Archive for the ‘ID’ Category

The creation of a database containing all 9 million Israelis’ demographic, family, and medical information plus identifying biometrics has not necessarily developed to their advantage. Bonus points for use of the phrase “Hasidic criminal underworld”. They’ll make you an offer it takes years of painstaking theological scholarship to understand.


Well, that was grim, wasn’t it? I refer, of course, to the new government. Having read through the coalition agreement, I’m almost convinced by Charlie and Jamie‘s argument that it’s really not that bad. Almost. I’m not particularly worried by the supposed 55% thing either, for reasons well explained here – it’s fairly obviously an attempt to self-bind, a costly signal of commitment to cement the deal, and it’s probably content-free.

On the other hand, there’s the NAMELESS DREAD. It’s pre-rational, emotional, Lovecraftesque…political. And look at some of the gargoyles and Queen’s bad bargains in the government. Also, Vince Cable at the Mandelsonministerium is a reasonably good idea, but couldn’t we have got at least one real job? Obviously, the Tories couldn’t have worn a Liberal foreign secretary for ideological reasons.

What went wrong with this post? I think the key unexamined assumption was that the Labour Party could be treated as a united actor for negotiating purposes; I didn’t take into account that significant numbers of backbench MPs wouldn’t support a coalition or wouldn’t support an electoral reform bill. I still believe that significant numbers of Tory backbenchers will rebel, but the coalition whips have more leverage over them with the Liberals as a reserve pool. Obviously, it’s telling that the Labour whipping operation would pick this moment, rather than – say – March 2003, to break down.

It’s also telling just who was lobbying the Labour backbenches; David Blunkett, John Reid, and Charles Clarke! The three monkeys of Blairite authoritarianism, a sort of negative triumvirate of failed home secretaries. Because, after all, as I said about identity cards back in 2004, we are going to win. That is, in fact, the only good thing here; the achievement of NO2ID and Phil Booth is that all political parties except one went into the 2010 general election pledged to abolish the National Identity Scheme. And, crucially, the civil service gets it – I hear that IPS is actively looking at contingency plans as to what to do with its officials when the NIS shuts down, how to cancel the contracts, disposing of office space and kit, that kind of stuff.

Hilariously, my dad spent quite a lot of time trying to get the IPS to give him an identity card, in order to demonstrate various flaws in the process – he was eventually issued one after the intervention of the chief of identity cards. He’s now trying to decide whether to sell it on EBay or frame it. Does anyone have suggestions as to what to do with an British National Identity Card?

So, no ID cards, no NIR, no ContactPoint. Home Office junior ministers have swung from people like Phil Woolas to Lynne Featherstone. I should be delighted. But then, yes, nameless dread. I agree that it wasn’t so long ago that it looked like we’d get Dave from PR with a majority of 100, so I should be pleased that the damage control exercise has been a success. But, no. Perhaps I should concentrate on MySociety stuff; perhaps I should concentrate on London politics. I have no idea if I’m going to stay a Liberal member.

One thing that will be happening is a new blog patterned on Boriswatch that will be covering our Stable and Principled new government, especially the unstable and unprincipled bits. Check out our statistical model of coalition survival, which is currently showing them sticking it out for the full five years…yup, nameless dread all right.

One outcome of all the MySociety work for this election was the survey administered by DemocracyClub volunteers to all candidates. The results by party are graphed here, with standard deviations and error bars.

Some immediate conclusions: Surprising egalitarianism. Look at question 1, which asks if the budget deficit should be reduced by taxing the rich. Only the very edge of the error bar for the Conservatives touches the 50% mark; the only parties who have any candidates who don’t agree are the BNP and UKIP. Also, question 4 (“It would be a big problem if Britain became more economically unequal over the next 5 years” – agree/disagree) shows that there is a remarkable degree of consensus here. The three main parties of the Left – the Greens, Lib Dems, and Labour – overlap perfectly, and even the lower bound on the Tory percentage is over 50%. Only the ‘kippers and the fash even skim the 50% mark at the bottom end of their distributions. This may actually not be a statement about far-right thinking, because of…

Extremist internal chaos. On every question except the one about immigration for the BNP and the one about the EU for UKIP, these two parties have huge error bars for every question. As soon as they get off that particular topic, the error bars gap out like the bid-offer spread in a crashing market. Clearly, they agree about very little other than their own particular hate-kink. So the result in my first point could just be because they always have the widest standard error and deviation.

Immigration, or a field guide to identifying British politics. If you’re a Liberal, Labour, or a Green, you’ve got no problem with immigrants. Even the upper bounds only just stroke the 50% line. All the parties of the Right, however, overlap around the 80% line. Need to identify someone’s partisan affiliation quickly? Wave an immigrant at them. The other culture-wars question about marriage is similar, although the gap is smaller and the error bars bigger.

The consensus on civil liberties. Everyone, but everyone, thinks there are far too many CCTV cameras about. All parties overlap at between 68-78%…except for Labour. Labour is the only party that supports CCTV and it supports it strongly. There is just the faintest touch of overlap between the top (i.e. least supportive) end of the Labour error range and the bottom (i.e. most supportive) of the Tories’.

Trust and honesty. Liberals, Labour, and Conservatives all think politicians are honest. No doubt this is because the respondents are themselves politicians. Interestingly, the exceptions are the BNP and UKIP. Very interestingly, the BNP is united in cynicism, whereas the UKIP error range gaps-out dramatically on this question. The Greens’ error range converges dramatically on exactly 46% agreement – they are almost perfectly in agreement that they don’t agree.

Art and culture; only ‘kippers, BNPers, and a very few extreme Tories don’t support state funding of the arts.

Britain is a European country and is committed to the European Union. You can’t argue with the data; the Tories and Greens average between 20-30% support for withdrawal, zero for the Liberals and Labour, and even the upper bound for the Tories is well under the 50% line. Obviously, the BNP and UKIP want out, which is obvious and after the election result, arguably trivial.

Pacifist fascists; bellicose conservatives; divided lefties and ‘kippers. OK, so which parties are least keen on military action against Iran, even if they are caught red-handed building a nuke? The Greens are unsurprisingly 86% against with minimal error – perhaps the only occasion they would turn up a chance to oppose nuclear power! The other is the BNP – 82% against. Who knew we would find a scenario in which the BNP would turn up a chance to kill brown people? Labour, the Liberals, and UKIP would split down the middle – they overlap perfectly around the 50% mark. The Tories, however, are the war party – 39% against, with the lower bound well clear of the other parties. The UKIP result is strange – you’d expect them to be basically like Tories or like the BNP, but they are most like Labour on this issue, although they have a tail of happy warriors. The BNP is also the party most opposed to continuing British involvement in Afghanistan – even more than the Greens. Labour, the Liberals, the Tories, and UKIP overlap heavily around being narrowly in favour, although UKIP as usual gaps out when it’s not discussing how much it hates the EU.

Even the Toriest Tories say they support UK Aid. This one’s fairly clear – even the upper bound for the Tories is well below 50% and everyone else serious is much lower. UKIP and the BNP are strongly against, but their error bars are quite wide – clearly, they’re not sure whether they hate foreigners enough that paying them not to be immigrants is a good idea.

Summary: We’re a broadly social democratic European nation, with a few nutters for comic relief. And Chris Lightfoot’s Political Survey results (the primary axis in British politics is liberty-vs-authority, strongly correlated with internationalism-vs-isolationism, and the secondary axis is egalitarianism-vs-libertarianism, but there is surprisingly little variance along it) from 2005 appear to be confirmed.

not such a giant database

This is hilarious. Computer Weekly reports on Sir Joseph Pilling, Identity Commissioner, and discovers that he didn’t have to apply for the job. And he’s very proud that the National Identity Register now contains 538 people. That’s almost one-and-a-half records a day for a year.

(Where are we on that “300 day delivery timetable” again?)

Read this now

A classic piece at The Register on biometrics and stupidity: read David Moss and you’ll be more competent than anyone in government on this issue. It’s the false positives, of course; but the truly shocking thing is that despite everything, the ID scheme still depends on the n=10,000 trial from 2004 that they deny is a trial.

Go, read.

OK, it’s coming down to the wire. Next week, on Wednesday, 8th July, the Government is going to put three regulations before the House of Commons. These are the crucial executive orders that put the guts of the Identity Cards Act in place; specifically, they are the ones that make it possible to force anyone who wants a passport (or any other official document not yet specified) to be fingerprinted, recorded, and loaded into the National Identity Register, to force the same people to pay for the dubious privilege unless they work at Manchester or London City Airports and have an airside security pass, and to pass any and all information from the Register to a variety of authorities including private credit-reference agencies and anyone who those authorities want to give it to.

At the current time of asking, this would appear to include the Uzbek secret police, so long as a police officer above the rank of inspector (!) acting on orders from a more senior officer, or the authorised agent of either secret service, GCHQ, SOCA, or the Inland Revenue says so. There is a clear hierarchy of priorities here; the fee is no problem so long as the compulsion doesn’t get in, and although obviously evil, the data-trafficking is considerably less problematic if the compulsion doesn’t get in.

So, time to write to them; remember that the scheme will be compulsory for anyone who ever wants to leave the country, which is another way of saying there is no choice; remember that the system is wildly insecure, that the biometrics have been hacked repeatedly, and that the Government wants to use the Chip-and-PIN infrastructure as a major part of it, and some Chip-and-PIN terminals mysteriously contain GSM radios that call numbers in Pakistan; remember that it will cost a fortune; and remember that many of the supposed “allied” intelligence services who will be able to ask for data from it have demonstrated that they cannot be trusted not to torture British citizens.

If you’re scared of the whips, vote for the fees regulation and maybe the data sharing one if you’re desperate and they’ve shown you the photos; but whatever you do, vote down the Information and Code of Practice on Penalties Order. It’s secondary legislation, so it just takes one loss in the Commons to kill it.

The texts are here, here, and here.

Iduntity cards. Jamie quotes a Computer Weekly article on a “business breakfast” with Jacqui Smith as proof of private sector interest in the project. A business breakfast with Jacqui Smith; the horror. I remember that a “breakfast briefing” with a certain mobile industry luminary who would always have it at Claridges when he was in London always consisted of an interview and no breakfast, but at least it wasn’t no breakfast with Jacqui Smith.

You may remember that the government has consistently refused to cost either the card readers, none of which exist, or the enrolment process, by attributing it to the private sector fairy.

However, no company has ever gone public and stated their interest in the scheme. So the CW story is interesting because it says that

Post offices, pharmacists, supermarkets, high street chemists, local authorities and universities have expressed an interest in taking the fingerprints and photos of applicants for ID cards.

In fact quite a lot of local authorities and universities have expressed refusal to cooperate in the scheme. But no company is actually mentioned in the story; there are no names, nor any suggestion of what constituted “interest”.

CW has been historically the absolute best news source on ID cards, but I find this a little strange, and it strikes me as sounding a lot like the official line. It also doesn’t say if any of the people who expressed an interest were present, or if so, whether they expressed it at the time.

However, there is some interesting news in here; it seems that there is a new PR strategy afoot.

She introduced a well-made and expensive film which portrayed the ID card as a designer brand. “Identity: what does it mean? Sometimes it’s about individuality, to say that you are you.”…It sounds a good business arrangement, especially for post offices, which struggle to exist.

It’s a twofer – aspirational property-bubble bollocks plus populist-cum-Prince Charles sentimentality about sub-post offices. Sick bucket to the guy with the laptop!

Interestingly, those people who have expressed any thoughts from the private sector sound quite different. Here’s another CW story:

Confederation of British Industry deputy director general John Cridland questioned the robustness of the enrolment process, saying, “One sticking point is the requirement on the private sector to provide information that can be used to verify data held on the national register without making clear who will be liable for the accuracy of the information and how it will be used. The government must address this as a matter of urgency if it wants to build confidence in the scheme.”

The British Bankers Association said the banking industry had no plans to use biometrics to authenticate customers or transactions.

By the way, the Manchester trial will not actually provide any cards, because neither they nor the NIR will be ready. You’ll be able to “pre-register”, which sounds a lot like paying £30 for sweet fuck all. I’m more than interested to know exactly who will sign up.

Self-satirising ID card madness. So they’ve actually got as far as issuing some significant contracts. We’ll begin by noting that one of them has gone to CSC, last seen introducing the joy of Cerner software to the NHS National Programme for IT. But much more to the point, what is this talk about using the Chip-and-PIN infrastructure?

This is an insanely stupid idea, and is probably explained by the fact that someone has realised that there are no biometric readers, nobody wants them, there are no plans for how to deploy them, and the totality of Government thinking on the subject can be summed up as “private sector ponies!”

We already know that the system, although more secure than the old one, is quite fallible and has been successfully attacked. We further know that there are even merchant terminals in circulation with unauthorised GSM radios in them that send messages to numbers in Pakistan. It is also true that the UK version of EMV doesn’t provide two-factor authentication because the PIN is stored on the card. This means that someone preparing a fake card who could steal bank card PINs could also steal National ID ones and make the card work in a reader.

The importance of this cannot be overstated. The primary mechanism of authentication is not the one the makers say is the primary one, it’s the one that gets used the most. There are currently several million EMV terminals; there are zero biometric ones. Further, the biometric technologies involved have high failure rates; EMV has well over 99 per cent uptime and even higher exactitude. Therefore it will be used and the biometrics won’t, so a rational attacker won’t worry about the biometrics unless they really have to.

In fact, because of the false positive issue, the biometrics will be gainsaid by the EMV. Think about it. As a checker, you will with mathematical certainty encounter regular false positives. (You’ll also encounter false negatives, but you won’t know about them.) However, you will only very rarely encounter a real positive. Therefore, if a biometric check doesn’t match, you will believe it to be a false alarm, and you will very probably ask the person presenting it to enter their PIN.

Also, the government seems to have abandoned the idea of doing direct biometric-to-database checks and instead wants to authenticate a biometric held on the card to the user, like looking at the photograph on a passport. This means that it is much easier to fool anyway, because the card can be altered to match the user. But adding an additional “check” which is in fact easier to fake means that this is more likely to work.

A fundamental problem with EMV is that there is no out-of-band verification of the transactions. You have to trust the card reader, and there is no obvious way of verifying it. Personally, I always turn it over and look under it because all the hardware attacks I’ve read about involve drilling a hole through the back, but if the remote management interface has been left with the password set to “password” this won’t help me at all.

Various efforts to improve this exist; there are systems that send an encrypted message to an application on your mobile phone to get your authorisation, so that if someone else is trying to spend your money, you’ll get unsolicited authorisation requests, and if a card reader is actually a fake you *won’t* get an authorisation request and your bank won’t pay.

But this doesn’t exist in the UK, so the government is suggesting integrating what it thinks is the gold standard of identification into a significantly weaker security system; it’s in the nature of security that the weakest link determines the strength of the whole.

Now here’s the self satirising bit. As before with the old bank card system, the banks have been trying to pretend that EMV is infallible and that anyone who loses money is a fraud. The test case that will probably end this madness is coming right up, at the same time as the government wants to use the system for ID cards!

The thing that pisses me off about Al-Qa’ida is that they insist on egging the government on. That said, I can’t think of anything more ridiculous than Phil Woolas wanting to have reports of any foreign student who misses ten lectures. I can’t think of many things more ridiculous and contemptible than Phil Woolas anyway, but this drowns the fish.

I should point out that he was on Radio 4 earlier today claiming that “biometric visas” were our first line of defence, because the visas were checked against a watchlist. He didn’t say, mark, that the biometrics were; after all, if they haven’t caught the guy yet, they don’t have his dabs.

Let’s think about it sensibly. I doubt there is a single student in the world who hasn’t accumulated 10 hours of non-attendance during their course of study; even if you reset the limit after every academic year, there will still be an absurd number of false positives. There are 330,000 foreign students in the UK. How many might miss 10 hours of classes in a given year? For some courses, you’d only need a couple of days off sick. An outbreak of freshers’ flu at the right schools could stage a denial-of-service attack on the whole gig. How many reports are they prepared to follow up, to what degree of thoroughness?

Further, and I know this is a pathetic argument long since raped by history, the idea of a university implies a commitment to intellectual freedom and a certain respect for the fact that the students are adults who attend of their free will.

But even if you forget everything else, as a security measure this is quite incredibly cretinous. The threat it is designed to mitigate is that terrorists will pose as students in order to infiltrate the country, or rather that they will actually become students in order to do so. Of course, they may also do this to prepare an attack on some other country. Anyway. If you have registered at a university in order to pose as a student, it’s obviously part of your cover story that you go to lectures. Depending on what you are planning, you might even be hoping to get access to things you need for the attack – information, a good chemical or biological lab, perhaps time on a supercomputer – in which case you’ve got to go to the lab or the library regularly as well.

This is a security measure which is designed to miss anyone who matches the attack profile it’s designed to detect. Further, the more serious, disciplined, and well-organised the attacker, and the more technical and demanding the subject they choose to study – in short, the more dangerous – they are, the less likely it is to detect them. It even provides them with an explicit target number of classes they must not miss. It is quite brilliant in a negative way.

It is especially hilarious that several ministers in the government spent much of their student years plotting, or imagining that they plotted, how to bring about the world revolution. Presumably, they did this between lectures. Or perhaps they didn’t, and in fact they are basing their policy on their own experience; which would explain how little they seem to have learned.

In which the Database nearly got me.

So I went to 3GSM (sorry, sorry, Mobile World Congress). Now, these things are usually fairly good previews of the ID-card future – constant RFID-tag badging, lists everyone in the world is either on or they aren’t, security theatre aplenty. On this occasion, when I visited the registration Web page, I was invited to check off sessions I wanted to take part in from a list. Oddly enough, one of the options was given as “Cocktail and Ministerial Dinner”.

Of course, I’m enough of a chancer that I put a tick in the box. Later, my registration e-mail pinged through; and, next to the seminars on credit transfer by SMS, unified communications APIs, progress in billing systems, etc, etc, there it was. No detail of when or where, though. So, on Monday night with no – no invitations and paralysed for the evening, I quizzed a GSMA staffer about it. They made some calls. Eventually the word came that I should take a cab to the National Theatre at once.

When I got there, perhaps I should have realised this was going to be a little heavy; a little heavy stood on each street corner, in that “serious security” way. I showed documents, and there was much phoning, and eventually I was shown through a door into what appeared to be security control. At first, there was someone who was coming to meet me; then, a tiny intense woman in an expensive suit appeared. There was a “grande problema” – people kept saying this.

“This isn’t an invitation”, she said. I suggested it was a lot like one. “It didn’t come from us”. It seemed an unusual coincidence. “If it had come from us it would be on a formal card and it would have come from the Spanish embassy!” No answering that one. Then: How did I get it? I must photocopy all the documents. Do you mean to say you could register for this from the general congress site? Do you realise the king could be here and – the president of Catalonia?

Her voice dropped sharply out of sheer reverence when she got to the bit about the president of Catalonia. I was beginning to worry I might be deported, possibly to Spain, or else that they would cancel my security pass. It went on; they now insisted that they needed to send me a letter of apology. I said they shouldn’t bother; eventually I was allowed to slink away like a dog, presumably cleared of ill-will towards the president of Catalonia.

What struck me most about the whole scene was that nobody seemed to accept that the Big Database could possibly be wrong. It seemed easier to imagine that I had forged the entire invite.