Marianne Plays With Computers

My Digital Adventures

Dude, My Car’s Been Hacked! — August 15, 2015

Dude, My Car’s Been Hacked!

So I’m the last person in the world to break this story, but in case you haven’t heard, your car may now be vulnerable to hackers. Thankfully, Chrysler has issued a recall for the affected vehicles.

I know that we all want to be connected all the time, and that the convenience adds a lot to our lives. I don’t even remember how I used to get around town without GPS to guide me. I think I got lost a lot. And remembered exit numbers a lot better than I do now.

But this is the price we pay. For each convenience that allows helpful data in, a hacker sees a way to get their own data in instead. When you’re looking for your next vehicle, for each helpful little gadget, ask yourself what could happen if it went terribly wrong. When your doctor wants to monitor your health over the Internet, ask her how your private data is being protected. And if someone offers you a bionic implant that can be “updated” remotely, just say no.

The Big Breach — July 10, 2015

The Big Breach

Today’s post is about a topic that’s close to my heart. And my credit report.

As you may have heard, personal information belonging to millions of federal employees and others was stolen from the Office of Personnel Management and and the Interior Department. That was bad.

But this week, it’s come out that it’s not just personally identifiable information (PII) that’s been stolen, but fingerprints as well.

This brings up one of the major problems with using biometric identification as an authentication mechanism. Passwords can be changed. Credit cards can be replaced. In extreme cases, you may even be able to get a new social security number. But biometrics are, by definition, a part of you. You can’t just go out and change your voice print or get a new set of fingerprints.

I understand why the keepers of really important data use biometrics. “Something you are” is one of the fundamental authentication mechanisms. (The other two are “something you know” — like a password — and “something you have” — like a keycard.) And two-factor authentication is a must for any really important data.

But if your data is so important that you literally “want a piece of me” to allow me to work with it, then have the decency to protect it at least that well. Unfortunately, the federal government has a history of failing to protect the data in its charge.

The OPM director has resigned over this incident. It will be easy to say that the problem will be solved under a new director. Perhaps the next person to accept the responsibility of this office will in fact do better. But until those in charge value their employees’ personal data and their citizens’ trust more than their positions of power, we will continue to see incidents like this in the government.