Roland Dürre
Friday October 12th, 2012

Data _Theft

This morning, there was an extremely unsettling item of news (Nachricht) on the radio (as always, I listened to Bayern2 – Radio):

In probably two hospitals, data were stolen. We are talking of the hospitals at Rastatt and Mittelbaden in Baden-Württemberg. The objects stolen are patients’ data, diagnoses, letters by doctors and internal hospital communication. These data were probably stolen on September, 19th. According to the hospital, they filed a complaint against an unknown person. It says that the Rastatt hospital noticed the violation on September, 27th – eight days after the alleged theft.

Today, on October, 12th, this item of news makes the current headline!

Basically, I assume that, of course, some “secret” data of German hospitals will end up where they do not belong on a daily basis. It is probably unavoidable. But this case seems to be particularly important. After all, it made the current news of October, 12th, 2012!

Well, why don’t we savor this topic? There was a data theft. Theft – which means some property was stolen. But then, the property – that is the data – would have to be gone after the violation of the law happened. Consequently, the thief would have had to copy the data and then delete the file at the place of theft. Otherwise, all you get is “half a theft”.

Yet I presume this was not what happened – it is probably not even possible. All those intended copies (backups) and unintended “data in work” make it basically impossible to completely delete anything. Except if the thief practiced total vandalism and destroyed everything. Or else if he was a perfectionist who also destroyed all the backups. But only a genius can do that – and even he can only do it if he has internal knowledge.

But let us look at the person who probably committed the theft. I write “probably” because, de facto, the “theft” is only an assumption. They assume that an unknown person copied certified data from the system. So what will the thief now do with them?

Is there a personal interest, because he wants to know more about a procedure that actually concerns him? Is it simply revenge? Does he only want to look important?  Is this espionage, maybe by the press? Someone who wants to detect unethical behavior on the part of the hospitals (I assume that can be found everywhere)? Or was it, maybe, even a Federal Agency working clandestinely (and rather clumsily)?

Or is it a (minor) culprit who wants to win money by using data, for example by blackmail? And in that case: who would be the recipient of blackmail? Who is the owner of the data? If it is a diagnosis, is it the hospital or the patient? If it is communication between doctors: the hospital or the doctors? The sender or the recipient of the letter?

More and more question. I am sure I could continue in this fashion for a long time. But that is not what I want. I assume that this is again one of the instances where no damage will be done by the “data abuse”. And if damage is done, it will be quite small and short-lived. A trifle. But in the land where people get hysterical about data security, this is the kind of news you can use for painting the most demonic pictures.

I file the article among “storms in the water glass”.

RMD
(Translated by EG)

P.S.
I would find it a lot more interesting to read about the number of malpractices or the many cases of operations or other therapeutic actions where business considerations and optimization, such as capacity utilization and strategic billing were the determining factors.

I moved this article to the top because the third presentation is Monday, 8th of june!

darwin_flyer_sose09At Munich Technical University, there are always some interesting presentations that I like to hear. Now I got a special hint.
The Carl von Linde-Akademie at Munich Technical University organizes a lecture series on the revolution of the image of the world in nature, technology and society. Leading you through the presentation will be Prof. Dr. Klaus Mainzer (Academic Director of Carl von Linde-Akademie and chair holder in philosophy and scientific theory at TU München).

The same venue housed the presentation of Dr.-Ing. Wolfgang Reitzle, head of directors at Linde AG, on October, 21st, 2005 when he spoke about “Measuring in Terms of Humanity – What Makes Tomorrow’s Technologies a Success” at the series of the TUM Business Club. I also heard his special festive presentation when the Carl von Linde-Akademie was opened at May, 3rd, 2004 in the Pinakothek der Moderne on “The Culture of Responsibility and Innovation in Economy and Society”.

mehr »

Sorry, this entry is only available in German.

Bernhard Findeiss
Tuesday June 10th, 2008

The basics of account management (part 2)

Sorry, this entry is only available in German.

Bernhard Findeiss
Friday May 16th, 2008

The basics of account management

In my last blog post (see here), I introduced a classification of IdM-Systems based on the FIDIS model.

Based upon this classification, I now want to talk a little bit more about the basics of type-1-identity Management (aka “account management”): What is it, and what are the main challenges and difficulties?

Next time, I will explain why it is worth doing, and sometimes even mandatory.

By the way, this blog post is based upon a talk I gave last year at one of InterFace AG’s “blue Fridays”. If someone is interested in the slides, or wants me to repeat the talk, feel free to contact me at Bernhard.Findeiss@Interface-AG.com .

As mentioned in the last post, account management can be defined as the consistent administration of identities, and their access to (IT-) resources of an organisation during their entire life cycle.

This includes:

Persons, e.g. employees and external consultants, but also technical objects as long as they need access to resources (for example printers which can send automated status emails etc).

Storage of identity based data (mostly supplied by HR systems)

Transfer of data to target systems, e.g. to create accounts, to assign and/or revoke access rights, but also to synchronise data between the IDM system and the target system. The number and nature of target systems significantly contributes to the complexity of IDM projects, by the way.

Support for workflows needed in everyday (corporate) life, like creation/editing/deletion of identities, assignment/revocation of resources, role definition etc.

Account management is not a new topic for most organisations. In fact, it has existed for as long as access controlled (IT-) resources have existed in an organisation.

Until now, however, most of the work has been done manually by specialised administrators. Of course, this is very expensive and time consuming, and it also involves a much higher error ratio compared to doing it automatically via an IDM system.

Also, there is the problem of data synchronisation and consistency. Access to all of a user’s IT systems should be based on the same set of identity data. These are not unalterable, however, but can change over the course of time (through marriage, relocation etc.). Keeping identity data consistent in all IT systems can therefore be quite a challenge, e.g. when 2 systems contradict each other.

To solve this problem, directory services were introduced (starting in the 1990s). They gather all individual-related data and make them available through a standardised interface (with LDAP being the one mostly used). This directory is then defined as “leading” in respect of identity data. All other systems from now on only synchronise with this directory, and so eliminate the problem of data inconsistency.

Unfortunately, it became clear that even directories could not solve all problems. Not all IT systems support the externalisation of identity data. For some systems, (like HR), it might even be undesirable to do so.

By the use of an identity management system, however, even this situation can be managed:

Now, all systems may keep control of their data. Only relevant changes are propagated to the IDM system. The IDM system then manages synchronisation with all other affected systems in the organisation.

Here too, data consistency throughout the organisation can be guaranteed.

This is only one of the advantages of an IDM system. I will mention more advantages in my next article.

Bernhard Findeiss
Wednesday April 30th, 2008

What is “identity management”, and why should we care about it?

One topic, which has gathered a lot of attention in the IT world, is “Identity Management” (or “IdM”).
What is this topic, and why should everyone know about it (especially everyone surfing the web)?Firstly, I want to point out that identity management is not a single topic for itself, but consists of a number of sub-topics which at first sight don’t seem to have that much to do with each other.

But I think, it is quite important to consider the sub-topics in order to get to a common basis for conversation. Many people in this area concentrate on only one of these sub-topics, yet all of them call it “identity management”.

A classification was introduced during the EU-sponsored FIDIS project. It defined 3 classes of IdM-system:

Type 1: Account Management

This kind of Identity Management is mostly done by companies. Account Management covers all aspects of the employment lifecycle, from initialisation at recruitment, through changes in access rights when promoted, demoted, or transferred to another department, to deletion on leaving the company.
The main objective here is to provide all workers with all the access rights they need to carry out their work (such as email, internet, file access etc.), but also to revoke some of them whenever that is required.

This kind of administration is usually carried out centrally by specially commissioned persons (administrators). Self-service by users themselves is exceptional. Account management focuses on the reliable identification of persons (“authentication”), and the secure assignment of access rights to each person (“authorization”), not on privacy.

Type 2: Profiling of user data by an organization

Type-2-identity management is all about inferring a person’s behaviour, likes, and dislikes from a potentially massive amount of data. As with type-1-identity management, this is also carried out by an organisation. Here too, the focus is more on the reliable assignment of profile information to a person than on privacy.

Unlike type-1-identity management, however, profiling does not focus on the assignment of access rights but rather on gathering knowledge about a person (or a group of persons) by analysing available data.

Possible data sources for profiling can include publicly available information from the internet (which people inevitably leave behind in the course of time), but also systems solely built for the purpose of data collection.
Examples of such systems are, for example, the German “Payback”-System, (which traces people’s buying behaviour by giving them bonus points for each transaction), and the Amazon.com homepage, where you receive recommendations for new products based on previous buying habits. Credit card companies use profiling to detect card misuse (which is characterised by a different usage profile).

Today, there exist a number of specialized search engines, which use publicly available information from the internet to compile a profile of a person. If you want to try it out yourself, just surf over to www.yasni.de (if you are looking for a German), or www.spock.com , which focuses more on US citizens.

Type 3: IMS for user-controlled context-dependent role and pseudonym management

This,awkwardly named type of identity management is the kind of identity management, which all of us use if we want to control the kind and the amount of information we leave behind when we surf the web. In this way, a later profiling of your person can be prevented, hindered, or at least be influenced by your wishes.

This type of identity management therefore focuses mainly on the administration of your own private data, and of your own privacy in general.

This type of identity management will, in my opinion, draw much more attention in the future. People are starting to post even the most private matters on the web. So IMS can pay off today, for example if you don’t want to be asked, during your next job interview, about an embarrassing Youtube-video.

Already there are a number of companies whose business is to benefit their customers (for a certain amount of money) by correcting such “errors”. If you consider just how lavishly especially teenagers treat their private data (on pages such as Myspace, Youtube, Twitter etc.), this business model seems to have some potential for the future.

So far, I have given a brief overview of the three types of identity management introduced by the FIDIS project.

Based on this classification, we plan to publish a number of articles, treating such exciting topics as identity federation, context-based authentication or identity management with service-oriented architectures.