Wednesday, March 02, 2005

Privacy - Of Cards and Identities

From a Slashdot article "Magnetic Stripe Snooping at Home". With Stripe Snoop and a minor hardware hack, you can now check the data stored in the magnetic stripes of your favorite credit card or identity card from home easily. Here's a screenshot of some data that was captured after one such swipe:

[paranoia mode on] I worry about the improper implementation of how information is stored on the stripe and also with the storing of inappropriate personal data on the card. Improper implementation -- Company A stores your secret authentication pin number or password on the card ... or worse, stores this data in an unencrypted form! Just swipe your card at a dishonest store and your private information gets compromised. No big deal? Does losing your full name, credit card number and credit card expiry date give you the willies? Technically, it's not such a good example but you get my drift.

Next, storing inappropriate personal data on the card. Store B's discount card stores your name, membership number, NRIC(National Registration Identity Card) number, date of birth etc. Why should Store B store so much information on a card, or why should they gather so much information for that matter? Wouldn't the name and membership number suffice? If Store B wants proof that you are who you say you are, you can always produce your IC or driver's license for verification. [paranoia mode off]
Speaking of Identity Card (IC) numbers, a local university used to create undergraduate e-mail accounts based on their students' IC numbers back in the mid-90s. So a typical e-mail address would go something like ab1234567@xxx.edu.sg where ab is the faculty, followed by the 7 digit IC number. I recall a conversation with a friend that went something like:
YC: Hey EH, what's your university e-mail address? Mine's eng40000@zzz.sg.

EH: Mine's ab1234567@xxx.edu.sg.

YC: Wow, that many numbers! How did you come up with such a creative e-mail? I know zzz just assigns the numbers in my e-mail based on the chronological order of student matriculation. How impersonal can they get?

EH: That's my IC number, and no, I didn't get to choose that e-mail address!

YC: Man, that's so ... so ... personalized! And ... and ... you'll never forget that e-mail address! Lucky you!

EH: (mutters)

YC: (orders another beer for EH)


Speaking of identity cards, this reminds me of the Identity "Change" that certain prominent local schools and junior colleges have gone through this year -- the integrated programme (IP). Specifically, I'd like to talk about the "IC" that my alma mater, Hwa Chong Junior College (HCJC), went through. Correction, the HCJC name is now defunc, it's Hwa Chong Institution (HCI) now, or HCI-formerly-known-as-HCJC as far as I'm concerned and HCI-formerly-known-as-TCH for the TCH old boys. (Prince anyone?)

I simply can't identify myself with the new name HCI and neither can most of my former classmates. And to quote the HCI site:
The College [Ed: HCJC] has so far produced 45 president's scholars ... [Ed: HCJC had been] the leading Oxford entry centre in the world outside of UK, with over 250 students to date.

Mind you, this track record comes, correction, came from a junior college with a relatively short 31 year history! Sure, things change; a rose by any other name. But at what point does one say no when it comes to the rebranding of an established name?

Technorati tag:


Post a Comment

<< Home