About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« June 2007 | Main | August 2007 »

18 posts from July 2007

Identity theft that matters, not dumb credit card stuff

By davebirch posted Jul 30 2007 at 9:38 PM
[Dave Birch] If you ask anyone who actually knows anything about security about risks, they'll always tell you the same thing: insiders are the biggest threat. They might add that insiders who don't understand how to use the most basic computer security measures and don't understand how software that is integral to Web 2.0 works. A Japanese policeman has been sacked after the personal information of thousands of people relating to criminal investigations was leaked on to the internet from his computer. The officer revealed the details via peer-to-peer (P2P) file-sharing software on his PC. He had allegedly installed the Winny file-sharing software on to his machine and was unaware that sensitive data was being made available to other users via the P2P network, leading to the personal details of 12,000 people related to criminal investigations being shared and along with 6,600 police documents (including interrogation reports, victim statements, and classified locations of automatic licence plate readers). What's more, the files included a list of the names, addresses and personal information concerning 400 members of the notorious criminal gang Yamaguchigumi yakuza. I wouldn't try opening a bank account and taking out a loan in one of their names, to be honest, as they may take a more robust approach to identity theft than the Information Commissioner.

Technorati Tags:

Continue reading "Identity theft that matters, not dumb credit card stuff" »

An open source national ID scheme

By davebirch posted Jul 27 2007 at 8:24 AM
[Dave Birch] I've mentioned a few times at various seminars that the way that the Dutch have approached the development of a national contactless smart card for transport ticketing should be studied to see what lessons can be learned and used to inform other developments. The basic reason for this is the structure of the procurement: in short, organisations were asked to tender using whatever standards and interfaces they liked but in the knowledge that whoever won would have to provide the specifications licence-free so that anyone could develop new products and services to use the cards. It's already paid off. When Linkdump reported that students developing open source applications found a security error in the card, it reinforced to me the wisdom of the Dutch approach. The combination of open source and independent scrutiny makes that system as a whole more, not less, secure.

Technorati Tags:

Continue reading "An open source national ID scheme" »

Department of the Bleedin' Obvious

By davebirch posted Jul 26 2007 at 9:52 AM
[Dave Birch] The American Medical Association (AMA) says that human RFID tags could pose serious privacy risks. No kidding. But note that their report has few concerns regarding the medical implications of RFID tags. The tags are implanted using a needle in less than a minute. The Assocation does have some concerns regarding possible interference with medical imaging and other medical electronics, but the report does not cite any instances of these actually occurring. So there are no medical issues, but there are privacy issues. Such as? Well, the report says that (sensibly) patients should have to give informed consent to implantation, something that is obviously sensible. It also says that doctors
cannot assure patients that the personal information contained on RFID tags will be appropriately protected
I'd assumed that all that is in the tag is some kind of ID number and that all of the identity management takes place at the back end. Not that this neutralises privacy worries, but let's get the big picture sorted out. It shouldn't make any difference to the overall "privacy state" of the system whether I have the number on a bracelet, a tattoo or an implant, should it?

Technorati Tags: , ,

Continue reading "Department of the Bleedin' Obvious" »

Privacy seminars are like London buses

By davebirch posted Jul 23 2007 at 9:06 PM
[Dave Birch] You wait ages then two come along at once. After going along to the DBERR seminar, I'd spoken at the BCS Information Security Specialist Group "Privacy Day". I remember that, by coincidence, shortly after having woken up that morning, I heard a story on the Today programme (by forum friend Rory Cellan-Jones) about privacy. I thought he might be priming the nation for my presentation, but it turns out that the Information Commissioner, Richard Thomas, had that very day released his annual report. In the report he called the number of companies, government departments and public bodies breaching data protection rules "horrifying".

Technorati Tags:

Continue reading "Privacy seminars are like London buses" »

S/MIME is, like, so last century

By davebirch posted Jul 20 2007 at 8:11 AM
[Dave Birch] I was preparing a presentation that included a couple of remarks about generational issues when it comes to privacy: what Bill Dutton of the Oxford Internet Institute called more "nuanced and textured" views of privacy. This led me back to an article I'd read noting teenagers generally don't think twice about including their first names and photos on their personal online profiles, but most refrain from using full names or making their profiles fully public, which I now understand more fully after hearing listening to Bill. This and similar news reports were linked to a survey from The Pew Internet and American Life Project which found that two-thirds of teenagers using social networking have restricted access to their profiles in some fashion, such as by requiring passwords or making them available only to friends on an approved list. Social networking sites, such as MySpace and Facebook (or, indeed Linkedin) have responded by offering users more controls over how much they make public and warning them about revealing too much. So perhaps the next generation are not ignoring privacy, but dealing with it in a new way. After all, only 1 in 50 puts their mobile phone number online. Although four-fifths put their photo online and more girls than boys do so. I'm no expert (as may be evident) but they presumably don't see their image as a private part of their identity and, also presumably, want control over it by posting an image that they choose, that is under their control.

Technorati Tags: , ,

Continue reading "S/MIME is, like, so last century" »

Man vs. Machine

By davebirch posted Jul 18 2007 at 6:14 PM
[Dave Birch] An NIST report shows that machines can out-perform humans at face recognition under certain circumstances. The FRVT 2006, for the first time, integrated measuring human face recognition capability into an evaluation of face recognition technologies and the performance of humans and computers was compared on the same set of images. The experiment found that algorithms are capable of human performance levels, and that at false accept rates in the range of 0.05, machines can out-perform humans. Note also that one of the reports findings is that the performance iris, face and 3D face is comparable when all three biometrics are acquired under controlled illumination (my italics). Much to the joy of the Bouncer's Union, however, it seems that machines are unlikely to replace nightclub doormen any time soon.

Technorati Tags:

Continue reading "Man vs. Machine" »

Building the utility

By davebirch posted Jul 17 2007 at 9:10 PM
[Dave Birch] In his presentation to EEMA, my colleague Neil McEvoy calls for the creation of an identity utility, to be used by government, business and individuals alike. Neil mentions that the NFC-equipped mobile phone could be the critical device to make this a reality, because the mobile phone can act as both the identity provider and the identity consumer. So will there be enough mobile phones, and will enough of them have NFC, to make this a realistic vision? Well, in many countries (eg, the U.K), mobile penetration is already over 100%. Nokia alone sold 348 million handsets last year. There are nearly half a billion mobile phone users in China. 49 million handsets were shipped in Japan last year. ABI Research forecasts that by 2012, some 292 million handsets (more than 20% of the global mobile handset market) will ship with built-in near-field-communications capabilities.

Technorati Tags: , , ,

Continue reading "Building the utility" »

Rushing in

By davebirch posted Jul 16 2007 at 11:03 AM
[Dave Birch] There's an identity-related debate going on about data sharing by government. I don't mean to take sides on it, except to note that I would prefer to see a more technologically-informed debate, especially around the sharing of biometric data. I was making some notes about this in a data protection context and thought I would mention that the EU's Data Protection Supervisor (a Mr. Peter Hustinx) has been saying that EU governments risk violating the protection of their citizen's personal data by acting hastily in approving the use of biometrics because it was "rushing in a new era" of using biometric identifiers for security checks while standards for data protection were still not clear. In particular, he warned against cross-linking national biometric databases and he said that Europe needs standardised procedures for collecting biometric data as well as common rules and safeguards for the use of the sensitive information.

Technorati Tags: , ,

Continue reading "Rushing in" »

Meanwhile, back in the real world

By davebirch posted Jul 13 2007 at 3:10 PM
[Dave Birch] This story about bus ticket machines going down Down Under may seem of tangential relevance to identity cards, but look at the details. According to the story, bus ticket machines are breaking down an average of 12 times a day, giving passengers free rides and robbing taxpayers of thousands of dollars in revenue. The figures, revealed in Freedom of Information documents, also cast doubt on the replacement smart card system, which drivers claim breaks down more than the current ticket machines – even causing at least one accident. The real cost of loss in revenue is unknown as the Government relies on the ticket machines to provide patronage and fare data. The biggest cause of ticketing machines being out of order was faulty software, followed by printer malfunctions, and breakdowns in electrical and mechanical components.

Technorati Tags: ,

Continue reading "Meanwhile, back in the real world" »

PET subject

By davebirch posted Jul 12 2007 at 5:59 PM
[Dave Birch] The European Commission are in favour of PETs. Not the furry (or even scaly) ones, but our favourite kind: Privacy Enhancing Technologies. They are in favour of them because they (correctly) think that the deployment of PETs might do more protect privacy and implement real data protection. If implemented properly, as I have long maintained, they mean that mathematics rather than ombudsmen would ensure compliance! They make a superficially reasonable point about deployment, arguing that PETs should be implemented inside a regulatory framework -- Article 13 of the Data Protection Directive and Article 15 of the ePrivacy Directive, apparently -- that can deliver (negotiable) levels of privacy to individuals. I'm not so sure about that. I think it's better to make the PETs widely available and easy to use and then let the market take over: I'm not sure what regulation adds in this case. The Commission says that it has been promoting the use of PETs by public authorities, and I'm sure we all agree that that's a good thing.

Technorati Tags: , , ,

Continue reading "PET subject" »