By
davebirch posted Mar 30 2007 at 4:09 PM
[Dave Birch] It looks as if Forum friend Max Most was right when she expressed doubts about the trajectory of the Department of Homeland Security's US-VISIT program last November. According to a Government Accounting Office (GAO) report the US-VISIT program's costs are spiraling out of control. Accenture were awarded a $10 billion contract for US-VISIT back in 2004, and it is intended as a border control system. A digital photo and fingerprints are taken when foreigners enter the US (after standing in a queue for hours, as many of us have experienced) and these are "checked" against a government watchlists stored in a "hodgepodge of backend databases." But there's virtually no system in place to know when visitors have left the country.
Technorati Tags: biometrics, ID cards, identity
Continue reading "Unwelcome VISITors" »
By
davebirch posted Mar 26 2007 at 3:02 PM
[Dave Birch] Critics of the US ID card initiative have long said that it actually makes individuals less secure by putting all their eggs in one basket and leaving them more vulnerable to data breaches and insider abuse. The legislation behind it, the Read ID Act, requires the departments of motor vehicles in all 50 states to demand and keep on file sensitive documents such as birth certificates, social security cards, utility bills and the like. People who don’t have an ID card will be barred from boarding airplanes and from entering federal buildings such as courthouses, so it looks as if most Americans will have to get one.
Technorati Tags: ID cards, identity, risk analysis, security
Continue reading "REALly bad idea" »
By
davebirch posted Mar 24 2007 at 9:19 AM
[Dave Birch] Many people subscribe the Digital Identity Forum blog "RSS feed" and read it through a "Feed reader". If these terms mean nothing to you, you'll be pleased to know that we've set up an e-mail list for you. Read on for instructions...
Technorati Tags: forum, identity
Continue reading "If you don't know your RSS from your elbow" »
By
davebirch posted Mar 23 2007 at 10:37 AM
[Dave Birch] I'm thrown into category confusion, because I wanted to mention the use of Octopus (ie, transit) contactless smart cards in Hong Kong. As we have often discussed, the way in which Octopus has spread from transit to retail payments makes for an interesting case study. But it is also the case the Octopus cards are being used for physical access control. Since everyone, essentially, has one there is no point in implementing proprietary access control systems for offices or apartment buildings: you may as well just let people use their Octopus cards. This always struck me as rather interesting, particularly given evidence from other markets that people might be reluctant to load too many functions onto one card.
Technorati Tags: contactless, identity, mobile, security
Continue reading "Aargh! Is this identity or money?" »
By
davebirch posted Mar 22 2007 at 6:23 PM
[Dave Birch] The potential growth of the RFID market is "huge". It's not just me who says this, but the "Information Society and Media" Commissioner, Viviane Reding told reporters at CeBIT. She estimated that the European RFID market will grow from €500 million ($660 million) in 2006 to €7 billion by 2016. "We're strong in wireless, mobility and chip manufacturing, and we must develop this for RFID," she said. But the commissioner also warned that industry must pay greater attention to security and privacy issues. "We must make industry aware that the Internet of things must be an Internet for people". That's a phrase I rather like, and it echoes some of our comments on this. She also announced the creation of an "RFID stakeholder group," including representatives from industry and consumer groups. The group will provide advice to the Commission, which plans by the middle of this year to propose amendments to the e-Piracy Directive taking account of RFID applications. Also, later in the year, the Commission intends to publish recommendations for member states on how to handle data security and privacy issues affected by the use of RFID. .
Technorati Tags: internet, rfid
Continue reading "I'd like my stuff to chat more" »
By
davebirch posted Mar 21 2007 at 7:11 AM
[Dave Birch] Let's be clear: there is something interesting happening around virtual worlds. I'm not entirely sure what it is, and nor is anyone else, but the primal soup of computer-mediated communications, social networking and immersive 3D graphics is brewing and something will evolve. This has ramifications for the world of digital identity because, apart from anything else, it changes the way that we think about identity (and multiple identity). It seems to me that virtual worlds are beginning part of mainstream thinking: my evidence for this is that the moral panic that accompanies all new technologies that enter the mainstream is now under way.
Technorati Tags: identity, passport, virtual worlds
Continue reading "Where's the virtual Home Office when you need them?" »
By
davebirch posted Mar 15 2007 at 8:49 AM
[Dave Birch] One of the most visible digital identity documents, the passport, has been much in the news recently. Unfortunately, most of the coverage has been about the limitations of Basic Access Control (BAC). Not that electronic passport control is operational yet because of the problems getting readers installed and configured, which in turn means getting the public key directory working. This directory is being set up by Netrust, a Singaporean company that last year was selected by ICAO. Germany, citing security worries, says it is not taking part in the directory, even though the USA and UK are (currently). Readers won't have the German keys in them (unless they get them directly from the Germans), so they won't be able to validate the digital signatures on German e-passports. As we've discussed before here, there some genuine problems here that need to be fixed for the e-passport to be effective.
Technorati Tags: identity, passport, security
Continue reading "Not-very-public key infrastructure" »
By
davebirch posted Mar 13 2007 at 11:39 AM
[Dave Birch] I'm always looking out for real-world problems that appear serious but where intelligent analysis shows that an effective digital identity infrastructure can support good solutions. As such, I often use the "chatroom paradox" as a simple example of how the technology to deliver pseudonymity can balance the needs to stakeholders even in a contentious environment. But I'm a technologist, so I tend to dwell on how online identities might be protected rather than why they might be protected. A recent Israeli court ruling has made me think about this again.
Technorati Tags: identity
Continue reading "If you can't stand the heat, get out of the chatroom" »
By
davebirch posted Mar 12 2007 at 6:54 PM
[Dave Birch] Under a deal announced at the beginning of March, RFID (radio frequency identification) tag specialists Checkpoint Systems will provide Europe's second largest shoe retailer Reno with tags and tagging systems for 700 stores in 15 countries. By having the tags integrated into its shoes, Reno aims to curb theft for both boxed products and those on display, as well as shoes customers try on in the stores. Reno has been using RFID technology to track product shipments from its factories to its stores for several years but has not yet used the technology to track individual products inside each store. Even setting these more paranoid aspects to one side, wouldn't it be useful for retailers to know which stores I'd been in and where I went in those stores?
Technorati Tags: contactless, privacy, retail
Continue reading "These boots were made for talking" »
By
davebirch posted Mar 9 2007 at 8:11 AM
[Dave Birch] Yet another survey, this time from Unisys, seems to indicate (yet again) that U.S. and U.K. consumers would like to see biometrics introduced. Across the board, a large majority of consumers in the United States (63 percent) and United Kingdom (87 percent) believe that the rise in identity fraud and the insufficient protection of personal information will become a significant security threat in the future, and feel that financial institutions and government are not doing enough to stop it. As a result, an even greater percent of U.S. consumers (69 percent) and U.K. consumers (92 percent) would prefer that banks, credit card companies, healthcare providers and government organizations adopt biometric technologies, as compared to other protection measures such as smart card readers, security tokens or passwords/PINs, to safely and quickly verify personal identities.
Technorati Tags: biometrics, health, security
Continue reading "Consumers want biometrics (again)" »