Why Dont You Blog?

Yet another “downside” of the thawing tensions between East and West was announced on the BBC today. Sir Edmund Burton was investigating the MOD’s woeful inability to prevent laptops going missing, and one of his conclusions was reported as:

Armed forces recruits from the “Facebook generation” do not take data security seriously enough, a Ministry of Defence security probe has found. (…)
In a highly critical report, he says the MoD had lost its Cold War discipline for data security and there was “little awareness” of its importance among staff. As a result a major security incident had been “inevitable”.

I sort of agree in that such a loss was (and still is) inevitable. However, I am not convinced it is as clear cut as the “facebook” generation or the end of the cold war.

First off, most of these breaches are not made by inexperienced recruits - they are not the sort of person who carries a laptop around with huge amounts of classified material. The people who do this are senior members of staff (even MPs…), I doubt Hazel Blears is part of the “facebook” generation - she simply had material on her machine that shouldn’t have been there and it got stolen. The MOD losses are similar.

Portable IT equipment is a high value target for theives, by its very nature it lends itself to being carted away easily. Of course people will try to steal things like this so any security plan must take that as an assumption and build from there (such as not putting unnecessary data there in the first place…). It is not the cold war’s fault for having the barefaced cheek to end.

The larger “issue” of all this, is despite the poor record, our government is continually trying to record and store more and more data on its citizens. Imagine the security compromise possible when a laptop containing 25,000,000 (not a made up number) people’s ID card details goes missing…

Remind me again why ID cards are good?

Popularity: 21% [?]

Popularity: 21% [?]

Well, Orwell is still spinning in his grave. Despite some apparently premature optimism, it seems that ID cards are very much on the government’s agenda. Today’s news headlines have been very much about the “ID Card Rethink [bbc as example]” and how we are all going to end up with one.

This is all despite the House of Lords “setback” and the massive online YouGov poll that showed a significant percentage of the population were against the idea. To me, in addition to the hateful ideas of forced identity documents, the fact the government is able and willing to completely ignore over a million of the electorate’s opinions speaks volumes for how modern democracy works…

In a token gesture to people’s opinions, the government is planning to bring ID card by stealth in a phased manner. I assume the thinking is target the least popular / most vulnerable parts of society then, in a few years everyone will have come round to the idea and we will all carry one. Distasteful is an understatement.

In her speech announcing the new Identity Card plans, the Home Secretary, Jacqui Smith made the following statements:

I start from the premise that the National Identity Scheme is a public good.

Starting from a false premise is never going to lead to anything of value… This is largely, Smith saying the assumption was always we were going to have Identity Cards, like it or not.

As citizens, it will offer us a new, secure and convenient way to protect and prove our identity.

What is new about it? How is it more secure than, say, a passport or driving licence? Equally, how the **** does the existence of an ID card protect your identity?

And it will provide us with the reassurance we need that others who occupy positions of trust in our society are who they say they are as well.

This is odd, and the radio news made a big deal about this. What people who occupy positions of trust don’t already carry a form of ID? Lots of news sources go on about how Airport staff will be early ones to get them - oddly, you already need to have an ID card to get airside at an airport. What will have actually changed? Are the current procedures flawed?

Now, at this point I was going to do a line by line rebuttal of her claims but as they are all insane it will take much too long. Nearly every sentence she utters in her speech contains falsehoods and spin to trick people into thinking ID Cards will solve the worlds problems. They wont.

In an effort to be brief, I will try to address her main points.

Firstly, ID cards are supposed to be brought in to prevent crime and terrorism. Wow. If having to carry an ID card would prevent someone from being a terrorist, why are there still terrorists in the world? Same with crime. Neither activity will be deterred simply by the existence of a voluntary ID scheme. The best that could possibly be hoped for would be for a compulsory ID card, with fingerprint data, that may enable the police to catch people after a crime(*). In years gone by crazy ideas were often supported with a “wont anyone think of the children” (as parodied by the Simpsons), now we have Prevent Terrorism as the buzzword. If the government want to pass laws people will hate it is always linked to prevention of terrorism. Didn’t anyone watch “In the Name of the Father?”

Secondly they are supposed to prevent Identity Fraud. How this happens is never, ever, mentioned and, frankly, defies even the most cursory examination. Again reading through Ms Smith’s speech is an exercise in logical fallacies, there are more appeals to fear than I care to count. The phrases basically go along the lines of criminals steal identities so get an ID card. This sounds good and there is a half-hearted example of one person who defrauded the state out of £2.5m over five years. Compare this to Northern Rock who have taken over £100billion from the state in as many months. Who is the worse criminal? On a more personal level, ID theft is a terrible thing and I genuinely feel for anyone it happens to. Would the national ID card prevent it? Ninety nine times out of a hundred the answer is no, and in the other one is it a maybe.

For example, if some one hacks your Ebay account and runs up charges would an ID card have protected you? Same with anything online (where most ID theft apparently takes place) and in the offline world it only works when it interacts with the government. Someone can steal your ID and apply for credit cards, loans etc., and unless the issuing authority has access to the central database there is no way to find out.

This leads to the other problem. The database itself becomes a single point of failure. All a person needs to do is attack that to gain a legitimate, but false, identity. As recent months (and years) have shown, the Government is a largely inept organisation when it comes to protecting the data it holds. The news has covered dozens of “accidents” where huge amounts of personal data have been lost into the public domain. Do you feel safe thinking that a group with this track record will hold the gold standard of data about your identity?

Ms Smith has considered this and some reassurance is given:

Private firms will be encouraged to set-up “biometric enrolment centres” where passport and ID card applicants will be fingerprinted. [BBC news]

WTF! To make matters worse, this personal and private data will be collected by non-accountable organisations who have, by definition, their primary goal of making profit. By Toutatis this is madness. Here we will have the situation where staff on a minimum wage will be responsible for inputting your ID details and making sure no one else can get access to them. People who can be bribed with the price of a pint down the pub. Terrifying.

When Ms Smith talks about how they will protect the data the ID system will store, she manages to confuse me as to how it will work:

 The way in which we are designing the National Identity Register, with separate databases holding personal biographic details physically and technologically separately from biometric fingerprints and photographs, will greatly reduce the risk of unauthorised disclosures of information being used to damaging effect. …(followed by)…  I should make it clear that none of the databases will be online, so it won’t be possible to hack into them. [BBC transcript]

Now call me an old fashioned security professional, but there is a bit here that makes sense. By preventing people from getting access to the data you really do reduce the risk of unauthorised disclosure. However, and this shows more madness, if huge segments of society can’t access the data it is useless. The idea as I see it is that you go into the bank to open an account and show them your ID card. They scan it and compare it to the record of you. If it matches you get account. Seems easy, except now it looks like the bank wont have access and even if they did there is an air gap between the two technologies.

How is it supposed to work?

Lastly (phew, I hear you cry), the introduction by stealth. This shows the government KNOW this is an unpopular idea and it would never get off the ground if they tried to roll it out now. Instead they are going to play on the “white working class fear” of the Evil Immigrants by making them carry ID cards (why not force them to carry a sign round…(**)). What effect this will have is beyond me because if I was an immigrant and challenged by “authority” I would simply say I wasn’t an immigrant. Prove me wrong. Next come the “UK citizens and EU nationals who work in ’sensitive’ airport jobs” who already carry ID cards and aren’t likely to complain, but again the question is “why?” Finally in 2011 it will be an opt-out option on passport renewals. Passports already have biometric data and are acceptable as proof of ID the world over. Why do we need another form of ID?

That is it in a nutshell, though. Why on Earth do we need another form of ID?

–

(*) remembering to account for the error bars of partial fingerprint matches when you have a database of 60+ million entries, and hoping the criminals are too stupid to wear gloves…

(**) Hmm. This seems familiar. I wonder why…

Popularity: 39% [?]

Popularity: 39% [?]

The title is quoted from the Register, in a post entitled “UK ID card service mounts birth, marriage, death landgrab” (The clue is in the title. )

The UK Identity & Passport Service (IPS) has staged an identity landgrab on birth, marriage and death records. From April 2008 the General Register Office, which is responsible for recording these matters and is currently a directorate of the Office of National Statistics, is to become part of IPS, meaning that IPS will be logging you from the moment you’re born until the moment you die.

Not only is the previously respected General Register office about to disappear into the gaping maw of the Orwellian Identity ministry, but its data will now feed

into the somewhat more chilling notion of of a continually updated life record. So was that Web 2.0, or just Stasi?
Considering the new owners, it’s now pretty clear which it is. (The Register, 11th October 2007)

Today, the Treasury announced its plan for cutting out all “avoidable contact” between the public and government services. Partly this consists of shutting down government websites and merging their information into one uber-website for citizens and one for businesses. It also involves minimising the chances that you might get to speak to a human being in the dole office or tax office. It’s supposed to be based on “customer journey mapping” which is supposed to be so successful in the private sector.

I assume that the government ministers and senior civil servants have other people to do their shopping for them. Otherwise they might know what a “customer journey” is like in the real world. There are few activities more infuriating than trying to get an answer to a nonstandard question from a phone-line that tells you how important your call is. Unless you count a call-centre operator with a preset script and limited understanding of any regional accent. Or a website that throws away all the details you have laboriously typed in after hours of searching through pages that were delivered over the Internet at a speed that would embarrass a partly squashed slug.

What does this whole new world of applying customer service principles mean for the UK citizen then? Well basically, yes, you’ve guessed it, extending their data sharing between departments. More ID.

Making better use of the customer information the public sector already holds. The types of transformation covered by this Agreement will simply not be possible unless the public sector can establish the identity of the customer it is dealing with simply and with certainty, and be able to pass relevant information between different parts of government. (The Treasury paper, 11th October 2007)

Bull.

Page 19 of the Treasury document says

MAKING BETTER USE OF THE CUSTOMER INFORMATION THE PUBLIC SECTOR ALREADY HOLDS
3.34 This is a highly complex challenge which will not be entirely solved within the CSR07 period. The public sector can, however, make progress:
• at a strategic level; with the work being lead by the Home Office (on identity management) and by the Ministry of Justice (on information sharing). …
• at a tactical level by tackling these issues within the context of specific projects, most importantly “Tell Us Once”. ….. In addition to “Tell Us Once” the Government will also sponsor and facilitate other specific projects including the Free School Meals pilot which is already
underway …………

This is all boring stuff. The social consequences of applying mad business models to delivering public services makes your eyes start to droop. I know. I feel just the same.

The writers know that peppering documents with enough empty phrases like “the context of specific projects” and “strategic” and “tactical” and “facilitate pilots” will switch us off. This stops us seeing the content.

The No2ID campaign makes the same point as the Register, mentioning “Stasi files. ”

In your face, bungling amateurs in the Stasi. The UK government can teach you a thing or two.

Popularity: 36% [?]

Popularity: 36% [?]

Now, of late, the Guardian Money’s obsession with demonising “buy to let” landlords has been more than a little annoying. However in Saturday’s paper, the Capital Letters section had a bit which was quite interesting. Capital Letters is a sort of consumer rights thing, where people write in following problems with various companies and Tony Levene sorts things out for them. Very interesting reading most of the time.

Basically, this week, some one wrote in saying that HM Customs and Excise (Now properly known as HM Revenue and Customs) was threatening to take them to court over non-payment of taxes. The person was complaining because they did not owe any tax and they were on the PAYE scheme where tax is deducted from wages at source. The unfortunate correspondent had tried to convince HMRC about this but was unsuccessful.

Popularity: 31% [?]

Popularity: 31% [?]

For this, go to the source and read it. No more secrets by Steve Boggan is a very very disturbing account of how “joined-up government” and national ID documents will mean the end of anything resembling privacy.

The blurb on the printed page says:

“Tony Blair insists his government is not building a Big Brother-style super-database. But all the talk of ‘perfectly sensible’ reforms and ‘transformational government’ masks a chilling assault on our privacy”

Brilliant article. It’s almost too much to take in and it might leave you feeling very depressed. But, really, if you live in the UK, you should read it.

Popularity: 42% [?]

Popularity: 42% [?]

This was going to get ignored but, the BBC having beaten us to it by featuring two Downing Street mass spams in a couple of days, it will have to be said. The government response to e-petitions is to fire off a patronising spam telling you that your concern was noted but Tony is now going to explain patronisingly and irritatingly why you are wrong and the government will pay no attention.

The UK government is experimenting with online petitions. Two had massive numbers of people taking part, to express opposition to road-pricing and/or the national ID card. There were over a million against road pricing and around 800,00 against ID. (You can see where people’s priorities lie…)

Now, clearly the only people who sign one of these are those who care strongly enough an issue to sit at at a PC, find the site, find the right petition and send their name, get an email and reply to it. Which requires knowledge of the whole process, plus the will to go through it. You’d imagine that you could multiply these numbers by at least 50 to get a true idea of the strength of feeling.

It’s like cheap MORI poll for the government. It requires an address and postcode. The government can get plenty of very detailed information about which issues people find important and where they live, which could be very useful in an election campaign.

How sane is then, to reply to everyone with emails that set the teeth on edge? I was shown a copy of the ID mail and it basically said

“Thanks for the e-petition. However, the government is not interested. You obviously don’t understand the issues or you wouldn’t have ventured your opinion. ID will fight crime, let you go to America and will hardly cost you anything. in any case it’s inevitable”

Ok, I admit to some exaggeration in the precis here. But it was way too long and boring to read (Yeah, yeah, people who live in glass houses…)

In fact, yesterdays’ blairspam alerted the Opposition to the fact that the ID was to be used as the basis for a national registry of fingerpints. Funny, you didn’t really mention this before, HM Government.

Today’s news item is the road pricing one. This was worded slightly more cagily - over a million opponents, remember - but the impression I got from the BBC was that the government was saying a slight more appeasing version of exactly the same thing “Tough, it’s inevitable but it will be out of our hands and private companies will run it. Nothing we can do mate”

Here’s my response:
**********************
Hi Tony

I welcome your move into the technological world of email spam, Tony. It’s an exciting new contribution to the democratic process.

However, I’m sorry to have to explain to you that there may be some misunderstanding here about the nature of consultation. This is for your own good and it was inevitable that someone would have to do it.

Consultation is not really achieved by hearing contrary views then telling the electorate that they don’t understand the issues and that process x is inevitable and is for our own good really.

It is actually not inevitable that the government carries detailed ID information on those citizens who aren’t engaged in organised crime deeply enough to escape the system.

It’s not inevitable that intrusive technology takes over from competent policework or that the data that we provide the government is dictated by the requirements of the US immigration service or that we even have to stump up our own cash so Big Brother can keep an even closer track of us(probably private sector) These seem a lot like political decisions, Tony.

I will just take this opportunity to explain what a “political decision” is . I have to admit I’m surprised that this is necessary for someone who’s worked his way to the job of Prime Minister, but that’s one of the drawbacks of our tragically underfunded private education sector….
*******************

And what a lucky coincidence that the announcement about partial troop withdrawal from Iraq (for once, slightly better than normal war news) was leaked on ID Emailspam day and released on the Road-price Emailspam day.

Popularity: 20% [?]

Popularity: 20% [?]

Are the letters ID inherently evil in that specific combination? They form an acronym for two of the main topics that spark up rants here - Intelligent Design (the belief that everything except evolution is so complex that God must have planned it in detail) and Identity Document (the UK’s psychiatrically-certifiable ID card scheme.)

It’s been a while since there was any complaint about the ID card scherme here. However, far from vanishing when it’s not in the news, it’s been creeping towards existence. THe BBC put up a page in December with arguments for and against. http://www.bbc.co.uk/dna/actionnetwork/A2319176  The Fors basically consist of  “there would be less illegal immigration, benefit fraud , ID theft and crime in general.” None of these arguments are convincing. Nor, even if they were all true, would they seem to constitute enough of a public good to justify the full-scale imposition of  such constraints on traditional freedoms. Surely benefit fraud is the responsibility of DWP, Immigration of the Home Office, crime of the police. Aren’t they up to doing their jobs any more? The truly comical argument for ID is this, though.

Enhance sense of community: The government believes that identity cards would create a sense of shared citizenship, belonging and security

(I wondered what that lovely warm feeling I get from my bus pass was.)

If you don’t even need to know what the BBC gives as anti-ID arguments, you have probably decided a long time ago that the whole plan is both silly and dangerous. (See http://www.no2id.net/IDSchemes/faq.php if you want to read the arguments and find out about campaigns.)

You have probably heard people saying “But it’s inevitable.”  You almost certainly feel that it doesn’t matter what you think about what the government does because it never makes any difference anyway, look how mass protests stopped the Iraq war involvement (not)

Well, there is actually one way you can let the Government know that it is a deeply unsavoury plan. Go to http://petitions.pm.gov.uk/IDcards/ and sign the online petition against ID. I normally regard petitions as utterly pointless but there are reasons why this may have some impact. It’s on a site set up by the government itself to get input. If they can be made to see that this is no vote-winner, even a potential “poll tax” issue, they are going to step back sharpish.

The fiasco of the government’s current IT systems is already a scandal. Every IT project seems to cost untold millions; comes in millions over-budget; leads to civil service redundancies so services get worse;  and it doesn’t work properly when it’s finally implemented. The ID card scheme requires a huge outlay on even more new systems. A minister would need to have either some very powerful friends who needed an IT contract or a strong ideological commitment to the idea of ID to want to keep pushing this expensive and unworkable plan in the face of serious evidence of opposition.

The Government had to give way on the medical records plan to the extent of allowing us to refuse to have our medical records open to any NHS employee (or journalist, nosy neighbour, private detective, etc.,  who knows an NHS employee). They may indeed give way on this scheme. Just wait till the cost to individuals sinks in to those people who don’t think ID is a bad thing in itself. We’d be doing the Government a favour by stopping them  pushing the ID plan through.

Popularity: 17% [?]

Popularity: 17% [?]

I just picked this up from the god-like archives of the god-like Register. In 2003, a school was planning retinal scans before parting with school dinners and library books.

 http://www.theregister.co.uk/2003/01/08/uk_school_plans_retinal_scans/

The article says that tens of thousands of kids had already been fingerprinted then. However, a resourceful chap has found there are serious flaws in biometric iD.

“c’t gave biometrics a resounding thumbs down, after fooling a large number of devices with simple tricks and finding some unusable.

In its attempts at outfoxing the protective programs and devices, c’t concentrated on deceiving the systems with the aid of simple procedures (such as the reactivation of latent images) and forgeries, such as silicon fingerprints. It also achieved some success in eavesdropping on the communication (via the USB port) between a computer and the sensor and using this information in replay attacks to fool recognition systems. It didn’t try to hack into biometric data directly, though this might be another fruitful avenue of attack.”

It seesm that we are going to have to rely on the skills of a few eccentric hackers to keep some of the personal freedoms that used to be considered the essential benefit of democracy.

Democracy, hmm? Do you remember seeing anything in the voting materials at the last general or council elections that said

“By the way, we know you think jury trials and a professionally trained  police force and free movement are so 20th century.  We intend to replace the police with low-paid vigilantes wearing armbands and applying civil A-Social Bastard Orders that don’t requiire proof of actually breaking laws.

Oh, and we know you feel that 25 hour surveillance of everyone’s public activities  is the way to go. We are sure you feel uncomfortable when your biological identifiers,  credit record, medical history and address and telephone number and many other details or rumours about you aren’t held all over the place. We know you want these things to be collated at will by anyone with access to them - that is, more or less any public body or private company. 

We know that you are worried about toddlers wearing hoodies and veils, so we’ll make them our big priority.  Just let them try keeping a library book over the allotted 14 days!  We bet that you are furious that people can just walk into pubs without showing a biomentric passport. Well, we promise to sort all that out for you. Vote for us.”

Popularity: 11% [?]

Popularity: 11% [?]

I was going to do the usual thing and keep my mouth shut about the £200 fine for not recycling accurately, as there is a very good blog further down about that. However, hard as that is to believe, there’s much worse.

A Register article just blew away my residual sanity:- http://www.theregister.co.uk/2006/10/20/pub_fingerprints/  The title is

Beer fingerprints to go UK-wide

That is, pubs are to get money to fingerprint customers. Seriously.   Pubs in Yeovil are already doing it. There is a nicely understated piece in the Register article that points out quite how voluntary the pubs entrance into this scheme is- they won’t get a licence if tehy don’t and they can open late if they do.

This reminded me of another article in the Register a few days ago that had already pushed the proverbial envelope of calm too far for me to express an opinion on it in moderate language . That was http://www.theregister.co.uk/2006/10/17/mps_on_kiddyprinting/  Schools are apparently fingerprinting kids - allegedly so they can issue library books….  A simple rubber stamp used to suffice.

These articles are apparently genuine. I’ve found lots of other references to the schools one. Does anyone feel more secure with this stuff. I can sleep easy in my bed knowing that the local publican and school librarian are carrying out ad hoc surveillance at a level that George Orwell would never have dared present in his fiction.

Popularity: 8% [?]

Popularity: 8% [?]

How did I miss this?

“This month, NO2ID and a growing number of other organisations* ask that you renew your passport… Did you know that, from October of this year, as preparation for the ID scheme, ALL first-time passport applicants will have background checks and be interviewed by officials at one of the government’s 69 new ‘enrolment centres’? This will include your children as they reach 16“ (http://www.no2id.net/ 7 May 2006) At the moment, existing passport holders are not included in this but they will be.

Granted this means coming up with £51 now, but the ID style one will cost at least £93, according to no2ID. And will get you stuck in the sytem for life.

Popularity: 9% [?]

Popularity: 9% [?]