政府必须解决数字身份混乱,说智囊团

Share on Twitter
Share on Google+
Share on LinkedIn
Share on Reddit
Despite years of strenuous effort, the idea of mass digital identity remains stuck somewhere between non-existent and a total mess.
Ask someone to prove their identity today, and almost without exception they will fall back on a paper passport, driving licence, or bank account statements, usually backed by a social security number (SSN). The online world struggles to accommodate these.
Digital identity systems such as the UK government’s Gov.UK Verify exist but barely any are used in anger. They float around in no man’s land, like clever experiments whose original objective their creators have lost track of.
Meanwhile, shadowing flesh and blood human identities are virtual ones built from oceans of online data. Much of this is handed over willingly to “surveillance capitalists” – Facebook, Google and advertisers, for instance – but lots more exists in this parallel dimension people are only dimly aware exists.
It’s also the world of identity middle-men such as Equifax, which collected so much valuable data it eventually burst at the seams, spilling millions of names, addresses, SSNs, birth dates and driving licence numbers to cybercriminals who could use it to fuel industrial identity theft for years to come.
Sophos Home
Free home computer security software for all the family
Learn More
Not everyone is giving up yet, however, including the Social Market Foundation (SMF), a UK think tank, which argues in a new report that governments should stop shilly-shallying around and press ahead with full-blown digital ID systems.
But aren’t government systems a damp squib? According to the SMF, the problem of systems such as Gov.UK Verify (which uses private-sector partners) is that they were conceived to serve access to government services such as tax and benefits when the real need is much wider.
Verify’s usefulness would improve dramatically if only companies could use it to identify people too:
Encouragingly, use of Verify in private sector contexts is being actively explored, and we believe there are significant benefits for consumers that could arise from this.
Advantages such as:
Passports could give way to app-based identity systems, possibly backed by biometrics
Expensive paper systems could be banished forever
Online verification could be transformed from today’s guesswork and assumption-based model.
Welfare and immigration fraud would be reduced
Because everyone would have an ID, social exclusion faced by people who lack documents could be reduced
Verification and digital identity could be about to become an industry in its own right so jobs could be at stake
企业内部网络作为信息化建设的主要载体,大中型企业几乎都已经部署了基本的技术保护措施如防火墙、防黑客入侵等。
And cybercriminals would no longer find is easy to carry out identity theft against a system that included real-time identity checks on individuals themselves.
Sceptics will see in this as a reprise of the failed UK identity card scheme of a decade ago, eventually scrapped in 2010 after burning through £4.5bn ($6.3bn). Certainly, it’s hard to see how a new ID system wouldn’t initially need to rely on physical documents of the sort that sank the original system on cost grounds.
The other problem is government itself. Solving the digital identity conundrum once and for all can probably only be done at government level – but what if people don’t trust government?
The poster child for digital ID is Estonia, the first country in the world to conduct general elections across the Internet backed by a digital identity system years ahead of other developed countries.
Then there’s India’s Aadhaar, a biometric digital ID system with 1.2bn members that critics have described as “Orwellian”.  The worry is that the Aadhaar model hands government the power to withhold as well as enable access to services as a form of social control.
Which of the two extremes should countries such as the UK and US look to? Probably both deserve scrutiny, but it’s interesting that some of the same civil liberties arguments levelled at Aadhaar also dogged the UK’s ID cards.

This suggests that the path to 21st century digital identity will not be smooth. The flaw in today’s identity model is that data is smeared just about everywhere and anywhere, and incentives to guard it have become warped by commercial self-interest.
互联网安全受热议,中安消信息安全业务转型发展
But until someone comes up with a way to implement an alternative that doesn’t simply over-centralise power with governments, digital identity will remain a rocky road.
With identity theft at record levels what is hard to believe that digital identity can’t be postponed indefinitely. But the old world of uncertain, weakly defended identity won’t go away quickly – expect Equifax-style breaches to be with us for a while yet.
分享推特
分享谷歌
分享LinkedIn
分享在Reddit
尽管经过多年的艰苦努力,海量数字身份的想法仍然存在于不存在和混乱之间。
请人来证明自己的身份,今天,几乎无一例外会依靠一纸护照,驾驶执照或银行帐户报表,通常是由一个社会安全号码(SSN)支持。网络世界的斗争,以适应这些。
数字识别系统如英国政府uk验证存在但几乎没有任何用于愤怒。它们漂浮在无人的土地上,就像聪明的实验一样,它们的创造者失去了最初的目标。
同时,隐藏血肉之人的身份是从在线数据的海洋中构建出来的虚拟身份。其中大部分是自愿移交给“监视资本家”的,比如脸谱网、谷歌和广告商,但更多的人存在于这个平行的维度,人们只是模模糊糊地意识到存在。

Sophos的家
所有的家庭免费上门电脑安全软件
了解更多
不是每个人都放弃,然而,然而,包括社会市场基金会(SMF),英国的一个智库, 提出一个新的报告说,政府应该停止犹豫不决,推进全面的数字标识系统。
但不是政府系统的一个哑炮吗?根据单模光纤,系统如uk问题验证(使用私营部门的合作伙伴),他们都为获取政府服务如税收和福利时,真正需要的是更广泛的。
如果公司能用它来识别人,验证的用处就会大幅度提高:
令人鼓舞的是,在私人部门中使用验证正在积极探索,我们认为有很大的好处的消费者产生的可能。
优点如:
护照可能会让位给基于应用程序的身份识别系统,这可能是基于生物特征识别技术的。
昂贵的纸张系统可能被永远的放逐
在线验证可以从今天的猜测和假设模型转变。
福利和移民欺诈将减少
因为每个人都有身份证,所以那些缺少文件的人面临的社会排斥可以减少。
核查和数字身份可能会成为一个自己的行业,因此就业可能受到威胁。
网络犯罪分子将不再发现对一个包括对个人自身进行实时身份检查的系统进行身份盗窃是很容易的。
怀疑论者会看到这是一个重复失败的英国身份证计划的十年前,最终取通过਴.5bn燃烧后亿美元)。当然,很难看出一个新的ID系统最初不需要依赖那种以成本为基础而沉没原始系统的物理文档。
另一个问题是政府本身。彻底解决数字身份难题只能在政府层面上解决。
数字身份证的宣传对象是爱沙尼亚,这是世界上第一个在因特网上进行大选的国家,它比其他发达国家提前了一个数字身份系统。
然后
这两个极端的国家如英国和美国看看吗?也许两者都值得推敲,但
这表明通往二十一世纪数字标识的道路将不平坦。今天的缺陷
但是,直到有人提出了一种方法来实现一个替代方案。
随着身份盗窃在创纪录的水平,很难相信数字身份可以
真正涉及到安全问题的是我们的个人信息,以及与自身权益密切相关的信息、个人隐私等等。近年来,由于个人信息的泄露造成的各类事件,已经带来了相当严重的社会危害。

猜您喜欢

网络招聘平台信息发布混乱引发舆论关注
中俄信息安全合作能否对抗美国互联网霸权
LMS学习管理系统管理员快速操作指南
李宇春出道这么久,对我们大家隐瞒了什么,真不敢相信!
GIF-GUY REALPRODUCTMONEY
是否应该对用户的安全失误进行严惩

Hurricane Harvey: Hospital EHRs Appear to Weather the Storm

Ben Taub Hospital in Houston, which was evacuated. Credit: Andrew Kragie, Houston Chronicle
In the wake of Hurricane Harvey, Texas hospitals have not reported issues involving access to electronic health records and other critical systems, says Lance Lunsford of the Texas Hospital Association. But some hospitals particularly hard-hit by flooding have evacuated patients.
See Also: How to Scale Your Vendor Risk Management Program
网络安全法普法宣传 004《网络安全法》的突出亮点
Meanwhile, healthcare organizations in the region are getting some relief from complying with the HIPAA Privacy Rule and other regulations to help expedite quick treatment of patients.
“You have to take into account that Houston is in the heart of the target zone of hurricane tracks,” Lunsford says. “We’ve had 15 years since [tropical storm] Allison, then Hurricane Katrina, and many big storms in between, to learn from and to build the physical and technology infrastructures, emergency and response plans.”
Hospitals in the region “have understood how vulnerable they are and have stepped up their infrastructures, emergency management and staffing to deal with hurricane threats,” he says.
That includes hospitals moving computer and electrical equipment “to higher ground” to avoid the damage caused to some in past storms by flooding of basements where IT and high-end medical equipment were formerly stored, he says.
“There haven’t been reports of massive failures,” he told Information Security Media Group. “Hospital leaders are learning the lessons of the past.”
While most hospitals so far appear not to be reporting hurricane-related problems with their information systems, it’s likely still too soon to know whether smaller clinics and pharmacies are also in good shape, Lunsford says.
“Most of them closed up shop [to prepare and deal with the storm late last week] and haven’t reopened yet,” he notes.
Mac McMillan, president of security consulting firm CynergisTek, which is based in Austin, Texas, says that while many smaller clinics and offices have been closed, “the hospitals have continued to operate, but the biggest challenge is getting patients to their doors. First it was the floods from the storm, now it is the controlled flooding as they work to save the dams and levees.”
McMillan notes that Houston is a city that “understands the need for solid plans for disasters from storms. Testing and conducting practice drills is a part of their culture. The problem is as some have said the reality of the next storm is never the same as the one in the past, and Harvey is like no other in history in terms of the amount of water they are having to contend with.”
Easing HIPAA
Meanwhile, The Department of Health and Human Services has declared a public health emergency in Texas. HHS Secretary Tom Price, M.D., under his authority in the Public Health Service Act and Social Security Act, is allowing the Centers for Medicare and Medicaid Services “to waive certain documentation requirements to help ensure facilities can deliver care” to Medicare patients, according to an HHS statement.
HHS notes that many Medicare beneficiaries have been evacuated to neighboring communities where receiving hospitals and nursing homes may have no healthcare records, information on current health status or even verification of the person’s status as a Medicare beneficiary. “Due to the emergency declaration and other actions taken by HHS, CMS is able to waive certain documentation requirements to help ensure facilities can deliver care,” HHS says.
As part of that emergency declaration, HHS has issued a bulletin about how the HIPAA Privacy Rule regulations fit into extreme emergency situations and the rule’s requirements that are being waived temporarily in the hurricane-affected regions.
“Severe disasters – such as Hurricane Harvey – impose additional challenges on healthcare providers,” HHS notes in the bulletin. “Often questions arise about the ability of entities covered by the HIPAA regulations to share information, including with friends and family, public health officials, and emergency personnel.
“The HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts and to assist patients in receiving the care they need.”
HHS is exercising its authority to waive sanctions and penalties against hospitals in Texas that do not comply with the following provisions of the HIPAA Privacy Rule:
The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care;
The requirement to honor a request to opt out of the facility directory;
The requirement to distribute a notice of privacy practices;
The patient’s right to request privacy restrictions;
The patient’s right to request confidential communications.
HHS adds that such a waiver only applies under specific conditions, including in the emergency area and for the emergency period identified in the public health emergency declaration; to hospitals that have instituted a disaster protocol; and for up to 72 hours from the time the hospital implements its disaster protocol.
“When the presidential or secretarial declaration terminates, a hospital must then comply with all the requirements of the privacy rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol,” HHS says.
Other Efforts
Meanwhile, the National Health Information Sharing and Analysis Center is working with federal agencies, including HHS and the Department of Homeland Security, to assist in the disaster efforts, says Denise Anderson, executive director.
“NH-ISAC is sending out alerts and cross-sector information as applicable as well as attending calls with HHS and DHS,” she says. “We are coordinating with the DHS National Infrastructure Integration Center, HHS and our partners and monitoring any member requests that come in.”
HHS notes it is also is helping evacuate hospital patients to healthcare facilities outside the impacted area.

Among flooded hospitals that have evacuated patients is Ben Taub Hospital in Houston, which is operated by Harris Health Care.
In a separate statement issued Monday, HHS said that thousands of Texans sheltering at the George R. Brown Convention Center in Houston will have medical care on site through a 250-bed Federal Medical Station being established by HHS at the request of Texas’ State Department of Health.
“The Federal Medical Station we are setting up and staffing in Houston will provide vital care to Texans affected by Hurricane Harvey, and we stand ready to devote additional resources as needed,” Price says in the HHS statement.
HHS says it also has additional Federal Medical Stations available for patient care in Texas, and has positioned two 250-bed stations in Baton Rouge ready to be deployed in Louisiana should state officials determine they are needed.
HHS adds that it has more than 500 personnel on the ground to assist those affected by Hurricane Harvey and 1,300 more on standby.
随着云计算、物联网、智慧城市等概念相继落实,我们的社会变得高度信息化,同时信息安全问题也日益严峻,而信息安全和我们所有的用户都息息相关,所以我们每个人都应该采取合理的步骤以确保我们的个人系统和信息数据的安全。
The agency also has helped local public health officials address the needs of those who rely upon electricity-dependent medical equipment. HHS has provided information to local public health officials about the number of Medicare beneficiaries in each impacted area who rely on 14 types of life-maintaining and assistive equipment, ranging from oxygen concentrators to electric wheelchairs, as well as data on the number of people who rely on dialysis, oxygen, and home health services.
“These citizens are among the most vulnerable in their communities and most likely to need life-saving assistance in prolonged power outages,” HHS says.
HHS did not immediately respond to ISMG’s request for additional information about the disaster efforts, how many hospitals in the affected region have been evacuated and whether access to patient electronic information has been disrupted.
Beware of Scams
Besides help in dealing with the physical challenges posed by the hurricane, federal regulators are also cautioning businesses and the public about phishing scams.
In an alert, DHS’ U.S. Computer Emergency and Response Team warns users “to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey.”
Users are advised “to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source,” the alert states. “US-CERT encourages users and administrators to use caution when encountering these types of email messages and take … preventative measures to protect themselves from phishing scams and malware campaigns.
中国企业应该更加重视他们对员工的教育和流程的管理,从而更好地实现安全技术投资应该带来的价值。

猜您喜欢

俄罗斯为何摈弃“网络安全”而坚持“信息安全”
信息安全第一课——丢弃毁坏的U盘
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
成都出土75座古墓 年代从战国到唐宋
BIGWEBAPPS DECORATINGYOURSMALLSPACE
加强工业控制系统安全管理同时勿忘员工安全意识培训