Alastair’s Place

Software development, Cocoa, Objective-C, life. Stuff like that.

More U.K. Government Data Loss.

After a couple of previous stories about data loss, you’d have thought it would be the end of it, but sadly, it isn’t. This time it’s three million driving test candidates’ data, and while it c net’s article says that the lost disk was “formatted specifically for Pearson systems”, the fact is that that is no protection whatsoever.

OK, so in this particular instance it wasn’t the Government that lost the data. But they did give it to someone who then didn’t take enough care with it, and after introducing legislation designed to protect the public from companies doing that exact same thing.

I’ve said it before and I’ll say it again. The fault here is that financial institutions and the Government are prepared to use facts about you as your canonical identity. This is wholly the wrong approach, because there is no authentication involved.

It should be possible for me to write all my personal details on a billboard sign in the middle of London and have no fear that someone will take credit in my name. And that means that we need a different means of establishing a canonical identity, one that includes authentication.