It was with a strange mixture of amusement and dismay that I read about DVLA having to deny database access to hundreds of organisations.
For non-UK readers, the Driver Vehicle and Licensing Agency (DVLA) is the government organisation that handles vehicle registrations and driving licences. If you want to know, for example, who owns a vehicle, based on its number plate, the DVLA database is what you need. Except that access to it is granted only by divine right.
Unless, that is, you’re a company running car parks and want to fine motorists who’ve overstayed. Or maybe you’re a petty bureaucrat in a local council whose noble crusade against terrorists and paedophiles means you simply must know who’s parking outside your neighbour’s house.
There are endless sayings that start with, ‘There are two types of…’ (plus the one that starts, ‘There are 10 types of people…’, but that’s purely for geeks). In this case, we could say that there are two types of database – those that have been misused, and those that are going to be. Actually, there’s a third group – databases that contain information that interests nobody. But if your database contains information that is valuable, then it’s a target, QED.
‘Misuse’ could include unauthorised access by insiders, illegal access by malicious hackers and people who have been granted access but use that privilege for unintended purposes – like the folk that the DVLA has banned.
I hope DVLA isn’t surprised by all this. There’s a very simple rule about databases and the people who would misuse them:
If you build it, they will come.
This is why the ‘Database Nation’ is so dangerous. If your efforts to fight bad guys, or even just run society efficiently, depend on vast stores of information, then you are also creating the conditions for new forms of abuse, ranging from digital nosiness to large-scale criminality. And how do you fight that? Well, I suppose you could build a database of the databases…