I read very alarming news today, for a lot of kids around the world: Santa’s naughty-nice database has been hacked. The very good article shows all the typical issues related to privacy, and also to the fact that some records are grossly incorrect; all typical issues encountered when such a massive leak occurs.
Now, here is a perfect example of a database that we all would like to trust, because of the great service it provides (free gifts for kids on Christmas). But then, one must ask the question: shall we entrust this strange old man with such sensitive information?
As a supporter of secure (mobile) devices, my first temptation is to say no, of course. These naughty-nice records should not sit somewhere on a database, where a single leak has the potential to ruin my kid’s life for many years. And how do we know that Santa has a good policy for removing older “naughty” records, and that this policy is correctly applied.
Maybe that making the database accessible, so that we can check its contents, would make things better. But who should perform these checks? Our kids, or their trusted representatives (i.e., us, their parents). The fact that this database holds data about minors certainly doesn’t make things easier.
Maybe that this database should be local. I have been advocating that for a long time. My own private data should be managed on my own devices, under my control, and maybe that the same principles should hold for my kids. By storing this data on their own devices (mobile phones, MP3 players, etc; all kids who are old enough to speak own one of these, or soon will), we have a guarantee that no massive leak can occur. Of course, a local leak remains possible, but it will then need to be a highly targeted attack, one kid at a time.
Of course, there must be a choice of disclosure. A kid may want to hide its naughty-nice record, possibly for privacy reasons. One may even want not to maintain such a record. What would the consequences be? Well, they are quite likely to lose the advantage of being on Santa’s list: Christmas presents. Privacy has a price((And kids, like all of us, are quite unlikely to accept that price.)).
And now, my favorite part: kids may be tempted to hack their local database in order to remove the naughty bits that don’t look good on their record. If they are able to do so, Santa’s entire business model becomes compromised. This means that there must be some way to secure that local database on every kid’s mobile device (not only the storage, but also its processing, as well as the interactions with the kids and with the other interfaces).
Rejoice, SIM merchants, TEE peddlers, smart object salesmen, for there is a wonderful customer awaiting your products in this end of year: Santa needs you!
I wish you all a wonderful Christmas, and great holidays!
P.S. For serious people, replace “Santa” by “Credit rating bureau”, and this post may become more interesting than it seems at first.
Well… if the DB is maintained only locally and with a great level of privacy (including parents) I have an odd feeling about the fact that many kids will NOT receive anything at Christmas… but hey! no leak, no failure