Experts doubt DIAC bio-database can stop ID fraud

Powered by SC Magazine
 

Fingerprint sharing a small step for IT security.

Australia, New Zealand, Canada and the UK have started sharing the fingerprints of unknown criminals in the hope of cracking down on ID theft.

Senator Chris Evans, the Minister for Immigration and Citizenship, said in a statement that the agreement would "greatly improve" Australia's ability to detect identity fraud.

"The Australian Government's ability to detect and immigration and identity fraud will be greatly improved as a result of new biometric data-sharing arrangements with partner agencies in Canada and the United Kingdom," the Senator said.

However, security experts believe the system is unlikely to reduce ID theft.

Nick Ellsmore, chief technical officer of security consultancy Stratsec, and representative of the Australian Information Security Association (AISA), told ITnews he doubts this kind of information sharing will reduce instances of ID theft.

"Is this going to materially impact on identity theft? I doubt it."

IBRS security analyst James Turner suggested the system could be exploited by criminals and questioned how it would deal with false positives. 

"If I was a criminal interested in getting my fingerprints removed from the system, previously I might have had to find someone to bribe within the country," he said. "Now I've potentially got more people in other countries I can target. However, I suspect that much like the TSA's [The United States Transportation Security Administration] no-fly-list, it may prove tricky to get even legitimate fingerprints out of this system. Time will tell."

Stratsec's Ellsmore, who was presenting at the Security 2009 conference in Sydney today, said that user awareness of the problem is a start but in order to have a real impact, users need to change their behaviour accordingly.

"People need to have security awareness, which has been a mantra in the industry for some time. But is that enough? If you ask people if ID theft is a problem, most people would say, 'yes, it is,' but does that necessarily translate into their actions in how they give out their personal information, what they put on their Facebook profile, or whether they shred their credit card statements?"

Another factor increasing the problems of reducing ID theft is the popularity of social networking, said Ellsmore.

"The people most comfortable with giving out huge volumes of personal information are younger generations because they have grown up on it.

[Combating ID theft] is something that is getting harder rather than easier.

"As long as people see a return on providing their personal information, they will. Until they start experiencing a cost from providing that information they will [continue] to do it."


Experts doubt DIAC bio-database can stop ID fraud
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Telcos finally briefed on data retention details
Update: AGD offers list of data to be stored.
 
Qld Health hires short-term CIO, CTO
Ray Brown leaves after five years at IT helm.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  12%
TOTAL VOTES: 565

Vote