Governments must fix the digital identity mess, says think tank

Share on Twitter
Share on Google+
公司的信息系统开发、实施过程应明确控制方法和人员行为准则,保存相关文档和记录。
Share on LinkedIn
Share on Reddit
Despite years of strenuous effort, the idea of mass digital identity remains stuck somewhere between non-existent and a total mess.
Ask someone to prove their identity today, and almost without exception they will fall back on a paper passport, driving licence, or bank account statements, usually backed by a social security number (SSN). The online world struggles to accommodate these.
国农科技完成重大资产出售 2016年净利增逾30倍
Digital identity systems such as the UK government’s Gov.UK Verify exist but barely any are used in anger. They float around in no man’s land, like clever experiments whose original objective their creators have lost track of.
Meanwhile, shadowing flesh and blood human identities are virtual ones built from oceans of online data. Much of this is handed over willingly to “surveillance capitalists” – Facebook, Google and advertisers, for instance – but lots more exists in this parallel dimension people are only dimly aware exists.
It’s also the world of identity middle-men such as Equifax, which collected so much valuable data it eventually burst at the seams, spilling millions of names, addresses, SSNs, birth dates and driving licence numbers to cybercriminals who could use it to fuel industrial identity theft for years to come.
Sophos Home
Free home computer security software for all the family
Learn More
Not everyone is giving up yet, however, including the Social Market Foundation (SMF), a UK think tank, which argues in a new report that governments should stop shilly-shallying around and press ahead with full-blown digital ID systems.
But aren’t government systems a damp squib? According to the SMF, the problem of systems such as Gov.UK Verify (which uses private-sector partners) is that they were conceived to serve access to government services such as tax and benefits when the real need is much wider.
Verify’s usefulness would improve dramatically if only companies could use it to identify people too:
Encouragingly, use of Verify in private sector contexts is being actively explored, and we believe there are significant benefits for consumers that could arise from this.
Advantages such as:
Passports could give way to app-based identity systems, possibly backed by biometrics
Expensive paper systems could be banished forever
Online verification could be transformed from today’s guesswork and assumption-based model.
Welfare and immigration fraud would be reduced
Because everyone would have an ID, social exclusion faced by people who lack documents could be reduced
Verification and digital identity could be about to become an industry in its own right so jobs could be at stake
And cybercriminals would no longer find is easy to carry out identity theft against a system that included real-time identity checks on individuals themselves.
Sceptics will see in this as a reprise of the failed UK identity card scheme of a decade ago, eventually scrapped in 2010 after burning through £4.5bn ($6.3bn). Certainly, it’s hard to see how a new ID system wouldn’t initially need to rely on physical documents of the sort that sank the original system on cost grounds.

The other problem is government itself. Solving the digital identity conundrum once and for all can probably only be done at government level – but what if people don’t trust government?
The poster child for digital ID is Estonia, the first country in the world to conduct general elections across the Internet backed by a digital identity system years ahead of other developed countries.
Then there’s India’s Aadhaar, a biometric digital ID system with 1.2bn members that critics have described as “Orwellian”.  The worry is that the Aadhaar model hands government the power to withhold as well as enable access to services as a form of social control.
Which of the two extremes should countries such as the UK and US look to? Probably both deserve scrutiny, but it’s interesting that some of the same civil liberties arguments levelled at Aadhaar also dogged the UK’s ID cards.
This suggests that the path to 21st century digital identity will not be smooth. The flaw in today’s identity model is that data is smeared just about everywhere and anywhere, and incentives to guard it have become warped by commercial self-interest.
But until someone comes up with a way to implement an alternative that doesn’t simply over-centralise power with governments, digital identity will remain a rocky road.
With identity theft at record levels what is hard to believe that digital identity can’t be postponed indefinitely. But the old world of uncertain, weakly defended identity won’t go away quickly – expect Equifax-style breaches to be with us for a while yet.
安全需要全面的架构和管理体系,有点基础的客户应该会明白网关安全能做的到和不能做到的,客户需要的是实在的成熟的解决方案,而不是前期吹得天花乱坠,后期结果差之千里的伪创新。

猜您喜欢

公司员工信息安全意识教育动画视频
破解云安全迷思
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
视频:普京在厦门欣赏非物质文化遗产 拿放大镜仔细看
TWCH ELKHART
人人需知的互联网金融信息安全基础

如何网络能满足所有用户的需求设计

业务越来越依赖信息系统和数据,同时其所面临的安全威胁不断增长,客户和大众对个人隐私和数据安全越来越重视,法律法规对安全的要求和监管也越来越严格,当然这么多的驱动力会使安全软件的需求兴旺。
信息安全职业发展的顶级职位与职责
依据安全补丁管理流程,我们有订阅各类系统和应用的安全通报,并且及时采取补丁的修复工作。我们仍然担心未公布的安全漏洞被攻击者利用,所以我们有部署多层防御控制措施,即使一层防御失效,仍会有其它保护层在起着作用。

猜您喜欢

评估数据备份与恢复过程的正确姿势
网络安全公益短片防范移动僵尸网络
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
马云有多壕?看看阿里巴巴年会奖品就知道了
SIMPLEPDFCALENDAR LIFEALERTHELP
信息安全十字歌谣