In het kader van de nieuwe paspoortwet worden vingerafdrukken en fotoos opgeslagen in een centrale database die ook voor opsporingsdoeleinden kan worden aangewend.
NRC, 6 februari 2010: Minister ter Horst krijgt prijs schending privacy
Minister Guusje ter Horst heeft gisteravond de Big Brother Award gewonnen.
De digitale burgerrechtenorganisatie Bits of Freedom (BoF) kent de ‘prijs’ toe aan instellingen en personen die inbreuk op de privacy bevorderen.
Volgens de jury spreidt Ter Horst een „gevaarlijk gebrek aan nuance” tentoon in het privacydebat. De jury gaf als voorbeeld de nieuwe Paspoortwet. Ook werd Ter Horsts wetsvoorstel genoemd om gescande autokentekens enige tijd te bewaren, „ook als mensen nergens van worden verdacht”.
zaterdag 6 februari 2010
donderdag 4 februari 2010
Blinde vlek voor identiteitsdiefstal werd verdachte fataal
Het verhaal van Kenneth Koseyem Ehigiene (40) die onterecht in de Bijlmerbajes zat voor drugshandel illustreert dit.
'De Nederlandse overheid heeft mij, een onschuldig man, bijna acht maanden lang gevangen gehouden vanwege hun eigen nalatigheid.'
‘Op 18 december 2002, midden in de nacht, wekte de voordeurbel me uit een diepe slaap. Buiten vroor het. Half wakker stommelde ik in mijn badjas naar de deur. Toen de bel een tweede keer hard en indringend rinkelde, wist ik dat er iets aan de hand was. Voor de deur stonden ongeveer acht politieagenten'.
U staat onder arrest’, meldden ze mij. Voordat ik wat terug kon zeggen, duwden ze me tegen de muur en boeiden snel mijn handen. Mijn vrouw, kinderen en mijn moeder werd gezegd zich stil te houden. ‘U bent een grote drugshandelaar’, zei een van de agenten toen ik hem vroeg waar ik van verdacht werd. ‘U hebt toch de Nigeriaanse nationaliteit?’
„Jullie hebben de verkeerde voor je. Ik ben Kenneth Ehigiene en ik heb de Nederlandse nationaliteit. Ik ben een zakenman en heb niets met drugs te maken’, zei ik met overslaande stem. Mijn handen trilden. ‘Interessant.’ Dat is het enige wat die agent terug zei.
Volledig bericht op: http://www.nrc.nl/achtergrond/article1974611.ece(NRC 6 september 2008 00:00 Ruth Hopkins)
'De Nederlandse overheid heeft mij, een onschuldig man, bijna acht maanden lang gevangen gehouden vanwege hun eigen nalatigheid.'
‘Op 18 december 2002, midden in de nacht, wekte de voordeurbel me uit een diepe slaap. Buiten vroor het. Half wakker stommelde ik in mijn badjas naar de deur. Toen de bel een tweede keer hard en indringend rinkelde, wist ik dat er iets aan de hand was. Voor de deur stonden ongeveer acht politieagenten'.
U staat onder arrest’, meldden ze mij. Voordat ik wat terug kon zeggen, duwden ze me tegen de muur en boeiden snel mijn handen. Mijn vrouw, kinderen en mijn moeder werd gezegd zich stil te houden. ‘U bent een grote drugshandelaar’, zei een van de agenten toen ik hem vroeg waar ik van verdacht werd. ‘U hebt toch de Nigeriaanse nationaliteit?’
„Jullie hebben de verkeerde voor je. Ik ben Kenneth Ehigiene en ik heb de Nederlandse nationaliteit. Ik ben een zakenman en heb niets met drugs te maken’, zei ik met overslaande stem. Mijn handen trilden. ‘Interessant.’ Dat is het enige wat die agent terug zei.
Volledig bericht op: http://www.nrc.nl/achtergrond/article1974611.ece(NRC 6 september 2008 00:00 Ruth Hopkins)
Business Case genaamd Dreiging
As attacks increase, U.S. struggles to recruit computer security experts
The federal government is struggling to fill a growing demand for skilled computer-security workers, from technicians to policymakers, at a time when network attacks are rising in frequency and sophistication. By Ellen Nakashima and Brian Krebs - Washington Post Staff Writer - Wednesday, December 23, 2009
Opvallend is niet alleen een groeiend tekort aan experts, maar ook het soort experts dat wordt gezocht: cyber decision makers, cyber security lawyers, researchers and policymakers. Ofwel: cyber security wordt definieerd als een beleids- en bestuursissue.
Volgens mij is anonimiteit op het web daarbij een van de (grote) hinderpalen. Ofwel: een business case ook voor identity assurance.
Demand is so intense that it has sparked a bidding war among agencies and contractors for a small pool of special talent: skilled technicians with
security clearances. Their scarcity is driving up salaries, depriving agencies of skills, and in some cases affecting project quality, industry
officials said.
Commerce is trying to improve, but it can take years to put the people, processes and technology in place to wage an effective defense, said
Mischel Kwon, former director of the Department of Homeland Security's readiness team. For years, she said, most civilian agencies were forced by
federal law to spend their cyber-funds on security audits as opposed to crafting a strong security program.
And most federal information technology managers do not know what advanced skills are needed to combat cyber attacks, said Karen Evans, information
technology administrator in the Bush administration. Cybersecurity lawyers, researchers and policymakers are also in short supply.
The Pentagon, for instance, lacks a career path to develop "expert decision-making in the cyber field" ,said Robert D. Gourley, a former Defense Intelligence Agency chief technology officer. "The great cyber-generals are few and far between."
Zie: http://www.washingtonpost.com/wp-dyn/content/article/2009/12/22/AR2009122203789_pf.html
dinsdag 2 februari 2010
Rapport Identiteitsmanagement in Nederland
Rachel Marbus heeft met de publicatie Identiteitsmanagement in Nederland, de stand van zaken een nuttige en goed leesbare publicatie geschreven.
Het rapport is te downloaden via http://www.ecp-epn.nl/sites/default/files/Publicatie_Identiteitsmanagement_0.pdf.
Het rapport is te downloaden via http://www.ecp-epn.nl/sites/default/files/Publicatie_Identiteitsmanagement_0.pdf.
STORK - EU interoperable system for e-recognition
STORK is a large scale pilot in the ICT-PSP (ICT Policy Support Programme), under the CIP (Competitiveness and Innovation Programme), and co-funded by EU. It aims at implementing an EU wide interoperable system for recognition of eID and authentication that will enable businesses, citizens and government employees to use their national electronic identities in any Member State. It will also pilot transborder eGovernment identity services and learn from practice on how to roll out such services, and to experience what benefits and challenges an EU wide interoperability system for recognition of eID will bring.
The STORK interoperable solution for electronic identity (eID) is based on a distributed architecture that will pave the way towards full integration of EU e-services while taking into account specifications and infrastructures currently existing in EU Member States. The solution provided is intended to be robust, transparent, safe to use and scalable, and should be implemented in such a way that it is sustainable beyond the life of the pilot.
Meer info in de bijlage, details en project documenten op http://www.eid-stork.eu/index.php?option=com_processes&act=show_process&Itemid=60&id=312.
Zo, nu eerst ‘n eNIK...
The STORK interoperable solution for electronic identity (eID) is based on a distributed architecture that will pave the way towards full integration of EU e-services while taking into account specifications and infrastructures currently existing in EU Member States. The solution provided is intended to be robust, transparent, safe to use and scalable, and should be implemented in such a way that it is sustainable beyond the life of the pilot.
Meer info in de bijlage, details en project documenten op http://www.eid-stork.eu/index.php?option=com_processes&act=show_process&Itemid=60&id=312.
Zo, nu eerst ‘n eNIK...
Kantara Identity Assurance
The Kantara Initiative was announced on April 20, 2009, by leaders of several foundations and associations working on various aspects of digital identity, aka "the Venn of Identity". It is intended to be a robust and well-funded focal point for collaboration to address the issues we each share across the identity community:
• Interoperability and Compliance;
• Testing;
• Identity Assurance;
• Policy and Legal Issues;
• Privacy;
• Ownership and Liability;
• UX and Usability;
• Cross-Community Coordination and Collaboration;
• Education and Outreach;
• Market Research;
• Use Cases and Requirements;
• Harmonization; and
• Tool Development.
The thinking behind Kantara Initiative dates back to the spring of 2008, when these leaders, individuals, organizations and community members started with a blank slate, discussing consumer and industry needs and trying to determine how to best meet these needs. (…) finally arriving at a basic plan that represented consensus among the team and a new approach through a bicameral leadership model. Legal work was then completed against the spirit of what was trying to be accomplished, and significant due diligence was done by various legal teams to assure that bylaws, operating procedures and IPR agreements met the needs of the new organization. Membership is growing quickly as individuals, developers, organizations, governments, technology providers, and enterprises recognize the new opportunities afforded to them through the Kantara Initiative.
De agenda http://kantarainitiative.org/wordpress/about/ biedt een aardig inzicht in wat er wereldwijd rondom IA / IDM speelt.
The Identity Assurance Work Group (IAWG) http://kantarainitiative.org/confluence/display/idassurance/Home has been formed within the Kantara Initiative to foster the adoption of trusted on-line identity services. To advance this goal, the IAEG will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far. The first step will be development of a global standard framework and the necessary support programs for assessing identity service providers (IdSPs) against criteria that determine the level of assurance that a relying party (RP) may assume in evaluating identity claims provided by those IdSPs. The framework and processes will be defined in a way that scales, empowers business processes and benefits individual users of identity assurance services. The framework will be the basis upon which IdSPs, RPs and their services can be certified as compliant with common policies, business rules and baseline commercial terms, avoiding redundant compliance efforts and market confusion about the substance and value of identity assurance delivered. Read the proposed Work Group charter at http://kantarainitiative.org/confluence/display/idassurance/Charter.
• Interoperability and Compliance;
• Testing;
• Identity Assurance;
• Policy and Legal Issues;
• Privacy;
• Ownership and Liability;
• UX and Usability;
• Cross-Community Coordination and Collaboration;
• Education and Outreach;
• Market Research;
• Use Cases and Requirements;
• Harmonization; and
• Tool Development.
The thinking behind Kantara Initiative dates back to the spring of 2008, when these leaders, individuals, organizations and community members started with a blank slate, discussing consumer and industry needs and trying to determine how to best meet these needs. (…) finally arriving at a basic plan that represented consensus among the team and a new approach through a bicameral leadership model. Legal work was then completed against the spirit of what was trying to be accomplished, and significant due diligence was done by various legal teams to assure that bylaws, operating procedures and IPR agreements met the needs of the new organization. Membership is growing quickly as individuals, developers, organizations, governments, technology providers, and enterprises recognize the new opportunities afforded to them through the Kantara Initiative.
De agenda http://kantarainitiative.org/wordpress/about/ biedt een aardig inzicht in wat er wereldwijd rondom IA / IDM speelt.
The Identity Assurance Work Group (IAWG) http://kantarainitiative.org/confluence/display/idassurance/Home has been formed within the Kantara Initiative to foster the adoption of trusted on-line identity services. To advance this goal, the IAEG will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far. The first step will be development of a global standard framework and the necessary support programs for assessing identity service providers (IdSPs) against criteria that determine the level of assurance that a relying party (RP) may assume in evaluating identity claims provided by those IdSPs. The framework and processes will be defined in a way that scales, empowers business processes and benefits individual users of identity assurance services. The framework will be the basis upon which IdSPs, RPs and their services can be certified as compliant with common policies, business rules and baseline commercial terms, avoiding redundant compliance efforts and market confusion about the substance and value of identity assurance delivered. Read the proposed Work Group charter at http://kantarainitiative.org/confluence/display/idassurance/Charter.
VS neemt maatregelen tegen data breach
The American Recovery and Reinvestment Act (ARRA) also includes a section that introduces the first federally-mandated data breach notification law.
...Title XIII of ARRA, also known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act)...
The HITECH Act includes data breach notification requirements for protected health information. Though several states have data breach notification laws covering information used in identity theft (Social Security Numbers, credit card numbers, banking information, etc.), only a few have extended such notification laws to health information. And the federal government has never addressed the issue. Until now
http://www.itbusinessedge.com/cm/blogs/bentley/stimulus-bill-includes-first-and-maybe-only-federal-data-breach-notification-law/?cs=31378&utm_source=itbe&utm_medium=email&utm_campaign=MCS&nr=MCS
...Title XIII of ARRA, also known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act)...
The HITECH Act includes data breach notification requirements for protected health information. Though several states have data breach notification laws covering information used in identity theft (Social Security Numbers, credit card numbers, banking information, etc.), only a few have extended such notification laws to health information. And the federal government has never addressed the issue. Until now
http://www.itbusinessedge.com/cm/blogs/bentley/stimulus-bill-includes-first-and-maybe-only-federal-data-breach-notification-law/?cs=31378&utm_source=itbe&utm_medium=email&utm_campaign=MCS&nr=MCS
Abonneren op:
Reacties (Atom)
