Wednesday, February 13, 2008

Another crook magnet

Here we go again. This time the UK government want to create a valuable concentration of personal information about school children:

Government wants every English child on 'secure' database | The Register

This will be yet another valuable source of identity information for the villains of the world. A really bad idea.

How about this instead: For each subject (initially a child student) there is a digital file. The subject (once 18, or their guardians before that) may have a copy of this file and the current places of learning may have a copy of this file. Nobody else. As the subject progresses through their education, records may be added to the file by the people teaching them. Each record is signed using OpenPGP. Each person who may sign such a record must have their key signed by an approving authority and their key must be on a public key server.

When the subject moves from learning to working they may wish to submit some of the records to a potential employer (for example records of recognised qualifications but perhaps not the results of a spelling test taken when they were 12). The employer can verify the education record by confirming that each record was signed by someone who, at the time, was authorised to do so.

Once the subject leaves education and becomes an adult the file must not be retained in any form by any party without the authorisation of the subject.

Clearly, the subject should be very careful indeed to make sure that their file of education records is safely backed up since if they asked for every copy to be destroyed, and they then lost their own copy, the file would be irretrievably lost.

But I think such a distributed system would be much better than another centralised government system and crook magnet.

No comments: