From Journal Live:
At a time when the debate about identity cards rages on, and NHS patient records are soon to be brought together on a national database, the query becomes all the more pertinent.
Any problems one might have about the intrusiveness of an increasingly surveillant society are compounded by errors like the one exposed in Washington. Once the information is with the Government, what kind of assurance can they give us that it will remain protected?
Thousands of people are viewing databases with our details on every day and there are obvious risks involved with such widespread access to vast amounts of confidential information.
According to Lyndsay Marshall, a lecturer in computing science at Newcastle University, systems need to be tightened to avoid repeats.
“I don’t think anybody can be trusted with our personal information,†he said.
“There’s a basic problem in that mistakes happen and it’s very difficult to get the right balance when you’re creating a system.
“A secure system is an unusable system. If you make your system extremely secure, you have unhappy employees.
Hmm, not sure I agree with that one.
[tags]Information Security, Data Security, Data Privacy[/tags]
This is ludicrous and a fallacy. Security and usability are not mutually exclusive. Adding security after-the-fact often has a negative impact on usability. I was reading a few days ago (can’t find link) about a car analogy for this discussion, how adding security after the fact would be like bolting a lock to the outside of the car door after it was manufactured — not very practical and impedes the “usability” because now the owner must carry a key and use it every time.
Designing and building a usable system and a secure system should be done at the same time and they are not mutually exclusive. The argument that they are is a product of a poor architect and security being added too late in the project.
@Beach
Agreed