back to article Controversial: The future is data integrity, not confidentiality

The key to the digital future is about data integrity, not data confidentiality. So says Toomas Hendrik Ilves, President of Estonia, who flew into San Francisco Thursday morning to address an internet summit hosted by CloudFlare. "I have AB blood," he said by way of example. "I don't particularly care that people know that. …

  1. bazza Silver badge

    "He noted the irony, however, in the fact that the "five countries most opposed to a national ID – the UK, US, Canada, Australia, and New Zealand"

    Not quite right. In at least two of those countries the driving license is a de facto ID card. However there isn't a means for it to be widely used by the holders as an electronic ID card. I'm not sure what sort of political point he's making; most of the objections in the UK centred on the right of not having to carry it, not the existence or utility of the card itself.

    1. Chloe Cresswell

      My objection was being told I'd need 2 cards.. and surely a system that can issue 2 different IDs to the same person defeats the whole purpose?

      1. Captain Mainwaring

        Starting from where we are

        Perhaps one of the easiest gains available for the current system, might be having a card that serves more than one function. Take the UK driving licence for example, which now follows a standard EU-wide layout. If the holder has given his UK Passport number when applying for/renewing their licence, is there any reason their UK nationality can't be recorded on the driving licence as well? In that way, in the right circumstances, a driving licence card could also act as an EU-wide ID card and Passport as well. It might have to be a slightly different layout from a standard licence, but it would transform the functionality of the card in quite a major way.

    2. Lars Silver badge
      Thumb Up

      "objections in the UK centred on the right of not having to carry it". I have a driving licence and a passport and I could get a ID card too. I can understand I need a driving licence driving a car and having one on me makes life easier. I can also understand that there are occasions when a passport is needed.

      But what the hell was this panic about the ID card in GB, was it the money or the information on the card or did you actually believe you had to carry it on you all the time like in some police state. Never mind.

      This was, however, about Estonia, small neat and educated with a lesser percentage of illiteracy than the USA and GB, probably better at STEM too. Starting out late and clean with IT has had its advantages too in Estonia, but regarding internet voting, please Estonia, think twice, don't fool your self, it will never be safe.

      1. Paul Crawford Silver badge

        UK problems with ID cars

        The most fundamental issues with the ID cards in the UK come down to two issues:

        1) Becoming a non-citizen without one. So if anything happens (you lost it, or the gov screws up) then instantly you might lose the ability to do anything or get health care, etc, because now you now have to prove you are a citizen.

        2) The asymmetry of the power. Basically the gov can fine to £1000 for failing to update your detail, can use or abuse the data (e.g. sell it to insurers, etc) as they want. But if they fuck up you have basically no rights to sue them in return (even if you did have that right, the asymmetry in legal resources makes that difficult).

        If you look at Estonia they have a very different approach, not the database-state that our gov was wanting to create where the ID was simply to help them. In Estonia the ID card and systems have been created to provide you, the citizen and voter, with advantages.

        Just note the law where you can't be pestered to provide data the gov already has, and that you have a right to see who has accessed your data.

        1. Anonymous Coward
          Anonymous Coward

          Re: UK problems with ID cars

          @Paul Crawford

          So exactly like a passport if you happen to lose it while overseas then. This happens, and the government helps people sort it out, it doesn't say "well you're fucked you're not getting back into the UK then".

          Where does all of the conspiracy theory crap come from? On average governments are incompetent, but few are down-right malicious.

          1. Paul Crawford Silver badge

            Re: @Pete H

            Firstly a passport is optional, you only need that to travel abroad. Same as a driving license, you only need that to drive. Now most folk will want both, but you can live well enough without them.

            Secondly it is not so much malice I fear but incompetence, and that said incompetence could seriously screw you up when everything depends on the ID/database being correct. If its wrong, how do you go about correcting it? Who will pay for losses resulting from such errors?

            1. Anonymous Coward
              Anonymous Coward

              Re: @Pete H

              ... but if they are not malicious, then it is highly likely that they will want to help you sort it out, no?

              The government already maintains three databases with national scope for IDs (national insurance, passport, and driving license). They've managed those perfectly well for years. Why is adding one more (and hopefully killing one of the existing ones such as NI number) likely to result in catastrophe?

              FWIW I've been the "victim" of one such ID related cockup - for a period of time HMRC managed to give me my Dad's NI number which was fun and games with the tax office for a while. Total effort to sort it out - one 30 minute phone call, 30 minutes to write a letter, and 26p for a stamp. Hardly the end of the world ...

              1. Immenseness

                Re: @Pete H

                " Total effort to sort it out - one 30 minute phone call, 30 minutes to write a letter, and 26p for a stamp. Hardly the end of the world ..."

                Maybe not for an articulate, intelligent person, but not everyone is. For some that could have been very difficult and a huge worry because they don't have the capabilities that you have.

                By the way, stamps have not been 26p for quite some time. 63p first class these days!

                1. Anonymous Coward
                  Anonymous Coward

                  Re: @Pete H

                  That just shows how long ago it was ;)

              2. DropBear

                Re: @Pete H

                "it is highly likely that they will want to help you sort it out"

                That's irrelevant. They won't have the authorisation to do so. First off, they'll be mighty annoyed that you are holding up the already endless queue with your unsolvable data mismatch. Second even if by some miracle they still find it in themselves to actually sympathize with you past that, they'll just patiently explain to you (several times while your tone goes up) that there's absolutely nothing they can do with your data screwed up like that - even if anyone can see what's wrong and what the right data is - because there's no way in hell they're allowed to override the existing data no matter how obviously wrong.

                For that, you first have to go to the High Authority who has such powers, but do keep in mind they're only open during the lunch break (while they're out getting lunch, much like Major Major Major Major) and they also take about a month to look up some sort of proof to your claim even if it's neatly sorted in some cabinet in a room right behind the office you're standing in (SELECT DISTINCTROW is, like, haaaaaard in the real world, maaaaan....). That is, of course, assuming that (at least some branch of) said High Authority does actually reside in your own city - all bets are off if it doesn't. And you better be hoping said error is not something propagating through multiple documents, because if it is not even an elf's life span will suffice to get through the bureaucracy involved in fixing them all...

      2. SolidSquid

        I don't really have too much of an issue with it as a concept if it isn't a requirement to carry it everywhere, but the implementation they were trying to go with was horrendous and would have made it fairly easy for people to access any data store on them (and it wasn't just going to store an ID or something, they were going for full biometrics stored on the card as well as other personal details iirc)

    3. NotArghGeeCee

      "Not quite right. In at least two of those countries the driving license is a de facto ID card"

      Actually your NQR is NQR - Aus and the US (the two to whom you refer I assume) have state driving/drivers licences. These are not a national ID card on two counts (a) they are not federally administered and issued [note 1] and (b) they are not compulsory. A national ID card needs to be both.

      Note 1: Driving/drivers licence information (in Aus, at least) is also not easily shared, either within jurisdictions or between jusrisdictions - this appears to be a system issue.

    4. Roj Blake Silver badge

      It's not an irony at all.

      The people of those five countries are vehemently opposed to national ID because they know what their governments are like.

    5. onemark

      The future is data integrity

      Sorry, not quite right.

      The objections inthe UK were to the card, the National Identity register (the other 90% of the iceberg), whether or not one would have to carry such an ID (there would have been no such obligation initially) and indeed to the entire system.

      1. sabroni Silver badge

        Re: the driving license is a de facto ID card

        Not everyone drives.

    6. SolidSquid

      It's not quite the same though, the driving licence can be used as a government issued ID but it isn't *required* to have one. From the sound of it you wouldn't be able to get much done in Estonia without one of their cards

  2. Doctor Syntax Silver badge

    "Ilves spoke knowledgeably about a whole range of tech issues"

    But not necessarily about biological ones. IIRC blood type AB is the universal recipient - he has both A & B antigens already so wouldn't react against a transfusion containing either. Unless, of course, he's really O and his records have already been changed in which case he's in trouble but has proved his point.

    1. Old Handle

      He's not right about email either. I've got plenty of 1KB messages in my inbox.

      1. Paul Crawford Silver badge

        Not from folk who use email clients that insist on HTML + plain test every time!

        1. Anonymous Coward
          Anonymous Coward

          You get emails which actually have a plain text part?


          1. Ole Juul

            You get emails which actually have a plain text part?

            My e-mail reader is set for text and sometimes if I can't read a message inform the sender of that fact. They can take it from there.

            In any case and just for the record, I just sent myself an e-mail with the subject "empty" and it came in at 579 bytes. I assume 5 of those were for the subject line.

            I wouldn't fault the President on that though. He was just making a point.

      2. elDog

        And I have a rule to delete any messages under 1024 bytes - can't be significant.

        Unless the subject and body are all in UPPERCASE and then I know that I'm about to be rich!

    2. Michael Wojcik Silver badge

      IIRC blood type AB is the universal recipient

      That's how it's commonly described, but it's a misnomer. First, because there are rare blood types which have antigens other than A and B; and second, because whole blood from someone with a different type will generally contain antibodies for the A or B antigen, or both, which will bind to the recipient's own red cells. So while "universal recipients" can receive some blood from donors of other common types, it's not a good idea to pump them full of mismatching blood.

      Of course, hospitals should, and in my very limited experience do, check the recipient's type before topping him or her off, and don't just rely on medical records.

  3. a_yank_lurker

    Integrity & Security

    Both are required. The data must absolutely correct or it was worthless. The data most accessible by those given permission and the system must have sufficient granularity to allow different permissions for different individuals.

  4. dan1980

    "I have AB blood," he said by way of example. "I don't particularly care that people know that. But if somehow that information was changed, well then I could end up dead."

    I am all for tech-savvy leaders - certainly might have helped prevent some of the crap passed in Australia.

    BUT, the bald statement that data integrity is more important and confidentiality is ridiculous because it is utterly dependent on the data and the situation.

    Take Internet browsing history, for example - that data that we Australians have been assured will not be captured but almost certainly will be. For most people, confidentiality of this data is far more important than integrity.

    Of course, if the data is being collected by law enforcement and you really have absolutely nothing to hide or that you might be embarrassed about then integrity is important too because you want to make sure the record doesn't have spurious entries claiming you've been researching bomb-making.

    But in that instance, integrity is therefore only important where confidentiality has already been breached.

    What about my credit cards details? If an organisation has that information then I am FAR more concerned that it stays secure than that it is accurate. If the details on file are incorrect the worst that happens is that I have to update them - perhaps something gets delayed or a payment doesn't go through and I get charged and have to call someone to clear it up. That's an annoyance for sure, but a minor one compared to having the details get out and be used for fraud.

    The simple truth is that both integrity and confidentiality is important. Confidential data should be kept confidential and critical data must be kept accurate. Data that is critical and confidential should be both accurate and, surprise, surprise, confidential.

    1. Dan 55 Silver badge

      There's these two articles which explain more about how it works...

      Yet I'm still not entirely sure how much a citizen controls their own data (can the government read everything, can a citizen really not give permission for something and there's no way around it?). I also find the idea that, in the event of Estonia being invaded, a government in exile could boot up a copy of Estonia... fascinating...

  5. Anonymous Coward

    No shit

    "So far it's worked," he pointed out.

    Everything is secure until the day it's broken.

    1. dan1980

      Re: No shit

      Well, not really. Things might works until their broken but something that is insecure is always insecure - it's just a matter of whether it is known to be insecure.

      1. Ken Moorhouse Silver badge

        Re: No shit

        Security has a temporal element to it. An example would be a locked safe 100 years ago. In those days that safe was secure, nobody could break into it. But with time, new methods of breaking open that safe have emerged and now it is insecure.

        I take the point that something that is insecure is always insecure, but there are several examples through history where people are fooled into thinking that security signifies value, and something that is not secured is worthless. The story of the transportation of the Cullinan diamond to England, for example.

      2. dan1980

        Re: No shit

        CRAP! *they're*

        <picks up shotgun . . . >

  6. T. F. M. Reader Silver badge

    He is enough of a politician... choose his blood type as an example. He might not care about people knowing that, but he (or someone else) might care about, say, information of chronic illnesses he might have, and that information might well be in the very same database.

    So, thank you for integrity, but I will insist on confidentiality as well.

    And while the principle that you should know who has looked at your data sounds very nice indeed, I am sure there are exceptions even in Estonia. What about bona fide crime investigations, for instance? That would be a case for allowing certain officials to look at a suspect's data without alerting him. Court approval, you say? By all means, but we have already seen how that can be subverted under certain circumstances ("national security" by one definition or another) in ostensibly free and democratic countries.

    It is refreshing indeed to see a technically literate head of state. However, he does seem like a start-up founder in an elevator. Before there is a successful, stable, useful, supported product he must realize that there is a place for people who gather, analyse, and formalise product requirements, too. The result may be not quite similar to his first dream.

    1. Anonymous Coward
      Anonymous Coward

      Re: He is enough of a politician...

      Pres Ilves is not only a politician, but one who wasn't born in Estonia - who attended university in the USA and later worked as a 'journalist' at CIA funded Radio Free Europe. . .

      He was one of a raft of possibly similarly pro-US presidents who appeared in an arc of ex-soviet states as an intel masterstroke during the (first) Clinton era!

      I agree with him however on the data-integrity and I want to see everything on the internet hashed for integrity, including this web-page

  7. Dr Stephen Jones

    "You have no privacy get over it"

    Another variation on Scott McNealy. This time from a country that couldn't keep its citizens data confidential.

    Why would CloudFlare pay someone to say confidentiality doesn't matter? What first attracted you to the millionaire Paul Daniels?

  8. jake Silver badge

    "The future is data integrity, not confidentiality"

    Uh ... Toomas Hendrik Ilves, the two are not mutually incompatible.

  9. Graham Marsden

    Let me guess...

    ... he has "nothing to hide"...

    > "I have AB blood," he said by way of example. "I don't particularly care that people know that. …

    But what if someone gets hold of his parents blood type data and finds that his mother was type A, but his father was type O?

    It's not just what is known about someone, it's how that data can be combined with *other* information which is where it really gets tricky.

  10. Anonymous Coward
    Anonymous Coward

    Problem in UK is dealing with trust issues

    People dont trust databases

    Government databases are already inaccurate, incomplete and inconsistent

    There is no effective way of finding out what the government already thinks it has on you

    People will not own their data (it will be contracted out for someone (or several someones) profit)

    Lack of controls on who can access what (see above)

    Correcting data will be an afterthought (refer issues too)

    Lack of effective back-end data sharing between existing government systems never mind some sort of font end...

    Not everyone has capability or the ability to use the internet (refer digital not-spots issues)

    Although I really do like the idea I will never be asked for information already provided to the government. I really hate repeating 80% of the same information for each encounter with government services. Can't really see it taking off here.

  11. Someone_Somewhere

    The key to the digital future is about both data integrity* and data confidentiality.

    There, fixed it for him.


    * Just ask Mrs Buttle.

    1. Anonymous Coward
      Anonymous Coward

      or was it Tuttle?

      just the music

      1. Someone_Somewhere

        Re: or was it Tuttle?

        That /was/ my point, yes - glad to see I'm not the only one who remembers it :D

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like