Headline news in Norway today concerns the country's first major public sector data breach. Apparently eight major newspapers were sent tax information by the Tax Authority (this information is, I'm told, intended to be in the public domain) - but accidentally included was a full list of Norwegian taxpayers' National Identity Numbers (personnumrene). The Norwegian NI Number happens to incorporate the citizen's gender and date of birth.
According to the story on the Dagbladet website, the leaked data would be quite enough, say, to order a mobile phone over the internet using someone else's identity.
I'm told that the Tax Authority's spokesman said: "This was a new service, and something went wrong. We have never had an
incident like this."
Posted by racingsnake
@ 04:30 PM GMT+00:00
NDNAD... what is it good for?
As regular readers will know, I've written several times before about the UK's National DNA Database (NDNAD... I wonder if that is correctly pronounced "nid-nad"...). In previous posts, I have been mainly concerned about the practice of retaining DNA profiles and samples even if the individual concerned is subsequently not found guilty of anything, or not even charged with an offence.
However, this small but gem-like piece on the Kable website points to two more areas of concern.
First, the more the database grows, the greater the costs associated with it. Even separating the NDNAD's running costs from those associated with the forensic service in general will not hide the increases for long, as the ramp-up in sampling and profiling generates the need for more and more accredited commercial forensic labs. Accreditation and monitoring represent an ongoing cost (as the Pirbright lab experience showed all too clearly).
Second, and, in my view, just as fundamental: is the database actually fit for purpose? Bear in mind what we're told about biometrics in general and DNA in particular: that they are the only way to ensure that each individual is uniquely identified by a one-to-one match between the person and the corresponding record in the database.
And yet, according to the Kable piece, the Home Office's own estimate is that in fact, the NDNAD achieves this only with a level of about 85% reliability. In an estimated one case in six, there is a duplicate record on the database despite the use of DNA as the identifying biometric.
Posted by racingsnake
@ 01:08 PM GMT+00:00
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}