Wednesday, 4 March 2015

Nothing to fear

Yesterday in the Guardian there was another story about how the Scottish Government is about to invade all our privacy by setting up a centralised identity database, effectively bring in identity cards by the back door.  This is Severin Carrell's second go at turning this into a drama - you can read his first go here.

Essentially the story is this: The Scottish Government are looking at adding postcode information to the existing NHS database, which is generally regarded as the most reliable database which covers the Scottish population.  The proposal is then to use this database to allow people to access government services online.  The database will be used for identity verification.  So, if you want to use a service, a query will be sent to the NHS database which will send back a Yes/No answer.  The queston will be 'Does the information this person has supplied match the information that you have?'  The minimum possible data will be shared between organisations.

The database will also be used by HMRC (A UK organisation) to identify Scottish residents for the purposes of the devolved taxation proposed by the Smith Commission.

The Scottish Government are holding a consulation on the proposal, and the document outlining it is here.

I listened to Morning Call on BBC Scotland on this subject this morning.  I am amazed at the hysteria this has produced.  So, as a professional database programmer, here are some answers.

'Hackers could get in and see my medical records!'
If a hacker were to get into the database, it would be most likely by social engineering rather than by technical means.  Assuming that the database has been built on an enterprise level database, technical hacking would be very difficult.  Not only would they have to crack the database, they would also have to pass through the network unnoticed.  The odds of that happening are pretty low, unless they have gained access to compromised accounts.  As this database already exists, the risk will be no greater than it is now.

'Anyone from the long list of organisations could see my data!'
No, they could only see what they were allowed to see.  Just because data exists in a database, it doesn't mean that anyone with an account can see it.  I have previously set up a database with a special technology which means that even if you give the command 'show me all of the data on this topic', the database itself will restrict you to only the data you are allowed to see and there is no way round it.  In this case it  looks like most organisations will only be allowed to ask if the data they have from you matches the data in the database, and it will be a simple yes/no answer.  It won't tell you how the data is different.

'What's to stop someone who works from the council looking at my information even if they don't need it?'
Database access is generally audited, so the database administrators can see who has been accessing what data.  Also, databases can be restricted to show only some of the data to a particular database user.  Essentially, however, this problem exists now.  Adding a postcode to the NHS database isn't going to change that.

'The Scottish Government will be able to find out everything about me!'
Got a Tesco Clubcard or a Morrisons Match and More card?  Private companies know far more about you than the Scottish government will, and those companies can mine their data to make inferences about your life.  They will also sell that data on.  If you're not worried about Tesco or Morrisons knowing about you, why would you be worried about this?

As a database professional, this does not worry me.  I do think, however, that a consultation is necessary to make sure that everyone is aware of the uses to which the data will be put and what safeguards will be put in place.  That is the minimum we should expect in a democracy.

No comments:

Post a Comment