About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« November 2007 | Main | January 2008 »

6 posts from December 2007

Season's greetings

By davebirch posted Dec 24 2007 at 9:27 AM
[Dave Birch] Season's greetings and all the best for 2008. I hope you enjoy a break as much as I do, so in the European fashion I'm off for a few days and I look forward to catching up with you all again in the New Year.

Technorati Tags:

Continue reading "Season's greetings" »

Day of the serigala

By davebirch posted Dec 19 2007 at 7:10 PM
[Dave Birch] I can't help but keep returning to the MyKad smart identity in Malaysia because it's such a fascinating, and valuable, case study of the transition to a smart identity card. And because it happened a few years ago, it provides useful data (gathered over time) on the evolution of such a scheme. Now, the Sabah Law Association (SLA) has said that the authorities should look into provisions of the Sabah Ordinance on Registration of Births and Deaths 1948 to assist them eradicate the problem of fake MyKads in the State. The association's president said that the provisions provide for a procedure for late registration of birth certificates and would address the problem of fake MyKad being issued to foreigners who makes application for such document supported only by statutory declarations. In other words, people can claim that they are only now registering their birth, without supporting documentation, and get an identity card. He pointed out a report carried by the newspapers regarding a Member of Parliament from Sabah whose name had been used to obtain a fake MyKad, saying the case was only "the tip of the iceberg".

Technorati Tags: , ,

Continue reading "Day of the serigala" »

No-one understands this stuff

By davebirch posted Dec 11 2007 at 5:19 PM

[Dave Birch] Well, the Birch household received its apology from HM Revenue & Customs this morning.  Mr. Dave Hartnett offers his personal apologies for the data loss (although no data has, of course, actually been lost -- I'm sure the HMRC still have it somewhere).  He does, entirely sensibly, tells that there is no need to get a new bank account. I didn't read the rest of it, because I noticed that it had my full name, address and (completely pointlessly) national insurance number on it, so I ran to the shredder to dispose of it immediately. He's probably wasting his time, since neither the general public nor general journalists seem to have any understanding of the "incident" or its implications. My evidence? Well, Link tell us that the number of people who changed their PIN at a cash machine rose by more than 50 per cent in the three days following the HMRC data loss announcement, despite the fact that even if a dedicated team of crack identity fraudsters did manage to copy the CDs (either at HMRC, the courier or at KPMG) before handing them in, they wouldn't have anyone's PIN anyway.  Link did point out something that hadn't occurred to me though: people may have been changing the PINs because the PINs were birthdates.  Hhhmmm.  Meanwhile, the Metropolitan Police announced that they have finished their search with no results, and are therefore offering a £20,000 reward for the discs. I thought Ian might have misunderstood, but no, he is correct.  The reward is for the return of the discs!!  As if that means that if the CDs are returned, all the data that was on them could not possible have been copied.  What on Earth is going on? Even normally sensible people are saying very strange things. Emergent Chaos picks up on this as well, spotting this quote about HMRC's data antics:

However, [Gartner VP Avivah] Litan warned that the chance of identity theft was actually small, at just 1%.

As Chris says, the chance of this estimate being scientifically defensible is even smaller.

Technorati Tags: , , ,

Continue reading "No-one understands this stuff" »

The march of the mobile

By davebirch posted Dec 7 2007 at 9:50 PM
[Dave Birch] We've long felt that the mobile phone will become the central identity device, the pivot of the emerging digital identity infrastructure. Plenty of other people seem to think the same, so it's puzzling that organisations that need significant improvements in both the security and the convenience of large-scale identity management are taking so long to exploit the mobile environment. An obvious case in point is banks. Since, in the U.K., everyone who might conceivably bank online already has a mobile phone, one might reasonably have expected mobile phones to become a standard 2FA token for online banking and shopping. It's not exactly hard to imagine how that might work. But instead, banks have opted for the simple, not end-to-end 2FA that uses chip and PIN cards to generate one-time-passwords (OTPs) for logging in to home banking. Now, as it happens, my bank just send me one of these and I used it for the first time on Saturday. It worked fine, and I didn't have to remember either my numerical passcode or my secret word. But does it give me security?

Technorati Tags:

Continue reading "The march of the mobile" »

Some of these questions are hard

By davebirch posted Dec 6 2007 at 5:12 PM
[Dave Birch] They pose some difficult questions over on blog*on*nymity. I like checking in over there: it helps me to develop a real perspective on digital identity, a perspective that takes in the evolution of social constructs around identity as much as SAML and OpenID. They are quite right to express concerns around the personal, psychological and social effects of the Internet and Google-powered public accessibility to sensitive personal information. This particular issue they are raising -- which I simply hadn't thought about until I they made me think about it -- is the accessibility of online judicial opinions and court files:
As lawyers we did a good job debating the legal and policy elements of the situation. As moral agents or ethicists we failed badly.

Technorati Tags: ,

Continue reading "Some of these questions are hard" »

Making digital identity solve real-world problems

By davebirch posted Dec 3 2007 at 11:12 PM
[Dave Birch] Solving the real-world problem of identification and authentication is, as we know, difficult. Not simply because we need to find mechanisms for implementing these concepts that are both convenient and cost-effective but because their real-world use is messy. Digital identity has to be able to deliver more than workable home banking login for people like me. In the real world, demands are more complicated. Here's a good example, put forward by Chris Skinner. He was trying to help is elderly father-in-law sort something out with his bank, so he phoned and told the bank just that. They refused to deal with him on the phone and insisted that his father-in-law write a letter to change the repayments or whatever it was he wanted. So Chris just called back and told them that he was his father-in-law. He was easily able to answer the "security" questions and so got things sorted out quickly. But how will this work in the world of identity cards and biometrics? Or consider a similar, more prosaic case. I'm sure many people use their partner's ATM card from time to time. Not for any illegal withdrawals, but because they are lazy, or can't find their own card, or they left it at work or whatever. I'd hate to run round the to ATM at the supermarket because we need some cash only to be told by the machine, "Sorry Mrs. Birch, face recognition failed" (which it would do, by the way).

Technorati Tags:

Continue reading "Making digital identity solve real-world problems" »