The issue with QR codes is that the human eye cannot easily tell whether one has been changed from its previous pattern.
I am imagining a situation where, say, a bishop (let's call him Pricka) knows the abuse record of one of his priests. Pricka has enough cash to pay a programmer to build a copycat website, and he knows the priest's conf…
The issue with QR codes is that the human eye cannot easily tell whether one has been changed from its previous pattern.
I am imagining a situation where, say, a bishop (let's call him Pricka) knows the abuse record of one of his priests. Pricka has enough cash to pay a programmer to build a copycat website, and he knows the priest's confidential code (being his bishop), so he can incorporate that and enter a fake clean record for him. (He doesn't know the code? No problem, make the fake site accept any code, all that matters is it looks the same and gives access to a clean record. Keeping up appearances, right?) Finally, he has the programmer generate a QR pattern for the copycat site, and tamper with or print a new ID card for the priest so that it shows the new pattern.
This is perhaps unlikely as it requires some technical awareness uncommon among those of a certain age. But I doubt it would be difficult. I hope France is designing these cards with security in mind and taking steps to educate users on the possibility of hacked cards.
Putting aside the gross misuse of diocesan funds to create such a website (which would create a paper trail for the bishop's negligence and a potential leak in the programmer who could go to the press about this), I'm not entirely sure this would be an issue since it would be hosted on an entirely different site. The QR code is, I imagine, an encoded URL leading to some diocesan website. A wrong URL in a browser is easier to snuff out than a different QR code. And even then, the diocese could also just create an app that the QR code opens instead of the web browser, which the fake URL would not be able to do.
Also, if the bishop is going go through the trouble of creating a fake website just to cover one of his abusive priests, why didn't he just do what he could to prevent Rome from hearing about the abuse to begin with? This is a lot of trouble to go through to cover for a priest who has already been compromised and puts the bishop's own position in jeopardy.
All good points. This hypothetical (like many scams) does rely on folks not paying close attention, and I think the app idea is a great one. You're right that it'd almost certainly be more trouble than it's worth. It's just that the onetime-cybersecurity-nerd in me quivers at the mention of QR codes and at any possibility for circumvention... I wish I didn't immediately jump to suspicion, but that's where it seems the church is at these days.
The issue with QR codes is that the human eye cannot easily tell whether one has been changed from its previous pattern.
I am imagining a situation where, say, a bishop (let's call him Pricka) knows the abuse record of one of his priests. Pricka has enough cash to pay a programmer to build a copycat website, and he knows the priest's confidential code (being his bishop), so he can incorporate that and enter a fake clean record for him. (He doesn't know the code? No problem, make the fake site accept any code, all that matters is it looks the same and gives access to a clean record. Keeping up appearances, right?) Finally, he has the programmer generate a QR pattern for the copycat site, and tamper with or print a new ID card for the priest so that it shows the new pattern.
This is perhaps unlikely as it requires some technical awareness uncommon among those of a certain age. But I doubt it would be difficult. I hope France is designing these cards with security in mind and taking steps to educate users on the possibility of hacked cards.
Putting aside the gross misuse of diocesan funds to create such a website (which would create a paper trail for the bishop's negligence and a potential leak in the programmer who could go to the press about this), I'm not entirely sure this would be an issue since it would be hosted on an entirely different site. The QR code is, I imagine, an encoded URL leading to some diocesan website. A wrong URL in a browser is easier to snuff out than a different QR code. And even then, the diocese could also just create an app that the QR code opens instead of the web browser, which the fake URL would not be able to do.
Also, if the bishop is going go through the trouble of creating a fake website just to cover one of his abusive priests, why didn't he just do what he could to prevent Rome from hearing about the abuse to begin with? This is a lot of trouble to go through to cover for a priest who has already been compromised and puts the bishop's own position in jeopardy.
All good points. This hypothetical (like many scams) does rely on folks not paying close attention, and I think the app idea is a great one. You're right that it'd almost certainly be more trouble than it's worth. It's just that the onetime-cybersecurity-nerd in me quivers at the mention of QR codes and at any possibility for circumvention... I wish I didn't immediately jump to suspicion, but that's where it seems the church is at these days.