Experts doubt DIAC bio-database can stop ID fraud

Powered by SC Magazine

Fingerprint sharing a small step for IT security.

Australia, New Zealand, Canada and the UK have started sharing the fingerprints of unknown criminals in the hope of cracking down on ID theft.

Senator Chris Evans, the Minister for Immigration and Citizenship, said in a statement that the agreement would "greatly improve" Australia's ability to detect identity fraud.

"The Australian Government's ability to detect and immigration and identity fraud will be greatly improved as a result of new biometric data-sharing arrangements with partner agencies in Canada and the United Kingdom," the Senator said.

However, security experts believe the system is unlikely to reduce ID theft.

Nick Ellsmore, chief technical officer of security consultancy Stratsec, and representative of the Australian Information Security Association (AISA), told ITnews he doubts this kind of information sharing will reduce instances of ID theft.

"Is this going to materially impact on identity theft? I doubt it."

IBRS security analyst James Turner suggested the system could be exploited by criminals and questioned how it would deal with false positives. 

"If I was a criminal interested in getting my fingerprints removed from the system, previously I might have had to find someone to bribe within the country," he said. "Now I've potentially got more people in other countries I can target. However, I suspect that much like the TSA's [The United States Transportation Security Administration] no-fly-list, it may prove tricky to get even legitimate fingerprints out of this system. Time will tell."

Stratsec's Ellsmore, who was presenting at the Security 2009 conference in Sydney today, said that user awareness of the problem is a start but in order to have a real impact, users need to change their behaviour accordingly.

"People need to have security awareness, which has been a mantra in the industry for some time. But is that enough? If you ask people if ID theft is a problem, most people would say, 'yes, it is,' but does that necessarily translate into their actions in how they give out their personal information, what they put on their Facebook profile, or whether they shred their credit card statements?"

Another factor increasing the problems of reducing ID theft is the popularity of social networking, said Ellsmore.

"The people most comfortable with giving out huge volumes of personal information are younger generations because they have grown up on it.

[Combating ID theft] is something that is getting harder rather than easier.

"As long as people see a return on providing their personal information, they will. Until they start experiencing a cost from providing that information they will [continue] to do it."

Experts doubt DIAC bio-database can stop ID fraud
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.