I was worried about this....
... then I remembered its a Gartner prediction, so a 99% chance of it being wrong.
Gartner's latest set of public sector technology trends predicts, among other things, that a third of national governments (and half of US states) will have mobile-based identity wallets on offer by 2024. Many of its other findings will come as no surprise for the enterprise technology world: cut down on the siloed quick-fixes …
I'm not keen on that idea. I just can't help feel it may lead to yet more identity theft. When did your android last get a security update again?
Heck I'm not even keen on any nationally forced photo ID for that matter (despite that most of us carry one in the form of a driving license or passport, or for the youth, a college pass etc)
Isn't it ironic, I love technology and have been using the internet for 20+ years but the more I see on how it is used by large companies etc.. the less I want to use new stuff and the more I prefer to not use online services.
I even successfully avoided all social media because of how the information is used.
I guess I just became old and don't fit into the modern world :-|
Last time I checked... you are not required to have your driving license with you even when driving but you may be required to go to a police station with your license with 24 hours if a policeman decides there is a problem with the way you drive.
I thoroughly agree with you that using a mobile phone for anything that requires security is completely insane. About the only more stupid idea I could dream up would be to use blockchain - oh wait: Gartner beat me to it.
If the article had said something about the government allowing authentication with FIDO2 I would have wondered what had happened to the rest of February and the whole of March. There is no way I would believe such sanity from our politicians as the OMRLP have clearly held the majority for decades.
It's 7 days, not 24 hours.
I've just re-read the article and it's so full of business jargon that I found it impossible to follow.
"A decentralised identity is supposed to allow users more self-determination in regards to identity data by putting the user in charge of the storage and transfer of their data,"
More "in charge of the storage" than I already am with my drivers license and passport?
Sometimes the tech solution is not better.
"Some things," he said, "you can do by mandates," but "mandates can only go so far."
That's just fucking sinister!? So "mandates" aren't enough? How far should we go?
"Last time I checked... you are not required to have your driving license with you even when driving but you may be required to go to a police station with your license with 24 hours if a policeman decides there is a problem with the way you drive."
It depends on where you live and how agreeable the PC is. In the US, you must have your driving license with you whenever operating a motor vehicle on public roads. You must also identify yourself to a LEO when asked, but that doesn't require showing an ID, but it's a good idea.
If They are looking for somebody and you vaguely match the description, They'll want to know who you are before letting you go about your business.
El Reg has a long history of objecting to National ID schemes, has that changed? The tone certainly seems to have changed.
Is it inevitable now? Has the argument changed, and does anyone feel there is actually a requirement for these? Are the well documented downsides no longer anything we need to worry about? "trust us, we won't do anything bad"
And government departments can't even get together to agree requirements - GOV.UK Verify ignored the need to ID someone acting on behalf of a business for example
https://www.computerweekly.com/opinion/Back-to-the-past-with-government-identity...
"Currently, there are 191 different ways for people to set up a variety of accounts to access different services on Gov.uk, with 44 different sign-in methods,” according to a Cabinet Office announcement on 13 October 2021.
Sticking it on a mobile isn't going to fix the problem
Oh yeah, absolutely. We really need an identity verifying app on the most insecure, unupdated platform that has ever existed.
Bonus round : having to prove that you are the owner of the phone once you've "proven" your identity.
Different standards will create opposition to those initiatives ?
I'm already there, mate.
What makes you think you need an app to prove identity?
All this kind of thing comes down to is the ability to securely store a private key, maybe a few KBs of data. Something a smart card can do.
Asking a smart phone to store anything securely on the other hand... Ask those hundred million Samsung owners about that.
Also, of governments want to make smartphones basically compulsory then they need to make them free and a human right along with internet access and banking
So Gartner somehow decides that a new technology is going to appear or replace something.
Then, unsurprisingly, that happens.
So much of what Gartner spews out is based on money, sponsorship and advertising they have lost any credibility (assuming they had any in the first place). Large organisations pay huge amounts of money for access to these analyst reports that often don't actually tell you anything. When they do it is just thinly veiled advertising. Manglement lap up these reports because it is a huge arse-covering exercise "well we selected this because it was recommended by Gartner".
Yes. Some years ago, Gartner's analysis business actually employed some of the best and most experienced analysts around - who were not afraid of telling the truth - and their reports were actually useful (I was never quite so happy with their consultancy business, however).
But a few years ago the bottom fell out of the analyst market. Businesses stopped being willing to pay so much for their reports (after all - they could just tell a minion to get on the Internet and search around the websites of the suppliers to do their own analysis, couldn't they). As a result, two things happened: i) analysts (including Gartner) cut costs by getting rid of their experienced, expensive analysts and ii) reports became mostly funded by suppliers instead of users.
Gartner largely moved to a new model where suppliers were invited to submit lots of stuff about how great they were and Gartner would put it all together, edit it, and publish it. The game became how to add some stupid stuff Gartner could cut out, to show they were being independent, while making sure they left in as much of our marketing rubbish as possible. My colleagues and I got quite good at at that, I will admit.
Not that they are any worse than their competitors: they just have the advantage of being comfortingly expensive and hence are more believable.
Held digitally.
On a mobile device.
In a system designed and built by the government[1].
What Could Possibly Go Wrong?
Still, I'm sure that the usual suspects providing IT services and consultancy to the public sector will be delighted to pay the usual bung to Gartner for triggering this bastard bonanza of bullshit and bollocks.
[1] Public sector IT: A cockup looking for a place to happen.
Mobile phones, the single point of failure for the 21st century.
Credit card? Put it on your phone.
Debit card? Put it on your phone.
Cash? Put it on your phone.
Ticket? Put it on your phone.
Boarding pass? Put it on your phone.
2FA for all your banks, government services, etc? Put them all on your phone.
ID? Put it on your phone.
Lost your phone? Oh dear.
Phone confiscated by the police for an "investigation"? Too bad.
Police "accidentally" lose the phone? Sorry, can't help.
Phones are also a target for thieves if they can nick yours while unlocked. The phone itself isn't worth anything, but how long would it take you to notify your bank, credit card companies, Amazon, etc from the time you notice your phone is missing? Or, is that information stored on the phone?
I don't have any sort of lock on my phone. My approach is to not put anything on it other than a very generic phone list. I have a stand alone SatNav, do my banking in person and pay for things often in cash. All it takes is a little forethought. I do have a debit card, but only keep a nominal sum in that account and add to it when bills that I pay online come due. If my phone gets stolen, I'm out around £50 for a new phone.
I was watching a show in the telly about border patrol in the US and one segment talked about an ICE IT person reading the data from an iPhone. They didn't show the phone so I don't know that it was indeed an iPhone, what model or just a generic mobile. They also imaged the person's laptop and a couple of other devices and were having a good rummage through the files.
There was a big standoff between Apple and the US government about being able to unencrypt files on an iPhone with Apple refusing to create any software for that purpose. The government was very displeased and may have tapped a black budget to do it on their own. They aren't good at keeping secrets so maybe the Customs officer talked too much. Homemade Security and the Customs people aren't all that bright so maybe not.
The world's governments are eager to let someone else handle their IT headaches, according to a recent Gartner report, which found a healthy appetite for "anything-as-a-service" (XaaS) platforms to cut the costs of bureaucracy.
These trends will push government IT spending to $565 billion in 2022, up 5 percent from last year, the analyst house claims. Gartner believes the majority of new government IT investments will be on service platforms by 2026.
"The pandemic sped up public-sector adoption of cloud solutions and the XaaS model for accelerated legacy modernization and new service implementations," Gartner analyst Daniel Snyder said in a release. "Fifty-four percent of government CIOs responding to the 2022 Gartner CIO survey indicated that they expect to allocate additional funding to cloud platforms in 2022, while 35 percent will decrease investments in legacy infrastructure and datacenter technologies."
Oracle has been sued by Plexada System Integrators in Nigeria for alleged breach of contract and failure to pay millions of dollars said to be owed for assisting with a Lagos State Government IT contract.
Plexada is seeking almost $56 million in denied revenue, damages, and legal costs for work that occurred from 2015 through 2020.
A partner at Plexada, filed a statement with the Lagos State High Court describing the dispute. The document, provided to The Register, accuses Oracle of retaliating against Plexada and trying to ruin the firm's business for seeking to be paid.
The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.
"When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."
The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.
Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.
The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.
Google did not immediately respond to a request for comment. If the web giant's alleged plan gets approved, political campaign emails that aren't deemed malicious or illegal will arrive in Gmail users' inboxes with a notice asking recipients to approve continued delivery.
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).
OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).
But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.
The two US senators behind a proposed law to bring order to cryptocurrency finance have published their legislation to Microsoft's GitHub to obtain input from the unruly public.
The bill, known as the Responsible Financial Innovation Act, was introduced by Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-NY) on June 7 to create a regulatory framework governing digital assets, cryptocurrencies, and blockchain technology.
It has been welcomed by the Stellar Development Foundation and cryptocurrency trade group the Chamber of Digital Commerce, a sign that the legislation doesn't ask much of those it would regulate.
Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.
The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.
"Our secure bridges offer cross-chain transfers with Ethereum, Binance and three other chains," the cryptocurrency entity explained on its website. Not so, it seems.
A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.
"Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."
And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."
American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form.
The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce.
Therein, legislators and various concerned parties opined on the American Data Privacy and Protection Act (ADPPA) [PDF], proposed by Senator Roger Wicker (R-MS) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA).
A former Maryland Cabinet-level official and a former IT executive have pleaded guilty to involvement in a bribery and extortion scheme related to technology contracts about a decade ago.
According to the US Attorney's Office of the State of Maryland, Isabel FitzGerald, 52, of Annapolis, Maryland, and Kenneth Coffland, 67, of Riva, Maryland, pleaded guilty last week to charges of bribery and extortion, respectively. They were indicted in 2017.
From 2009 through September 2011, Coffland worked [PDF] at ACS, which held a $129 million IT hosting contract and $229 million applications contract with the State of Maryland Department of Human Resources (DHR). ACS, acquired by Xerox in 2010, managed the datacenter that hosted DHR applications for administering welfare benefits under federal and state programs.
Biting the hand that feeds IT © 1998–2022