Friday, August 04, 2006

SpyBlog on Net-ID-me

SpyBlog has a wonderful analysis of the much hyped children's ID system Net-ID-Me system launched recently, which supposed to protect kids from online predators.


Why was the service launched in public, without the following points having been addressed ?

Where is there any assurance that all of the staff at NetIDme have been subjected to at least the same level of checks on the Criminal Records Bureau , as if they were employed at a school ?

There is no such assurance...

Why is there no use of Secure Sockets Layer version 3 (SSL) or Transport Layer Security version 1.0 session encryption either when filling in the sensitive personal details such as Nickname and Password during registration, or to protect the online credit card details, or for a child to actually log on to the service via the website...

Illegal data processing of personal information ? Is NetIDme Limited properly registered under the Data Protection Act 1998 ?

The company's entry on the the Register of Data Controllers Registration Number: Z8752777 shows only 3 statutory Purposes, under the Data Protection Act:

  • Staff Administration
  • Advertising, Marketing & Public Relations
  • Accounts & Records

All with possible data transfers "Worldwide"

i.e. there nothing about the actual NetIDme service , customer registration, credit card name and address details, personal details of children, "sophisticated IP address tracking", audit log files etc. etc...

The NetIDme scheme claims to
When you’ve completed the online registration, a form will be sent out to your home. The form needs to be signed by you, and your details must be confirmed by a professional person who knows you well (such as your teacher, doctor or lawyer). If you’re under 18, your parent or guardian must also sign the form.

How exactly, can NetIDme make sufficient checks on the authenticity of such signatures, when the UK Identity and Passport Service (IPS) cannot do so for Passport applications ?

If their checks on signatures and "sponsors" are not at least as good as those by the UK IPS, then what possible use are they in preventing false or multiple applications for NetIDme accounts ?"

The original is a must read though as it has load more useful information on the scheme. Needless to say SpyBlog doesn't recommend the service.

No comments: