Questions of good governance in identity systems often hinge on establishing who has the Data Protection and/or privacy responsibility for the data in question. That can be harder than it sounds.
For instance, take the recent opinion issued by the European Data Protection Supervisor (EDPS), Peter Hustinx, over the issue of law enforcement access to banking transaction data confided to the SWIFT network.
It's certainly not for me to try and conclude where the fault lies, but if you read this article at Out-Law, or this one at The Register, you'll see that Hustinx lays the blame primarily at the door of the European Central Bank (ECB). That said, there are multiple stakeholders, and they all have a view.
The ECB's response was that its regulatory responsibilities relate to "the functioning of market infrastructure and financial stability ", but not to the protection of personal data.
Part of SWIFT's view is around the fact that it is just a consortium owned by its member banks... and that if the banks want to disclose data, it's not for SWIFT to refuse. The picture is further confused by the fact that SWIFT's member banks
ar eresponsible to a range of different national central banks and data protection authorities.
Then there's the practical question of whether its role qualifies it as a 'data custodian' or merely some kind of switching mechanism. SWIFT, being located in Belgium, has the Belgian regulators to contend with; as you will see in the Register article, their conclusion was that SWIFT, as an intermediary, had made the best of a bad situation... which involved breaking the law.
So, as data custodians, you have the SWIFT member banks and (maybe) SWIFT itself; as regulators you have the central banks and national data protection bodies, and then the ECB in its over-arching role, and Peter Hustinx in his.
It's clear that the governance setup here is complex enough to leave a lot of room for dispute; what's less clear is: given the circumstances which prompted this data disclosure in the first place, would a more transparent governance process have prevented it? I'm inclined to think not.
Posted by racingsnake
@ 07:09 PM GMT+00:00
Last week's outbreak of H5N1 in a UK intensive poultry farm had the
middle-class organic shopping community (like me, I have to admit)
wagging their fingers and saying knowingly:
"Well, that's what you get, you see, for putting 160,000
turkeys in the same shed. It's just not natural, and it's bound to lead
to this kind of incident."
I was fascinated to hear, a few days later, that the country
with the highest human mortality rate from H5N1 is in fact Indonesia*,
where the vast majority of poultry stocks are domestic, very
low-density and about as far from 'factory farming' as you can get.
So in terms of epidemic risk management, the critical factor
doesn't apear to be the density of the farming process, but the
effectiveness with which governance can be applied to it. In a
factory-farming environment, it appears relatively easy to contain and
neutralise an outbreak, whereas in a highly distributed
(geographically) low-density system effective governance is much
harder, and the result is higher human infection and mortality.
It's been common practice for some years now to apply epidemiological methods to the analysis of things like computer viruses, their identifying characteristics and their spread through the population. We call them viruses, after all.
So what might we gain from applying this "Poultry Principle" to questions of privacy and identity theft in system architectures?
Well, it seems to me that the basic analogy is at least usefully suggestive, if not watertight: Jerry Fishenden very cogently argued last year that consolidating an entire population's identity data into one 'factory farm' was very likely to be an unhealthy approach - one risk being, of course, that a single attack could potentially compromise the entire database.
Conversely, though, if you adopt the design equivalent of distributing your identities, a handul at a time, across 17,500 'islands', governance is clearly likely to be an issue. You lose control over the effectiveness with which security and remedial measures can be applied in the event of an attack, and also, potentially, you fail to capitalise on valuable diagnostic data which would help fix the problem.
The compromise, then, would seem to be to organise your identity data into compartmentalisable systems which are few enough in number to allow effective governance, while remaining small enough to mitigate the risk arising from any single 'infection'.
*WHO figures for Indonesia at Feb 3rd 2007 cite 81 cases in humans, 63 fatal: a mortality rate of over 75%.
Posted by racingsnake
@ 02:16 PM GMT+00:00
[
Comments [5]
]
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}