BlogUpdates from Paul Spain
Tuia 250 Privacy Breach – Ministry for Culture and HeritagePaul Spain
This morning I was interviewed by on RNZ National programme ‘Morning Report’. After further queries about this breach it seems appropriate to share a little more detail here for those who are interested. In summary, a website (tuia250.nz) built by a third party for the Ministry for Culture and Heritage unintentionally made available digital copies of the following documents:
- 228 passports (209 NZ passports, 19 international passports from Australia, Brazil, Canada, China, Denmark, South Africa, UK, USA)
- 55 driver licences
- 36 birth certificates
- 6 secondary school IDs
- 5 NZ residential visas
Digital copies of some of these documents are now in the hands of unknown people and there is already a case in which misuse of one of these documents has been attempted. There is risk to all individuals who documents have been compromised – including fraud and identity theft.
How should organisations choose to store digital copies of passports and personal identification?
Choosing how to secure and store this sort of data is a critical organisational decision. It should ideally be directed and signed off by senior staff with both an understanding of the cyber security and the impact of mistake with others data. This might typically include a Chief Information Office (CIO) or a Chief Information Security Officer (CISCO). It seems likely that step didn’t happen in this case – possibly an internal process was missed or lacking in this case. Naturally there is technology for storing personal information within government and businesses that encrypts the data. There are also technologies focused on minimising the risk of the data getting out known as Data Loss Prevention (DLP). In this case it appears the data wasn’t encrypted or protected by DLP software and policy. Organisations that need identification should avoid holding on to this data unnecessarily. If a check can be made quickly without storing copies of documents, that will often cost much less than storing the data due the huge security responsibilities of storing identification documents.
Was the website developer at fault?
It maybe unfair to expect a typical small New Zealand website design firm or website developer to have expertise in how to secure such critical data. This would be different if they were a large technology provider contracted for this job because of their specialist skills in dealing with data of this nature and were contracted specifically to put suitable protections in place.
How should individuals react to requests for copies of their identification documents?
Whenever I’m asked for a digital or paper copy of my identification documents (such as a passport or driver license) i usually look to see if there is an alternative. I understand some organisations need to view this information, but in many cases they should not be storing it. If I’m providing a copy of my passport, I’d prefer to know that data would be immediately destroyed – or that it were protected by an enterprise grade DLP (data loss prevention) system. As I mentioned on Morning Report, dealing with Identification documents is challenging for many organisations now – many ask for copies of Passports and Driver Licenses and choose to store them. Knowing how poor security of this data can be, I often refuse to supply copies of a passport or driver license digitally, and I request paper copies are shredded or returned to me.
Is current legislation around copying personal identification documents adequate?
I haven’t read the related legislation however current practices around copying personal data seem very loose and I believe it’s time the government considered how we reduce further risks.
Paul Spain joined Zephyr Airworks CEO Fred Reid to hear about Cora, the vertical take-off and landing (VTOL) aircraft from Zephyr Airworks and Kitty Hawk. To be launched as an autonomous electric sky taxi, ‘Cora’ started out being developed secretly in 2010, funded by Google Co-founder Larry Page.
Now Cora is getting regular testing in the South Island of New Zealand, facilitated by a Government that encourages innovation research and development. Paul hear a little about Cora’s progress and the path ahead for Zephyr Airworks – including the possibility of Auckland soon becoming a city with autonomous electric air taxis so people can make super fast and inexpensive trips – such as to The Coromandel – or to commuting locations (avoid the delays of rush hour road traffic)
Today the iPhone starts being received by those who pre-ordered both here in NZ and around the world (depending on your time zone). Thanks to NZ seeing the sun first we’re ahead of the rest of the planet. In my case, I’ve been using the iPhone X (pronounced ten) since Wednesday NZ time.
The OLED screen is gorgeous. That said, we’re already used to great screens on iPhones and the top smartphones from the likes of Samsung. Incidently, Samsung actually produce the screen in the iPhone X.
Face ID – screen unlocking
Face ID (using your face to unlock the phone) fortunately works pretty well most of the time. I’ve found if you hold it too close to your face that can be a problem. I hope software updates improves the reliability in situations where Face ID fails to unlock the camera.
The Lack of a Home button
I’m still getting used to this, but I don’t see it being an issue – I prefer the bigger screen than a button taking up screen space.
As a big fan of wireless charging I’m very happy Apple have finally added this across the iPhone 8, iPhone 8 Plus and the iPhone X.
Portrait mode photos from front camera
This is an added benefit of the Infrared camera being used for Face ID – you gain portrait mode (for bokeh effect) which blurs the background on portrait shots. This looks really slick and for most people its not a million miles off what a Digital SLR delivers.
Most apps don’t yet take advantage of the iPhone X’s lovely big screen that should change before too long for at least the most popular apps.
No issues on speed, I’m still getting a handle on battery life.
(Stay tuned for a video and more insights over the next 24-48 hours)
You might recall the nursery rhyme, “Rain, Rain, Go Away, Come Again, Another Day”. Well, some people take this even further and they would say the same of clouds. Not traditional clouds but cloud computing. Let’s discuss that because I am not sure that there’s complete wisdom in that approach. So, let’s look at the Pros and Cons as they might relate to your organization.
First up, what are the benefits of cloud computing? Why would anybody want to change what they’ve got and go to the cloud?
Well, first up, it provides access to really the latest and greatest technology, almost at an instant. Generally, very easy to get up and running with. Also, when you got access to this new technology, it’s scalable.
If you need more capability or less capability, that’s available at a touch of a button. If your organization is growing, shrinking, usually you’ve got a lot of flexibility there with cloud computing to pay for what you need rather than buying something that might be fixed for a period of years which is the case when you’re buying your own servers.
Other things, well, usually a bit of collaboration when you’re working in a cloud-based world, and the ability for people to work from anywhere.
Well, that’s not always a necessity. Usually most of us like that flexibility of being able to do work from places other than our standard workplace. Looking at cybersecurity that’s also an area we’re now starting to see much better capabilities often from cloud environments than certainly what small organizations would have access to themselves which has access to with just their own on-premises systems and then, of course, there’s a sustainability aspect off cloud as well.
So, are there downsides? Well, there’s always a downside to consider. Not so many in the cloud world and as more time goes on, those downsides are shrinking and reducing and are being addressed.
One that we’ve come across is often out-of-the-box some cloud systems, just their standard offerings might not give you as much flexibility around back-ups and how you would retain information if it got deleted say a year or two years ago, how do you address that in a cloud if your cloud system doesn’t give you an ability to roll back that far.
Certainly, something to think about but in the lower cases, there are ways of catering to that. Another area to think about is your internet performance that certainly plays into how well cloud will work for you in locations such as New Zealand, for instance, there is really really good performance in most business locations with access to gigabit internet speeds for a very low cost. Other parts of the world, maybe not as good, but often that isn’t a huge inhibitor.
Really, it’s well worth considering cloud, so, where should you start? If your organization isn’t really using cloud technologies today, the first place I’d recommend looking is at your email system. If you got an email server that’s on your premises, then, in most organizations these days it makes sense to get rid of that.
Go to the cloud, take advantage of the advanced capabilities, the latest features, the fact that it replicates across numerous locations and backed up for you. That’s something really worth paying for.
That’s it for me. If you’d like to dive in further on this discussion, feel free to join my email updates paulspain.com/updates. Reach out to me here on social media or you can email me directly if you like immediate help around this subject and some input: firstname.lastname@example.org.
A lot of people love Facebook because a great way of keeping in touch with family and friends and especially when you’re not in the same city all the time. It’s a great way of sharing those pictures and videos with extended family and grandparents and so on. Very handy. But where does LinkedIn fit in this picture?
I think it’s got different benefits for different people. For me, I find LinkedIn as just a great way to keep in touch from time to time with people. Certainly, a great way for me to share some of my content, my videos with others that I know. But it’s also had some really good business benefits.
I looked back a few years ago and I had decided, I should be using LinkedIn more. It is a business-focused social network, I’m a business so I should be utilising it.
So, I went out and I thought, “Well, who are the people that I should be adding on LinkedIn?”, and I remembered an old colleague who I bumped into in a conference a few months before, so, I added him on LinkedIn.
Now, as far as I’m aware he’d never ever recommended any business to me or my company before. But just about two or three days, after that particular situation where I added him on LinkedIn, he took a phone call from somebody that needed some help.
Now, it wasn’t a fit for his business, but it was fit for me. And he immediately recommended me. I can only think that look, it had been years since I worked with this particular person, yes, we’d seen each other a few months ago at an event but it was because I just reconnected with him on LinkedIn that would’ve been in front of mine.
So, he recommended that business and it ended up being an account that over the next few months generated a few hundred thousand dollars. Pretty important piece of business for my firm at the time.
You’d never know what connecting in person or online will do, whether the timing could be fortuitous or not but if you’re not using a tool like LinkedIn, you’re not staying connected with those that you know particularly in the business world. Then look, you could be missing out an opportunity.
My recommendation to you is, get yourself a good profile that really describes you, the business that you do clearly and succinctly. Make sure you have a good, clear, profile picture. If you don’t have one, get a nice headshot taken or an image that you can put on LinkedIn.
Just go and fill in the key areas and then make sure you’re connected to the people you meet. And when you meet new people, business cards are pretty old school.
So, my approach is, when I meet somebody new in the business world is I immediately connect with them on LinkedIn.
That would be my recommendation for you and some people are more than happy to connect with people more broadly even if they haven’t met in person and that goes for me too.
So, if you’d like to connect with me on LinkedIn, and you’re not already connected directly, then feel free to do so.
I do appreciate it if you’re doing that to add a little note, let me know how you came across me.
Alright, thanks very much for listening. We’ll catch you next week in, of course, you can follow my email updates by going to paulspain.com/updates.
Apple has just announced their latest, new, Apple TV 4K, the new Apple Watch Series 3, the iPhone 8 and 8 Plus and the big one, the iPhone X. Now, should you be excited about this or is Apple just playing catch-up with the competition?
Let’s look through these announcements quickly. The Apple Watch, Series 3, an embedded sim card. Well, Apple isn’t the first to do that and to put that in a phone. But it looks like their approach is pretty slick. It’s going to work well.
Unfortunately, only available in a few markets. So, New Zealand, where I’m based, not available. It’s off the cards for now.
So, if I want to go out for a run or a walk, or I want to go out with my wife, leave the phone behind and have my phone just for those emergency communications, sorry, Paul Spain, doesn’t count for you. You live in the wrong country.
That would be the case for a lot of people around the world. What about this new Apple TV 4K? Well, Apple certainly isn’t the first to come to the market there with a Ultra-high definition but it’s good to see that coming through from Apple and interesting what they’re doing with the TV App.
Though again, that’s not available in all markets I think a positive move, they’re bringing that simplicity of their TV App to watching live sport and live news. Of course, over time that will become available more broadly as well.
So, the new phones, the iPhone 8 and the 8 Plus. Nice improvement and iterations there. Great to see Apple finally come to the party with wireless charging. Boy, we’ve had that for so many years in other devices and I’ve been wondering what’s happening here Apple? Well, they’ve got it, they’ve nailed it.
Looks like good improvements overall, but not super groundbreaking with the 8 and the 8 Plus. In fact, it almost seems cheeky for them not to call these the 7s, 7s Plus but certainly, there are some design changes there, glass back and so on, but not completely mind-blowing.
So, it really all rests on this new iPhone 10 or iPhone X as it’s written. This is a stunning looking device. Now, we’ve seen from Samsung and LG that’s the edge-to-edge screen. But Apple has taken that a step further and the screen looks glorious on this new iPhone 10, 5.8-inch screen, there will be just one size.
It’s going to have the dual camera’s facial recognition so the home button is gone. There’s no more touch ID fingerprint recognition. It’s all about facial recognition.
Of course, you’ve got the waterproof capability, again, and you’ve got that wireless charging. Superb cameras look like a really nice phone.
Now, is it worth paying an extra 50%? Nearly 50% to step up to the iPhone 10? Well, that will be up to you to decide. You’ve got to make that call. It is a big price increase but it’s a really nice phone.
Not out until November 3rd, but I’m certainly looking forward to having a play around with it and using the new iPhone 10.
Hey, that’s it for me. Thank you very much for joining me. I’ll catch up with you again, next week on my next weekly video.