About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« January 2009 | Main | March 2009 »

5 posts from February 2009

At whose fingerprints?

By Dave Birch posted Feb 25 2009 at 6:41 PM

[Dave Birch] I went to the Social Market Foundation chat about biometrics sponsored by the Identity and Passport Service (IPS). The speakers -- Jim Wayman from San Jose State University, Peter Hawks and Hugh Carr Archer (Aurora) from our friends at IAFB, Farzin Deravi from the University of Kent and forum friend Toby Stevens from EPG -- got a good discussion going although personally I thought it was a little too short. I was very interested in some of the points being raised from the floor and would have appreciated more time for expert reflection from the panel.

Jim started his talk by referring to the "colourful" history of the future of biometrics, which appealed to my current obsession with paleo-futures at the CSFI, and made a couple of points that I think are worth opening up for discussion here. First of all, he made the key point that biometrics doesn't solve the problem of identification but once you have identified someone then you can use biometrics to link them to that identity. Biometrics is easy, identification isn't, and biometrics do not guarantee the validity of non-biometric data in database (this is why I keep promoting the "biometric only" plan from the UK National Identity Register). Secondly, he made me reflect on the difference between schemes where the "users" care about multiple uses or not. So, if I have a season ticket for the London underground, I don't care about my brother using it on the days that I'm not. But I don't want him using my credit cards on days that I do not. So why would you need a biometric for a bank card? Good point. I think that the answer is that if we want to use cards for larger transactions then we can't use PINs because PINs are too easily snaffled, but I'm going to think some more about this and post in the future.

Continue reading "At whose fingerprints?" »

How do these ideas make it through to implementation?

By Dave Birch posted Feb 23 2009 at 9:42 PM

[Dave Birch] In the US, there is something called the Enhanced Drivers Licence (EDL) which is used not primarily as a means to demonstrate someone's entitlement to drive a motor vehicle but as a proxy identity card.

The Smart Card Alliance says it recommends an immediate review of the decision to use EPC Gen 2 RFID technology in US travel documents. “The Alliance is prepared to endorse the correct use of any technology that provides adequate protection of privacy and identity information. However, as the US Passport Card and EDL programmes were being defined, the Smart Card Alliance went on record advising against using an insecure EPC Gen 2 RFID solution that puts the privacy and security of US citizens’ personal information at risk.”

[From Security Document World - Biometrics, Passports, ID Cards and Visas]

Who cares? After all, what does it matter if a fraudster gets hold of your driving licence details. All they can look up is whether you have a licence or not, right?

Still, victims-rights and privacy advocates remain concerned about one important Real ID requirement, which dictates that state DMVs interlink their databases and make all their drivers' records and identity documents available. The final rule says that both an individual's "full legal name" and "true address" must be stored in the DMV database, regardless of what's displayed on the card and encoded on its bar code. It also requires that motor vehicle departments scan and store "source documents," such as birth certificates, to verify a driver's license applicant's identity.

[From Real ID worries domestic violence groups | Tech news blog - CNET News.com]

Hhhmmmm. There may be some interacting unexpected consequences around the collision between identity and entitlement here. This is what happens when you jumble together entirely different concepts under the banner of "common sense".

Continue reading "How do these ideas make it through to implementation?" »

The China syndrome

By Dave Birch posted Feb 10 2009 at 7:51 PM

[Dave Birch] A couple of days ago and I again mentioned the government's "break the glass" plan for a national identity scheme. In other words, what is the emergency plan to be followed should the integrity of the system itself fail. The point about the "break the glass" plan is a serious one. While I have no evidence that the government has such a plan, I'm sure they must do. If hackers, mafia extortionists or opposition MPs get into the database then someone has to be able to press a button to sound the alarm, to raise the drawbridge to other government systems and to initiate the meltdown process of re-issuing keys (or whatever else needs to be done).

What kind of meltdown might require the government to break the glass? Well, just for amusement purposes (since it could never happen, because the Home Security said that the ID card system will use "military" security) let's suppose that a disgruntled member of staff steals the entire biographical database. Let's say a fifty million individual records (5 x 10^7). Each individual record comprises 50 data items -- actually in the UK Identity Cards Bill it was slightly more than 50 -- so that's 5 x 10^1. Let's say each data item is 1KB. They're not, but whatever. So now we have a database of 5 x 5 x 10 x 10^7 or 25 x 10^8 or a couple of terabytes. That's it, a couple of a terabytes. I can buy a 2TB USB hard drive on Amazon right now for a couple of hundred quid and by the time the database is up and running, it will be fifty quid. So I can store the entire database for next to nothing, chuck it in my car and zoom off with it.

When they come in in the morning and notice it missing, there needs to be a big red button on the wall that they can smash the glass and press. Ah, you might say, it seems unlikely that a vetted civil servant will deliberately and flagrantly break the data protection act or whatever. Well I imagine that's what they thought in Chile, before a civil servant started publishing their national identity register on the Internet. We shouldn't let this kind of thing stop us from building a better identity infrastructure, but we should use it to help us build a better one, by which I mean one that depends on open peer review for its security.

Continue reading "The China syndrome" »

Privacy invasion by design

By Dave Birch posted Feb 8 2009 at 9:14 AM

[Dave Birch] I've been reading the excellent report on Privacy by Design that was published by the Information Commissioner's Office in December. As I'm sure many of you will know, the report was written by Forum friend Toby Stevens of EPG. As therefore might be expected, it is a thorough piece of work that makes practical recommendations. As I was reading through it, I began to wonder to what extent the implicit assumptions about what is "good" or "bad" (the report is not that simplistic, by the way) are purely cultural and therefore to what extent the idea of some kind of identity infrastructure that can deliver appropriate privacy, identity, credential, reputation and other structures on an international, web-wide basis is really plausible.

Continue reading "Privacy invasion by design" »

Is there a business in ID or not?

By Dave Birch posted Feb 2 2009 at 5:22 PM

[Dave Birch] I spent the day at the seminar on the business use of ID cards at the EEMA/Digital Identity Forum seminar sponsored by Consult Hyperion at the British Computer Society. The presentations are available from the EEMA web site so there's no need to go through all of them here, but I just wanted to make a couple of points that came out of the day. The event was kicked off by the Parliamentary Under-Secretary for Identity, Meg Hiller. Meg gave an overview of where the UK national identity card scheme is now, and where it will be going. She kindly agreed to stay for an extended question and answer session, and just to show how modern we are I've posted a couple of minutes of this up on YouTube. She gave a couple of examples where businesses might want to use the cards, which was the point of the seminar. The example of video rental was once again to the fore, as well as banks. Meg also said that retailers could see the benefit of requiring an identity card to be presented for certain services and this set me wondering what kind of retailers these might be. I can see that retailers might need to know whether you are 16 to buy glue, or 18 to buy beer or whatever, but they don't need to know who you are. The more I thought about it, the more I thought that there is a real distinction between retail transactions where the retailer needs to know who you are, and retail transactions where the retailer wants to know who you are (and, conversely, in some cases you might want them to know who you are, because of warranties or something), and retail transactions where the retailer doesn't care who you are but needs to uniquely recognise you because of loyalty schemes or promotions. I have to say I was left unconvinced by the retail example. Her public sector arguments were much better, because it is a common an infuriating experience to have to keep giving your name and address and personal details to various departments over and over again. The example that Meg gave was of going through maternity services in the NHS, where she has to keep filling out the same personal information over and over again. I didn't think that was a good example, because the current government has spent TWELVE BILLION POUNDS on the computerisation of NHS patient records. It doesn't automatically follow that another few billion on the identity scheme would make any difference to her experience interacting with her local council, hospital or schools. Meg was also right to say that it's frustrating to have to fill out forms online, and indeed it is, but we had an afternoon presentation form the chief security architect at IPS, Andy Smith, and it was not clear to me from his description quite how the scheme is going to help here. Perhaps more technically-informed delegates could explain further.

Continue reading "Is there a business in ID or not?" »