Alastair’s Place

Software development, Cocoa, Objective-C, life. Stuff like that.

“Privacy”, Again

Somewhat predictably, the “privacy” lobby1 has been taking advantage of the increased publicity after the recent H.M. Revenue & Customs debacle.

However, the entire debate is marred by the fact that all of the people shouting the loudest are completely missing the point.

The problem is not really that HMRC has just lost 25 million sets of personal details. That’s very careless of them, of course, and it’s quite right that they should be chastised for it. But that isn’t really the problem.

The problem is that the Government, the banks, building societies, lenders and credit reference agencies use your personal details as an identifier for you, without authentication of any sort. If it weren’t possible to take out a loan in someone else’s name just by knowing a few personal details, the loss of data from HMRC would be incompetent, but largely inconsequential.

The right fix is not to enact new and even sillier laws to “protect” our personal data—to do that would be to treat the symptom, not the cause. The right fix is to close the loophole that is being exploited by so-called identity thieves2. And the loophole is the fact that the Government doesn’t issue us with a decent identity mechanism that can be positively authenticated3.

The sad thing about this entire affair is that identity cards, done right, would solve this problem in a fairly satisfactory manner, and without posing any real risk of loss of privacy.

1 If you want to know why privacy is in quotes, see this post. 2 I think “identity theft” is something of a misnomer—the people doing the thievery are not stealing your identity… they are stealing other peoples’ money (or maybe even your money) using your identity, in exactly the same way that a thief might steal a security pass (which is someone’s identity) and then use that to steal goods or cash. 3 Interestingly, the Government does issue us with all sorts of identifying documents and numbers. Passports, driving licenses, National Insurance numbers, PAYE reference numbers. The only one I’m aware of that has any sort of authentication whatsoever is the Government Gateway identity that gets given to people who want to use the Government’s on-line services.