About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« March 2008 | Main | May 2008 »

4 posts from April 2008

Engineering principles

By Dave Birch posted Apr 29 2008 at 7:15 PM

[Dave Birch] Privacy and security aren't additional extras, costly options for new system. They are (or should be) part of the fabric. You can choose how to implement systems in either a privacy-enhancing or privacy-reducing way. Take, for example, congestion charging. There are a couple of ways to do this: you could do it the way they do in Singapore, where you have a prepaid card that communicates via RF with an overhead gantry. When you go through a gantry, the system attempts to take a fee from the card. If the transaction goes through (it's an offline purse transaction) then you're on your way. If you borrow a mate's car, you can take your card and put it in his car, no problem. But if you don't have a card, or you don't have any money on your card, then you get photographed. Alternatively, you can do it the British way. In London, all cars get photographed and then automatic numberplate recognition is used to try and work out who to charge. In many cases, it works and the correct account of a poor person is charged. I say poor person, because rich people register their Lambourghinis as taxis and avoid the charge


Cleangreencars has discovered that there are an unusually high number of luxury cars that have been granted the private hire designation, including two Maserati Quattroportes, three Maybach 62 and eight Rolls Royce Phantoms.

[From Taxi!? London luxury car owners register Maseratis, Rolls Royces as C-charge-free private hire vehicles - AutoblogGreen]

Incidentally, if you can't be bothered to send your chauffeur round to register the Porsche as a private hire, you can always just leave the Belgian plates on it, because the supercomputer running the system is not connected to other supercomputers in other European countries...


I drove for 4 years in london with a german plate, many times in the zone (once it was introduced), never paying and my ex never got a ticket sent to her place in HH where the car was registered.

[From London congestion charge for foreign cars]

In fact, as that tax-avoiders' handbook The Independent notes,


there are a number of ways to exploit the loopholes in this system as a private, law-abiding motorist if you are willing to be a little inventive.

[From Congestion charge loopholes: Now just learn the Knowlege... - Features, Motoring - The Independent]

Bit I digress. My point is that we have choices, and not building privacy-enhancing technology into a system is making a positive choice to have a data catastrophe at some point downstream.

Continue reading "Engineering principles" »

Fasten your seat belt

By Dave Birch posted Apr 24 2008 at 8:54 PM
[Dave Birch] I was so bored in my hotel room while I was waiting for Microsoft Office to re-build my mail database that I picked up a copy of Newsweek and started leafing through it. To my surprise, I came across an interesting piece about privacy.

The economics of privacy is, like anything else, a matter of trade-offs... The problem is that people can't make informed decisions if they don't know exactly what the trade-offs are. And they've proven that they don't.

[From Protect the Willfully Ignorant | Newsweek International Edition | Newsweek.com]

I couldn't agree more. As it happens, Consult Hyperion is part of a consortium that has just been chosen by the U.K.'s Technology Strategy Board to carry out a research project in this field, trying to find better ways to describe and display privacy so that the consumers and citizens can make informed choices, can negotiate around privacy in a constructive way and can deal more effectively with both corporate and government organisations. The article goes on to make a comparison that I'm not sure is entirely valid: the comparison is between privacy and safety, and the reason I'm unsure about it is because it uses the example of cars, seat belts and accidents -- all of which are things that consumers understand and can experience in a way that they cannot with privacy (at least, they cannot until our research project bears fruit!). Anyway, the article says

Car manufacturers let consumers pick engine sizes, color and the fabric on the seats, but not the design of the seat belt. "Consumers lack expertise about seat-belt design and don't want to invest time learning about it,"... Rather than let people figure out the optimal seat belt for themselves, experts pick a standard.

[From Protect the Willfully Ignorant | Newsweek International Edition | Newsweek.com]

Ok, so let's pick a standard. I vote for... er... hmmm... wait, I'll get back to you on this.

Continue reading "Fasten your seat belt" »

Hard cases

By Dave Birch posted Apr 16 2008 at 2:27 PM

[Dave Birch] I was at a discussion on privacy a while back, kindly organised by Robin Wilton under the Liberty Alliance banner. As always, I found that I learned more in a few minutes of argument with people like Caspar Bowden, Edgar Whitely, Phil Booth, William Heath and others than I would in weeks of reading Powerpoint presentations and vendor white papers. The discussion was under Chatham House rules, so I won't saying anything about who said what, but I do want to pick up one point that was made because, on reflection, I've been thinking that it's more of a barrier to a comprehensive identity management infrastructure than it first appears. The point is this: I am, in essence, a technology optimist who thinks that clever shenanigans with smart cards and digital certificates can improve society by delivering more secure and more privacy to the general public. The problem is in order to understand why these things might be possible, you have to have some basic understanding of technology, which I think that politicians and policy makers do not. Stalemate.

Continue reading "Hard cases" »

Now, who's smart and who's dumb?

By Dave Birch posted Apr 8 2008 at 7:21 PM

[Dave Birch] There are a great many advantages to smart cards as a platform for digital identity -- they're smart (ie, they have a microprocessor in them) for one thing -- but there's one huge drawback. They need readers. Now you might reasonably assume that no-one would countenance launching a smart card scheme with no readers, but that's precisely what has just happened in the U.K.


Eleven million free travel smart cards have been issued but many buses are not equipped to read them, a report by MPs claims. The report, by the House of Commons Transport Committee, entitled Ticketing and Concessionary Travel on Public Transport, said the situation was "daft". Ten years after committing to integrated bus ticketing, the Government has "achieved too little of practical value", the report said.

[From The Press Association: £1bn bus pass scheme 'stalling']

When they say "not many" buses have been equipped to use the cards, what they actually mean is "virtually no" buses have been equipped to read the cards. The cards are simply being used as "flash passes" so as long as you wave something that looks like a valid card then the bus driver will let you on board since he/she has no way of verifying that the card is valid. Since the cards have a two-year lifetime, and since the readers won't be in place for two years, it's hard to see what the use of them is. It seems like a huge waste of money to me, but then I am not well-versed in government smart card policy...


The first nationwide smartcard-based travel scheme launches next month, but the majority of passengers outside London will not be able to use the advanced functions.

[From Free smartcard travel arrives - 20 Mar 2008 - Computing]

Nor will the majority -- in fact, all -- of the passengers in London since (as the article makes clear) Transport for London won't even begin trialing the readers for these cards until mid-2009 and won't be installing them until 2010.

Continue reading "Now, who's smart and who's dumb?" »