British Telecom Pushes Universal ID Check System

miladus writes "URU (You Are You) is a new ID verification scheme from BT designed to allow government and businesses to confirm identities on the net. The BBC has a full report on how, according to BT officials, 'URU will be a major ingredient in transforming and joining up government... and how it will become ubiquitous for citizens, businesses, etc.'. Apparently, URU complies with European privacy laws."

Uh oh.

Looks like Oracle bought the U.K.

Do you copy?

[Joe+the+Lesser]

In phase one, the only details that will be entered are name, address and Meter Point Asset Number

TK-421! Why aren't you at you post?

Ick

[Ravenscall]

Nothing I would want more than a porn site to have my phone number, and therefore access to my name and address.

Or any kind of site for that matter.

Re:Ick

[L7_]

Some would say that going to porn sites is a form of exercise.

Re:Ick

[Fig,+formerly+A.C.]

The difference is that _I_ do not try stop them from going to church. _They_ are always trying to stop others from doing/reading/seeing things that they personally find objectionable (or are taught to object to).

Re:Ick

[josh+crawley]

SO you also have a problem with C-hurch goers (aka thumpers)?

Here's a hint on how to deal with them. Read the bible.. I didnt say BELIEVE it. That's what thumpers' only weapon is. And if taken out of context, the bible contradicts itself quite a bit.

After you best them in an argument of "religion", make a snide comment how I'm ATHEIST and I know more about the Bible than you do!!

Really pisses them off ;-)

Btw, I'm Catholic, and I get thumped for playing AD&D, M:TG and various pc games (Unreal-like games, NWN, and others). So far, I'm going to hell 7 times ;-) What about you?

Re:Ick

[josh+crawley]

---I know the tough questions to ask in a "discussion", but this thread is not so much about the rights/wrongs of religion as it is about the tendency of C-hurch to want to control or censor others.

Too true. It happens on many faucets. You have Wal-Mart (Sam Walton?)selling stuff based on a morality clause, and what they buy and dont can break a business. Blockbuster severly edits 'choice' films for _proper_ consumption. The list goes on and on. That's on the wide scale. On the local scale, middle and high schoolers are raided by radical parents who the schools are teaching "choice" things, or the school isnt regulating certain behaviors (like playing card games/RPG's at lunch). I've actually had a substitute teacher come to my table and start preaching at us (me in particular) that Magic:The Gathering was going to "SEND US TO HELL!!" We all just shrugged her off and went on our way playing that game. What else could we do? We were high schoolers, she had position of power (as teacher).

---You being thumped for your hobbies (all of which I share) is a prime example. The witchhunts of recent times (D&D with Mazes&Monsters, the ignorance (I still can't cast spells with my M:TG cards),

What I thought was funny is when they said AD&D caused suicides. What they didnt do is to compare the suicide rate of RPG'ers to the US average. The difference was exponentially lower for AD&D players.

---and the tendency to hold back any knowledge that doesn't perfectly mesh with the T-ruth (evolution and Darwinism) nicely highlight my worry about religions getting access to a database of "sinners".

I still dont believe in true evolution. Too many holes (like, where's the link from the apes to humans?). Neither do I believe in what happens in Genesis. Great story though. I simply throw the thoery of hwo we all got here in choice 3: Not Enough Information.

I still ask myself, how did all of this stuff pop up here? I thought that matter/energy couldnt be created, and yet here it is. There's thoeries of 10D universes and other funny super-physics (hawking crap). Still, nothing to formly explain how all this material/energy popped up here.

---Remember, abortion doctors have been gunned down after their privacy was compromised...

I know. I have my own belifs about abortion (hate it) but you dont kill somebody just because they killed. That's just not justification. Seriously, I dont know what IS justification for even legitimate death penalty cases. The cost of the state murdering somebody costs 3X more than if they have life sentance. It's also hard to give somebody a reprieve if they're in the ground (they really didnt do it).

Still, my belifs are that all doctors should have MANDATORY state lookups for medical practices. Just as we look at hardware listings to compare prices and goods, I want to do the same with doctors. I also want no way a doctor can eliminate fraud, lawsuits, and settlements from his "rap sheet".

Remember, murder is ILLEGAL And yes, I disagree with the abortion-only doctor list. Reading the websites they were hosted on made it look like a hit-list. Guess what? They were.

And there is no privacy in the US anymore. Check out Lexis-Nexis if you dont believe me (and some of it scares the shit outta me).

And I've lost count of how many times I'm going to hell, the rules seem to change every week. :-)

"If you dont believ me, you go to hell!!!"
"I'd rather go to YOUR HELL if I dont have to hear your yapping mouth anymore!"
(I've actually said that response...) ;-)

Relationship to Liberty & Passport

[jhh09]

How does this fit in with the Liberty Alliance / Passport authentication schemes? Is this yet another one developers will have to choose between, or this limited to UK systems? What's the point of using a single login system if there are a 1,000 such systems users have to register with and log into?

Welcome...

[Mourgos]

to the new Big Brother era.
How long before everyong revolts?

Re:Welcome...

...all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.

I'd say we're still well within the "more disposed to suffer" phase. To move the great mass of people to fight will take far more abusive measures than have yet been taken.

And yet, those measures will come, eventually. It's no longer a question of "if", but "when".

Re:Welcome...

[Pike65]

"Due to information received by Big Brother about 'every ong revolting', all of the ongs will be pre-emptively destroyed. That will be all."

Re:Welcome...

[tomhudson]

"We envisage that URU will become ubiquitous for citizens, businesses and government and we predict that in 10 years' time, 90% of ID checks will be done in this way," he added.
Initially the system is being trialled by well-known retail banks, he said.
</quote>

Does this sound like one of those stupid late-90's dot-bomb schemes, full of baseless predictions. Why not name the banks, (unless they don't exist outside the promoters' marketing mind).

Re:Welcome...

[EvilTwinSkippy]

This is really dumb.

Short of Government Desk Jockeys, Domestic Intelligence Agencies, and Identity Thieves, I really don't who would find this all that useful.

The fact that I CHOOSE to call myself EvilTwinSkippy, and that I am EvilTwinSkippy on a few other websites is a voluntary choice on my part. I have selected that persona, and if the persona no longer suits me at some point, I'll put it down and start a new persona.

A number is a highly impersonal thing, like a license plate or a MAC address. Having gotten parking tickets because the meter maid was a digit off (how else could my white ford escort be mistaken for a blue chevy pickup) the oppertunity for error is amazing. Hell, my wife is getting junk mail (right down to credit card offers) for her sister because a catalogue company mixed up their 2 accounts. It also doesn't hurt that one is Sara and the other Dara. (S and D are right next to each other on a standard US Qwerty style keyboard.)

Now harmless junkmail is ok, but imagine if medical records got crisscrossed, or criminal records? And it doesn't even have to be family, imaging if you are TT-1231-12512 and TT-2231-12512 is a wanted terrorist? Or if TY-1231-12512 has an outstanding warrent in New Jersey for driving without a license?

URU is a very bad idea. A very very very bad idea, especially for causual use by business and beaurocrats.

its not new

[QEDog]

This system is the internet version of one that has been out for a long time overthere. They used numerical IDs for the people, the most famous one being 007 James Bond.

What about possibilities in U.S.A?

[+hr33]

Does the URU fulfill American privacy laws? (not that it matters much anymore after the USA PATRIOT Act...)

Re:What about possibilities in U.S.A?

[Smallpond]

What American privacy laws? Europe has privacy laws, the US has Equifax.

Phone companies with too much power aren't new

[friedegg]

Just look at The President's Analyst from 1967.

E-mail compromised...

[$$$$$exyGal]

It also requires the person to agree to have the check run and will e-mail them every time their ID is requested, offering a further safeguard against identity theft.

That is a step in the right direction, but does anyone see a problem with that solution? If my identity has been compromised, then maybe my e-mail is also compromised...

Notification

[meckardt]

The only thing that would make this scheme different that current identification methods is the automatic notification (by email) any time the URU identity is used:

It... will e-mail them every time their ID is requested

I suspect that someone's URU ID could be misused by someone else as easily as any other ID, but at least you would find out about such misuse before the cops/creditors come pounding on your door.

Re:Notification

[mpe]

The only thing that would make this scheme different that current identification methods is the automatic notification (by email) any time the URU identity is used:

Not quite the idea is to have the same ID used for unconnected things. Which is a generally bad idea.

I suspect that someone's URU ID could be misused by someone else as easily as any other ID, but at least you would find out about such misuse before the cops/creditors come pounding on your door.

Unless they are able to also compromise the contact details. e.g. using the ID to get at your email.

Re:Notification

[evanhr]

I think this makes quite a difference.
The control I exercise over my privacy is directly correlated with my perception of its use. I only worry about it if I feel there's a reasonable potential for abuse. At this point that feeling is often based on naive assumptions, I know, but with a notifcation system I'd be substantially better informed.

Separate from any given protection scheme, I'd very much like to be informed about who wants my info and ideally why, though if I know the who I suppose I can ask them why myself.

Unique ID?

[Chocolate+Teapot]

In phase one, the only details that will be entered are name, address and Meter Point Asset Number - the number in the corner of every household electricity bill which is unique to that property

Correct me if I'm wrong, but an electricity meter is hardly unique to an individual household. I have lived in flats in the UK where fuel bills were included as a percentage of the rent, and only one set of meters existed for the entire building (30-40 distinct residences)

Re:Unique ID?

[plugger]

You are right, an M-PAN is a universal number which identifies an electricity board meter. There is nothing to prevent a landlord installing additional meters.

(This is not entirely accurate, the M-PAN identifies a unique connection onto the electricity company's network. One of a number of operators can install a meter there. I coordinated these connections a couple of years back, hence the lame nick. And yes, the job sucked).

I like the original better

[L.+VeGas]

If they had kept the REAL acronym, it would have made people happy.
You Are You > YAY!!

Great.

[AftanGustur]

And within a year you will have to use it to authenticate with your ISP's proxy server.. (And no direct connection to the internet).

The possibilities are endless for abuse ......

URU?

[foxtrot]

IMI. Y?

URU == ID card

[tom_conte]

AFAIK, Britain has no mandatory ID card. This sounds weird to a lot of European people, since most European countries require every citizen to have a government-issued personal identity card which identifies them uniquely (a passport is generally accepted as an alternative). Maybe Britain is just thinking about skipping the physical step completely and going directly to the electronic ID stage. This would certainly make sense, since they are probably going to decide to create a mandatory ID anyway.

Re:URU == ID card

This would certainly make sense, since they are probably going to decide to create a mandatory ID anyway.

Unlikely, although it's the wet dream of whichever lot happen to be in government at the time, the fact that none of them have managed to think up a reason for wanting it means that they've never manage to go through with it.

The traditional argument was that it'll somehow reduce crime, but if anyone asks which crimes will be reduced just ignore the question. Murders? Burglaries? Pickpocketing? Illegal parking?

More recently it's supposed to prevent illegal immigration. Of course that could work if people were actually required to show their ID so often that it was impractical to live without one, but even David Blunket isn't going to openly propose that.

Reality is that although the government, whichever party is in power, always desperately wants to introduce ID cards (for reasons never made clear), the public don't want them and the opposition, again whichever party that is, is always more than happy to make political capital out of tearing apart whatever flimsy arguments the government comes up with.

I don't expect an identity card to be introduced in the UK.

Re:URU == ID card

[azzy]

Correct, Britain has no mandatory ID card. That is, there is no ID card which a British individual /must/ have and /must/ carry. However, as to your final words.. you may not be aware of this.. but each British citizen /aready/ does have a mandatory identity. As well as having an identity, we also have a mandatory identity number in the form of a National Insurance number. Many also have passports and driving licenses. Having some form of digitally usable identity number has absolutly nothing whatsoever to do with mandatory identity cards. Not unless police can stop us on the street and demand our URU and arrest us if we don't have it on us. British Telecom is not an arm of the British security services, BT is a private company. Also, a mandatory ID card requires primary legislation.

trying to figure it all out...

[JimBobJoe]

My understanding is that the British have Experian like credit history databases (which are not catalogued by a universal identification number, like the SSN, which I believe is the failure point of the US style databases.) So I'm not sure where this fits in...the article seems to imply it's for online transactions?

The URU proposal has some interesting elements:

*(it appears) that inclusion in the database would be voluntary, per European and British data privacy laws

*the "check number" is essentially the electrical meter on your house. meaning that, at least in some way, the number can be changed, at least by you moving elsewhere. furthermore, there is no reason why anyone else would have that number, theoretically. it's a semi-constant.

*you are automagically notified when someone performs a check, and i suspect that checks can only be performed when the person authorizes them.

While the current British government is a bit fixed on putting an "entitlement card" together which will essentially be the you can't live without it national ID card, this proposal is vaguely interesting to me. I need more info to run it through a security model though.

ID number?

[buttahead]

what does my electric asset number have to do with my unique ID? Whay if three of the george foreman kids live in the same apartment? then they all get the same id?

what if you move a lot? does your number change every time?

Wouldn't something a little more unique and static be of more use?

Vague on Details

[keyslammer]

The article seemed to suggest that an ID number used by the power company would be used as a sort of "universal id", but didn't offer any details as to how this would work (and why it would offer any more protection than any other kind of identifier). What's to keep someone from digging through somebody's garbage to obtain their ID from their electric bill? And what about people who don't have their own electric accounts?

It seems to me that with all the nifty encryption technology now available, Big Brother attempts like this could do a better job of preventing fraud than just coming up with another global id scheme.

Anybody have any pointers to more detailed descriptions of this plan?

Riiiiiight

[Malicious]

This sounds a lot like the idea of attaching your home address to your keychain, so honest people can mail you your keys if you lose them.
Too bad most people aren't honest.

URU? FU!

[JPelorat]

I refuse to have anything to do with something spawned from the so-called vocabulary of an SMS user.

Will the email you get be just as undecipherable and irritating?

ubiquitous government, no thanks

[geekoid]

from dictionary.com:
ubiquitous Audio pronunciation of ubiquitous ( P ) Pronunciation Key (y-bkw-ts)
adj.

Being or seeming to be everywhere at the same time; omnipresent: "plodded through the shadows fruitlessly like an ubiquitous spook" (Joseph Heller).

Is this something you really want your government to be?
I want to know where the people in the governmant are at all times.

Uru

[Phroggy]

Name could be confused with the upcoming game from Cyan, which sounds like sort of a cross between Myst and EverQuest.

Still follows privacy laws?

[trmj]

Well, they already seems to be tracking every property in the UK, as the article states:
the only details that will be entered are name, address and Meter Point Asset Number - the number in the corner of every household electricity bill which is unique to that property

But then they go and cause more distrust of the program, by stating of these numbers:
It could also become a pre-requisite of any universal ID card

And lastly, I feel we've all eard this one before:
It is a pro-active way to protect your identity


Well, ok, one more, but only because it sounds funny out of context:
we need mega-systems

whois 666

[JThaddeus]

"And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name." Revelation 13:16-17, KJV

Re:whois 666

[mangu]

If they were to ever reopen the Christian canon, my wish is that they would drop Revelations and substitute Dicken's A Christmas Carol.

No, no, that wouldn't do at all. If you pay attention, you'll see that Revelation is one of only two books that Bible-thumpers read. They read the Genesis and, realizing how many pages there are in the whole Bible, skip to the Revelation, to see if the butler did it.

English Imperialism Wins Again!

[GMFTatsujin]

I'm convinced that you can't get a peice of identity-based legistlation passed these days unless it make a cute acronym in English. What do the Italians, Spanish, or Germans think URU means?

And coming soon...

[Kadagan+AU]

The open source version: GURU

Security of information.

[eyeye]

Don't forget that journalists regularly get call information of celebrities from BT, same with private investigators.
They get caught occasionally but what about the times they don't.
A security token is only as trustworthy as its issuer.

Cool

[DriceX]

Does this officially make them part of Oceania?

Re:Oh Really?

[all_i_want_is_an_acc]

And that, in a nutshell, is why america's stock has fallen so badly internationally. Keep those ideas in mind when you realize that your government couldn't get 4 countries to agree to a bake sale without offering 70 billion in subsidies.

Doubt it

[mugnyte]

Here in the US, "diving" through one's trash to glom semi-precious information about them is a common identify-theft method.

If the Meter ID of every BT customer is on their bill, one only needs there name and address (probably on the same bill!) to act on their behalf.

This seems to fly in the face of how any private key system would work. If it is a public key, what are the channels that ensure nobody else can use such an identity?

I predict this will go up in flames. I see the electric bills of past residents of apartments all the time, simply floating into mailboxes long after they've left. If BT still thinks they live there, then "IMU" when I use this info.

Forgive me if this opinion results from ignorance of BT magical "meter id" number. But nevertheless, private passwords exist for a reason. None of the source info here seems quite secure.

mug

Reasons to be against the war

Democracy (this form of) in north america for the most part has failed.

When 65% of the voting population isn't voting due to mono-politics you can honestly say it has failed. If arab populations buy into it, it's our countries corporate sanctions that will be lifted and the business elite will enlarge thier coffers at our countries finacial credit expense. If our *leaders* succeed in pushing this form of democracy, there is only betrayal for the majority of arabs because this fiction cannot be maintained for long.

Re:Yeah this definitely belongs under "privacy"

[Dman33]

Additionally, I would like to propose that the US (of which you are a citizen, Michael) already has a system in which you and every US citizen has a unique ID. This unique national ID is required to gain access to all sorts of things like employment, credit, loans and in most cases state driver's permits.

Yup, you and I both have Social Security Numbers... Now, they started as an honest (I hope) component of "The New Deal" and started being assigned in the mid-1930's. The problems arose during the cold war.. that is when the US govt started using the SSN as a type of national ID number... so, have you ever applied for a credit card without a SSN? Have you ever used a credit card online? (Can you even make purchases/transactions online without a credit/debit card?)

Just my $.02 on the matter...

Joy, Bliss. And the problems are ....

[blowdart]

I can see obvious problems with this, having had my identity stolen a little in the UK.

2 years ago I had a cheque (check) book and American Express card stolen from the post. They were stolen by either

• Postal workers
• People in my shared building

From that information the thieves now had my full name, bank details and details of a credit card I held (albeit a cancelled cards and cancelled cheques). From this information they purchased mobile phones, billed to me and applied for numerous store cards. I only discovered this when the bills started arriving.

Now, if BT's scheme goes off information available on the Electricity bill (keep in mind there are NUMEROUS electricity suppliers, so numerous databases to tie together), what is to stop someone stealing your electricity bill? Note that the electricy reference is per household, not per person. Now, tie this into the electoral role (which is already sold to marketers, and you can check and query it at your local library, so it's not private) that might almost be adequate.

Except the electoral role is updated once a year. You can actually manage to miss it completly if you move at exactly the wrong time.

Also people can choose to opt out of the data sharing that the electoral role provides (but not the information sharing to the credit agencies).

Lets not forget that BT is a private company, not answerable to anyone except the shareholders. I'm not sure if this is better or worse than the government forcing a scheme through.

Who's on first?

[ChaoticCoyote]

I wonder what the folks at Cyan and Ubisoft think about this? They've announced a game named Uru: Online Ages Beyond Myst , for relase in Q4 2003. I wonder who got the trademark first?

Re:Who's on first?

[anubi]

I hate to go on as AC, but I feel I am dealing with a hot moderator here...and I have enough enemies already, thank you, and I do not need another.

But I do think Chaotic Coyote made a good point, that the name URU is already in use. Given our present litigious environment spawned off by a Congress easily swayed against their own populace by a team of suit-wearing corporate-sponsored lobbyists, what sort of ramifications can we expect in the courtrooms by their use of the phrase "uru". After all, look what a fuss is being stirred up over the non-unique usage of the common word: "Windows".

If I had a mod point available right now, I would have used it to bump ChaoticCoyote up one as interesting, at least.

A few years ago, I would not have given it a second thought, but with today's mouse-trap style litigation environment?

this is double-plus-ungood

[BigChigger]

and if I have to explain that to you, then the battle is already lost.

BC

Why is it "reactionary bible-thumping?"

[laetus]

Why do you label this "reactionary bible-thumping?"

For the subset of Slashdot readers who are Christians, this is a relevant comment. For two-thousand years, Christians have had a prophecy regarding the identification of every man, woman and child on this planet. For a Christian, the Mark of the Beast IS intelligent discourse because it is a very real concern.

Personally, I think your slight is more of a reactionary, knee-jerk response showing your anti-Christian bias than the Biblical quote being discussed.

Re:Why is it "reactionary bible-thumping?"

[kafka93]

Christians have had any number of prophecies which can be interpreted in any number of ways. Perhaps that justifies the application of any one of those prophecies to any subject that might be discussed on /., but it strikes me as a rather absurd approach.

Incidentally, I'm using "reactionary" in the sense of "being conservative" -- such references to the Bible, a book which though beautifully written is nonetheless a difficult source for either moral or intellectual discussion, smack of hysteria. Having a "very real concern" doesn't really mean anything -- I might be worried that aliens are employing these ids to catalogue us all and thus find appropriate mates for their martian daughters, but it doesn't make it my views any better considered.

I've nothing against biblical references, so long as there's any kind of real point or basis to them. But to start implying that the End is Nigh on the basis of nothing more than a silly government plan is, frankly, ridiculous.

Re:Why is it "reactionary bible-thumping?"

[mangu]

A rather vague one, though, don't you think? If it had been a little more specific...

Yes, God, although He is Absolutely Perfect in other matters, is just so-so when it comes to writing documentation.

Re:Yeah this definitely belongs under "privacy"

[NetDanzr]

Actually, that's not exclusive to the US. Where I'm originally from (Slovakia), and in most others European countries, people use a form of personal ID card that also has a unique number, which in turn is used universally.

In addition, most countries have a "birth number" - in many countries, it's in the format of YYMMDD/XXXX, where XXXX is a number assigned by the national birth registry. This number, too, is often used as a personal identification number.

Finally, I'd like to remind you that the personal ID number for computers was already here once - remember that unique ID# embeded in Pentium III chips? The one that intel later released a patch for to disable (which almost nobody did)? Well, that's still here, and people are quiet about whether the same system is used in Pentium IV or not...

Re:Yeah this definitely belongs under "privacy"

[shreak]

Actually your USA SSN is not guaranteed to be unique. Not only that but, unlike most modern numeric IDs, it can't be validated.

Most modern numeric IDs are generated with a built in hash (using extra digits in the number itself) So while you may only need 1000 IDs for you might make your id field much larger, say 1 - 1000000. This would allow you to use some of the digits for a "checksum"

This would make it more difficult to falsly create IDs, but more usefull, it makes it unlikely that you'd fat-finger them when transcribing.

All in all your SSN is a poor identifier. That's one reason (of many) why it should not be used the way it is today i.e. Everywhere!

=Shreak

And in other news....

[NiceGeek]

The Norse thunder god Thor has filed a trademark infrigement lawsuit against British Telecom.

Big Brother

[queenb**ch]

As a member of the IETF for PKI-X, I can tell you that this whole thing is about to sweep the world. It all operates off Public Key Infrastructure. Essentially, you get a cert from the government that they can use to identify you. While there are a lot of legitamate uses, I think that all forms of government should be treated with a certain amount of paranoia.

How much more damage would Hitler have done if he had computerized access to everyone's banking records and been able to track every transaction? How about identification papers, travel permits, work passes, etc. that are signed with virtually unbreakable encryption? Let's see if that still makes you feel warm and fuzzy about your government knowing who you are when you send email, while your are surfing, and what you do when you are on line.

Queen B

No ID system is the safest.

[cybercuzco]

The problem with ID systems are that the more "uncrackable" they are, the more they are trusted. The more they are trusted, the harder it is to make things right when people circumvent those ID systems. Look at DNA evidence. Im sure that some day, some murderer is going to figure out how to plant somone elses DNA on a crime scene, thus implicating the other person. DNA= Guilt in the eyes of todays courts. The safest ID system is a minmally secure one. That way, people are naturally suspicious of an ID even if it appears to be genuine. Mistrust of ID's prevents abuse more than a so called "bulletproof" ID