[nSLUG] NS 4.7x [was: Add yourself to the nSLUG member blogs wiki page]

Mike mspencer at tallships.ca
Sat Jan 13 18:05:28 AST 2007


jpb> ...same problem with the NS licence plate renewal site....I wrote
jpb> them a few time explaining that I couldn't renew my plates on
jpb> line, that coming into an office or using M$ was not an option
jpb> due to security reasons.

Did I parse that right?  You can't/won't go into a registry office in
person for security reasons?

gnwiii> Next time a politician knocks on your door, ask why the
gnwiii> government continues to support expensive, proprietary,
gnwiii> insecure systems from M$ when other governments are using
gnwiii> better technology...

Do you happen to know, George, what system the Motor Vehicle Registry
uses to store it's vehicle registration and driver license data?  A M$
system in NS?  A M$ system elsewhere?  Outsourced to any system outside
of Canada?  Here's why I ask (drifting even further off topic):

Ten years ago, the first time my license came up for renewal under the
digital photo and signature regime, I wrote some letters, phoned some
people, asserting that once collected, digitized data is in the wild
(so to speak) and will, in the future, be used in unforeseen ways
which no assurance of "privacy" in the present can forestall.

Long and somewhat amusing story short, I was given a driver's license
with no photo or signature.  Caused a flap at the local office.  They
had to type "Valid without photo or signature" on paper, reduce it in
size with the photocopier, snip it out and laminate it into the
plastic.  Five years later, Feb 2001, renewal passed without comment
and the computer printed that text on the card.  Technical
progress. :-)

The last time I showed my license to a registry person, it caused
another flap. "How did you get that?  We don't do that anymore!"  So
now it's about time for another renewal and I'll just have to see what
kind of hoops or stone walls post-9/11 has created.  Knowing that
their data storage uses M$-ware, that it's outsourced to a 3rd party
and/or that it's on net-connected machines might be useful in that
regard.

Seems to me like a catch-22:  You have to have digital photo and sig
in order to secure against identity spoofing.  But the mere existence
of that officially trustworthy data on an intrinsically insecure
system increases the risk of identity hacking by putting the
(notionally [1]) authoritative data objects into a corner of
cyberspace that is at best as secure as the system on which it runs.

So: What does anyone know about the NS RMV data system?


- Mike


[1] Notionally authoritative: If it's on the computer, it must be
    true, valid etc.

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^

!DSPAM:45a95813237822078116049!




More information about the nSLUG mailing list