About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« August 2008 | Main | October 2008 »

7 posts from September 2008

Rolling out ID cards

By Dave Birch posted Sep 25 2008 at 8:15 AM

[Dave Birch] The British government's plan to roll-out ID cards to people took another step forward today with the release of details on the ID card for foreign nationals:

Home Secretary Jacqui Smith said the cards would allow people to "easily and securely prove their identity".

[From BBC NEWS | Politics | Foreign national ID card unveiled]

Continue reading "Rolling out ID cards" »

Stoking up the debate on data sharing

By Dave Birch posted Sep 23 2008 at 11:53 AM

[Dave Birch] At the beginning of the year I proposed Stoke's Law as the back-of-the-envelope law for estimating the amount of new crime enabled by government data collection and sharing:

I propose Stoke's Law, which is that as the amount of data that the government collects grows, so will the number of people who are victims of crimes that were made possible by unauthorised access to government databases.

[From Digital Identity Forum: A new law]

We never really settled on the shape of the Stoke's Law curve, leaving it as a square law (ie, the amount of crime goes up as the square of the amount of data collected) but I'm really beginning to wonder if this is steep enough. This is because, in the U.K. at least, civil servants and management consultants appear obsessed with data sharing, which of course makes the problem much worse. It's no surprise to see stories about the abuse of government databases appearing with apparently increasing frequency. For example, I read only last weekend of a case in which a civil servant was tapping into databases to pass a woman's details on to her violent ex-partner so that he could track her down. This wasn't for money -- the civil servant was the new girlfriend of the violent man in question -- but could have had a much more serious outcome than the kind of identity crime (ie, credit card fraud) that the government says is a priority with respect to the national ID card scheme.

As someone who believes that cock-up rather than conspiracy is the guiding principle of government IT, I have to say that corrupt civil servants passing on information to criminals is unlikely to be the biggest problem with the joined-up administration imagined by the designers of new public sector infrastructure:

Government records are notoriously inaccurate. If a person is wrongly listed in a database, the problems of that error are now amplified.

[From Concurring Opinions]

When government databases were inaccurate and distinct, the errors were there but it was difficult for them to propagate. Now they will be able to zoom around at the speed of light.

Continue reading "Stoking up the debate on data sharing" »

I'm sure banks have a strategy for this kind of thing

By Dave Birch posted Sep 18 2008 at 2:27 PM

[Dave Birch] Some time ago, I pointed out that sensible retailers would use ID cards to cut payment schemes out of the transaction loop, by using ID cards as payment tokens and using the ACH network rather than Visa or MasterCard. I've just written another piece on this for Electronic Finance & Payments Law & Policy.

As I have long been advising our clients in the payment space, there will be inevitable implications for retail payments businesses once a national ID card is in place.

[From Digital Identity Forum: Paying for identity]

Retailers want business change, not just lower fees. Now, a barrier to their competing with existing card schemes themselves has been the cost of issuing and managing secure smart cards or other tokens. But if the government is going to do it for them, then they may as well exploit it. I can easily imagine taking my ID card and a blank cheque down to Tesco, putting them both into a machine and punching in my PIN. Then, next time I go shopping, I punch my PIN into the keypad at the checkout lane, wave my ID card over a reader and then go on my way. This kind of the service has already begun to spring up in the U.S.A., in response to the issuing of “Real ID”drivers’ licences which have machine readable magnetic stripes that can be read at POS terminals. A company called National Payment Card (NPC) has begun to exploit the opportunity, by getting customers to register their bank details and a PIN against their licence. This means that customers can then pay for fuel by swiping their licenses at petrol stations and entering a PIN. A similar national scheme has just launched in Malaysia, where one of the leading banks has begun installing kiosks where customers can use their bank chip card and the MyKad ID card (without biometric authentication) together to link the ID card with the bank account automatically:

Consumers will have to open either a savings or a current account with EON Bank, which is the only bank providing payment transactions through the MyKad at the moment.

[From Buy fuel with your MyKad]

The scheme is targeting the fuel sector in the first instance and has signed up all Caltex and BHP filling stations, so that customers can fill up and they pay at the pump with their ID card. Since the margins on fuel are thin, the sector has every incentive to cut payment schemes out of the loop and move to direct bank transfer via ACH. I wonder if they even bother to authorise the transactions: after all, if you try to cheat them by presenting the ID card when you have no money in the bank, they have your ID details and I imagine you'll be hotlisted pretty quickly.

Continue reading "I'm sure banks have a strategy for this kind of thing" »

Location layer

By Dave Birch posted Sep 16 2008 at 9:14 AM

[Dave Birch] I recently gave a talk about the using mobile phones as carriers of identity "cards", pointing out the kind of functionality that such an implementation could deliver into the hands of citizens and consumers. I'd used Neil McEvoy's "identity as utility" as the paradigm and demonstrated, I think, that the mobile phone is (for the time being) the most logical means to implement national-scale solutions. Caspar Bowden of Microsoft was in the audience and -- as I always genuinely appreciate -- asked me a couple of tough questions that I've been reflecting on. One of them concerned the relationship between security and privacy in an environment where the connection layer not only knows who the users are, but where they are at all times. This, Caspar reasoned, means that any implementation that tries to use privacy-enhancing technologies at a higher layer will necessarily be confounded, since trivial data matching in mobile phone records or ISP records will deliver an accurate record of both where you were and who you were talking to. This is, of course, correct. As Ben Laurie has so clearly pointed out, unless the connection layer is anonymous, nothing else matters. Uh oh...

A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous. The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

[From U.N. agency eyes curbs on Internet anonymity | Politics and Law - CNET News]

Shouldn't there be some kind of informed public debate about this kind of thing? (If you want to read up, start with the document that Robin Wilton pointed me to at the ITU.) This isn't a bit of irrelevant geekery on the margins of society, it's a fundamental issue, a fundamental bound on the development of communications.

Continue reading "Location layer" »

Jonathan Craymer and Stephen Howes, GrIDsure

By Dave Birch posted Sep 9 2008 at 1:09 AM
[Dave Birch] Jonathan Craymer and Stephen Howes are the inventors of the GrIDsure system and founders of GrIDsure Limited. GrIDsure is a "visual PIN" system, which replaces a simple numeric PIN with a pattern-based alternative. In this podcast, they tell us where the idea came from and where they hope it might go.

Continue reading "Jonathan Craymer and Stephen Howes, GrIDsure" »

Losing contact with reality

By Dave Birch posted Sep 8 2008 at 7:20 AM

[Dave Birch] When I first heard about the government's "Children's Index" project, I was quite scathing about it (perhaps a little over the top in one or two places) because I felt that the basic concept was so transparently flawed that the management consultants should have been sent away with a flea in their before it ever got near a gateway review. It looks as if it's turn out to be an even bigger waste of a quarter of a billion pounds than even I had suspected. It's been delayed yet again and who knows when, and it what cut-down form, it will ever be used. If it isn't delayed indefinitely until it is quietly scrapped.

A fundamental flaw with the scheme (now known as ContactPoint) is the idea that you can give upwards of a third of a million people access to a system and expect its contents to remain secret in any kind of cost-effective way. And, of course, any sensible person would reason similarly:

If you allow large numbers of people access to sensitive data it's never going to be secure. You can't protect it. ContactPoint should simply never have been built."

[From Database delayed: Critics fear children may be in danger | Education | The Guardian]

The dangers inherent in this kind of system, that collects sensitive data and then opens it up, do not need to be repeated. Nor are the restricted to the public sector. In today's Korea Times I read that:

Two CDs, containing the private information of more than 11 million people (including politicians and government ministers) were found in pile of rubbish in Seoul. GS Caltex, the oil company from where the data had leaked, said that they took private information very seriously and only 12 employees were authorised to access the database.

They can't keep the stuff safe with only 12 authorised users, so goodness knows how ContactPoint is going to keep it safe with 300,000 of them. It would only be a matter of time before some minor functionary in local government left a laptop on a train, or a management consultant analysing the data lost a USB key, or whatever, and the whole database would be exposed.

Continue reading "Losing contact with reality" »

Privacy expectations

By Dave Birch posted Sep 6 2008 at 12:07 AM

[Dave Birch] Interviewed in New Scientist, Jacques Stern, the head of the Laboratory of Computer Science at the Ecole Normale Superieure in Paris (called the "high priest of French cryptography" in the article), says that "In future, people will look to cryptograpghers to protect their privacy". I couldn't agree more that this should be true, but it's not clear to me at all that it is true. We've got to find new ways to communicate the rich and diverse world of digital identity to the public, to the public sector and to their management consultants. If we can't, they'll never be in a position to demand privacy or expect it to be implemented as part of the systems that they interact with.

Continue reading "Privacy expectations" »