The US Customs and Border Protection says that information from a database run by a subcontractor on an undisclosed of people who have entered the country, including in many cases vehicle registration, photograph and fingerprints, has been stolen; confirming predictions made by security experts long ago.
Meanwhile, the UK government has canceled a scheme to require age verification to enter adult websites after realizing about the potential security risks that compiling such type of information could entail.
All of which raises questions about just who is looking after information we provide not to a private company, but our governments. In a world where everything, and that means everything, can be hacked, the very least we should expect from the authorities is that our personal data is encrypted, making it useless should it fall into the wrong hands. Is information held in government databases under these conditions? How does the public sector compare to the private when it comes to data security?
Computer technology is evolving at light speed: what will happen when quantum computing makes all current cryptography systems obsolete? What would we do in a world with no sure way to encrypt information? Fortunately, we don’t have to answer these kinds of questions from one day to the next, but a range of post-quantum cryptography systems are already in development based on a range of approaches and using different algorithms. But for them to work, anyone who holds third-party data must make a commitment to using the most secure systems available. Private companies that fail to do so risk losing our trust and can face fines, but strangely enough, this doesn’t seem to apply to governments and other authorities.
Furthermore, in most cases, we can choose if we want to provide our information to a private company, but we are legally obliged to supply it to a government agency, as is the case when we enter a country, request a license for any activity or when we pay our taxes. The recent theft of information from the US Customs and Border Protection Office is especially serious, because a large part of the data it kept was biometric, which is impossible or extremely difficult to change.
Under what conditions is our information stored in the hands of public institutions? Are the security audits of public bodies carried out at the same level as those of private companies, or has the same culture survived from the time when that information was stored in folders on sheets of paper? What can be done to prevent data theft?
(En español, aquí)