Posts by tapemonkey

PRANK

You could have some real fun with this. I think I will start using rhyming slang from now on.

You can imagine the conversations they will hear like "come on sweetheart I'll take you for a nice ruby and then when we get home you can park your jack on my boat for half an hour"

If you dont understand the slang thats the point.

One easy solution regarding identifying that the request for information is coming from the person who the information belongs to for say the local registrar of births deaths and marriages to have equipment of a similar size to a photo booth installed.

This booth could contain retinal, fingerprint & vocal scanners as well as facial regognition.

To access the booth you should first provide the registrar with the standard 3 forms of ID (Utility Bill,Birth Certificate & Photo Driving License/Passport).

Also provided should be a form with a photo attached signed by your doctor to say they have known you for 2 years or more and that this is a true likeness of you).

Once you have satisfied that step you enter the booth and are scanned. Then the data is transferred to a central encrypted database.

The booth then displays a QR code so that your smartphone can download an app that also scans for fingerprints, retina using selfie camera, voice and facial recognition. The app then transfers this scanned data to the database for cross checking (obviously with allowable tolerances) and if they match generate a key of suitable length and security. You include that key in your information request.

Obviously this will come at a cost say £50 per head to pay for the tech and maintanence but you would only need to do this once as the app would be transferrable from device to device.

I fully expect this to be ripped apart but the point is technology can be used to solve this problem.

Over caution

The thing is just like the DPA the training given to front line and even admin staff is woeful and usually provided by idiots who have no real understanding of it either.

A prime example was 2 years ago following the death of my wife I was calling various companies to inform them of her death and get her name removed or transferred into mine.

Some companies I called just accepted my word one saying "well you wouldnt lie about something like that would you". Me no of course I wouldnt lie ...COUGH COUGH

Then you go to the other extreme. I told one organisation of her death and they replied that because of Data Protection they could only speank to the account holder and needed here authority to speak with me. When I reitterated thatshe was deceased and I could provide a copy of hear death certificate they told me again they would need her permision to talk to me and that this was company policy. When I finally suggested that we all sit around a table, holding hands, and organise an effing seance they hung up.

When you put people in charge of anything you invariably end up with the lunatics running the asylum.

The horrors of war

As a side story my now deceased father-in-law was a Spitfire mechanic stationed in Egypt during WW2 with I believe 45 Squadron.

He used to regail me with tales of his time there both the funny and the dark.

During German straphing runs of the airfield him and his best mate used to hide under the refeuling tanker because believe it or not it was the safest place to be.

I dont know the wisdom in this but he survived - the bunkhouse didnt.

On the darker side he was appointed as squadron photographer and it was his job to photograph the remains of enemy pilots who either died on impact or were shot parachuting to safety. The photographs make for grim viewing but are a reminder of the horrors of war.

I really should donate them to a museum or somewhere.

WTF

Hmmm spirit lefels anybody

Dont shoot the messenger

There also needs to be more personal responsibility. Having worked in IT departments in the public sector for some years I see it far too many times. Passwords written on post it notes stuck to screens even in full view of street level windows. Passwords so easy that a child could guess them. Companies even UK Government Agencies using 128bit WEP for WIFI that is so easy to crack a teenager with a smartphone could do it in 10 minutes without even entering the building. Middle management flouting IT security policies and when they are told that it is a breach IT being told to shut up and god forbid you escalate it to senior management because IT will always lose. This will have initially been down to someone opening an email attachment from a dubious sender despite being warned by their relevant IT department not to do so. It will have been in the terms and conditions of their employment that they had to adhere to all IT security policies but they failed to do so. If a user is found to have flagrantly ignored IT security protocols no more pussy footing there needs to be harsher penalties and even jail time when appropriate.

Dont get me wrong the systems should have been patched and up to date and the fact they were not is unforgivable and the inquests will lay the blame where they see fit for that one but how many times do you have to tell people not to open email attachments.

One thing I will say I have noticed IT departments do fall down on and MS too is the default setting in Windows needs changing. By default known file extensions are hidden so if you have an attachment come in that is for example invoice.pdf.bat it will only show as invoice.pdf and the user will not be suspicious. Now most email filters block .bat and .exe but I have seen them slip through in fact my own boss was caught just like that with the cryptolocker last year. This should be changed as a matter of urgency by all IT admins because even a USB drive with a dodgy file can slip through this way.