having to prove I have nothing to hide.
That's not exactly true Anon. There are varying levels of encryption that can resist varying levels of hacking by either undesirables or government agencies. However, I repeat myself!
ReplyDeleteRegardless, that is neither here nor there in this case. The person from where the leak originated from was not hacking the database, he had been properly given access but then abused it.
The problem here is as Ken says, poor design, poor access control and over-centralisation of data. A lesson for all our public controlled UK databases.
Its not about now , its about a few years in the future, nanotechnology, androids etc.
ReplyDeleteWell, that is a concern too, but at the minute there are more fundamental issues that need addressing before we can begin to worry about the known unknowns and the unknown unknowns! :)
ReplyDeleteAn excellent article, Ken, summing up the essential craziness of building these monster databases.
ReplyDeleteThe weak link in most IT security is the people who have legitimate access to the data, as Mr Potato Head explains!
They talk about audit, but that just gives you a list of suspects for your leak.
Remember the Police National Computer? That couldn't be abused, could it?
http://www.express.co.uk/posts/view/209613/Policewoman-checked-out-secret-files-to-find-a-lover