Slashdot Mirror
Hong Kong Gets Smart ID Cards
darnellmc writes: "This AP article is about Hong Kong's new smart ID cards (mandatory) with "embedded computer chips that hold names, pictures and birthdates -- as well as a digital template of both thumbprints". The picture in the article shows a man holding them and smiling. The article also mentions "Hong Kong's government backed down on proposals to have the cards carry health and bank records". The Hong Kong government hopes to add optional features like using them as driving licenses and library cards. This government learned nothing from the USA's abuse of the Social Security number, this is much worse. Hoping one card will do it all. These cards are also in the works in other countries like Finland, Malaysia and Japan where they are to be optional. Thailand
is working on a mandatory card."
Can somebody succinctly summarize the percieved threats of a national ID Card?
If the card is stolen, officials say the data on the chip can't be easily retrieved.
Officials estimate the seven-year plan to distribute the mandatory cards to all Hong Kong residents, aged 11 and up, will cost $400 million.
The expense includes computer database, networks, card readers, technical support and additional staff. (My emphasis)
Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised. Once bank information is on them -- and I have no doubt that that bit of the proposal is only on hold, not really dropped -- how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?
Nope, no sig
..in itself, but in practice, there's no way at all something like this will avoid abuse, commerical, governmental, or privately. What's to stop someone with a smartcard writer from creating their own, or modifying someone else's? As well, if they decide on implementing access to banking information, credit cards, what happens if you lose your card and don't notice right away? Someone could pick it up and have full access to all of it. And they could really rack up late charges if they put the library card function on it :)
There's also another article on this at wired.com.
I live in a country where we do not have a particularly advanced national ID number system such as the American social security system or the system proposed in the article. I recently had an interesting conversation with my dad who works in a hospital on the accounting side. He mentioned that people overseas don't understand how he can function without a well-developed national ID system. They can't believe that it is still possible to track people and get payment (part of my dad's job) without having that person's ID. There are some problems that arise, but the basic point that I am trying to make is that something like this is not necessary - and there are countries that prove it. People are just so used to the system that they can't believe that it is possible to exist without it.
This government learned nothing from the USA's abuse of the Social Security number, this is much worse.
ID cards are have been mandatory in Hong Kong for a very long time - they were just not "smart" yet.
Identidy theft/number abuse is NOT a problem.
Do you have a driver's license?
What is on that?
Mine has; name, birthdate, address, height, weight, sex, eye color, date issued, organ donor status (yes), class, picture of me, and my signature.
And the state that it is issued in has my social security number, car information, insurance information at the dmv.
We have long been in this horrible place that people have only started to worry about since 09/11/2001.
Er, what makes you think that these abuses aren't precisely what the government wants to emulate?
/. If the government wants us to respect the law, it should set a better example.
REVELATION 13:16-18
And he causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name. Here is wisdom. Let him who has understanding calculate the number of the beast, for it is the number of a man: His number is 666.
well im sure everyone is thinking somewhere along the same lines of security issues with these cards. What will happen if someone is able to sucessfully duplicate an individuals card. The information has to be kept somewhere, and if that database ever gets hacked, say goodbye to everything - credit card numbers, back account information, health issues that could arrise from having all your health and medical conditions kept on this one card - - On the plus side i'm sure there is going to be lots of bounus to the card as well. Bac kto the medical reasons, anyone that carries their card could have all the treatment proceduers for that "rare life threating disease" they may have. I think it would be a major toss up, the list of pros and cons could go on for a very long time.
Hong kong has had mandatory ID cards for years, mostly to make sure you werent a mainlander who was there illegally. It's not much of a leap from that to this.
If you thought your info was easy to steal now...
Just wait till identity theft takes a new turn in the digital age.
Just as the low bandwidth high quality of MP3s allowed the easy download of billions of songs,
I can only imagine how easy it will be for criminals to get their hands on the info stored in those cards, all they need is a reader and a storefront to rake in the identities, turn around and burn their own smart cards, and guess what SHOPPING TIME, YOU'RE DIVORCED, YOUR MARRIED YOUR DEAD, YOUR IN GUAM!
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
so then the only solution is an implant...
or the mark of the beast...
REVELATION 13:16-18
So this change is limited to putting a smart chip in a card people already carry.
Not that its not dangerous -- there are a whole load of risks associated with people not knowing what information they are giving up whenever they show it (though there are laws about who is allowed to request it), as opposed to a print-only card where its obvious what you are showing.
indecision
Now if only we could implement a system like this is Britain. With our losses of GBP£8bn per year, this sort of system could be used to help reduce benefit fraud, illegal immigration, monitor health service usage... In fact, with some well written tools, this data could be used *positvely* to target health care resources where they are most needed. Also, having your criminal record tagged to smart cards could also be used by a potential employer to verify your background. This can be a useful means of keeping dishonest employees out of the workforce. There will be loads of people out there screaming "big brother", "1984" and that "sacrifice liberty for safety" quote, but when you look at the benefits of the system, I think it is a brilliant idea.
And no one in the US who's proposing mandatory id cards considers the fact that one of the first implementations comes from a communist country. Yes, Hong Kong was once British territory and their governement probably hasn't changed that much, but they are still under communist rule. This is a TRUE example of 1984, just a little late.
My concern for the people of Hong Kong is less about theft than government control. I hope our representatives are watching closely the actions of the largest communist country in the world. I can't wait to hear a politician say "Well if it worked for China, why not here?" My biggest fear comes from our country eventually attempting the same thing here and how similarly it'll probably get abused by the government.
Developers: We can use your help.
What do you expect from a goverment that is focused on control of the masses?
1) The US is a country with possible the greatest level of personal freedoams in history (maybe not, YMMV)
2) The US is a country where the Government has access to more information on people than has even been possible in history.
Typically, in the past Lots of government information = no personal freedom, a very repressive society, etc.
David Brin's take on this is that there are several other factors involved in this that expalin the apparent parradox, the primary of which is the access to information about the government is also the highest it has ever been, at least in the US.
He has a number of articles online dealing on the issue of privacy. In my mind, to a certain extent it is a war where the government is trying to hold on to it's secrets. This is kinda obvious in China, where alot of corruption is hidden as state secrets.
Not that this would _ever_ take place place in the USA.
on the other hand, I do not know how "transparent" a world I am currently comfortable with.
"It is a greater offense to steal men's labor, than their clothes"
Furthermore, if they are worried that a cracker might access the government data and change it, then they should also create a backup of that data on a permanent storage (ROM) device, like on a CD. That way, they can always check to make sure the government database data is in fact correct.
Without allowing for a way to easily cross check the data on the smart card with data held elsewhere, this ID card will be of little use to anyone, since there will be no guarantee that the card is accurately identifying the card holder as a citizen. In other words, there is no guard against false positives. It has the same limitations as paper Social Security cards, as there is no way to authenticate that the ID card itself is legitimate.
Why does everyone bring up 1984 like it's the fucking gospel? I seem to recall an essay by Asimov (can't remember the title, and I can't go find it cause I'm at work) that advocates the use of this kind of ID card. He brings up many cogent points, at least grounded in reality.
I'm not particularly afraid of this kind of thing. It seems to be basically all the same information you would already have to carry around, just in one place. Okay, sure - you wouldn't want to lose it - but I don't see how this is in any way the first sign of the apocalypse!
Ah, whatever - Flame away...
Do they count the day that Christians profess faith or something?
Maybe they have conception day on there, too?
Or does it hold other people's birthdays?
Can it beep to remind you that it's your friend's birthday and you're a big slacker and didn't get them a present?
It would be like an ID card and PDA in one!
-- Erich
Slashdot reader since 1997
Remember that Hong Kong residents have a lot of rights that the rest of the chinese simply do not have. The border with continental China has always been one of the most guarded ever.
In situations like this, a mandatory ID card makes a lot of sense. As a matter of fact, they have always had an ID card, its only smarter now.
No sig for the moment.
They don't describe how the system protects against forgery, but the do talk about information only being stored on the card. No central database to check against. This seems rather unsafe to me and a poor way to implement an identification mechanism.
The Economics of Website Security
these are probibly not mutch different than hu cards dss uses it should be a very short time before people can change the information on them.
The UK government last month proposed a compulsory-to-own card, which need not be carried. Consultation papers should be released some time in the Spring or Summer. here is the Home Office Press Release.
http://www.citybus.com.hk/english/octopus.htm
I wonder if the world acclaimed octopus smart proximity card ticketing system suffers from the identiy theft problem which you so fear. anyone here used it?
This government learned nothing from the USA's abuse of the Social Security number.
How could we expect them to learn anything when we have Congressman screaming "National ID" since 9/11. The article itself mentions the USA as considering a national ID.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
I personally think this will be the first step. I think everybody knows that these cards will be tampered with. But, the technology will work. The convenience factor would be too much for ordinary people and governments to pass up. They just need a more tamper proof solution, which will lead to someone suggesting that those smart chips be implanted. It's only a matter of time.
I used to work for a fortune 500 and they had very tight security. ID cards with an embeded chip was mandatory at all times and you had to log in and out of the building. Me an some of my friends noticed that the readers could be magnified to read cards from a couple feet away and still give the green light. What this means is that theoretically, the government could place these readers in the entrances to the subway or to office/gov buildings and see who is comming in or out if your card is in your wallet!!! this also opens up a whole new line of corperate spying/marketing.. A store could simply place a few of these readers strategically in there narrow enterance and every time you entered, they would have all of your personal information and be able to track your shopping habits .etc.. The things they could do are endless!! this is the problem with smart cards as opposed to magnetic stripes.. smart cards do not require contact to be read.. a criminal just needs to walk by you to steal you data/credit info/identity!!
The Chinese government would use this technology in ways that would benefit everyone.
These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.
All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?
If such a card was introduced in, say, the European Union, citizens would probably have the right to:
I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.
Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...
So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
From the CNN article: If the card is stolen, officials say the data on the chip can't be easily retrieved. This is probably not true. Check out:
Tamperproofing of Chip Card(s) - abstract: There are two ways of attacking smartcards - destructive reverse engineering of the silicon circuit (including the contents of ROM), and discovering the memory contents by other means; a well equipped laboratory can do both. Persistent amateurs have often managed the latter, and may shortly be able to do the former as well.
Tamper Resistance - a Cautionary Note - abstract: An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems - some old, some new and some that are simply little known outside the chip testing community. We conclude that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as `the most secure processor generally available' turns out to be vulnerable. Designers of secure systems should consider the consequences with care.
With any cryptographic system, it all comes down to one concept: time. With enough time and resources, these cards CAN be broken, overwritten, you name it. We have seen ubiquitous evidence that even the strongest cryptography can be broken in time. HK is planning on using these SmartCards as digital passports. "Smart card holders will speed through Hong Kong immigration, using self-service kiosks that match digital biometric data on the card against the cardholder's fingerprint image read by a scanner."
The scariest part, for me, is that HK is setting a precedent. And it won't take long for other countries to jump on the bandwagon.
--
Disclaimer: The above statement probably includes half-truths, because real truth is too complicated.
I worked for three months in Hong Kong in 1984, and I had to get an ID card. I still have it today, although it has long since expired. When they took the photograph of me, they spent several minutes touching up the photograph. They also insisted that I take off my glasses. It is one of the most flattering photos of myself that I have ever had.
I also still retain my bank account card. I left HK$10 in that account (about 1 English pound, or US$1.7). I wonder if that account still exists today?
A DNA identification system would probably be best. You do not need to carry a card, or remember some arbitrary number. It would be very difficult for someone else to impersonate you.
The real problem is in how much information should be allowed to any given individual or organization, and how long that information is kept on file. Its one thing for a Bank to learn that you have a history of defaulting on loans. But does a bank really need to know that you were arrested for Possession of a Controled substance and spent 2 years in Prison 15 years ago?
ID's should not be smart. They should only give you enough information that you can positively identify a person and gain access to the information. DNA ID could do that, and if the control of DNA reading equipment was very tightly regulated, there would not be many chances for abuse.
END COMMUNICATION
This government learned nothing from the USA's abuse of the Social Security number
Well, what we learned is that a publicly available identification number shouldn't be used as a password for banks, credit card approval, etc.
We didn't learn that it's necessarily bad to have a national ID.
Personally, I don't see what's wrong with having identifying information on a fairly secure smart card.
Now, being required to carry it everywhere would be a bit more of a hassle than I'd want to endure, but then again, AFAIK the police here in the states can take you in for minor infractions if you don't have any identification on you.
Why are you letting these clowns ruin our country?
These are just pilot projects for the one-world government to iron out the kinks before giving all of us these IDs. You KNOW it's the truth! The only way to protect youself from the mind-reading space-stations is to buy one of my Open-Source shiney foil hats.
Don't bother calling, just think of your credit card number REAL hard and we'll direct bill it right away...
Just wait till some crappy band steals your nic.
It also has space for future applictions such as health records, electronic cash, a prepaid travel card for selected trains, buses and highway tolls.
As for security, the government assures us that the information is stored and encrypted seperately so that there is no central backdoor (like Clipper) to different departments to get hands to track what you spend and where you are going. Considering Malaysia's human rights record, I'm rather worried about this one. Driver's license and ID card and health is ok for me, but the electronic cash and other forms of transction based functions are rather worrying in the wrong hands.
Anyway, it is not news for me. I welcome the Hong Kong SAR Government to introduce Smart ID cards. It is very very troublesome to carry all kinds of cards around in my wallet. The new Smart ID will combine my ID card, driving licence and library card into one!
I have long enjoyed the convenience of Octopus, a smart card to travel around and buy things in convenience stores without the need of heavy coins. This certainly made every Hong Konger's life easier and happier. Given such a successful story, I think the Smart ID will be widely accepted, just like Octopus.
IIRC, about a million Smart IDs will be issued during the trial period, before the official launch. I will be happy to be one of the tester of this new technology!
As soon as someone invents a 'smartcardwriter' let me know. That kind of technology should also be advanced enough to be used to make a replicator ;-)
Anytime there is an article about Smartcards it suprises me again how little the avarage slashdotter knows about smartcards. Smartcards are not simple memory chips. They are extremely hard to crack.
For cracking you need stuff like milliondollar ion-lasers and super strong microscopes.
It can be done, but 'smartcardwriters' don't exist.
The software on the chip though needs to be well-developed and the encryption used needs to be strong. But there is a lot of exerience as these chips are used for electronic purses known in for instance in Europe.
---
Let's see... We have a driver's license that has our Name, Address, Date of Birth, height, weight, hair color, eye color, gender, photo and signature -- as well as a unique identification number. This information is available to authorities on a national level.
If you've ever applied for a clearance or government job, been arrested, driven a taxi, or applied for citizenship, etc., the government already has your fingerprints on file. This information is available to authorities on a national level.
Do you have a bank account or credit card? Bought a house? Bought a car? Registered to vote? Filled out a draft card when you turned 18? Filed your taxes? Guess what? This information is available to authorities on a national level.
Not only do the authorities have access to this information, but so do malicious persons in the right place at the right time asking the right questions or breaking the right rules. Identity theft happens all the time, and it probably won't be any different with a national ID card system -- unless the system can be made better through technology and the never-ending pursuit of a more efficient and secure way.
With advances in technology, there are always going to be a select group of people that will try and break it -- and some will succeed. This will only work in the favor of advancement, though. If we are left to believe that a system is unbreakable, without the chance to *prove* that it is unbreakable (whether legally or not) then we have truly had the wool pulled over our eyes.
I applaud the notion of an all-in-one identification card. If it means that my identity is secured just a little more than it is with the current system, isn't it worth trying?
This government learned nothing from the USA's abuse of the Social Security number
Pull your head out of your computer and look around for a while. The Hong Kong politicos learned a great deal from the US system. They learned that people are sheep and will take anything if you slip it in slow enough. They learned that if you promise bread and circuses that they will even help you insert the object. They learned that once a system has been in place a while that the people will accept the reduction of their citizenship to chattel as gospel and a requirement to efficient government. They learned that an overbearing central government can be made stronger and more power delivered to fewer people if the people are reduced to interchangeable numbers. But most of all, they learned that people are sheep and will respond well to an idiot smiling about being reduced to a statistic. ("See, I got my check. Isn't the government so nice to give me money for nothing. What do you mean the government had to take the money from someone else? The government doesn't have to do that, 'cause the government can MAKE money")
How can you begin to think that the other countries would not pick up on these valuable lessons that the US government has provided for the world.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The fear of any ID card system is that fraud is easy with digital data. It doesn't matter if there is a photo on there, if they can only be used by the holder, etc. Someone who owns a machine to read them can read whichever card they want and commit fraud.
What is really needed is an end to all this technological one-stop solutions for all ills. An ID card with digital data that is fully, securely protected is a dangerous thing.
Personal liberties aside, the societal ills that this kind of scheme is supposed to help are actually amplified. Big Brother fears are already hitting us, people are more wary, and today's society is so fragmented, so hard to please... how can we fix this?
Conversion Rate Optimisation French / English consultant
The US has chosen social security numbers for its globally unique identifier, just about the worst choice you could make. As a consequence, identity theft is rampant in the US, as are administrative snafus. Also, the US spends enormous amounts of money on border patrols, employment verification, and immgration status verification, when a secure ID card would solve the problem much more cheaply and reliably.
The way to fix the problem with SSNs is not to go back to the middle ages and pretend that you can get by in a modern society without a unique identifier. Rather, we need secure, unforgeable, globally unique identifiers. And smartcards are the most promising and least obtrusive way of doing that.
Unique, difficult-to-forge credentials and identifiers are in your and my interest. They aren't in conflict with privacy and security, they support it. It's time that the US gets with it.
It's a chip card and it contains two sertificates: One for authentication and one for signing. I don't know how secure and useful this card is... You can read about it here (in English)
There is a very basic principle in democracy that is called separation of powers. Law making, law enforcement and justice have to be independant. Having a single id is a bit like not having powers separation : it smells like dictature. Your taxman does not need to know your consumer habits, nor health information, and things should be made in such a way that crossing information is, if not impossible, very difficult. Having a single card that can be use for almost anything is a potential risk : yes, our governments may swear they will respect our privacy... until they decide that for exceptional reasons they absolutely need to cross information - and if you go against it your patriotism will be in question. The "separation of IDs" will maybe need years of fighting, but is certainly the next fight for democracy.
http://www.genxius.com had this story yesterday.
However, I am not convinced that a 'one card for many' is bad. As long as there is consistency of application and security in place, then I think that it would be a good idea. The key here is that there can be multiple formats, but one card. Sort of like how your wallet will have credit cards, drivers license, voter card, SSN card, checks, money, etc. all in one convenient package. If a thief steals your wallet, your money is gone. What about your credit cards? Well, if used properly, the checks in place will prevent the thief from using your credit cards (because of the photo ID, and signature matched with you and the sig on the CC). the problem is that those methods are very rarely used for verification. I had a friend (yep, one of them FOF) stories that has signed their credit card in front of the store clerk, with NO subsequent check of that persons ID to verify the signature was valid. Yet, the clerk did actually turn over the card and check the signature... how useful!
Can there be a single ID card that will store multiple ID's, including the library card, photo ID/Drivers license, etc. Throw in some advanced security measures and methods... would this be a bad or good thing?
I suggest they burn LOTS of CDS, and that they put them in many places, so as to avoid problems of having their eggs in one basket.
How come the goverment (I assume the original article is US centric, because of the example of social security numbers) wants to brand its citizens and keep track of them in a typical big brother fashion? I can't see any problem with the technology, I would love to have it so that it's hard to forge these types of IDs and I would love to lessen the number of cards that I have to carry. I already have a "version number" since I live in Sweden and I have a so called personal number (personnummer, I unfortunatly don't know a better translation).
I am not going to go into any kind of US bashing, as that works against my goal here. I do on the other hand want to ask you why you have all these fears, and what kind of goverment that is in power. I would have expected this kind of behaviour from the Taliban, The Stalin Sovjet Union, the Stasi in old East Germany, or from fictional settings such as Farenheit 451 or 1984. Is this also going to be the reality in todays USA with the SS, NSA, FBI, CIA, AOL, DIA, etc acting as SS, SA, Stasi, KGB, GRU, etc?
Hmm, I don't think I will really change anything with this rant, but maybe the few of you who read it might think about it. Agree with me, disagree with me, have opinions, but first and foremost, think about what freedom really is, and how to sustain it.
As a high-level Monex employee once acknowledged to me, it is obviously physically impossible to guarantee anything about hardware, basically anything that can be hacked will be hacked. So they have a system I was told that assumes cards are periodically updated.
If hardware is faulty Hong Kong will have to replace every card physically, ignore the problem, or try to do an online fix.
I think it is a pretty good bet that those readers, possibly when provided a suitable crypto key over the network, will be able to update the smart card software to the extent possible.
Also, if someone trashes a card they are going to be able to get a new one. Presumably they will have to show up at a government office in person with fingers attached if their card stops working.. Plenty of room to work the system at plenty of points it would seem.
"This government learned nothing from the USA's abuse of the Social Security number, this is much worse."
Generating a HKID card number with correct check digit is too easy. There were news about people using photocopies of ID card and successfully applied credit cards. I think we do learned something about number abusal. That's why they hope a smart chip ID card can help. Or maybe implant ID is the way to go?
The Social Security card is a piece of paper which asserts a binding between a name and a number. It's not a reasonable form of identification at all, and that's why it says "not for identification" right on the card.
These Hong Kong cards assert a binding between the name, the number, the appearance of someone's face, and the configuration of his thumbprints. Assuming the authenticity of the card can be verified, this is a MUCH stronger condition and makes it reasonable to trust that the person presenting the card is the person to whom the card was issued. These cards might actually be useful.
The main problem is that idiots who think the SS card means something that it does not, will be even more certain that the smart ID means something that it doesn't. The cure for that is to move the idiots into jobs where they have no opportunity to make that sort of mistake.
Lets say there is a system in place such that the only way to read the data off someone's card is to supply your own card. This could create a public audit trail to see who is viewing your information. This would provide accountability to prosecute anyone how accesses your information without authorization.
Everyone seems to be so against the idea of ID cards, but they really aren't addressing their fears. I really believe ID cards would be highly beneficial if they are implemented properly.
I also strongly believe that ID cards are coming to the US no matter what, so those of us that feel strongly about this issue should get on board and starting thinking seriously about how best to implement the inevitable system.
-= alphaFlight =-
Counterfeit ID cards in Hong Kong was pretty rampant. Hope this new card can help.
schedule/profs/etc.
/dev Null 8)
Seems damn useful... maybe I'll redirect it to
* Offtopic * Go remove a point from a Troll Elsewhere, Thx *
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
...economic freedom does not have much to do with actual freedom.
Hong Kong is regularly hailed in business newspapers such as the Wall Street Journal as the freeest place to do business. And before Hong Kong, countries like Taiwan, South Korea, Malaysia and other asian despotic nations with a democratic facade were high on the charts.
The equation free market = liberty is a lie.
The poeple of Hong Kong don't need your concern. They know that ID cards most threaten outlaws, criminals, nuts and losers. Hong Kong is one of the most prosperous, stable and free societies in the world. Probably much more so than whatever hole you're stuck in. Hong Kong's success is rooted in trafficking opium. Work that out. Hong Kong owes no money to no one. There's very low crime. No violence. Only cops and crims have guns. I lived there for over ten years. Made loads of $$$ yet legally paid no tax since 1994. I can flash plastic ID and fly away to any destination in the world. Flash the card again when I get back and leave NO RECORD of where I been and what I did. You guys from Land of the Chained, Home of the Scared seem so restricted by comparison. Not only that but HK has an amazing infrastructure. Broadband everywhere. Biggest container port, most sophisticated airport, best looking babes, best drugs, 24 hour partying, the list goes on. What fascinates me is the hypocrisy of this site. It purports to promote freedom while simultaneously denigrating privacy lovers with the label of Anonymous Coward. Go on freedom lovers... Remove this post. If you can live with the shame.
I think this is a good point.
Why worry about ID cards when we are talking about deploying security cameras everywhere? And what happens when face recognition software becomes good enough to pick you out in a crowd?
If anything, ID cards are less problematic than things that are going to happen -- the only difference is that technological surveillance measures will be put in place without our permission, cooperation -- or even awareness. If the police are tracking you with your ID card, at least they can't do this without disclosing that they are doing so.
Technology is putting this capability into the hands of government and private industry whether we will or no.
I'd support a national ID card now for two reasons. First, the issue of government abuse is close to being mooted by new technology. Second, introduction of such a card will slow down the adoption of less obvious surveillance measures so that we can consider how to to make the operators of those measures accountable.
Getting to the issues of smart cards, I think the problem is in placing too much trust in them. First of all, they have proved more vulnerable to cracking than we first thought. Secondly, the cards themselves are useless without systems around them to do things with the information on the cards, and the card holder has to be careful about trusting those systems with access to his card.
I think it is wise to avoid putting sensitive records (bank records in particular) on these cards, at least at the outset. Concentrate on tamper proofing them, and let organized crime get a few years to crack them when they are relatively less critical. At some point in the future we can make a more informed decision about how much to trust the cards and the systems they interface with.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Just finished watching Schindler's List last night (I recorded it in 1997; this is the first chance I've had time to watch it). I was particularly intrigued with the portrayal of the Germans as an extremely efficient data collection machine. So much easier to round up those who offend you if you have good records to go by.
This appears to be the first step in Hong Kong to crack down on those who continue to flaunt the Chinese ideological line. It's so much easier to keep your harassment of political dissidents out of the public eye when you have names, addresses, etc.
And anybody who voluntarily participates in such a program should really stop and think about the ulterior motives behind the government -- any government -- maintaining an ID database.
REVELATION 13:16-18 is almost, but not quite, precisely unlike ID cards. Useful ID cards all have *different* numbers. Perhaps you've noticed?
The mark of the Beast serves to *destroy* personal identity, not to assure it. It's got nothing to do with knowing who you are; it's about saying that your identity is irrelevant, that you're property.
At least get the right Apocalypse, will ya?
Seems to me one of the biggest problems with using one of these cards is that all of the information is available to anyone who scans the card for any part of the info on it. Say I go to a club, and instead of having a bouncer look at the ID, the club makes me run it through a card-reader of some sort. How do I know that they're just taking my age and name off the thing, and not my name, age, address, phone, blood type, and all the other info I don't think they need?
It would be cool if the cards had some kind of method to block off certain parts of the info. Like if you squeezed a spot of the card for two seconds, it would open up the address and phone stuff for the next sixty seconds. If you squeezed another spot, your medical history stuff would be available. The default state (no squeezes) would just reveal name, number and age.
Obviously someone could just squeeze it before the scan it in a surreptitious manner, but that's not really my point here. You could work the interface any way you wanted - maybe a second card that links to it and you squeeze that one, so bouncers can't make changes to their access. If you could give people a way to control the info coming off of their cards, the potential for privacy invasion (while still there) would at least be reduced.
This tagline is umop apisdn.
the system run by a bundle of clueless people.
The chips used is a passive one - i.e. it'll be powered by an electrical coil (passive) that reacts to nearby electrical fields. In brief, they should have used active data protection, the passive one is already known to have some security issues. However, they simply don't listen, they just want to do it quick, and don't care the rest.
E.g. anybody could easy deactive the ID card by challenging the authentication system while the victim passing by. The problem is that the ID must respond to challenge because it's just a passive one. If the challenge failed the ID card will be deactivated, if it succeeded.....one just need to put that kind of 'challenger' in a crowdy area, like outside cinema, to cause mass deactivation, or gain access to many IDs.
The active one would decrease the chance of it happening, though it's not 100% safe, well nothing is.
Another system built with half-clue is E-Cert. The Hong Kong Post Office wants to become a root CA and they are issuing CAs since last year. It uses 1024-bit key, sounds good.
Except that no one in this project has an idea of key management, or CA distribution. Their root CA is not embedded in common browser like Netscape or IE. Say when you reach a website it says 'the CA of this server is said to be issued by Hong Kong Post Office, but we have no way to verify it, click yes to trust this CA'...The whole point of issuing CA is defeated.
...is not "in works", it's been reality for almost two years. I've had one for more than a year. They are optional, as said. And you can't do practically anything with them (they are capable of making electric signatures, but you can't use them anywhere.)
If the traditional ID cards already carry name, photo and birth date, what's the problem with putting them on a "smart" card ?
As for adding thumbprints, this would make identity theft more difficult, and not easier.
aside from it being cool, what's the use of it anyway?
I don't want it to hold my name and stuff and everything, I just don't feel comfortable with digital devices holding vital information. If we really need a smart card for casual uses (i.e. no heavy security is needed) we have something called an Personal Octopus card, which is something similar. Currently it is used on public transports and in some shops to pay instead of cash. (even some MacDonalds restaurants have this).
If I need an identity card to identify myself, we've already got such a thing, and it has worked for decades. Why change? If it ain't broke, don't fix it... It's gonna be real disaster if someone comes up and hacks the sh*t out of the system.
(PS: I live in HK, despite what my nickname says...)
Don't quote me on this.
Communist China insists on smart ID cards. Do we really want to go down that route in the UK?
Deleted
... what I find scary was that the company for whom I worked for at the time sent me to Hong Kong back in 95 to show them a biometric identification system.
... but rather give them opportunity for reverse engineering.
... a design version that was essentially a glass man-trap.
It was a system similar to INSPASS, only it did NOT offer a 14 character OCR-B/passport-like encoding of the Hand Geometry, but instead had on a GemPlus card both a facial and a fingerprint image.
Of course, having several former Hong Kong natives on my development team, they warned me that it was likely that we wouldn't "sell" the system
The demonstration was very interesting. It was at their version of "Customs" department. Most of the individuals we came into contact were warm, friendly and knowledgable. However during the actual demonstration, there were a couple of very cheap suits (unusual for Hong Kong) in the back of the room, asking questions in Chinese.
No surprise when the hardware we sent over got hung up by their "Customs" for several weeks before it came back to us. I sure hope they didn't get too pissed when I low-level formatted the hard drive before we left the country.
I'd be very interested in seeing the system now. They had at the time asked some questions like, can we use it to trigger a door lock
Later that day, I visited with a missionary who just got out of prison for smuggling Bibles into the mainland. I cried when Hong Kong was turned back over to the Chinese.
It was one of the most beautiful and intriguing places I had ever visited.
healyourchurchwebsite.com - WWJB?
Go and look at my link as well as the article. The cards simply have different art. Look at the mondex card images here:
Chase Manhatten Bank
City University of Hong Kong
University of Exeter
National Westminster Bank
Hongkong Bank
Notice how similar they all look to the one in the article
Basically these things allowed you to carry a balance on a chip on the card. Furthermore, we got these phones from Bell with card slots in the side so we can pay for a pizza over the phone as we order it. The public phone booths had mondex slots so you could exchange money over the phone.
It sounds nice but if this is really what is being implemented in Hong Kong, I foresee dire problems. You see, the Mondex technology was dreadfully easy to crack. Within a week of the technology's introduction, there were people offering to max out the value on your card for only a small price. Also, you wern't carrying around 'real' money. All you really had was a piece of plastic with a chip with some information stored on it. When you 'downloaded' cash from the ATM 'into' your card, the 'real' money was still with the bank. It took some serious prodding of the mondex officials, but my father who was very suspicious of all of this eventually discovered that the banks were INVESTING the money that we were supposedly 'spending' on our Mondex cards. It seems to me like money is being used 'twice.' Clearly this was shady business.
Considing the questionable nature surrounding these cards, I see a nightmare in store for the people living in HK (assuming that this is in fact an implementation of Mondex technology.)
I thinks some people are overreacting a bit.
In my country (the Netherlands) a card is compulsory to travel abroad and for certain official occasions (getting a drivers licence, getting married, subscribing to University, getting a job, opening a bank account or lending money). For most of tehse occasions a simple copy will do. In all other cases you are required to be able to show your card within 24 hours (easy in a mall country). So in case I get in a traffic accident I must identify to the police, but I may do this the next day. (Of course I do have to carry my licence while driving). In most european countries there is a similar system.
So nobody is tracking me with my ID card and nobody will ask for it at the hairdressers. We have had these cards for I do not know how many decennia and nobody is paranoid about them and nobody gets tracked.
I suppose you guys in the US have pictures on your drivers licences, which I presume, are government issued by the DMV or something.
They already have access to all your pictures!
I worked for the company that will provide the PKI SW for the HK ID Card.
;-)
Some details:
"If the card is stolen, officials say the data on the chip can't be easily retrieved."
- No symmetric master encryption key needed for that one. Card will only give information to authorised terminals.
Those kind of terminals authenticate via a certificate issued by a trusted CA (which is not the CA that issues the user Certificate!).
Problem: there is no CRL for the authentication certs. So if a reader is compromised it will be a problem but note the term "easily"
Because the card contains a user cert the entire card can be revoked by the citizen and a lost card can not be used again (but could be read if one authentication private key is known.)
Personally I don't see big problems having a ID card. E.g. Germany everybody above the age of 16 has a ID Card. Big deal...
How does that affect the day to day life?
Opening an account, appling for a loan or credit card: present ID Card and there you go. No messing around with driver licences (hello US of A..), "other" photo IDs etc.
You may very well end up giving *less* information about you to somebody else because the littel bit that you give can be trusted.
Think about it - it makes sense!
The US govenment also has access to pictures of almost all its citizens:
almost all you guys all have drivers licenses I presume. Correct me if I'm wrong, but these are issued by the govenment (DMV department or something).
I wanted to make this point because this issues is frequently occurring in the discussions everywhere.
Why not just make a database of thumb/iris/voiceprints and lookup Joe Citizen's identity when needed? There's no real need for 'cards' here. Anyway, I think this would be very useful in the US. Imagine a world where there's no credit cards to lose, no signature to make, and no PIN numbers to forget!
...because if they use a universal ID card, Hong Kong is in danger of becoming communist...
...well, never mind.
Just to make sure I got the point - it had the same thing stamped across the card in RED.
Sofar, so good - having lived in the Netherlands and Italy - where there is a similar SocialFicscal number or Codifice-Fiscale - I thoughd I understood.
Step 2 - rent a house, get a phone, ... - Housing appartment: "Can we have your Social Security Number please ?". Me - eh - are you allowed to have that ? - it says on the card in read bold "for official use only".... quickly one finds out that it is not so much the governement but private industry which (ab)uses those numbers - and denies access to those who refuse or are unable to give it.
Interestingly enough - when asked by Govt. officials to provide the number - it turns out that this is not nearly as mandadatory - and that each and every circumstance, up to and including, that of employment, allows for the use of a one time ITTN or tax payer ID or other identification.
Comparing this with Europe and Asia - I see two big differences:
- Private industry in the US (ab)uses those
numbers widely - and there is a strong incentive for consumers to comply. Europe and Asia have the opposite - non govt. entities are banned from using such indicators and from sharing them.
- The governement seems to be able to do without when needed. Europe is the opposite.
- There is no data act or other overall protection at all.
So when worrying about those ID cards - I'd ignore the US govt. - and I'd worry about the Abuse by the likes of D&B, credit-agencies etc. And I'd worry about the lack of legislation - and I'd rather ask for lots of legislation !In a dazzling bit of human interface engineering, the people developing the Malaysia smart card (teething problems and all) have used the blank, printable surface of the card to record in human-readable plaintext and bitmap graphics the name, address, DOB, mugshot, etc. of the cardholder. (/wry sarcasm)
So the bouncer in my local club doesn't need a card-reader, since he is the card-reader. (Yes, Ethel, I know how bad that pun was...)
The card readers would be restricted to agencies and organisations that need them, while Joe Bouncer reads the basic data off the front, just like with the existing National Identity Cards.
Chris
Those who can subtract would deduce from this post that the ID cards have been required for several decades under the British colonial rule - which indeed was NOT democratic, though I'd hesitate to call them communist. #-}
The main reason for this requirements was that Hong Kong has been a major transit point for the past centuries. Many travelers and refugees pass through there and some want to stay (illegally). The ID was the simplist way to deal with controlling immigration. Remember that every war and unrest in the regions provoked a flood of refugess - some Vietnames refugees were still stuck in HK transit camps until a couple of years ago!
Hong Kong residents have had to carry a mandatory ID card with them at all times before. It's just now, it's electronic.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Naturally, China would be first (after Mr. Blair's little island). But it's coming. You will like it. Or else.
The reason why it's coming to the enlightened west is that too many people are dependent on the government and they don't understand what freedom is. Nor do they understand what the purpose of government is. Think about that while you're dodging speedcams on the commute back home.
Have you ever worked with smart cards? Do you know what a smart card reader is? It is simply an interface between the smart card and another system. It has no, I repeat NO intelligence. There is NOTHING TO CRACK in the reader.
What do you mean by reverse engineering a chip? In a properly designed smart card system the bad guys can get ahold of all the cards (initialized or uninitialized) they want and they will not be able to "compromise the whole system".
Even if you somehow managed to extract the keys from one card, that is all you would have, one card. You would have go through the process again for another card. BTW, extracting the keys from a single card is estimate to cost $300,000 or more. It is not something that can be mass-produced.
A remote reader is only useful for contactless cards and only in certain situations.
I work with smart cards everyday. I work for one of the teams that bid on this project. Not the winning team :( . I am only flaming the parent post because it is spreading lies and for some reason has been modded it.
Lasers Controlled Games!
Many posters seem to be unaware that HK already has a mandatory ID card. HK residents have to carry the ID card at all times, and must present it when asked to by a police officer (visitors to HK have to carry their passports). It is quite common to see police officers in MTR (subway) stations checking people at "random" (people who look like illegal immigrants).
The ID card was introduced by the British for two reasons. One was terrorism (the British had a lot of trouble with communist agitators back in the 60's and 70's). The other was illegal immigration, mostly from mainland China (this is still a problem even though Hong Kong is now a part of China).
So the only question raised by this new smart card is that of whether the new smart card is any better or worse than the old dumb card.
Here are a few considerations:
What's in it for the government:
(1) It's more difficult to counterfiet (although given the Chinese/Hong Kong talent for conterfieting almost anything at all, I wonder how long it will be before good counterfiet cards are produced).
(2) Information. It makes it easier for government officials to obtain information about the person standing in front of them.
(3) Of course a centralised database would be just as good for (2). The advantage of storing information on the card is that it allows the cardholder to supply "government-gauranteed" information to other people (officials and otherwise), without the government having to supply those other people with access to the centralised database.
This is the real advantage of smart cards. The dispersed nature of the data storage means that you can make access to small parts of the database easy, while making access to the entire database very hard (if not impossible).
(4) Automated screening. This is what governments all over the place are really after, although of course it has not been implemented yet. Smart cards are more easily machine readable, and if you can store biological information about the cardholder, then in principle it becomes much easier to make a machine that automatically identifies people. This is much cheaper than having policemen standing all over the place, comparing faces with photos.
What's in it for the cardholder:
(1) Convenience. It makes it easy for them to provide reliable identification, which in turn makes all sorts of transactions easier.
(2) The cards are harder to counterfiet, which makes it harder for someone to steal their identity (recall that we are just comparing smart cards with dumb cards - whether ID cards in general make identity theft easy is a seperate question).
(3) Control over access to the data. If there is a centralised database then people might be able to obtain information about you without you ever knowing about it. At least with a smartcard they actually have to steal the card before they can obtain access, and this is no worse than having other documents stolen.
(4) If you trust the state more than you trust other individuals then the improved ability of the state to identify people and enforce laws will be an advantage.
What is not in it for the citizen:
Most of the advantages for the state involve an increased ability to control its citizens. Unless there is a comparable increase in the ability of citizens to control the state, this represents an erosion of democracy. In a place like Hong Kong, where the barest glimer of democracy exists, any erosion of democracy has to be viewed as a disaster.
Personally I think that it is OK to increase the power of the state as long as such increases are balanced by increases in the power of the citizens (acting together) to control the state. What this suggests is that, rather than just worrying about the risks and dangers involved in developments like smart cards, we should also be thinking about the kinds of checks and balances that would make such developments less threatening.
Techniques specific to cracking a smartcard have undone this work. If one knows the encryption algorithm used by the card and the hardware used to implement it, then because the card reader provides the card with power to do its computations, the power-demand-vs-time information gained by the reader can be used to reconstruct the key stored in the card.
All modern smart cards defeat simple power analysis and most of them defeat differential power analysis and a variety of other side-channel attacks as well.
How? It's not that hard.
Defeating simple power analysis (watching the power consumption for one run through the encryption) is easy, and cards fixed this problem quickly -- just install a capacitor that buffers the power consumption. In theory, enough buffering can completely smooth the power consumption curve and defeat all power analysis, but as Paul Kocher (inventor of power analysis) found, in practice if you run the card through enough cycles and apply some math to the results you can still extract the information. This is differential power analysis.
There are a wide variety of mechanisms for defeating DPA. Some focus on protocol design, ensuring that the same data is never encrypted twice, or limiting the number of times that a particular key is used, by doing most work with session keys established during an authentication protocol, counting the number of failed authentications and refusing to operate after a small number of them. This does enable a DOS attack, but that's less damaging to the system as a whole. Other approaches focus on the cryptographic algorithms, exploiting nuances of their structure. For example, some IBM researchers discovered that they could inject randomness into DES calculations, XORing random numbers with the values in the computations at certain points and then XORing again to remove the effects. The result is randomized power consumption, without compromising the consistency of the results. A 3DES engine built with randomized DES is immune to DPA. The current direction anti-DPA technology is less technologically sophisticated but just as effective: A hardware encryption engine. Because a hardware 3DES or AES engine performs its computations in such a tiny amount of time, and at such tiny power consumption, a very small capacitor can complete buffer the operation.
Many other side channel attacks have been defeated as well, mostly by shielding the chips with heat and power-conductive sheaths.
It's interesting to note that public key cryptography in smart cards *is* still vulnerable to power analysis, in most cases even to simple power analysis. PK cards use a hardware coprocessor, but the process still takes time, and that makes SPA/DPA possible.
Cards are not 100% secure, but nothing is. Current best estimates are that a modern card that incorporates all of the current security features would cost approximately $300,000 to break. All good designers of smart card systems understand that, and take various precautions (which I won't go into here) to ensure that the compromise of one card does not compromise the entire system.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
There is a constant cat and mouse game going on between those who design smart cards and those who try to break them. A few years ago it was discovered that through power analysis techniques you could get the keys off a card. Card makers then introduced measures to proctect against that attack. Later differential power analysis was used to extract keys. Countermeasures were again deployed by card makers.
You can be sure that the cards used in this system will be resistant to all known attacks. There will of course be new attacks invented that could make the system easier to attack. That is why cards have an expiration date. Every few years you will need to issue new cards because new attacks have rendered older cards vulnerable.
As for Big Brother type abuse, you may be right. I have no idea what kind of protections the winning bidder will put in place to prevent these. But you can design a system that will protect against these types of abuses if you want to.
Lasers Controlled Games!
And unlike an ethernet cable, reading the bits going by won't do you any good.
Lasers Controlled Games!
We are talking about the PRC here. The people there do not expect a high level of privacy. The government has always emphasized what is best for the Party is what is best for the people. Right or wrong, I do not see this as a real change in their society. This is just a pilot project for the rest of China. If they tatoo a number on their people or placed a chip in them, then I would be worried.
I replied to the wrong message! Sorry for the stupidity.
Lasers Controlled Games!
Having parents from Hong Kong, I can attest to the fact that Hong Kong denizens must carry paper ID cards at all times. This is different from a passport. Any time you were caught without ID, you were taken to the lockup and questioned. This feature was implemented by the British Government when HK was still a colony back in the 1950s. People stopped caring about the IDs in more recent decades (much like most Americans have forgotten about what the SSN is (not) supposed to be used for). This new development doesn't change much, except maybe cut down on the number of forgeries and make the system digitized. The US system still uses paper to keep track of everything.
You would have go through the process again for another card. BTW, extracting the keys from a single card is estimate to cost $300,000 or more. It is not something that can be mass-produced.
That's in current figures, right? How much will that amount of processing time/power cost in say 20 years? I see statements like that, "It's too hard/costs too much, so it can't happen," and I only have to look back to here and here. Whenever someone coomes up with an encryption scheme that "can't" be cracked in a "reasonable" amount of time, the definition of "reasonable" inevitably slides downward.
In a properly designed smart card system the bad guys can get ahold of all the cards (initialized or uninitialized) they want and they will not be able to "compromise the whole system".
Just to point out, I said when someone gets their hands on the card readers. Granted, the reader is just an interface and the real work is done by the computer behind it. But for smart cards to be practical, there has to be a portable appliance-type device that does all the work. Something you can mount in a police car. If the cards were read-only, I would be less concerned, but I don't imagine it would be long before someone realized how much more "efficient" it would be to allow the judge to digitally revoke a driver's license on the spot. Basically, if we don't want them to be writable, then we don't really need smart cards, just write-once memory chips.
Given the way government works, more and more information would start going on the cards, they would become "required" for most transactions, and dishonest people would figure out how to crack the system.
Nope, no sig
Your point is a good one. I addressed it in another post attached to this article. To sum it up: The cards have to expire after some amount of time and new cards are issued.
Just to point out, I said when someone gets their hands on the card readers . Granted, the reader is just an interface and the real work is done by the computer behind it. But for smart cards to be practical, there has to be a portable appliance-type device that does all the work. Something you can mount in a police car.
This post explains why "the reader" as you call it is not an easy target. The smart card is communicating with another secure device. Actually, Slashdot user swillden has made a number of good posts in this thread and I suggest you reader them as well.
Your link to the story on the IBM 4758 just proves that you don't have experience with what you are posting about. As for the "RSA is cracked" story, without discussing the merits of that story, most smart card security schemes are based on 3DES right now. If you have found a way to crack that please, submit your winning entry to distributed.net, ok?
If the cards were read-only, I would be less concerned
All computer security is a cat and mouse game, not just smart cards. If you can sell computer security based on read-only devices (which aren't able to securely authenticate themselves) then you should go into business for yourself. You could start by selling signed barcodes as the security of the future. If you are right, you'll make heaps of money. You can post to /. and let us all know about it. I for one won't be buying stock in your company.
I am sorry if I sound annoyed, but your parent comment has been sitting at +3 Insightful all day and it is simply wrong. Since I can no longer moderate I thought that I should at least point it out.
Lasers Controlled Games!
The People's Republic of China (you did know that Hong Kong is no longer a British colony?) didn't learn anything from the USA's abuse of the Social Security number?
You're kidding, I hope.
Next magazine (next.atnext.com) has an article regarding to the technology of these ID cards. Unfortunately, it is a subscription only and therefore I cannot provide a direct link into it. I attempt to translate some key points into English. The technical terms may not be too accurate. Since Next Magazine is a popular tabloid type of magazine some of their explanations may be in accurate in the first place....
The card has adopted a number of tamper-proof technologies. For example, the key information including the name of the card holder, the date of birth and the ID card number are marked on the card by laser lithography. Hologram will also be printed as the background pattern of the card. The card is made up with very tough plastic which will not break even fold into half....
In terms of the embedded OS used, they picked Multos against the rival Java based systems. Multos was developed by Maosco in UK in early 90s, which was mainly used for credit card and is regarded as a reasonably secure system.
However, the selection of multos against Java has sparked a little debate. Since only one bidder promotes the use of Multos whereas the rest four promotes Java, critics argue that the hk govt may be in bias with the PCCW group controlled by a local tycoon and multos may not work with the proposed e-commerce infrastruture.... (I really don't think multos is such a bad system tecnhically....)
In order to minimise the damage upon card loss, sensitive personal information, e.g. bank transactions, medical records, etc, will be encryp\ted and stored only in the main servers. Only a small number of personnels will grant permissions for accessing the information.
Smart cards are just normal, Turing machine type comptuers. The interface is a standart serial port that's been flatened.
You can put any CPU you want, any amount of ram any OS. There are smartcards that use java, and some that run linux.
The fact that one persion has hacked one kind of smart card dosn't mean that "all" smart cards have been hacked any more then the fact that you can break into a PC running windows2000 means you can hack a Linux box, or a mac or a Comidore 64
This comment should NOT be modded where it is. it's totaly wrong.
autopr0n is like, down and stuff.
this is just one step twored the mark of loyalty fortold in revelations (the bible) the tribulation is closer than u think b ready accept christ now
sdgscott
Here is yet another example of American naivete. The Chinese in Hong Kong actually support the government in Beijing. 60% of these Chinese in Hong Kong actually support the return of Hong Kong to mainland China. (reference: "Poll: Hong Kong residents optimistic" ) Most Americans have no idea how the Chinese think and act, so most Americans feel that the Chinese in Hong Kong want to be independent of the Beijing government. Wrong! Most Chinese cheered the unification of Hong Kong and mainland China.
Most Chinese support the idea of a national ID card.
We Americans should never -- ever -- publically condemn human-rights abuses committed by Beijing in Hong Kong. We should simply look the other way. We should also immediately cancel the immigration quota of 20,000 that is assigned to Hong Kong. Both Hong Kong and mainland China should have one unified immigration quota of 20,000.
Instead of wasting our time and resources on the Chinese in Hong Kong, we should be helping people who actually support human rights. Our energies should be directed at stopping human rights abuses in, for example, Thailand, Vietnam, Columbia, etc. We should completely ignore what abuses occur in Hong Kong; the Chinese people in Hong Kong have spoken. They cheered the Beijing government as it took over Hong Kong. They fully support Beijing, including its outrageous claims to Tibet.
What follows is some observations, backed by verifiable sources, about the Chinese.
1. Most Chinese in Hong Kong support the return of Hong Kong to mainland China. A CNN/Time survey showed, in fact, that 60% of the Chinese in Hong Kong support the return of Hong Kong to mainland China. (reference: "Poll: Hong Kong residents optimistic" ) While East Timorese fought and died for independence from the oppressive Indonesian government, the Chinese in Hong Kong cheered the mainland Chinese government.
2. The constitution of the Chinese living in Taiwan supports the integration of both Tibet and Mongolia into mainland China. While Tibetans suffer and die at the hands of the Chinese People's Liberation Army, the Chinese in Taiwan support integrating Tibet into "One China".
3. The Chinese son of the chairman of a powerful conglomerate in Taiwan has joined with the son of Jiang Zemin, the butcher of Tibet, to build an advanced silicon-wafer factory in Shanghai. (reference: "Sons of prominent Chinese team up on chip venture")
4. Senior Chinese military officials retired from the Taiwanese military have gone to mainland China and given military secrets about the American F-16 fighter jet to the Beijing government. (reference: "Military secrets on sale to China") In 1999, the "Wall Street Journal" reported that of all the Chinese arrested and convicted of stealing American military technology to give to Beijing, the majority of these Chinese came from Taiwan.
5. Most Chinese, including those living in the United States of America, support the territorial ambitions of mainland China. Most Chinese support integrating Tibet into mainland China. Most Chinese support integrating the Spratleys into mainland China. Most Chinese support integrating the Senkaku islands into mainland China.
6. Most Chinese support Beijing's attempt to use torture and murder to crush the Falun Gong. Indeed, the Beijing government has funded anti-Falun-Gong meetings within the United States itself. These meetings within the United States are attended by the very same Chinese who fight with tooth and nail to stay permanently in the United States of America.
7. The Chinese from "poor, little, scared" Taiwan have invested more than $50 billion into more than 50,000 businesses in mainland China. How did this phenomenon happen? Immediately, after the Tienanman Square incident back in June 4, 1989, the American government and businesses curtailed investments in mainland China. The Taiwanese (and the other Chinese in Hong Kong) seized this window of opportunity and accelerated investments into mainland China. The rate of investments from Taiwan into China has skyrocketed to the present levels; investments continue to grow at double-digit rates.
8. These observations are not an exaggeration of any kind. At your university, attend your local meeting of Amnesty International. The engineering and business schools will have plenty of Chinese people, but there will be virtually _NO_ Chinese faces in a meeting of Amnesty International. Chinese (and other Orientals) are over-represented in engineering and business schools, but they are under-represented in meetings of Amnesty International. Why?
So few Americans really know anything about Chinese society. We Americans are kind-hearted and naive. We simply assume that the Chinese are "just like us" and that the Chinese are simply (financially) poorer versions of ourselves. In reality, the Chinese are not like us. They are poor, but they are _NOT_ like us.
Well cry me a river! Those demonstrators are either communists, drug users or both. They oughta just lock them up without asking questions anyways. I always get mad to see these communists abusing the right to free speech, when they wouldn't have any qualms about shooting (or rolling over in tanks) anyone protesting against them. Go over to a socialist country like Finland or Holland, and see how long you last if you get out on the street and riot.
Thailand already has a mandatory ID system, and has had one for the past several decades. The formal use is for voter and housing registration. When you turn 15, all Thai citizens must register for a card, and also receive a unique ID number. Nobody really cares about it though, because its been done for so long, and nobody really abuses like in the US.
- patiwat@sloan.mit.edu
One thing the public never sees is an independant AUDIT of what they are getting. (verification and validation)
I would like to see an independant review of Ross whatever in Cambridge UK, and his FIB machine. $3000 is more like it.
Then ask Bruce Schiner what does he think of the system - but clued in individuals know.
Then print uncensored findings.. dare you...
As it will be supported by a back to base system (CA), these cards are inferior to paper money - ie lacking self authentification.
The only smart in smart card, is the profits for those who flog them off to feeble minded clients. Cable TV mod chips are representative of the truth: beter mousetraps come out daily.
I have lived and worked in Hong Kong for 24 years and am a privacy consultant (penetrate the Anonymous Coward persona if you wish at my web site http://www.privacy.com.hk/).
Hong Kong has personal data protection law that provides much greater protection for the individual than is found in many countries. It has an independent Privacy Commissioner who has the power to investigate complaints by members of the public and pass them to the Justice Department. He also has the power to issue codes of practice.
Hong Kong identity cards are controlled by one of these codes of practice (see http://www.privacy.com.hk/idcard/index.htm) that requires anyone asking for the presentation of an ID card to use less privacy-intrusive alternatives if possible and demonstrate a significant need to use them if not - the circumstances under which they can be demanded are spelled out in much more detail than that, of course. If organisations cannot show such a need, they are assumed to be in breach of the law unless they can prove otherwise. It's not illegal to ignore the code of practice, but if a complaint goes to court, it certainly weakens the plaintif's position. Before the issuing of this code of practice, ID cards used indeed to be asked for by almost anyone, in almost any circumstance (not quite in the case of the hairdresser, as suggested by one poster, but not far off). Since, then its use has tightened up a lot - maybe not enough, but it is possible to complain about a demand for an ID card and get results now. The basic purpose - police-stop inspection and at immigration control at border crossings - remains.
For those of us here who expected the dead hand of communism to clamp down on the free-wheeling style by which HK was run under colonialism with its predictable, consistent legal system, the continuation of much the same free-wheeling style came as a welcome surprise.
As for the new smart ID card, it has the potential to provide better protection than the plastic-coated ones that we use now. We don't have any information on how rigorous the technological protections will be but are watching closely with interest and not a little concern. There is the possibility to make these smartcards secure enough that cracking one is very difficult, and even when done provides no assistance in cracking others. Whether these possibilities are to be exploited to the full, we don't know yet.
All things said about Finland, it's still scary. If you get a speeding ticket, the police calls up your salary information, tax record etc, and then fine you on a percentage of that. The problem isn't the money, but the info they have access to on you.
Whenever I move to a new city/district, I HAVE to register with the local police. Sure, so far it has not been abused, but can you TRUST a government, even in Finland??
Call me paranoid, but Russia is just next door.
The UK government are introducing student proof-of-age cards. This is one step away from a full-blown ID card. No doubt there will be counterfeits though :-). However this involves having your digital photograph taken and placed on a govenmet computer for ever and ever and ever and ever and ever and ever and ever Amen (Well, until a gets hold of it). Also, the generation used to carrying proof of age cards will be less opposed to full-blown ID cards.
I am fully opposed to this as I feel it gets rid of the citzens right to anonimity.
Scones
This message was written entirely with recycled electrons.
Besides, if our further look into the human genome shows us that actions are dictated by our genes
That is oversimplification, our actions are not dictated by genes. If you claim that it is so, then please give me a proof. Which does not exist, by the way.