electricinca.com

BBC News: Giant ID computer plan scrapped

Not unfortunately the scrapping of a plan for a government computer the size of a building like they had at Bureau West near where I live.

In fact the government has announced that the proposed National Identity Register which underpins their ID Card scheme will not be created anew so as to be clean and error-free but instead will be constructed from the current databases of various government agencies.

The information will be stored in three separate databases including the Department of Work and Pensions' Customer Information Service, which holds national insurance records, and the Identity and Passport Service computer system.

Mr Reid denied IT companies had wasted millions on preparation work for an entirely new system, saying the industry had been consulted on the move.

The government has reportedly spent about £35m on IT consultants since the ID cards project began in 2004.

"Doing something sensible is not necessarily a U-turn," Mr Reid told reporters.

"We have decided it is lower risk, more efficient and faster to take the infrastructure that already exists, although the data will be drawn from other sources."

So we'll have a National Identity Register that is as full of errors as the current ones are, hardly the 'Gold Standard' for identity that the Home Office proudly announced it would be is it.

Interestingly the Press Release from the Identity and Passport Service makes no reference to this at all other than in passing.

This news comes as Home Office Minister Liam Byrne published a Strategic Action Plan for the National Identity Scheme and the Borders, Immigration and Identity Action Plan, which follow the wider Home Office review earlier this year and signal the countdown to the introduction of ID cards to UK citizens in 2009.

The Strategic Action Plan being the document where the new plans for the National Identity Register are laid out. Instead the press release focuses on the part of the plan that describes how the fingerprinting of foreign nationals will help secure Britain’s border and crackdown on illegal working and fraudulent access to services. Immigration Minister Liam Byrne said:

We’re determined that Britain won’t be a soft touch for illegal immigration. Compulsory biometric identity for foreign nationals will help us secure our borders, shut down access to the illegal jobs, which we know attracts illegal immigrants, and help fight foreign criminals.

But all this is completely irrelevant when we are talking about the establishment of a biometric based National Identity Register of UK citizens.

As NO2ID theorize this is about the establishment of the 'database state'.

There is a growing list of planned systems.

* So-called 'biometric' ePassports that log data about your travel when used - see www.RenewForFreedom.org
* Centralised medical records without privacy - see www.TheBigOptOut.org
* Biometrics in schools - see www.LeaveThemKidsAlone.com
* Recording of all car journeys as a matter of course, using ANPR.

Labels: ID Cards, Security

Earlier this year the UK Passport Service (now the Identity and Passport Service) started to introduce Biometric Passports (pdf link) in an effort to vastly improve the security of the passport system. In their words

To:
• help fight passport fraud and forgery;
• help the public and the UK to fight identity fraud;
• ensure the British Passport stays one of the most secure and respected in the world;

However it seems that according to a report in today's Guardian that these new ultra-secure passports aren't all they are cracked up to be and that the security has been severely undermined by a number poor decisions made in the implementation of the sytem.

Firstly they have opted to use RFID chips to store the data in accordance to standards drawn up by the International Civil Aviation Organization. The use of RFID to store the data is bad enough but the ICAO standard also directs that the key used to access the data should be comprised of , in the following order, the passport number, the holder's date of birth and the passport expiry date, all of which are contained on the printed page of the passport on a "machine readable zone."

Bruce Schneier an authority in the area of security has written a number of times about the security wreckage associated with passports containing RFIDs.

• April 28, 2005 RFID Passport Security

• November 03, 2005 The Security of RFID Passports

Including on August 03, 2006 Hackers Clone RFID Passports a very similar hack to the one carried out by Adam Laurie on behalf of The Guardian newspaper.

Most recently Schneier has revealed that The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security has recommended against putting RFID chips in identity cards. Whether the US government heeds this advice is yet to be seen but unfortunately for us in Britain our government has already made the poor choice.

The security measures in place to prevent unauthorized access to the data held on the chip work by creating a encrypted 'conversation' between the chip and the reader. Interestingly they have used the Triple DES algorithm for the encryption instead of AES which was introduced to replace Triple DES in 2002 and which is much more efficient. However the choice of algorithm is a secondary concern compared with how it was implemented with a key that is comprised of non-secret information that is published in the passport itself.

As Laurie puts it so eloquently "That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."

Labels: Computer security, ID Cards, Security

Sunday Times - ID cards doomed, say officials

TONY BLAIR’S flagship identity cards scheme is set to fail and may not be introduced for a generation, according to leaked Whitehall e-mails from the senior officials responsible for the multi-billion-pound project.

The problems are so serious that ministers have been forced to draw up plans for a scaled-down “face-saving” version to meet their pledge of phasing in the cards from 2008.

However, civil servants say there is no evidence that even this compromise is “remotely feasible” and accuse ministers of “ignoring reality” by pressing ahead.

The government seems to want to push through their Identity Card scheme through by any means possible even if it means by way of a much reduced version. They will probably phase it in through the backdoor by way of renewals of passports and ease back on the introduction of ID cards for non-passport holders.

Give this it might be wise for people to renew their passports now even if they have many years before they expire. Renew for freedom from the Identity Register.

Labels: ID Cards, politics

BBC News:
Whitehall fights ID costs demand

The government is battling to ensure that estimates of the benefits and risks of identity cards remain secret.

The freedom of information watchdog ordered the Department of Work and Pensions to publish its findings about how the cards could fight ID fraud.

Now the department has decided to appeal against the information commissioner's ruling.

What have they got to hide?

How can we have faith in a government that refuses to be open and transparent about one of the most significant changes to happen to this country's citizens in centuries?

Labels: ID Cards

The new Home Secretary John Reid has vented fury at Home Office over the prisoners fiasco.

ohn Reid yesterday made a startling attack on the Home Office as he revealed that the department still did not know the whereabouts of hundreds of foreign prisoners who should have been considered for deportation.

The home secretary said the department was "not fit for the purpose: averse to a culture of personal responsibility, technologically ill-equipped for an era of mass migration and led by officials that are incapable of producing facts or figures that remain accurate for even a short period of time".

Not fit for purpose and technologically ill-equipped!

And this is the department to be put in charge of one of the most technically complex IT projects in the history of the UK, the Identity Cards system.

It was bad enough when we believed that the Home Office was at least competent but now when even the Home Secretary is attacking his own department there is little hope that the ID Cards will not end up a complete and utter fucking shambles that will cause more harm than good to the citizens of the UK.

Labels: ID Cards

Now that the House of Lords have stopped their opposition to the National Identity Card having forced the Government to make some meaningless concessions it looks like nothing can prevent the bill being passed. Chicken Yoghurt asserts that our list of allies has grown very thin and our only hope is that this massive IT project goes as badly wrong as all previous huge government IT projects.

As Longrider says over at Europhobia: “incompetence is now our most valuable ally“. We must now hope that the procurement and implementation of the National Identity Register is as cack-handed, expensive and late as the rest of the technocratic turds this Government has to seen fit to foist on us in its rudderless quest for a subjugated Utopia.

In that, at least, the odds are in our favour. We democrats grudgingly placed our faith in the hands of the unelected Lords. We must now, reluctantly yet with hope, put it in the hands of big business.

Can a Home Office that apparently cannot do their accounts properly be trusted with the massive funds needed for procurment and implementation of a National Identity Card System.

Tom of Blairwatch and Charlie Stross have done the maths on the time needed for the registration of the entire adult population of Britain and have calculated given the number of people divided by the number of regional registration centres each registration needs to completed in an unworkably short 72 seconds.

Given the technical problems people are predicting perhaps Perfect.co.uk is truly prescient with these two pieces of news from the future, more news from the future.

I forsee the biggest practical problem will be the failures due to the use of biometric data as a way of preventing a person getting multiple cards for different fake identities. I wrote about this a couple of years ago in my analysis of the national identity card scheme in the subsection Is biometrics a silver bullet?

Labels: ID Cards

Well it comes as no surprise to me the news that Lord Falconer has told the BBC that the only way to get full benefit from the Identity Card scheme was for people without a passport to carry one.

It has been the government line all along that the cards would be compulsory. I am worried though that the government is pretty much pushing through biometric identity cards in the form of passports though. Whether the Identity Card bill is passed or not the UK will end up with a massive biometric identity register of millions of UK citizens.

The UK already has the most surveillance cameras per capita of any country in the world and now we learn that the UK also has the largest DNA database of it's citizens in the world with about 5% of the poulation's DNA profile being held.

Labels: ID Cards, Surveillance

A report by Corporate Watch, a Quaker-funded research group in Oxford challenges the feasibility of creating the necessary IT system required for the Identity Card scheme. It will they say based on previous examples of Government IT procurement from the companies involved likely lead to an IT disaster

It blames huge, over-complex schemes that fail to deliver promised benefits. Acknowledging months of controversy over the civil liberty and cost implications of the scheme, due to start in 2008, Corporate Watch says "relatively little attention seems to have been paid to the significant practical problems of implementing ID cards and the National Identity Register", which will eventually hold data on all 60 million UK biometric identities.

The unprecendented enormity of the scale of this IT project plus the fact that it will be reliant on cutting edge technologies will in my mind almost certainly fail to deliver. Therefore there seems to be even greater reason for extensive oversight and detailed cost analysis than there would for any previous Government IT project.

Failure to create a prefectly functional and secure system will actually create more problems and exacerbate the current problems the scheme is designed to solve.

Labels: ID Cards

The Government faces an uphill struggle in trying to get their ID Cards bill passed and once again were faced with defeat in the Lords but the Home Office remains unbowed by their defeat and will fight on.

Ministers refused to back down last night in the face of a defeat in the House of Lords which threatens to block their bill to introduce ID cards until the scheme's estimated costs have been independently vetted by the National Audit Office.

Tory, Liberal Democrat and crossbench peers joined forces to reject government claims that an ID card and passport, complete with hi-tech biometric identifiers, would cost £93 at current prices, with the card itself costing £30. The government was defeated by 237 votes to 156.

The Peers rejected the notion that set-up costs needed to be confidential.

But the Home Office minister, Lady Scotland, told peers she "simply did not accept that there should be any such unprecendented review of the estimated costs" before the bill passed.

It may well be unprecedented to have such a review of the costs but for such an unprecendented scheme such as the creation of a National Identity Register and the infrastructure to run it then I believe that parliament and the public really should be fully informed of every aspect of it.

They also suffered their second defeat when the Lords voted by 206 to 144 in demanding that the National Identity Register have a secure and reliable method of storing the personal data to be contained with in of every citizen.

I think this is the more serious point. Such a database as the National Identity Register that contains comprehensive data on virtually every adult in Britain will surely be a major target of identity thieves. It could be a disaster if the data contained within it was not securely held and access to the data restricted via a robust authorisation system.

Labels: ID Cards

It's worrying finding yourself on the same side as the bloody Tories in a political debate but I find myself increasingly there in recent years.

I wouldn't never have believed it 10 years ago if someone told that I'd be agreeing with the views of the Conservative party on the issue of Identity Cards.

Thnakfully there are still Labour MPs such as Anne Begg that are prepared to ask hard questions of the Home Secretary in this debate but the likelihood of get a decent answer are unfortunately remote.

Every one of the arguments that Mr. Bercow raises are wrong are they. Well I'm afraid that simply asserting that doesn't make it a reality. Surely that's the purpose of having a debate so that people can raise points that you then convince with detailed arguments why they are wrong. Or, and I know this might be a hard concept to grasp Mr. Clarke but it's just possible that dare I say it you might actually be wrong.

Labels: ID Cards

Dame Stella Rimington the former head of MI5 has said that she believes that ID cards won't make us safer

Asked at a further education conference whether she thought ID cards would make the country safer, Dame Stella Rimington replied: "No is the very simple answer, although ID cards have possibly some purpose.

"But I don't think anybody in the intelligence services - not in my former service - will be pressing for ID cards."

Her own opinion was that ID cards would be of use "but only if they can be made unforgeable".

She added: "If we had ID cards at great expense and people can go into back rooms and forge them they will not make us any safer."

Of course the Tories leapt on Rimington's ID card rejection, what has the world come to when I find myself siding with the Conservative party against a Labour government.

The Conservatives said today that criticism of ID cards by former MI5 chief Dame Stella Rimington showed the government's justifications for their introduction were "completely bogus".

Dame Stella told a meeting of college heads yesterday that no one in the intelligence services favoured the government's plans to introduce biometric identity cards.

She warned that they would be "absolutely useless" unless they could be made impossible to forge.

Dame Stella's opinion will no doubt be dismissed as 'out of touch with what the public wants' by the government as they only seem to accept expert opinions of those experts whose opinions agree with their own.

The government has by and large given up on the prevention of terrorism aspect of the ID card proposal, which I find worrying as they now seem to focusing on the arguments about costs. This might indicate they think they have won the battle of ideas that ID cards are necessary and the only real question is whether the public will accept the high monetary costs of the scheme.

Labels: ID Cards, Terrorism

A little rebellion now and then is a good thing.

Thomas Jefferson (1743-1826) 3rd President of the United States

Unfortunately in the case of ID cards the rebellion was too little (BBC News).

So I turn to the words of Thomas Jeffereson's predecessor.

Liberty cannot be preserved without a general knowledge among the people, who have a right... and a desire to know; but besides this, they have a right, an indisputable, unalienable, indefeasible, divine right to that most dreaded and envied kind of knowledge, I mean the characters and conduct of their rulers.

John Adams (1735-1826) 2nd President of the United States

We can only hope that the unelected House of Lords are more questioning of the ID card bill than the majority of the Labour Party MPs in the House of Commons. The Government's claims that their ID card proposal will solve many serious problems facing our society simply do not stand up under analysis.

Labels: ID Cards

A report in today's issue of the Independent on Sunday by Francis Elliott, Andy McSmith and Sophie Goodchild reveals that Ministers plan to sell your ID card details to raise cash

Personal details of all 44 million adults living in Britain could be sold to private companies as part of government attempts to arrest spiralling costs for the new national identity card scheme, set to get the go-ahead this week.

The Independent on Sunday can today reveal that ministers have opened talks with private firms to pass on personal details of UK citizens for an initial cost of £750 each.

This seems to be a desperate move by the Government to ensure that they regain the public support for the scheme as the expected cost has continued to rise the support has decreased.

In seeking to offset the cost by selling off information they hope to gain the public's support again. Of course if they follow through with this proposal they not only will have rescinded on their pledge that "unlike electoral registers, the National Identity Register will not be open for any general access or inspection" but will compromise the security of the National Identity Register.

The greater the access to the Register there is the more likely that the information will make it into the hands of criminals or terrorists therefore increasing the likelihood of identity theft that the Identity Card scheme is designed to prevent.

The National Identity card bill will be going before parliament yet again this coming Tuesday. Government whips are confident of winning Tuesday's vote, but opponents are predicting that the process can be killed off before implementation due to the ever-rising costs and the now apparent risks of database breach or failure.

EDIT: Thanks to Murky.org I've discovered some additional links of possible interest.

ID cards: a child’s view, even a child can see how flawed the scheme is.

In today's Sunday Times we discover that costs may force ID cards to be cheap ‘chip and pin’, thus doing away with the biometric system that although imperfect and flawed in many ways would be a much more secure system for verifying that the card was held by the true cardholder. Ironically one of the primary motives for the proposed card in the first place was that the US was insisting on taking biometric data on all visitors to their country.

It really does seem that the government wishes to install an ID card system by any means possible even if those means totally undermine the security of the system and make the ID card utterly unable to fulfil any of the objectives it's introduction is meant to.


Edit: 28/06/2005

The Home Office has denied a report the personal details of millions of Britons could be sold to help pay for the introduction of identity cards in this BBC report ID card database 'not for sale'.

Labels: ID Cards, Security

The Sun newspaper published an article today by undercover reporter Oliver Hardy concerning the sale of the details of Britons' bank accounts by Indian call centre workers.

Your life for sale

Cash for a villain ... crooked Kkaran Bahree with Sun undercover reporter Oliver Harvey in Delhi

Crooked call centre workers in India are flogging details of Britons’ bank accounts, a Sun probe has found.

Our undercover reporter was sold the top secret information on a thousand accounts, and numbers of passports and credit cards.

But what happens once those details have been stolen? For answers we look to the following New York Times article. Black Market in Stolen Credit Card Data Thrives on Internet

But surely the introduction of a National ID card will stop this blight of identity theft. Well actually no it won't, it could even make it easier for criminals to steal your identity and the consequences will be far worse.

Labels: ID Cards

Article at Information Today, Inc. about the possibilities of library users being able to borrow items anonymously through the use of electronic cash cards.[via]

You've seen anonymous cash cards already; you may even have received them before. They're better known as gift cards. Using the same principle, libraries can issue a borrower card that uses cash, rather than personal ID information, as collateral. Here's an example: If a privacy-minded user deposits $20 to get an anonymous library card, she can check out The Terror State without identifying herself. Her account balance is temporarily reduced by $15, and when the library checks the CD back in (in good condition), her balance is restored to its original value.

Of course, she can still use an identity-based library card as much as she wants. Because the library knows how to contact the owner of a card associated with a photo ID, it is willing to loan hundreds of dollars worth of material. If the user doesn't promptly return the material in good condition, the library can involve a collection agency or alert the police.

With an anonymous library card, the library is willing to loan materials to anyone because it knows it can't really lose anything. Since the library would never loan more than it could re-coup from a cash deposit, it would be able to loan controversial items without storing personally sen-sitive information. If the user doesn't return the material promptly, the fines would be deducted when it's finally checked in (or once the accrued fines reach the price of the material).

With this system in place, libraries could also welcome tourists who want to borrow books about the local community, travelers who want to watch DVDs on their laptops in their hotels, and (where reciprocal borrowing agreements don't exist) library users from neighboring areas. I once drove to the next county over to borrow an obscure film on DVD only to realize there was no reciprocal borrowing agreement in place. I went home sad and empty-handed because a cash-based card was not an option.

Simply put, anonymous lending opens the door to new kinds of users, protects the library from loss of materials, protects the borrower from loss of privacy, and protects both from the repercussions of a privacy breach. And law enforcement could still investigate suspects in a criminal case: Having searched the suspect's belongings with a legitimate warrant, police officers could ask the library for information about the use of the anonymous library card they seized. Random snooping, though, becomes completely fruitless. Law enforcement would have to begin with a suspect and work backward, instead of starting with a controversial title and fishing for borrowers.

Labels: ID Cards

It was the Queen's Speech today in which she outlined what her government would be doing in this parliament.

Tony Blair has pledged to create a "culture of respect" as he put moves to tackle crime and disorder at the heart of his third term agenda.

Public service reform also figured strongly in the Queen's Speech, setting out the government's new programme.

A total of 44 bills and six draft bills are in the 2005 Queen's Speech - ensuring a packed legislative schedule in the parliamentary session that follows the general election.

The 44 bills for Parliament to debate by November 2006 included ID cards and laws against religious hatred.

The Conservatives say Labour has copied much of their agenda. The Lib Dems say Mr Blair has not listened to voters.

BBC News: Queen's Speech at-a-glance or in full.

As outlined in the speech the government has not yet given up on it's planned National ID card scheme.

Controversial plans to introduce a compulsory identity card scheme have been unveiled in the Queen's Speech.

The cards, which had to be dropped ahead of the election, will be linked to a National Identity Register holding information on all UK residents.

Home Secretary Charles Clarke said there had been "technical" changes to the new bill to take account of previous objections to the plans.

The Lib Dems say the plans could be defeated with Tory and Labour support.

I really wonder why they insist on pursuing this ill-conceived plan that will be both costly and inefficient, and will certainly not provide increased national security.

Further reading:
• My analysis of the scheme.
• The text of the Identity Cards Bill
• NO2ID NewsBlog

Labels: ID Cards, politics, Security

Apparently the US government is pushing through a bill that will introduce a defacto national ID card system on the back of a another bill on military spending. Curiously many US citizens are unaware that it is happening.

FAQ: How Real ID will affect you
By Declan McCullagh
Staff Writer, CNET News.com

What's all the fuss with the Real ID Act about?
President Bush is expected to sign an $82 billion military spending bill soon that will, in part, create electronically readable, federally approved ID cards for Americans. The House of Representatives overwhelmingly approved the package--which includes the Real ID Act--on Thursday.

What does that mean for me?
Starting three years from now, if you live or work in the United States, you'll need a federally approved ID card to travel on an airplane, open a bank account, collect Social Security payments, or take advantage of nearly any government service. Practically speaking, your driver's license likely will have to be reissued to meet federal standards. The Real ID Act hands the Department of Homeland Security the power to set these standards and determine whether state drivers' licenses and other ID cards pass muster. Only ID cards approved by Homeland Security can be accepted "for any official purpose" by the feds.

UnRealID
Papers, Please!

Real ID = National ID Card

This Tuesday, the US Senate is scheduled to vote on the implementation of a national ID card system. The Real ID Act is nothing less than a Real National ID Act. The only thing left to the individual states is to decide which pretty picture they will choose to put on the card: everything else will be controlled by Washington DC bureaucrats.

The Real ID Act has never been debated on the US Senate floor. They've never talked about it in any committee. Heck, most of them haven't even read it! Yet they're planning to vote on it on Tuesday, no questions asked.

For more on the Real ID Act and why it is an ineffective waste of money that will actually introduce security problems rather than solve a security issue take a look at Bruce Schneier's excellent blogpost and read the comments if you have time.

Labels: ID Cards, Security

I read an interesting article last week by Edward Felten about a proposal to incorporate RFID chips in US passports.Edward W. Felten: Why Use Remotely-Readable Passports?

Yesterday at CFP, I saw an interesting panel on the proposed radio-enabled passports. Frank Moss, a State Department employee and accomplished career diplomat, is the U.S. government's point man on this issue. He had the guts to show up at CFP and face a mostly hostile audience. He clearly believes that he and the government made the right decision, but I'm not convinced.

The new passports, if adopted, will contain a chip that stores everything on the passport's information page: name, date and place of birth, and digitized photo. This information will be readable by a radio protocol. Many people worry that bad guys will detect and read passports surreptitiously, as people walk down the street.

This is a remarkably stupid idea that has little to no tangible benefit and will most likely compromise security and enable identity theft. The only possible reason for this proposal is that some technology company seeking a government contract convinced someone that it was a good idea and no one in the process could understand the repercussions if it were to be implemented.

There clearly is a problem with identity theft and the forgery of identity documents such as passports so governments seek solutions to improve security. As you would expect they seek advice from experts in the field. Unfortunately they seem to be ignoring the advice of independent experts whose advice is that there is no technological solution to the problem and taking the advice of industry experts, which typically will be technology companies seeking to sell the government a solution.

Take for example the intention of the British government to include biometric data on the proposed National Identity Card.

Biometric data systems simply are not capable of working on the sort of scale that the proposed national identity card system would require them to.

They are good enough for their priamry application which is to verify that for example the iris scan of an individual matches within a certain threshold the biometric data held on the person's ID card.

But the system also would be required to prevent an individual being able to get a second ID card with different identity details. The proposed method of doing it would be to check that the individuals biometric data isn't already listed against an identity in the national identity database.

In February 2003 the National Physical Laboratory performed a biometrics feasibility study on behalf of the Home Office, DVLA and the UK Passport Service.

They studied the feasibility of the use of recognition systems for face, iris and fingerprint on the scale needed to cover the population of the UK. No biometric system is perfect and a balance needs to be found between false matches and false non-matches.

A false match is where the biometric template of an individual is matched to that of a different individual i.e. Vera Duckworth of Manchester is falsely recognized as Pauline Fowler of London.

A false non-match is where an individual is scanned and are not matched to their own biometric template i.e. the system has failed to recognize them.

Iris recognition was found to be the best method of distinguishing between individuals.

The results for the iris recognition part of the study were that Iris recognition can achieve a false match rate of better than 1 in a million with a false non-match rate of below 1 in 100.

For the current UK population of 60 million a random individual would be falsely matched with on average 60 other individuals in the national database plus would have a slim chance of not being matched against their own data.

With such a high chance of false matches (in fact it is practically a certainity that every individual will falsely match with another) there is no way to discern the difference between a false match and a true match for an individual who is applying for an ID card with a fake identity. Biometric technology clearly isn't upto the job of preventing multiple legitimate ID cards being issued to an individual until there is no possiblity of matching with another person.

Undoubtably technology will improve over time but will it improve to the required extent, it has a long way to go to do so.

The worse thing about biometrics is the faith in its infallibility, your biometric template is nothing more than a bodypart reduced to a long stream of numbers it is merely a fancy password and it's one that can never be changed. The proposed system treats the biometric template as the core of your identity with all the other information about you such as your name and address of secondary importance.

If the details of your biometric template can be stolen and accurately faked then your whole identity can be stolen.

Shit I've gone into rant mode the gist of this was supposed to be that politicians cannot be expected to be expert in all fields and justifiably must make decisions based upon the advice of experts. But they must listen to all the advice from all sides even if it isn't what they wish to hear as decisions must never be based solely upon the advice of comapnies seeking a huge government contract.

There is a cynical part of me that believes that the reality is probably that politicians are being unduly influenced by such things as campaign contributions and are awarding contracts not based on outside advice at all.

Labels: Computer security, ID Cards, Security

It appears that both the government and the Conservative party have seized upon the case of Kamel Bourgass, Al-Qaeda suspect and killer of DC Stephen Oake, to make political capital in the run up to the election.

Tory leader Michael Howard has said Tony Blair's failure over asylum led to ricin plotter Kamel Bourgass being able to commit his crimes.

Mr Howard said Bourgass should not have been in the UK and said the case showed "the chaos in our asylum system".

Does this extreme case indicate the general failings in the British asylum system or should we take a broader picture and examine many cases before judging if the system is in chaos. Mr. Howard's statement would appear to be little more than an implication that asylum seekers are a danger to our society.

I think that the Conservatives have taken the wrong tack with their efforts to focus their campaign on immigration and may well have been led astray by focus groups. Immigration is an issue that I think most people are actually less concerned about than they say they are. It is an issue that has been fuelled by the tabloids which makes the average bloke in the street feel he should have an opinion on when really he couldn't give a toss.

The Labour government have also seized upon the case for their own ends.

Home Secretary Charles Clarke earlier insisted: "Things like identity cards, stronger borders to deal with migration issues, the kinds of anti-terrorism legislation that we passed in the last Parliament are all necessary."

Perhaps if Bourgass' plot to poison thousands had succeeded and the reason he wasn't stopped was due to the fact that the Police and security services were unable to identify him then there might be a case to argue for ID cards but none of this happened.

He was identified and tracked and was arrested along with many other individuals who had some connection to him so therefore the present system worked perfectly. The only problem was that his arrest was bungled which led to him having an opportunity to try to escape and then kill DC Stephen Oake in the process.

In addition it was played up at the time that it was a terrorist cell plotting a Ricin attack that had been stopped. It is now known that he was a loner and all the other individuals that had been arrested at the same time have been released having had the charges against them dropped or the court cases abandoned. Yet the Home Secretary in giving his opinion on the verdict still used the term terrorist organisations.

The Guardian: Police killer gets 17 years for poison plot. Charles Clarke, the home secretary, expressed his satisfaction with the verdict. "What the case showed was that there are terrorist organisations which seek to challenge us in this country and challenge our basic freedom," he said.

The case clearly did not show that at all, there may well be terrorists seeking to disrupt our society but only the goverment is seeking to curtail our basic freedom. There appears to be very little evidence that Kamel Bourgass was organised in his plot let alone part of a larger organisation.

I wonder what happened to the Blitz mentality of 'business as usual' whilst we were suffering the equivalnet of a 9/11 every week now we seem to be in a period of 'hysteria as usual' precipitated I feel by the government.

It's all scaremongering for the sake of winning an election, coercion through fear for political reasons in effect 'electoral terrorism'.

Labels: ID Cards, Security, Terrorism

City of ghosts
In a joint investigation for the Guardian and Channel 4 News, Iraqi doctor Ali Fadhil compiled the first independent reports from the devastated city of Falluja.

December 24

In the morning we went back towards Falluja and heard that there were queues of people waiting to try to get back into the city. The government had made an announcement saying that the people from some districts could start to go back home; they promised compensation. About midday we got a mile east of the city and saw that four queues had formed near the American base. They were mostly men, waiting for US military ID to allow them back home.

The men were angry: "This is a humiliation. I say no more than that. These IDs are to make us bow Fallujan heads in shame," one of them said.

I met Major Paul Hackett, a marine officer in the Falluja liaison base. He said that the US military was not trying to humiliate anyone, but that the IDs were necessary for security. "I mean, my understanding is that ultimately they can hang this ID card on a wall and keep it as a souvenir," he said.

They took prints of all my fingers, two pictures of my face in profile, and then photographed my iris. I was now eligible to go into Falluja, just like any other Fallujan.

But it was late by then, somewhere near 5pm (the curfew is at 6pm). After that anyone who moves inside the city will be shot on sight by the US military. Tomorrow, we would try again to get into the city.

So the security of Falluja is maintained by biometric ID cards is it. We don't have the full story here but then Dr. Ali Fadhil's report isn't considered with the issues of ID cards it is concerned with the devastation of Falluja.

Is the US military demanding people identify themselves whenever a patrol comes across an individual in Falluja?
Do they have a list of suspected insurgents at the ID processing centre in order to prevent those individuals gaining ID cards?
What happens to the data once law and order has been restored to Falluja and Iraq in general?

I doubt that the use of biometric information in this system has an increased security effect over the simple photo-IDs that could have been issued to returning Fallujans. It seems to me that this merely an experiment to test the biometric ID card system in the field as it were by a US government which is intending to introduce such a system in some form or another for it's own citizens.

In other fingerprinting news we have this from Bruce Schneier on the Security issues with Fingerprinting Students.

Labels: ID Cards, Security

I received an email from NO2ID.net giivng an update on the National ID cards Bill as it passes through parliament.

Revolts.co.uk has produced an analysis of the Second Reading backbench rebellion (PDF file).

We urgently call on all supporters to contact their MPs, Councillors, AMs and MSPs to make them aware of your concerns and to point out that ID cards are not a popular measure, despite what a number of them believe. If you get a response then please pass on details of their position to our
Parliamentary Liaison, Rachael Marsh (parliamentary.liaison@no2id.net).

List of MSPs - http://www.scottish.parliament.uk/msp/index.htm
List of AMs - http://www.wales.gov.uk/who/constit_e.htm
Fax Westminster MPs - http://www.faxyourmp.com/

In addition to contacting your MP you may wish to support the campaign by either signing the petition or by making a donation.

Labels: ID Cards

I rarely read The Times anymore since it turned into a tabloid, in more ways than merely the size of the newspaper, however I did this morning as I was waiting for a dental appointment.

A couple of stories piqued my interest.

Clarke condemns the 'Luddites' over identity cards opposition

Is this the bloggers' favourite blog?

The new Home Secretary Charles Clarke last night branded opponents of the plan "Luddites" and argued that he had a duty to use technology to protect citizens as he overcame opposition from both the Labour and Tory back benches.

I know he wasn't referring to me as he was using the term to describe the recalcitrant MPs opposed to the bill but it is oddly amusing for a technologist such as myself to be lumped in with Luddites.

It is particularly ironic given that I think it is the government's blind faith in technology to solve problems that has gotten us so far down this road. The proposed National Identity Card will not solve the most significant of the problems it is designed to address and yet will drastically undermine privacy and civil liberties. This is a security trade-off that I'm not willing to accept and neither I suspect would the majority of the public if they truly understood what the proposals meant.

I have written a longer thesis called Identity and ID cards, in which I outline the impact of the proposed National ID card.

The second of the stories in The Times is a profile of the blog BoingBoing which is indeed as the article suggests my favourite blog.

Labels: ID Cards, Security

These aren't the droids you're looking for.

Unfortunately unlike Obi-Wan we don't have the ability to influence the minds of people demanding to see our identification. There is however a chance for UK citizens to prevent the introduction of ID cards in the first place though. In a last gasp effort before the Queen's Speech on 23rd November the NO2ID group have organised a petition to allow UK residents to voice their opposition to the proposed scheme.

NO2ID are a non-aligned diverse group of people and organisations who stand against the Government's attempts to introduce intrusive, expensive and ineffective control of personal identity.

The British government seems dead set on pushing through this legislation so the petition is unlikely to dissuade them. However by voicing our concerns it is still possible to prevent it's implementation. The Home Office in October of this year published A Summary of Findings from the Consultation on Legislation on Identity Cards (file size 749kb) which broadly outlines their thinking on this issue.

In June 2004 I published my analysis of the British national identity card scheme titled Identity and ID cards, in which I argued that privacy concerns aside the proposal will be ineffective in it's aims.

Thanks to BoingBoing.

Labels: ID Cards