Shane Richmond: How Hollywood’s A-listers revealed a flaw in security

The recent publication of private photos of Hollywood actresses, apparently stolen from Apple’s iCloud service, has got a lot of people worried about the security of cloud computing services.

OPENER ShaneThe concern reached so far beyond tech circles that one tabloid felt the need to explain iCloud to its readers. (It turns out it’s not an actual cloud.)

Imagine for a moment if the leaked data had not been photos of naked celebrities but instead a list of everyone in Britain who had been prescribed medication for a mental health condition over the last 12 months or even just a spreadsheet of names, addresses and National Insurance numbers. The media outrage would be deafening.

The promise of E-government is huge, extending from simple things like opening up public transport data to more complex ones such as using data analysis to assign medical resources or policing. Then there are the potential cost savings and the ability to speed-up our interactions with government. All of that is to be welcomed.

However, there are real security concerns. The iCloud photo theft is not an isolated incident. Days after it broke, Home Depot, the US DIY chain, revealed that its payment card processing system had been breached, affecting perhaps tens of millions of customers. News of data breaches seems to come on an almost weekly basis.

An E-government system would be a tempting target for hackers, given the potential to harvest information that would be useful for identity theft and perhaps even bank details. But hacking is not the only risk. Human error can have massive repercussions where private data is concerned. In 2007, two computer disks containing the personal details of around 25 million people – every family in Britain then claiming child benefit – went missing in the mail. The disks, which were being sent from HMRC to the National Audit Office, were never found and the government advised those affected to monitor their bank accounts for signs of fraudulent activity.

As the HMRC incident shows, government databases are nothing new but the growth of E-government will make them more visible and raise fears that the data will be stolen or shared with the government’s commercial partners. These fears will make uptake slower and perhaps even delay the roll-out of services entirely. Earlier this year the roll-out of a new NHS data-sharing scheme in England was delayed because of public unease.

Government and service providers need to be proactive about addressing these concerns. Individuals and businesses need to be informed about what data is being collected and who can see it. Existing data protection laws make this available if you ask but we need data accounts – like bank accounts – that we can check whenever we like.

Second, some of the cost savings from bringing in E-government should be invested in a system of data breach recovery. If you fall victim to a government data breach then you would be given identity theft protection and online monitoring, for example, for a year after the breach.

We won’t be able to eliminate data breaches entirely, any more than we’ll be able to build offices that can’t catch fire or be broken into. But government and the companies who build E-government services can take measures to reassure a sceptical public.

Tags: