National Postcodes to be introduced

Impetus

Bray Head wrote: »

The privacy concerns are overblown.

I beg to disagree. Once you attach a unique code to every property, you standardise its identification and data bearing this unique code attached to the people who live in that property. This makes large scale theft of data and identity fraud far easier to do. Retailers who have had payment card hacks in the US frequently ask the customer for their zip code - either for marketing and or "security" purposes. The US credit card system can verify a 16 digit card number to the billing address zip code. But a US 5 digit zip code is the same as Dublin 4 - it is a relatively big place with lots of houses. If instead America had the Eircode, and a large retailer was hacked with say 200 million card numbers stolen - with a unique billing address identifier attached, one would have a far more serious security breach.

A unique postcode for each building - when published and known and spread around systems (as opposed to the short postcode publicly known + hidden building ID number available to subscribers - the solution found in most Continental countries, distributed under license with security conditions attached) presents far higher financial security as well as privacy risks.

recedite

Bray Head wrote: »

The privacy concerns are overblown. ....
it is impossible to keep the physical location of a dwelling a secret in Ireland....
Eircode will not change this.

You are missing the point. Privacy concerns are with matching a persons name to the exact location of their home.
If you check the eircode website, you'll see they are at pains to point out that the part of the database released does not contain any names. So they are in the clear.

However, when the codes become operational, it will be routine for people to be asked to submit their eircode along with their name for car insurance quotes etc.
People will do this themselves, and once that genie is out of the bottle, it stays out. The info can get sold on to third parties.

Currently people have more control. I could choose not to give my full address out except to people I know personally. I might give the street or the townland address without giving the exact house number. Even with the free loc8 code, there is an option to give a shortened version of the code, which only gives away the general area. People with privacy concerns could give their location to within a 90 square Km zone, or a 3.5 square Km zone.

Technically this is called having a "hierarchical" address. It should have been one of the very basic requirements set by whoever was designing the national postcode tender.
Unless of course they were representing the junk mail industry and not the citizens.

The postcodes used in the UK are not unique identifiers.

Leonard Shelby

Impetus wrote: »

I beg to disagree. Once you attach a unique code to every property, you standardise its identification and data bearing this unique code attached to the people who live in that property. This makes large scale theft of data and identity fraud far easier to do. Retailers who have had payment card hacks in the US frequently ask the customer for their zip code - either for marketing and or "security" purposes. The US credit card system can verify a 16 digit card number to the billing address zip code. But a US 5 digit zip code is the same as Dublin 4 - it is a relatively big place with lots of houses. If instead America had the Eircode, and a large retailer was hacked with say 200 million card numbers stolen - with a unique billing address identifier attached, one would have a far more serious security breach.

A unique postcode for each building - when published and known and spread around systems (as opposed to the short postcode publicly known + hidden building ID number available to subscribers - the solution found in most Continental countries, distributed under license with security conditions attached) presents far higher financial security as well as privacy risks.

Wrong again Impy. Credit cards have addresses. In all the countries you like to talk about the address is unique, and ANYONE can match it to the exact property. This is already the case with all unique addresses in Ireland, no change there.

Leonard Shelby

recedite wrote: »

You are missing the point. Privacy concerns are with matching a persons name to the exact location of their home.
If you check the eircode website, you'll see they are at pains to point out that the part of the database released does not contain any names. So they are in the clear.

However, when the codes become operational, it will be routine for people to be asked to submit their eircode along with their name for car insurance quotes etc.
People will do this themselves, and once that genie is out of the bottle, it stays out. The info can get sold on to third parties.

No it can't. We have Data Protection laws you know. When you supply information to companies that can only use it for the purpose it was supplied, they are not allowed by law to sell the data. An Insurance company wouldn't stay in business for long if it was selling personal data, which is why they don't and won't do it.

recedite wrote: »

Currently people have more control. I could choose not to give my full address out except to people I know personally. I might give the street or the townland address without giving the exact house number.

You don't though, otherwise you would never get insurance, tax a car, etc.

recedite wrote: »

Even with the free loc8 code, there is an option to give a shortened version of the code, which only gives away the general area. People with privacy concerns could give their location to within a 90 square Km zone, or a 3.5 square Km zone.

Technically this is called having a "hierarchical" address. It should have been one of the very basic requirements set by whoever was designing the national postcode tender.
Unless of course they were representing the junk mail industry and not the citizens.

The postcodes used in the UK are not unique identifiers.

The Loc8 code was assessed and determined not to be fit for purpose, I've already provided that link, no point flogging that "not fit for purpose" horse any longer.

Impetus

Leonard Shelby wrote: »

Yes.

Whereas if you put a French postcode (eg FR-75008) into Bing or Google maps you get a "Dublin 2" size of space rather than your own house.

http://www.bing.com/maps/?v=2&cp=48.873221~2.311119&lvl=14&sty=r&q=FR-75008&form=LMLTCC


Swiss postcode CH-8005 gives you this in Google maps
https://www.google.com/maps/place/8005+Zurich,+Switzerland/@47.3868,8.5206405,15z/data=!3m1!4b1!4m2!3m1!1s0x47900a0f5a0fc927:0x15b67d050ed62eac

Dutch postcode 1109 BD (which is shared by about 20 houses) produces
https://www.google.com/maps/place/1109+BD+Amsterdam-Zuidoost,+The+Netherlands/@52.3069417,5.0158455,17z/data=!3m1!4b1!4m2!3m1!1s0x47c60c52b7e80165:0x8511067f4a45ffeb

recedite

Leonard Shelby wrote: »

You don't though, otherwise you would never get insurance, tax a car, etc.

I'm talking about people getting quick quotes over the internet and the phone.
Not the situation where both parties are bound by an insurance contract and full disclosure of all the material facts is required. And full protection of personal data is guaranteed

Impetus

Leonard Shelby wrote: »

Wrong again Impy. Credit cards have addresses. In all the countries you like to talk about the address is unique, and ANYONE can match it to the exact property. This is already the case with all unique addresses in Ireland, no change there.

Payment cards have addresses - but don't have complex building unique codes as Eircode. eg you pull into a gas station in Florida, with a US issued credit card, and the pump will require your 5 digit zip code typically. So the gas station (if hacked and if America had Eircode) has card number, exp date, name of cardholder, American Eircode, and probably your car license plate too taken by a security camera in the filling station. Over a year or so, a chain of gas stations will be able to compile a lot of valuable information for perhaps hundreds of thousands of customers. Ready to be hacked.

If there was no Eircode or the US zip code is used, all the data shows to the thief is that you live in a Dublin 1 type of space. It also can't associate your fuel purchase transactions with that of say your wife (both sharing the same Eircode) or your rental car use - eg which stations you gassed up the rental car during a vacation. etc etc. The possibilities are limitless for data abuse.

Impetus

Leonard Shelby wrote: »

The Loc8 code was assessed and determined not to be fit for purpose, I've already provided that link, no point flogging that "not fit for purpose" horse any longer.

I'd agree with that assessment.

Leonard Shelby

Impetus wrote: »

Whereas if you put a French postcode (eg FR-75008) into Bing or Google maps you get a "Dublin 2" size of space rather than your own house.

http://www.bing.com/maps/?v=2&cp=48.873221~2.311119&lvl=14&sty=r&q=FR-75008&form=LMLTCC


Swiss postcode CH-8005 gives you this in Google maps
https://www.google.com/maps/place/8005+Zurich,+Switzerland/@47.3868,8.5206405,15z/data=!3m1!4b1!4m2!3m1!1s0x47900a0f5a0fc927:0x15b67d050ed62eac

Dutch postcode 1109 BD (which is shared by about 20 houses) produces
https://www.google.com/maps/place/1109+BD+Amsterdam-Zuidoost,+The+Netherlands/@52.3069417,5.0158455,17z/data=!3m1!4b1!4m2!3m1!1s0x47c60c52b7e80165:0x8511067f4a45ffeb

Correct, Eircode is much better that all of those other postcode systems.

Leonard Shelby

recedite wrote: »

I'm talking about people getting quick quotes over the internet and the phone.
Not the situation where both parties are bound by an insurance contract and full disclosure of all the material facts is required. And full protection of personal data is guaranteed

There is no difference. If I provide any information for a "quick quote" it has to be protected by the Insurance company. You are imagining issues that don't exist.

Leonard Shelby

Impetus wrote: »

Payment cards have addresses - but don't have complex building unique codes as Eircode. eg you pull into a gas station in Florida, with a US issued credit card, and the pump will require your 5 digit zip code typically. So the gas station (if hacked and if America had Eircode) has card number, exp date, name of cardholder, American Eircode, and probably your car license plate too taken by a security camera in the filling station. Over a year or so, a chain of gas stations will be able to compile a lot of valuable information for perhaps hundreds of thousands of customers. Ready to be hacked.

If there was no Eircode or the US zip code is used, all the data shows to the thief is that you live in a Dublin 1 type of space. It also can't associate your fuel purchase transactions with that of say your wife (both sharing the same Eircode) or your rental car use - eg which stations you gassed up the rental car during a vacation. etc etc. The possibilities are limitless for data abuse.

We've found a point of agreement here. The possibilities of data abuse are limitless. That is why we have laws and a justice system to punish those who break it.

ukoda

Anytime a company takes any of your information on to their systems for any reason (quick quote etc) they are bound by the same data protection laws. They cannot sell your data or use it for marketing purposes without your consent

These privacy concerns arguments are very weak.

Another scenario of over dramatising and sensationalising everything.

recedite

Leonard Shelby wrote: »

The Loc8 code was assessed and determined not to be fit for purpose, I've already provided that link, no point flogging that "not fit for purpose" horse any longer.

Eh... your link stated that Loc8 was never submitted to the govt. tender for assessment.
We discussed the reasons for that already, and the fact that the the EU reprimanded the Irish state, telling them to review procedures and not to allow such exclusionary practices to ever happen again in a public tender.

ukoda

Impetus wrote: »

Payment cards have addresses - but don't have complex building unique codes as Eircode. eg you pull into a gas station in Florida, with a US issued credit card, and the pump will require your 5 digit zip code typically. So the gas station (if hacked and if America had Eircode) has card number, exp date, name of cardholder, American Eircode, and probably your car license plate too taken by a security camera in the filling station. Over a year or so, a chain of gas stations will be able to compile a lot of valuable information for perhaps hundreds of thousands of customers. Ready to be hacked.

If there was no Eircode or the US zip code is used, all the data shows to the thief is that you live in a Dublin 1 type of space. It also can't associate your fuel purchase transactions with that of say your wife (both sharing the same Eircode) or your rental car use - eg which stations you gassed up the rental car during a vacation. etc etc. The possibilities are limitless for data abuse.

as you've already said in the US they ask for your ZIP as a security question, the reason for this is that the majority of US credit cards are not Chip and PIN but Chip and Signature. so they ask for additional info to help prevent fraud and protect customers. We've no need for that in Ireland, we use Chip and PIN, no retailer will ever be asking for your Eircode when you buy petrol. they've no need for it

And lm sorry, but the Gas stations in the US DO NOT store your info in this scenario - the credit card machine talks directly to the banking system and validates. no data is stored locally

The reality is - all our info is stored somewhere on some database and its open to the potential of being hacked, with or without Eircode.

This argument holds no substance

ukoda

recedite wrote: »

Eh... your link stated that Loc8 was never submitted to the govt. tender for assessment.
We discussed the reasons for that already, and the fact that the the EU reprimanded the Irish state, telling them to review procedures and not to allow such exclusionary practices to ever happen again in a public tender.

And a subsequent document was posted with a reply from the department addressing this and stating that even if Loc8code could have submitted - it had no chance of winning the tender as it didn't meet the criteria.

recedite

ukoda wrote: »

Anytime a company takes any of your information on to their systems for any reason (quick quote etc) they are bound by the same data protection laws. They cannot sell your data or use it for marketing purposes without your consent .

They can have a little tiny pre-ticked box in the corner stating "I consent to this info being kept for alerting the customer to special offers or passed to selected third parties "
And then they can mention somewhere that you can un-tick that box if you like.

ukoda

recedite wrote: »

They can have a little tiny pre-ticked box in the corner stating "I consent to this info being kept for alerting the customer to special offers or passed to selected third parties "
And then they can mention somewhere that you can un-tick that box if you like.

so you're agreeing they can't use it without consent, and now you've moved your argument to claiming that Irish companies are going to be malicious in their intent and try and hide stuff from the public?

recedite

ukoda wrote: »

And a subsequent document was posted with a reply from the department addressing this and stating that even if Loc8code could have submitted - it had no chance of winning the tender as it didn't meet the criteria.

Is this the personal opinion of a lowly assistant secretary you are talking about?
Someone who had no contact with loc8 and had no idea what their proposal would have been?

That is not the same thing at all. You said their proposal had been assessed and had been found not to be fit for purpose.

recedite

ukoda wrote: »

Irish companies are going to be malicious in their intent and try and hide stuff from the public?

Not malicious, its what junk mail and marketing people do. They deal in data. And not just Irish companies either.

ukoda

recedite wrote: »

Not malicious, its what junk mail and marketing people do. They deal in data. And not just Irish companies either.

The reality is that reputable companies bend over backwards to make sure they use customers data appropriately, they don't want fines from the data protection office and they don't want the negative publicity of being involved in these scenarios.

and no its not just "what junk mail and marketing people do" you can't accuse these people of breaking the law or insinuate its their job to use customers data in appropriately

SpaceTime

Impetus wrote: »

Payment cards have addresses - but don't have complex building unique codes as Eircode. eg you pull into a gas station in Florida, with a US issued credit card, and the pump will require your 5 digit zip code typically. So the gas station (if hacked and if America had Eircode) has card number, exp date, name of cardholder, American Eircode, and probably your car license plate too taken by a security camera in the filling station. Over a year or so, a chain of gas stations will be able to compile a lot of valuable information for perhaps hundreds of thousands of customers. Ready to be hacked.

If there was no Eircode or the US zip code is used, all the data shows to the thief is that you live in a Dublin 1 type of space. It also can't associate your fuel purchase transactions with that of say your wife (both sharing the same Eircode) or your rental car use - eg which stations you gassed up the rental car during a vacation. etc etc. The possibilities are limitless for data abuse.

The US has problems due to foot dragging on chip and PIN. Launching it a mere 23 years after France for example. There's no need to start typing Irish postcodes into petrol pumps.

Online, cards should all be using Verified By Visa and 3D secure with MasterCard not just relying on publically available /easily obtained information like addresses and cardholders' DOB etc

For security however Eircode would be absolutely perfect as its a unique code. Verifying Irish addresses isn't easy in their current format as they often include and drop lines at random and have weird house names etc etc..

I'm not that worried about data protection though. Its not going to be any worse than giving your address.

For stuff like insurance quotes online we need legislation that allows only the routing key (3 digits) to be checked unless you're actually taking out the policy.

You can find Irish addresses in seconds though on Google maps and elsewhere.

Even An Post has an address verification page o their website.

TheBustedFlush

ukoda wrote: »

Capita are on a fixed cost contract for 10 years. they aren't able to generate private revenue from this.

I don't think that is true. It is a public private partnership in one sense. A licence to manage a piece of national infrastructure. The budget of 25m is broken out into set up costs of 16m approx and then 1.2m per year for the remainder of the 10 year contract. Nearly 9m of that budget is the Dept paying GeoDirectory for access to and use of their data. There is no profit in this for a licence holder. Updating the govt databases is around 8.5m - there presumably is profit in this. However, the scheme must be self-financing and the licence holder therefore, must generate revenues in order to repay some of the initial state investment and is also entitled to make a profit as the licence holder. OneIt's likely that there would be limits on how much profit could be made before some element of profit-sharing with the State would have to kick in - this happens a lot in other state contracts of this nature.

ukoda

Tow wrote: »

Please point me to the section where is it free or where it will be available on my GPS for free.

.

http://www.merrionstreet.ie/index.php/2014/01/minister-welcomes-signing-of-national-postcode-system-contract/

have a look at notes to editor - it says Public will have access to look up eircode for free online

Each address and its code will be stored in a central Postcode Address Database (PAD). Access to the geo-coordinates associated with this code will allow quick mapping of the code’s location on a variety of technology platforms and devices including computers, tablets, mobile phones, in-car satnavs, and other mapping software systems. A publicly available website will give the public free access to look up postcodes for addresses quickly and easily.

ukoda

so you know the way you guys are claiming the delivery companies won't use it??

well heres the head of DPD saying how great it is and how they have already started to make preparations to use it

Brendan O’Neill, CEO of DPD Ireland, an Irish logistics and delivery company, said the current problem of 35% of houses not having a unique name or number posed a challenge for the delivery industry:
“Our drivers have great knowledge of the areas in which we’re delivering, but without a doubt, finding addresses can sometimes be difficult! To be able to refer to an Eircode that will pinpoint a location quickly and easily, means we can get the product to the customer more efficiently. We’ve already started planning– we want to be involved right from the outset. It will take time to get our technology ready for the launch. Obviously this means investment on our part but we’re confident that this will be returned in increased delivery efficiency and overall customer satisfaction.

source: http://www.fretwell.ie/images/Eircode.pdf

ukoda

So I've done some research on Google Maps too, they already use the An Post geo directory (click for proof) so they will automatically have eircodes. I'd say they'll have them on day one of launch.

So the facts now are:

1. Google Maps will use eircode (as they already use the geo directory which will now have the eircode - proof)
2. Delivery companies will use it (as confirmed by DPD - proof)
3. The public will have free access to look up Eircodes (as confirmed in a government statement - proof)

its only a matter of time until i can add sat navs to the list

Tow

Free access will be one at a time lookup on a website. You can already do that with GeoDirectory and view the location on a map etc. It is not the same as having it built into a off the shelf standard GPS.

ukoda

Tow wrote: »

Free access will be one at a time lookup on a website. You can already do that with GeoDirectory and view the location on a map etc. It is not the same as having it built into a off the shelf standard GPS.

I know. I never claimed them to be the same, like I said above, we have those facts now, and it's only a matter of time until we can add sat navs to the list of industries who will use eircode.

recedite

That statement "A publicly available website will give the public free access to look up postcodes for addresses quickly and easily" means, on the face of it, that the public will be able to type in an address and the eircode for that address will pop up.
Not that the public will have a facility for typing in the eircode to see where it is located on a map (whether on the eircode website or on a sat-nav). I'm not saying the latter won't happen, I'm saying its up to foreign outside agencies whether that happens or not.

Interesting that Google license data from Geodirectory and OSI, especially as the Google map is different to the OSI map. They must be checking against those sources for any discrepancies or additional info, then correcting or importing extra data. That would explain how all the rural house names are appearing on Google maps.
On the other hand, it also makes the eircode a bit less relevant. The only advantage to the public of typing the new eircode into Google as opposed to the address is that they have a few less keystrokes to do.

ukoda

recedite wrote: »

Not that the public will have a facility for typing in the eircode to see where it is located on a map

Oh come on, even if government don't provide it. I've already proven the public will be able to do this on google maps.

You're argument has always been

1. That sat nav companies WONT use - you seem to be backing down on this and conceding they might

2. It's useless for delivery companies and they won't use it - I've proven that to be incorrect

3. The public will have to pay to look it up - I've proven that to be incorrect too

Everyday that passes your arguments are getting picked apart and like I say, I've only to wait it out to get my proof to rubbish the other claims being made here.

I note the absence of any comment from you on DPD using it.

As this thread progresses and we get closer and closer to launch. People like yourself and others with similar opinions are going to look really silly. My guess is we'll start hearing less and less from you as time goes on.

Curly Judge

ukoda wrote: »

Oh come on, even if government don't provide it. I've already proven the public will be able to do this on google maps.

You're argument has always been

1. That sat nav companies WONT use - you seem to be backing down on this and conceding they might

2. It's useless for delivery companies and they won't use it - I've proven that to be incorrect

3. The public will have to pay to look it up - I've proven that to be incorrect too

Everyday that passes your arguments are getting picked apart and like I say, I've only to wait it out to get my proof to rubbish the other claims being made here.

I note the absence of any comment from you on DPD using it.

As this thread progresses and we get closer and closer to launch. People like yourself and others with similar opinions are going to look really silly. My guess is we'll start hearing less and less from you as time goes on.

You've proven nothing!
Like the rest of us you are only speculating.
If you do know so much, when can we expect it to be up and running?
And if your forecast proves wrong will you come back here and apologise to the rest of us?
Or will you just change your name and have another reincarnation?