[Dataloss] At Least 20 Big-Name Passports Breached

Allan Friedman allan_friedman at ksgphd.harvard.edu
Fri Mar 28 14:50:24 UTC 2008


On Fri, Mar 28, 2008 at 10:38 AM,  <james.kerr at ceelox.com> wrote:
> We have had tremendous success in protecting identities within the banking
>  industrie by use of biometric technology. The customer can pass credentials
> with more safety than pin numbers and pictures of ducks.

I'd love to learn more about this, particularly how it scales across
bureaucracies, particularly if the customer isn't present. I'm not
thinking about public databases but large private ones that have many
people with many different functions doing different things, (e.g.
medical records).

I'm guessing that to prevent the above mentioned passport file
snooping from happening to some one not on a pre-specified watch list
you would need to
a) reorganize the data architecture of the entire system
b) overlay a pretty strong identity layer
c) introduce secure credentialing that allow a yes/no query without
leaking more info
d) probably some chunk of all of the above.

As long as access to databases is fairly unsupervised inside the
organization, you're going to see identity theft.

allan


More information about the Dataloss mailing list