Showing posts with label id cards. Show all posts
Showing posts with label id cards. Show all posts

08 December 2012

Iran's Latest Move To Stifle Dissent: Requiring ID Cards To Go Online

For a while, Techdirt has been tracking Iran's continuing efforts to throttle its citizens' access to troublesome materials online. These have included blocking all audio and video files, and even shutting down Gmail, albeit temporarily. But stopping people accessing sites in this way is not the only approach. Here's another, from a report by Der Spiegel (original in German): 

On Techdirt.

15 March 2010

Power2010 Picks...Tony McNulty

Power2010 aims to highlight egregious cases of MPs damaging democracy and blocking its reform. For their first case, they have picked Tony McNulty, and I must say it couldn't have happened to a, er, nicer chap:

The former minister tried to hide his expenses from his constituents by voting to exempt Parliament from Freedom of Information. No wonder. His expenses revealed he'd been claiming for a second home, occupied by his parents, just miles from his primary residence forcing him to resign from government in disgrace.

His behaviour was made all the more galling by the fact that when in the Home Office he championed policies, such as ID card, designed to track, monitor and control the population. He has consistently stood for the old top-down politics of command and control and against reforms like a democratic House of Lords. That is why POWER2010 has selected McNulty as its first target in a nationwide effort to highlight the record of MPs who have opposed cleaning up and reforming our political system.

Great stuff. Just one question: why don't you put the letter's text in your Web page, using instead a great big image file? Just asking...

Anyway, there's a form you can fill in if you want to add your name to this letter. Thoughtfully, there's even a little space for that personal comment you've always wanted to send him....

Follow me @glynmoody on Twitter or identi.ca.

07 December 2009

Why the UK's “Smarter Government” Plan is Not So Clever

There's no doubt that the area outside computing where the ideas underlying open source are being applied most rapidly and most successfully is that of open government. Alongside the US, which is has made great strides in this area, Australia, too, has caught the transparency bug. So what about Blighty?

On Open Enterprise blog.

25 November 2009

A Proportionate Response to "Proportionate"

There is a nauseating piece of troll-bait in the Guardian today. It's called "My DNA dilemma", and in it Alan Johnson attempts to convince readers he suffers as much as any of us bleeding-heart liberals at the thought of the terrible, terrible sacrifices of freedom we must make for the sake of security.

I won't bother demolishing the rickety edifice of its spin and half-truths, since that has been done expertly elsewhere. Instead, I'd like to concentrate on the key argument of the piece, implicit in its title:


This is a classic home secretary dilemma. It is not a clear-cut choice between liberty and security – between siding with the civil liberties lobby or the forces of law and order. The far less headline-friendly reality is the need to balance all these factors – protecting the public, but in a way that's proportionate to the threat. I believe that the government's proposals do precisely that but I also welcome the debate as a necessary part of implementing such sensitive measures.

There's a tell-tale word in there that I have been tracking for many months as it silently worms its way into public discourse in this country: "proportionate".

It's the ultimate argument-killer when people raise the big issues like liberty to defend themselves from ever-more intrusive "security" legislation - which strangely always turns out to be "surveillance" of the little people like you and me. Yes, it seems to say, you're right, this *is* a tricky one, but we must find a compromise "to balance all these factors", as Alan Johnson puts it. And the way we do that is by making a *proportionate* response.

How could anyone argue with something so reasonable? After all, that's exactly what we all want: a proportionate response that represents a compromise position.

There's just one little problem. As the UK government has shown by its use of this word time and again to justify everything from ID cards and policing to Internet monitoring and DNA databases, what they really mean is: we're going to do what we've said because it's what we've decided. In effect, this use of "proportionate response" is simply shorthand for the tautological "our response", but dressed up in a costume of apparent concession.

If you don't think this is a serious problem, just watch out next time you read or hear a government discussion of why they realise something is a contentious area, and that there are many people who disagree profoundly: I can almost guarantee that at some point they will roll out the "p"-word, and that will be the end of the argument - because if you argue for something else, you are clearly *against* a proportionate solution, and can therefore be dismissed as part of the lunatic fringe.

Because it is such a slippery, weaselly word, I think we need to try to pre-empt these attempts by claiming immediately that *our* solutions are proportionate. Then, when the government inevitably claims the same for theirs, it comes down to a slanging match - which at least makes it clear that there is no "consensus".

The more we point out the UK government's constant invocation of "proportionate" responses to hide a complete refusal to engage with critics - despite Alan Johnson claiming to "welcome the debate" - the sooner it will drop that tactic. It might not start to listen - that would be too much to hope - but at least we will have reduced the verbal undergrowth in which it can hide.

So, please pass it on about the UK government's "proportionate" meme: after all, it's a proportionate response.

Follow me @glynmoody on Twitter or identi.ca.

27 August 2009

UK Surveillance Fails? Solution: Use More

This is so rich. The Criminal Records Bureau (CRB) is becoming less and less useful as it produces more and more errors; these arise in part because the CRB is getting far too big to be manageable as the insanely authoritarian UK government tries to get as many people as possible on it (currently 11 million and counting).

So what's the solution to having a broken system of surveillance? Use another one even more intrusive and even less useful:

Millions could be asked to provide ID card and fingerprint data to get a job under new systems being developed by the Home Office following a collapse in the accuracy of background checks.

News of the plans emerged in the response to a Register Freedom of Information Act request to the Criminal Records Bureau (CRB). Today campaigners warned it could be used to help impose ID cards through the back door.

The way that one failure is used to justify an even bigger one would be funny if it weren't so serious. Roll on the General Election...

06 August 2009

UK ID Card Technology Cloned...

...in 12 minutes:


Embedded inside the card for foreigners is a microchip with the details of its bearer held in electronic form: name, date of birth, physical characteristics, fingerprints and so on, together with other information such as immigration status and whether the holder is entitled to State benefits.

This chip is the vital security measure that, so the Government believes, will make identity cards 'unforgeable'.

But as I watch, Laurie picks up a mobile phone and, using just the handset and a laptop computer, electronically copies the ID card microchip and all its information in a matter of minutes.

He then creates a cloned card, and with a little help from another technology expert, he changes all the information the card contains - the physical details of the bearer, name, fingerprints and so on. And he doesn't stop there.

With a few more keystrokes on his computer, Laurie changes the cloned card so that whereas the original card holder was not entitled to benefits, the cloned chip now reads 'Entitled to benefits'.

No surprises there, of course; but what's significant is that it's the Daily Mail that's pushing this jolly news out to its assembled readers. This means the message is going out to groups beyond the obvious Guardian greeny-lefties and Telegraph Tories.

The UK government will presumably just carry on blithely ignoring these inconvenient demonstrations of the deep lack of security at the heart of this lunatic project. Worryingly, it comes in a week where UK High Court ruled that the government's not liable for the consequences of its errors, which means that when your ID card is cloned and abused, *you* will have to foot the bill....(via Ray Corrigan.)

31 July 2009

Why Single Sign On Systems Are Bad

Wow, here's a really great article about identity management from, um, er, Microsoft. Actually, it's a rather remarkable Microsoft article, since it contains the following sentences:

On February 14, 2006, Microsoft Chairman Bill Gates declared that passwords would be gone where the dinosaurs rest in three to four years.

But as I write this in March 2009, it is pretty clear that Bill was wrong.

But it's not for that frisson that you should read it; it's for the following insight, which really needs hammering home:

The big challenge with respect to identity is not in designing an identity system that can provide SSO [Single Sign On], even though that is where most of the technical effort is going. It's not even in making the solution smoothly functioning and usable, where, unfortunately, less effort is going. The challenge is that users today have many identities. As I mentioned above, I have well over 100. On a daily basis, I use at least 20 or 25 of those. Perhaps users have too many identities, but I would not consider that a foregone conclusion.

The purist would now say that "SSO can fix that problem." However, I don't think it is a problem. At least it is not the big problem. I like having many identities. Having many identities means I can rest assured that the various services I use cannot correlate my information. I do not have to give my e-mail provider my stock broker identity, nor do I have to give my credit card company the identity I use at my favorite online shopping site. And only I know the identity I use for the photo sharing site. Having multiple identities allows me to keep my life, and my privacy, compartmentalized.

Yes yes yes yes yes. *This* is what the UK government simply does not want to accept: creating a single, all-powerful "proof" of identity is actually exactly the wrong thing to do. Once compromised, it is hugely dangerous. Moreover, it gives too much power to the provider of that infrastructure - which is precisely why the government *loves* it. (Via Ideal Government.)

Follow me @glynmoody on Twitter @glynmoody and identi.ca.

24 July 2009

Bill Gates Shows His True Identity

And so it starts to come out:


Microsoft is angling to work on India’s national identity card project, Mr. Gates said, and he will be meeting with Nandan Nilekani, the minister in charge. Like Mr. Gates, Mr. Nilekani stopped running the technology company he helped to start, Infosys, after growing it into one of the biggest players in the business. He is now tasked with providing identity cards for India’s 1.2 billion citizens starting in 2011. Right now in India, many records like births, deaths, immunizations and driving violations are kept on paper in local offices.

Mr. Gates was also critical of the United States government’s unwillingness to adopt a national identity card, or allow some businesses, like health care, to centralize data keeping on individuals.

Remind me again why we bother listening to this man...

Follow me @glynmoody on Twitter or identi.ca.

25 June 2009

Your Number is Up...

...and it's £2.2 trillion:

The gap between what the Government expects to spend and what it actually brings in has risen five-fold, from £120 billion to £608 billion in the space of six months.

At that rate, according to the Institute for Fiscal Studies, it will take 23 years to return government borrowing to anything like normal levels – Gordon Brown’s famous “golden rule”.

And of course, every year you borrow keeps adding to what you owe. Right now, the Government calculates that it owes a total of £2.2 trillion – about £144,000 per household. The figure has trebled since the bank bail-outs. Some traders are beginning to wonder if Britain can actually pay its debts. If they start pulling out, then we really are bust.

Tell me again why we can afford to spend £19 billion on ID cards and associated super-duper databases...?

23 June 2009

Big Victory for FoI and UK Transparency

Kudos to Computer Weekly:


The information commissioner has ordered the opening of confidential files on a wide range of high-risk IT projects, including the ID cards scheme, joined up police intelligence systems and the NHS National Programme for IT (NPfIT).

It is the most far-reaching decision under the Freedom of Information Act for government IT.

It is also a victory for Computer Weekly’s campaign for the release of the results of Gateway reviews on the progress of major IT-based projects.

MPs have complained that the first they knew of problems on projects such as the IT to support tax credit and child support payments was when constituents contacted them.

Our campaign has been aimed at persuading government to release information about projects in time for MPs and others to ask informed questions, and possibly avert a failure.

I particularly liked the list of feeble excuses used for not giving out the information, especially the last one, which is extraordinary in its arrogance:

# It would prevent policy formulation or development taking place in the self-contained space needed to ensure it was done well.

# It would make policy development less effective because departments’ attention would be focused on obtaining a “green light”.

# It would cause reports to become bland and anodyne, defeating their purpose.

# It would make interviewees, senior responsible owners and the private sector less willing to participate in reviews or co-operate with interviewers.

# It would cause delays in the completion of reports as words and phrases would be argued over.

# It is unnecessary. The public interest is already met by the information about the programme in the public domain combined with parliamentary scrutiny.

and the list of responses from the Information Commissioner:

* It would allow the public a better understanding of the development of the programmes which are the subject of Gateway reviews.
* It would allow project risks and concerns to be identified.

* It would not damage the Gateway process in the way the OGC has suggested.

* The public scrutiny of projects by the National Audit Office and Public Accounts Committee involve largely historical and retrospective analyses. Gateway reviews “would provide a level of public scrutiny of current projects”.

* It would inform the debate as to the merits of the schemes, the practicalities involved and the feasibility.

* It would ensure that “schemes as complex as these are properly scrutinised and implemented”.

* It is unrealistic to imagine that civil servants will not participate if reviews are to be published. In accordance with the Civil Service Code, “civil servants must fulfil their duties and obligations responsibly.”

Those are crucially important points, because they apply to everything else, past, present and future.

Well done, Computer Weekly for waging and winning this battle: now let's all take it forward to make UK government even more transparent.

Follow me @glynmoody on Twitter or identi.ca.

19 June 2009

Managing Identity Without ID Cards

I've always been slightly conflicted about Jerry Fishenden. He obviously knew what he was talking about, but he was, you know, one of the *them* - a Microsoftie. Or rather, *was* a Microsoft since he's a free man now. And you sense a new freedom in his writing, too, which means that I can start recommending his stuff unreservedly.

Here, for instance, is nothing less than a core idea of how to manage identity in the 21st century without ID cards or any of the associated stupidities:


In the work of leading identity, security and privacy thinkers such as Stefan Brands and Kim Cameron,* it is possible to see the art of the possible (Cameron's laws of identity can be found here). Stefan’s work on minimal disclosure, for example, makes it possible to prove information about ourselves ("I am over 18", "I am over 65", "I am a UK citizen", etc) without disclosing any personal information, such as our full name, place and date of birth, age or address. Neither would the technology leave an audit trail of where we have been and whom we have interacted with. It would leave our private lives private. Indeed, it would enable us to have better privacy in our private lives than we do today, when we are often forced to disclose personal information to a whole host of people and organisations.

Got that? We can prove anything about ourselves that we need to, without giving up *all* information as the Labour government wants, and without leaving audit trails. Effectively, this is the public key cryptography of identity, where mathematical magic lets you do apparently impossible things.

This is so obviously exactly what we should be doing for identity management in a world that clearly requires it, and so exactly meets the needs of those of us concerned about profound issues of civil liberties, that you really have to wonder what bunch of utterly witless morons at the Home Office are stopping this eminently sensible thing from happening, and pursuing instead the worst of all possible worlds with an expensive, insecure, intrusive and unworkable system.

Follow me @glynmoody on Twitter or identi.ca.

03 June 2009

ID Database Breached Even Before It Exists

Well, I was expecting this, but not so soon:

A Glasgow council worker was sacked and another resigned after they were caught snooping into the core database of the Government's Identity Card scheme.

The two Glasgow staff were caught snooping on people in the Department for Work and Pensions (DWP) Customer Information Systems (CIS) database, which includes among its 85 million records the personal details about everyone in the UK, and which the Identity and Passport Service plans to use as the foundation of the national ID scheme.

"A member of staff tried to access stuff about famous figures," said a spokesman for Glasgow City Council. He said the DWP alerted the council about the breach. He refused to name the celebrity or say how the council dealt with the matter.

The INQ has learned, however, that the staffer caught looking up personal data belonging to celebrities was sacked.

Whether they were resigned or sacked is neither here nor there: it represents no deterrent whatsoever.

As if that's not bad enough, try this:

"The small number of incidents shows that the CIS security system is working," he added.

Er, no: it just means that you've only *caught* two of them, and that the other n, where n may be a large and growing number, have got away with it so far....

Let's just hope Labour continues its entertaining meltdown before it can bring its insane ID card/database plans to total "fruition" - for the identity thieves and blackmailers.

Follow me @glynmoody on Twitter or identi.ca.

06 May 2009

ID Cards Get Idiotically Insecure

Remember how those magic ID cards would provide strong forms of identity, thus protecting us against terrorists, people traffickers et al.? Well, those plans have been watered-down, somewhat:

High street chemists, post offices and photo shops are to be used to record the electronic fingerprints and other biometric data needed for the national identity card scheme, the home secretary, Jacqui Smith, is to announce today.

The decision to use high street shops sidesteps the need for the Home Office to set up a network of enrolment centres with mobile units to operate in rural areas.

Well, yes, it will save money, but it will also blast security holes through the entire scheme. Without rigorous oversight, it will be much easier to create fake ID cards - just what all those nasty terrorists, people traffickers and other ne'er-do-wells need. Which goes to show that the government isn't interested in increasing our security, just in gaining even greater control over us - and security go hang.

29 April 2009

The Retreat from ID Cards Has Begun

This is significant:

Senior cabinet ministers are privately discussing a plan to scrap the Government's £5bn identity cards programme as part of cuts to public spending, The Independent has learnt.

Once such people start talking about it, even the most timorous will soon pluck up the courage to express their views; quickly we'll reach a classic tipping point when the majority hold the view that ID cards make no sense from any point of view.

But there are always some who remain prisoners of their delusions:

Your article of 28 April on ID cards is simply wrong on two fundamental points. The Government is committed to introducing ID cards.

Er, why would that be Jacqui?

ID cards will provide the public with a single, simple and secure way for individuals to prove their identity and safeguard their personal details – protecting the community against crime, illegal immigration, and terrorism.

Oh, I see. Why don't we just look at those, eh?

a single, simple and secure way for individuals to prove their identity

Well, no, it won't do that unless ID cards become compulsory for *every* occasion when I have to prove who I am. Now, that may be coming, but until then I'm still going to need to prove who I am by logging in to online services, or showing my library card. Is she really suggesting that the ID card replace *all* of those? If not, it will simply *add* to all of the other proofs that I need. ID cards only make sense if they satisfy a vital new need to prove who we are - for example, when stopped by the police in the street....

safeguard their personal details

How on earth does a centralised database "safeguard my details"? The ID card certainly doesn't - it's just a bit of plastic with a chip in; and as anyone who's been in computing for more than a couple of months knows, bringing data together in any way makes it less secure, not more. So what on earth is she rabbiting on about?

And as for

protecting the community against crime, illegal immigration, and terrorism

these were all debunked ages ago as the UK government desperately shopped around for some kind of justification for ID cards. It won't stop illegal immigration and it certainly won't stop "terrorism".

It hard sometimes to work out whether Ms Smith actually believes the nonsense she spouts, or just believes we're stupid enough to believe her. Either way, news that her colleagues are rapidly placing clear water between themselves and her deranged ideas on this one is welcome indeed. (Via OurKingdom.)

20 March 2009

Coming to an ID Card Near You: Your DNA

One of the many disgraceful aspects about the disgraceful ID card programme is the reluctance of the UK government to make key documents available. For such a momentous change in the relationship of government to governed, it is critically important that a full debate about all the issues be conducted; but without key details of the scheme, that is made more difficult – which is presumably why the UK government has resisted the publication of the so-called “Gateway reviews” so long.

Finally, though, we have gained the right to see these somewhat outdated documents. Despite their age, and the unnecessary redactions, some useful new information has come to light, which more than justifies the long battle to gain access.

On Open Enterprise blog.

25 February 2009

ID Card Database *Already* Breached

That's almost before it's come into existence:

The breaches of the Customer Information System (CIS), which is run by the Department of Work and Pensions, were revealed in a DWP memo to housing benefit and council tax benefit staff on 15 January.

CIS is designed to give local authorities access to citizens' data, including HMRC tax-credit information. In 2006, it was decided that the ID card project would use CIS for biographical information, to avoid having to create a new, monolithic database of the UK's inhabitants.

In the DWP memo, the government department said that desktop access to CIS had helped to "significantly improve service delivery" to citizens, but noted that a series of checks had identified that some local-authority staff were committing serious security breaches using the system.

What makes it even more risible is the following comment:

"The breaches were not necessarily someone purposely going on there and checking something they shouldn't," the DWP spokesperson said. "They could be inadvertently clicking on information."

Yes, that will be a good excuse, won't it: honest guv, I just inadvertently clicked on Gordon Brown's ID card information....

And then, of course, there is the canonical "white is black", "up is down", "bad is good" bit of spin:

The DWP's spokesperson did not respond to a request to describe how it might be possible to break these rules by inadvertently clicking on information in the CIS database, but did claim the number of breaches revealed in the memo showed the system was secure.

And presumably it will use the increasing number of breaches to prove the increasing security of the system in the future.

16 January 2009

Last Chance to See: Modern Liberty...

The Convention on Modern Liberty was launched last night. I may be foolishly optimistic, but I do feel that this is our best hope of stopping the techno-surveillance state that is being created today in the UK.

The speech made by co-director Anthony Barnett has just been published, and it's a good summary of the perils facing liberty, and the questions that need to be addressed before we can come up with a way to halt this madness:

something does seem to be going on behind the theatre of parliament and government. Both Henry and Helena have referred to the constant stream of measures, violations, outrages even, which have little popular support. There is a connection between the spread of uncontrolled surveillance, detention without trial, the right of bailiffs to enter homes and seize property without a warrant, the ongoing, across the board destruction of our liberties.

We don’t have a name for it yet. NO2ID – and big thanks to Phil Booth its National Coordinator especially for his work on the Convention - have developed the term I use and find helpful, ‘The Database State’. This may describe it. But where is the motivation? What’s the driver pushing it onwards?

Is it a governing class who, since it supported the Iraq War, knows that the people are wiser than they are (a crucial moment this) and, in its bad faith, wants to secure its control by whatever means it can?

Is it a hardened grouping in the Home Office whose attitude is that if you stand upright and call yourself a “citizen” you immediately become a suspect - to be pre-emptively invigilated and controlled?

Is it corporate lobbying eager for the juicy deals – after all, if you have the contract on a whole country to make its ID cards or support their software and technology just think of the cashflow.

Or is part of what is happening simply a permission from a public that has not woken up to what is going on?

How these questions are answered is just as important as the answers. The answers need not be spoken in fearful whispers and anxiety. They need to be rooted in confident public debate. This is what this Convention on Modern Liberty is all about.

The Convention itself takes place on 29 28 February; you can buy a ticket here.

I shall be going, and I urge everyone else who cares about liberty and who can make to come too. We need to support this as fully as we can; if we don't, I fear it may be our last chance for a very long time.

12 December 2008

ID Card Support Shrinking, Says UK Government

The latest Home Office poll on public attitudes to the planned National ID card indicates that support for the scheme has eroded slightly, with the proportion of those in favour down from 60 to 55 per cent.

The survey, carried out among 2,098 randomly selected Brits from 31 October to 4 November, showed opposition to the Card remaining steady. Seventeen per cent of respondents disagreed strongly with the plans and 9 per cent slightly, up from August by a single percentage point each.

The top reason given for disagreeing with the card stayed the same - that it would interfere with personal freedom. Other common objections were that the scheme was unnecessary, wouldn't work, and would be a waste of money.

Twenty-three per cent of those disagreeing also said that the government could not be trusted to keep personal data secure, up from 19 per cent in August. Before August's survey this concern wasn't cited often enough to figure in the results, reflecting the rash of data-loss scandals suffered this year.

Come on, put this beast out of its agony.

10 November 2008

A Question of Priorities

Britain's only specialist police human trafficking unit is to be shut down after two years because of a lack of funding, the government said today.

A Home Office spokeswoman confirmed that money for the Metropolitan police team, which totalled £1.8m in the first year and £780,000 in the second, would no longer be available after April

Experts and campaigners reacted to the move with dismay. Denise Marshall, chief executive of the Poppy Project, which helps trafficked women after they have been rescued, said she was appalled at the decision, which would have a "hugely detrimental impact".

So, the Government can't quite find the huge sum of £1.8 million to help concretely exploited and vulnerable women, and yet *can* somehow find the odd £19 billion to pay for ID cards that will be used to combat terrorism illegal immigration identity fraud benefit fraud littering....

29 October 2008

Uncle Brucie Frightens Me

Eek:

Measures such as ID cards are a temporary measure before biometric technology becomes ubiquitous; That was the warning from security guru Bruce Schneier this week who claims that surveillance technology will get more sophisticated and, more importantly, smaller and harder to detect. "We live in a very unique time in our society. The cameras are everywhere and you can still see them," said Schneier, BT's chief security technology officer. "Five years ago they weren't everywhere, five years from now you are not going to see them."

...

Biometric technologies such as face recognition, or systems based on a particular type of mobile phone owned or even clothes, may also be used for identity checks. The increase in background ID checks means that the current debate around national ID cards in the UK is only a short-term issue, according to Schneier. "I know there are debates on ID cards everywhere but in a lot of ways, they are only very temporary. They are only a temporary solution till biometrics takes over," he said.

Eventually, even airports won't actually require people to show ID, as the checks will just happen in the background while you queue for check-in or move through the terminal. "When you walk into the airport they will know who you are. You won't have to show an ID – why bother? They can process you quicker," he said.