At present every individual's data is held in hundreds of databases that are almost certain to be inconsistent and many will also be insecure. Both the public and private sectors hold both information that should be publicly available and also data that should only be released with the permission of the data subject.
Lots of sources mean lots of effort to update them when personal data changes and multiple requests for the same data. Another implication is that the value of one database alone cannot justify the investment in security necessary to protect the data that should not be public.
It would make a lot of sense for there to be a national repository of open and private data managed under the authority of a body independent of both government and private sector.
In this scenario all users would have RSA key pairs and a chipped key card funded from the savings generated by removing the duplicate existing databases. The key pair would be generated locally on a stand alone machine, stored on the card chip and then the public keys transmitted from the card to the national database directory via an online terminal.
Personal data would be accessible only to holders of an encrypted token generated from a large random number and the subject's private key held only by them.
Since the national database would replace the myriad existing ones there would be massive savings offset by charges to those extracting information. The resulting surplus would be used to buy state of the art security for the national database along with a dedicated team of security professionals to continuously monitor threats, countermeasures and traffic hitting the server.
It would be possible to clone the national database to backup sites accessed over different physical and logical routes and on different IP ranges so that a denial of service attack would result in no perceptible service level degradation by users.
Of course there would be cries of Big Brother if such a database was established and these would have to be met by third party attestation that neither private nor public sector could abuse the data held. The power to unlock private data would always rest with the subject or those designated by that subject.
Access to the technology would also be cited as an obstacle but terminals could be in post offices, libraries, hospitals, job centres, council offices and so on. This would still leave a few remote subjects far away from a terminal and it would be cheaper to simply supply them with a home version of the terminal rather than to set up a less secure phone based service. There would remain some subjects unable to use a terminal due to disability; in such cases an advocate would need to be available to carry out their transactions with the full permission of the data subject.
Given the level of identity theft it may even be acceptable to subjects, in time, for sputum based DNA to be used as an identifier to supplement voice, eye, card and fingerprint authentication.
All access to private data would be logged and sent to the subject at regular intervals so that they could ensure that only access they authorised had taken place.
On top of all this the national database would be subject to annual security audits the findings of which would be published in full in a language that data subjects could understand.
No comments:
Post a Comment