Article: Cullen outlines vision for new driving licence

ambro25

prospect wrote:

Is this:

Extrapolating a bit, someone may hack into the Irish Passport database (which already exists, and everyone has a Passport) for the same data - so what's your point?

Not in direct contradiction with this?:

Oh, for sure. Nothing easier to tamper than an EEPROM "Sh*t! got another 2 points!"... "Oh well, no bother, that mate of the mate of my mate has a hacked card reader, he' ll zap them from the card for €50." I can see that one coming on clear as day.

No it isn't.

To begin with, and not to be pedant (as I know you're going to accuse me of that ), if you ever had anything to do with hacking an EEPROM locally (think: unlocking a mobile) vs hacking a database from a remote source (think: well... better not on a public forum ) , you would know that there is a world of difference.

That is why I was asking maidhc what his point was (about the National Vehicle License whatever database), and then made my Passport database-hacking analogy.

Next, my point (which again, I emphasize, was not targeted at your post - since it's the Minister who's suggested it, from the OP, I believe): so you're now carrying a credit-card -sized driver's license which has a CHIP on it, wherein some or all of your data is logged in (ID, print, DNA, points, how girlfriends, mistresses etc, etc).

So what? Is this going to make Irish drivers (I know, I know... we understand one another, right?!?) better drivers, better trained, better qualified? Will waiting times and queues for the test reduce? Will points be administered (yes, they still would have to be administered centrally, at point of contact/juncture with Court system) any faster/more accurately? Do Gardai today have any in-car equipment to even remotely improve accuracy (and therefore rate) of enforcement (even better: over-the-air DB query interfaces, as in the UK?)

No. So spends tax poayers' €s fixing the above first, then look to make nice fancy CHIP-based driver licenses.

prospect wrote:

You criticise my suggestion by pointing out how easily it could be hacked. But when your suggestion is criticised, you claim that hacking is not relevant because current government databases are already hackable?

I have not suggested that "government databases are already hackable". maidhc did. Quite on the contrary, I said that hacking government-type databases was an entirely different kettle of fish to issuing a personal credit card-sized driver license with a CHIP on it, and there would be no difference between attempting to hack a yet-to-exist "national driver licenses database" (for the cc-type CHIP-base licenses) and an already-existing passport database: in other words, it's a different problem (that of securing national databases against intrusions), and not quite the topic either.

For that matter, and IMHO, I don't believe such databases are hackable, unless you are an employee or know an employee, who has access to it to obtain whatever info is in there. There is a due process of Law for such incidences of unauthorized access and/or misuse of the data, under quite a few Statutes/Acts to boot.

maidhc

ambro25 wrote:

For that matter, and IMHO, I don't believe such databases are hackable, unless you are an employee or know an employee, who has access to it to obtain whatever info is in there.

Hacking a database is 99% social engineering. But a busybody can ask a county council who owns a particualtar car with a particular reg No, and if they believe that busybody is "reasonably" entited to it, they will get it. See the Road Traffic (Licensing of Drivers) Regulations 1999 (Reg 11). I am intimately aware of the Data Protection Acts, and other such provisions, but they are of little assitance when the subject of the request is not even aware people are looking for information on them.

In any case I merely drew the comparison between databases and ID cards merely to illustrate that "if you have nothing to hide you have nothing to fear" is not always the best approach to take with systems dealing with personal identity in general.

ambro25

maidhc wrote:

In any case I merely drew the comparison between databases and ID cards merely to illustrate that "if you have nothing to hide you have nothing to fear" is not always the best approach to take with systems dealing with personal identity in general.

No, and agreed. The best approach is undoubtedly to use whatever is best-practice for designing and implementing such a scheme at whatever time it is being designed and implemented. Can't be fairer. And yet, and even then, there is no such thing as a totally unflawed/secure proposition. Else AVG, Symantex, Dr Norton etc. would have been out of business 20 years ago

But absence of regulation and/or 'registration' (in a database of whatever description from which cards (or passports ) are produced) is no panacea either, and could be said to be worse (witness reported/alleged problems in tracing non-IE cars/drivers when 'incidents' happen, for example - not that cc-type driving license for IE drivers would help that last remark, of course).

So, the least of two evils...

But, all the same, sinking €ms of tax payers funds into it (chip-enabled driving licenses) when the basics are not yet satisfactorily covered is a waste and a scandal in the waiting.

MontgomeryClift

No, wait! This is great! Everyone will have an electronic card license with their record of zero penalty points recorded on it so they can carry on speeding and driving dangerously in the knowledge that the imptence of the Gardaí and the public is circumscribed by expensive technology.

Martin Cullen is a piece of garbage. The people of Waterford have a lot to answer for there.