Over the weekend, I set up a gmail account for a specific purpose. I was giving a talk on Monday, and wanted the audience to have a separate email to use for contacting me with comments/questions. No problem there.
Today, I was leaving a comment on a blog which happens to run on blogger.com. As usual, it offered me a choice of authentication options... including using the gmail account I set up on Sunday.
I didn't ask it to make that linkage. In fact, there might be good reasons why I don't want the Monday audience and the blogger audience to make the association between my blog post and the email address.
So - where has gmail stored my email address such that the blogger website can fish it out and offer it to me as an option? Well, most probably as a cookie in my browser. There's certainly one in there with the email address in it. Now, from a convenience point of view I can see the attraction - but from a privacy point of view this is less than optimal.
It seems to me that, as users, we are poorly served by the way in which cookies are currently handled. There is often no middle ground between "pester me every time any site sets a cookie" and "aw, what the hell... store what you like". If a cookie is, as in this case, going to contain an identifier such as an email address, wouldn't it be nice to be asked for consent?
Posted by racingsnake
@ 11:06 AM GMT+00:00
[
Comments [3]
]
Echoing (probably unknowingly, I'm sorry to say) my blog post of a week ago, a group of academics has written an open letter to Andrew Dismore (Chair of the House of Commons Committee on Human Rights) to blow the whistle on some of the claims policy-makers have been making recently about biometrics.
Interestingly, the points they raise cover the whole spectrum from technical to implementation and budgetary issues. Among other things, they express concern about:
- whether it's realistic to assume that everyone in the UK will have a biometric credential;
- the likelihood of an ongoing level of failed biometric authentication (false acceptances and false rejections);
- the likelihood of an ongoing techno-war of escalation between the implementers and the hackers;
- the cost of rolling out biometric-capable devices to every point of authentication (and maintaining them thereafter);
- the current estimate that the whole population will not be enrolled until at least 2020;
- the gap between implementing biometric technology and meeting the governance objective of preventing data leakages such as HMRC;
- an alleged design shortfall concerning the privacy and security of personal data;
- the difficulties surrounding the "re-issue" of compromised biometrics;
- the difficulties surrounding 'exception cases' such as people under terrorist threat, victims of domestic violence, witness protection participants, security service aliases and so on.
On the whole it's a pretty balanced and rant-free letter. Of course, it's possible that all these factors have been taken into account in planning for the ID Cards scheme, and we just haven't been told about it. On the other hand, recent data management events suggest that in the systems already in use for the sharing of personal data, either this kind of factor has not been taken into account, or the resulting disciplines have not been put effectively into practice.
I hope the letter goes further than Mr Dismore, and gets the serious consideration it deserves.
Posted by racingsnake
@ 10:45 AM GMT+00:00
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}