Comments on: Old world vs. the new world and the digitalisation of (financial) services http://www.techiteasy.org/2009/07/22/old-world-vs-the-new-world-and-the-digitalisation-of-services/ A Technology and Business Weblog provided to You by a Global Group of Friends. Fri, 12 Mar 2010 10:37:47 +0100 http://wordpress.org/?v=2.9.2 hourly 1 By: vincentvw http://www.techiteasy.org/2009/07/22/old-world-vs-the-new-world-and-the-digitalisation-of-services/#comment-4942 vincentvw Wed, 22 Jul 2009 19:14:02 +0000 http://www.techiteasy.org/?p=2226#comment-4942 I think your last line summarises the reason perfectly. I think your last line summarises the reason perfectly.

]]> By: Kari Silvennoinen http://www.techiteasy.org/2009/07/22/old-world-vs-the-new-world-and-the-digitalisation-of-services/#comment-4940 Kari Silvennoinen Wed, 22 Jul 2009 17:49:05 +0000 http://www.techiteasy.org/?p=2226#comment-4940 The Finnish government has embraced the internet banking authentication (after a spectacular failure of electronic national id authentication system) to such extent that you need those to report a (small) crime on the net for police. But you can use them among other things to change address, get some of your mail (invoices, official notices, salary receipt) as e-post, a credit card or an internet domain.<br><br>But you're right, in some cases the application comes later in the mail with a dotted-line and return envelope. Even though a signature is easier to forge than a HTTPS connection, the former has longer precedent in law (or a law requires a written contract) and isn't vulnerable to class (or wholesale) attacks.<br><br>Anyway, going to your questions. I don't believe that there is such a secure communication, but it doesn't matter, because we have checks and laws that have traditionally taken care of most problems. The benchmark isn't fool-proof system, but what could be reasonably required to assure validity of the transaction. You can forge a ID and signature, but the risk hasn't been so small that it's accepted.<br><br>So, I wouldn't say that financial or official matters (I was interviewed by the police using e-mail once, for crying out loud) are in the old world anymore, at least for the citizens. However, health care is. My father, a medical doctor, has as his out of office message a reminder that e-mail isn't a secure medium and how the data protection ombudsman is strictly against handling patient information on it.<br><br>And the reason, I believe, is simple. We have insurances against financial losses in case of fraud, but once your sensitive data is out there, you can't take it back. The Finnish government has embraced the internet banking authentication (after a spectacular failure of electronic national id authentication system) to such extent that you need those to report a (small) crime on the net for police. But you can use them among other things to change address, get some of your mail (invoices, official notices, salary receipt) as e-post, a credit card or an internet domain.

But you're right, in some cases the application comes later in the mail with a dotted-line and return envelope. Even though a signature is easier to forge than a HTTPS connection, the former has longer precedent in law (or a law requires a written contract) and isn't vulnerable to class (or wholesale) attacks.

Anyway, going to your questions. I don't believe that there is such a secure communication, but it doesn't matter, because we have checks and laws that have traditionally taken care of most problems. The benchmark isn't fool-proof system, but what could be reasonably required to assure validity of the transaction. You can forge a ID and signature, but the risk hasn't been so small that it's accepted.

So, I wouldn't say that financial or official matters (I was interviewed by the police using e-mail once, for crying out loud) are in the old world anymore, at least for the citizens. However, health care is. My father, a medical doctor, has as his out of office message a reminder that e-mail isn't a secure medium and how the data protection ombudsman is strictly against handling patient information on it.

And the reason, I believe, is simple. We have insurances against financial losses in case of fraud, but once your sensitive data is out there, you can't take it back.

]]>