Good find there Doug,
I am reminded of some correspondence I had with a company that was
using a third party for age verification based on supplied information
from a person wishing to verify their age,.
the company claimed that the the data path between itself and the third
party was secure and that all identifying data would be erased, I
argued that even in the event of such data erasure there would still be
trace data remaining in the network since there would not necessarily be
a direct one to one path between the involved parties. I therefore
concluded that the public where being misled, ( other legal issues
relating to personal data and jurisdictional issues where also touched
upon).
Ultimately the company concerned ceased its age verification program
following the conversation.
So yes most definitely the question of storage, security and deta
erasure to a sufficiently acceptable degree of reliability is a very
knotty question that, in my view warrents close scrutiny.
ATB
Shaun
On 13/06/2015 10:41, Douglas Rankine wrote:
See url: http://cryptome.org/2015/06/question-of-trust.pdf
Page 33.
“Show me six lines written by the most honest man in the world, and I
will find enough therein to hang him.” Cardinal Richelieu
Dear Colleagues,
As I was reading through this report (A Question of Trust) I came
across the above quote very early on, which I thought expressed so
well, the way that many folks feel when it comes to all this massive
collection and storage of all data pertaining to the internet of
things. I am working my way through the document, which I am finding
quite interesting and easy to read and it is most helpful in my
getting a better understanding of the issues involved, particularly
the historical aspects and its width and breadth.
I would recommend reading it to those of you who have a particular
interest in the subject, particularly our 5 eyes citizens, as it helps
encapsulate what is happening in the world of Information Technology
amongst those nation states; its security (or the lack of it) and the
balance between data collection for the security purposes of the
state, or for the use of the private corporation; and protecting
individual civil liberties, such as free speech, freedom of
association and freedom to inform anonymously, through selective
measures, both legal and in practice. Please note, I am neither
endorsing, or supporting, or condemning this report, but trying to
look at the stuff which interests me and may interest others, from the
point of view of an individual consumer and the man on the Clapham
omnibus... J. Neither do I consider it the “b” all and “end” all of
information on the subject. However, in my view it is a good starting
point to see where the problems are, what the problems are; and which
way the UK government is thinking and may develop its policies, laws,
regulations and methodologies of collection and protection in the
future, and how those developments will affect the relationship
between the security of the state and the civil liberties of the
individual.
One problem which needs to be addressed in my view, and is nearly
always missed or goes unnoticed, is that once electronic information
is collected and stored, it cannot be deleted, unless the storage
media itself is destroyed effectively. A second problem is that
whilst information may be deleted from one storage media, it doesn’t
mean to say that it will be deleted from all forms of storage media.
In my view one of the best ways, but not the only way, to operate a
safer collection system would be to have no mass collection and for
the intelligence services and law enforcement to use more selective
and targeted practices, against suspected criminals or terrorists;
backed up by stronger public oversight (idealism rears its ugly head
again... J). Until such a system is in place, publicly verifiable,
open and transparent, then any measures for deletion of bulk
electronic material will not receive my support, however qualified by
judicial or executive or administerial oversight...With that in mind I
will be continuing to read this report with interest...and will let
you know...when and if I can be bothered...and if I think you are
sufficiently interested...and I am not doing any building work or
gardening... J. As always our colleagues views are much appreciated... J.
ATB
Dougie.
