Comments on: Database State

By: Ross Anderson

Ross Anderson — Fri, 19 Mar 2010 11:32:27 +0000

Our report is still being sidely cited and discussed a year after its publication.

By: Ross Anderson

Ross Anderson — Thu, 30 Apr 2009 11:49:22 +0000

... and a perspective in the New Statesman

By: Ross Anderson

Ross Anderson — Mon, 06 Apr 2009 22:19:51 +0000

There has also been a debate in the Lords on the Report.

By: Ross Anderson

Ross Anderson — Wed, 01 Apr 2009 06:51:41 +0000

Beautiful comment from Simon Jenkins in the Guardian. The Home Secretary who told us that if we have nothing to hide we have nothing to fear is duly embarrassed ...

By: callum

callum — Wed, 25 Mar 2009 13:59:50 +0000

here’s another example from today’s press (BBC):

“The parents of a girl who died suddenly have received a school letter demanding she improves her attendance.

Megan Gillan, 15, was found dead in the bedroom of her home in Macclesfield, Cheshire, two months ago.

Her parents say they were “floored” by a Macclesfield High School letter, which threatened to ban Megan from the end of year prom.

The school has apologised for the mistake, which they said was down to an error on the computer database. ”

http://news.bbc.co.uk/1/hi/england/manchester/7963081.stm

This article shows up so many flaws in UK Gov database culture. The fact that a letter was sent out without checking & verification and then _blamed_ on the database!

By: Ludo

Ludo — Mon, 23 Mar 2009 21:09:00 +0000

Interesting report. However, not all conclusions appear to be justified in my opinion, particularly not as regards the section ‘European databases’.

I will only comment on the two databases I have sufficient knowledge of: the Schengen Information System and the Prüm Framework.

Staring with the Prüm Framework: First and foremost: this is NOT a database but a system to conduct automated cross-border checks. No data is held on the system, it facilitates comparison of data from different member states.
Second, and equally crucial, the system works on keys that do not contain personal information and a hit-no-hit basis. For example, with DNA comparison only the numeric profiles (loci) are compared. If and when there is a hit personal information needs to be requested from the other state according via existing procedures, which depending on the member state could entail sending a judicial letter of request. If these procedures in the UK are not privacy compliant than that might be an issue to address. But that has nothing to do with Prüm. It remains therefore unclear to me on what evidence this ‘red’ flag is based.

As regards the Schengen Information System, the report rates it amber because of the projected changes. In my opinion it would have been more accurate to rate the current system first. Especially if on follows the discussion at the European level it is evident that SIS II actually might never be build.

In sum, it is an interesting report but these inaccuracies harm the overall value for me.

By: Ross Anderson

Ross Anderson — Mon, 23 Mar 2009 14:56:33 +0000

... and here's a blog in the FT that's written by a doctor in Scotland

By: Ross Anderson

Ross Anderson — Mon, 23 Mar 2009 13:55:00 +0000

More news coverage in the Daily India, the Standard and elsewhere

By: James Hughes

James Hughes — Mon, 23 Mar 2009 11:36:06 +0000

I heard your interview on R4 this morning. Why is it that politicians always know better than acknowledged experts in the field? Every time? Why are they never told ‘You are a minister for 5 minutes, I have been an expert in this field for 20 years. Why do you think you know better than me?’

I’m sorry the politico in questions whose named slips my mind, ‘dissed’ this report out of hand (no surprise there) but at least he came off as being a rather slippery character, clutching at straws, and unable to answer any of the real questions put to him.

James