The UK's Privacy Katrina

W has to feel somewhat of a schadenfreude boost from this. Almost half of Britain's population falls subject to potential identity theft with one screw-up from a junior level administrator. This incident happened as Britain is debating whether or not to establish the issuance of national identity cards which, as you might imagine, is making the debate a trifle more lively.

The questions raised over this are near-limitless, but chief amongst them should be:

1) How on earth can a junior admin have that kind of access? If *1* person without a lot of clout can access that kind of data, couldn't *1* person be bought off rather easily for such information? Multi-person integrity is rule number one through number 2973 or so with such information--force a conspiracy for it to be illegitimately obtained.

2) Disk encryption...ever heard of it? Much of it is free--the rest of it is cheap.

3) Doesn't this prove that a central repository for this kind of information is, generally speaking, a Bad Idea (TM)?

When talk of a national ID card here in the US is raised, I don't fear an evil genius in the basement of a secret mansion sending my information to the Russian mafia, I fear a lazy/uninformed/flawed admin/software product (or a combination of any and all the latter) finding a way to screw up. What if the admin is two mortgage payments behind on his house? What if he likes to gamble a bit too much? What if an organization plants someone on the inside? (Don't think it can happen? Look here). What if...you get the idea.

It's not conspiracy I fear, it's incompetence. And we need look no further than our own White House to fear that. It's not that I don't give out potentially sensitive information to my bank, my frequent flier program, even iTunes, but they need my information and they have an enormous imperative--in the way of massive cost and bad publicity--to keep it from leaking out. If they do, the government is there to hear my grievance and, hopefully, redress it. If the federal government lets it leak out, where do I go?

I feel bad for people in the UK that might get hurt from this, but I hope it shows a few here in the US how the idea of national ID cards (and the need for data security), should be looked at very, very carefully and seriously.