British Telecom Pushes Universal ID Check System

miladus writes "URU (You Are You) is a new ID verification scheme from BT designed to allow government and businesses to confirm identities on the net. The BBC has a full report on how, according to BT officials, 'URU will be a major ingredient in transforming and joining up government... and how it will become ubiquitous for citizens, businesses, etc.'. Apparently, URU complies with European privacy laws."

Uh oh.

Looks like Oracle bought the U.K.

Do you copy?

[Joe+the+Lesser]

In phase one, the only details that will be entered are name, address and Meter Point Asset Number

TK-421! Why aren't you at you post?

Ick

[Ravenscall]

Nothing I would want more than a porn site to have my phone number, and therefore access to my name and address.

Or any kind of site for that matter.

Re:Ick

[josh+crawley]

SO you also have a problem with C-hurch goers (aka thumpers)?

Here's a hint on how to deal with them. Read the bible.. I didnt say BELIEVE it. That's what thumpers' only weapon is. And if taken out of context, the bible contradicts itself quite a bit.

After you best them in an argument of "religion", make a snide comment how I'm ATHEIST and I know more about the Bible than you do!!

Really pisses them off ;-)

Btw, I'm Catholic, and I get thumped for playing AD&D, M:TG and various pc games (Unreal-like games, NWN, and others). So far, I'm going to hell 7 times ;-) What about you?

Relationship to Liberty & Passport

[jhh09]

How does this fit in with the Liberty Alliance / Passport authentication schemes? Is this yet another one developers will have to choose between, or this limited to UK systems? What's the point of using a single login system if there are a 1,000 such systems users have to register with and log into?

Welcome...

[Mourgos]

to the new Big Brother era.
How long before everyong revolts?

Re:Welcome...

[Pike65]

"Due to information received by Big Brother about 'every ong revolting', all of the ongs will be pre-emptively destroyed. That will be all."

Re:Welcome...

[EvilTwinSkippy]

This is really dumb.

Short of Government Desk Jockeys, Domestic Intelligence Agencies, and Identity Thieves, I really don't who would find this all that useful.

The fact that I CHOOSE to call myself EvilTwinSkippy, and that I am EvilTwinSkippy on a few other websites is a voluntary choice on my part. I have selected that persona, and if the persona no longer suits me at some point, I'll put it down and start a new persona.

A number is a highly impersonal thing, like a license plate or a MAC address. Having gotten parking tickets because the meter maid was a digit off (how else could my white ford escort be mistaken for a blue chevy pickup) the oppertunity for error is amazing. Hell, my wife is getting junk mail (right down to credit card offers) for her sister because a catalogue company mixed up their 2 accounts. It also doesn't hurt that one is Sara and the other Dara. (S and D are right next to each other on a standard US Qwerty style keyboard.)

Now harmless junkmail is ok, but imagine if medical records got crisscrossed, or criminal records? And it doesn't even have to be family, imaging if you are TT-1231-12512 and TT-2231-12512 is a wanted terrorist? Or if TY-1231-12512 has an outstanding warrent in New Jersey for driving without a license?

URU is a very bad idea. A very very very bad idea, especially for causual use by business and beaurocrats.

its not new

[QEDog]

This system is the internet version of one that has been out for a long time overthere. They used numerical IDs for the people, the most famous one being 007 James Bond.

Re:What about possibilities in U.S.A?

[Smallpond]

What American privacy laws? Europe has privacy laws, the US has Equifax.

E-mail compromised...

[$$$$$exyGal]

It also requires the person to agree to have the check run and will e-mail them every time their ID is requested, offering a further safeguard against identity theft.

That is a step in the right direction, but does anyone see a problem with that solution? If my identity has been compromised, then maybe my e-mail is also compromised...

Unique ID?

[Chocolate+Teapot]

In phase one, the only details that will be entered are name, address and Meter Point Asset Number - the number in the corner of every household electricity bill which is unique to that property

Correct me if I'm wrong, but an electricity meter is hardly unique to an individual household. I have lived in flats in the UK where fuel bills were included as a percentage of the rent, and only one set of meters existed for the entire building (30-40 distinct residences)

I like the original better

[L.+VeGas]

If they had kept the REAL acronym, it would have made people happy.
You Are You > YAY!!

Great.

[AftanGustur]

And within a year you will have to use it to authenticate with your ISP's proxy server.. (And no direct connection to the internet).

The possibilities are endless for abuse ......

URU?

[foxtrot]

IMI. Y?

URU == ID card

[tom_conte]

AFAIK, Britain has no mandatory ID card. This sounds weird to a lot of European people, since most European countries require every citizen to have a government-issued personal identity card which identifies them uniquely (a passport is generally accepted as an alternative). Maybe Britain is just thinking about skipping the physical step completely and going directly to the electronic ID stage. This would certainly make sense, since they are probably going to decide to create a mandatory ID anyway.

Re:URU == ID card

This would certainly make sense, since they are probably going to decide to create a mandatory ID anyway.

Unlikely, although it's the wet dream of whichever lot happen to be in government at the time, the fact that none of them have managed to think up a reason for wanting it means that they've never manage to go through with it.

The traditional argument was that it'll somehow reduce crime, but if anyone asks which crimes will be reduced just ignore the question. Murders? Burglaries? Pickpocketing? Illegal parking?

More recently it's supposed to prevent illegal immigration. Of course that could work if people were actually required to show their ID so often that it was impractical to live without one, but even David Blunket isn't going to openly propose that.

Reality is that although the government, whichever party is in power, always desperately wants to introduce ID cards (for reasons never made clear), the public don't want them and the opposition, again whichever party that is, is always more than happy to make political capital out of tearing apart whatever flimsy arguments the government comes up with.

I don't expect an identity card to be introduced in the UK.

ID number?

[buttahead]

what does my electric asset number have to do with my unique ID? Whay if three of the george foreman kids live in the same apartment? then they all get the same id?

what if you move a lot? does your number change every time?

Wouldn't something a little more unique and static be of more use?

URU? FU!

[JPelorat]

I refuse to have anything to do with something spawned from the so-called vocabulary of an SMS user.

Will the email you get be just as undecipherable and irritating?

ubiquitous government, no thanks

[geekoid]

from dictionary.com:
ubiquitous Audio pronunciation of ubiquitous ( P ) Pronunciation Key (y-bkw-ts)
adj.

Being or seeming to be everywhere at the same time; omnipresent: "plodded through the shadows fruitlessly like an ubiquitous spook" (Joseph Heller).

Is this something you really want your government to be?
I want to know where the people in the governmant are at all times.

Still follows privacy laws?

[trmj]

Well, they already seems to be tracking every property in the UK, as the article states:
the only details that will be entered are name, address and Meter Point Asset Number - the number in the corner of every household electricity bill which is unique to that property

But then they go and cause more distrust of the program, by stating of these numbers:
It could also become a pre-requisite of any universal ID card

And lastly, I feel we've all eard this one before:
It is a pro-active way to protect your identity


Well, ok, one more, but only because it sounds funny out of context:
we need mega-systems

whois 666

[JThaddeus]

"And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name." Revelation 13:16-17, KJV

And coming soon...

[Kadagan+AU]

The open source version: GURU

Cool

[DriceX]

Does this officially make them part of Oceania?

Re:Notification

[mpe]

The only thing that would make this scheme different that current identification methods is the automatic notification (by email) any time the URU identity is used:

Not quite the idea is to have the same ID used for unconnected things. Which is a generally bad idea.

I suspect that someone's URU ID could be misused by someone else as easily as any other ID, but at least you would find out about such misuse before the cops/creditors come pounding on your door.

Unless they are able to also compromise the contact details. e.g. using the ID to get at your email.

Doubt it

[mugnyte]

Here in the US, "diving" through one's trash to glom semi-precious information about them is a common identify-theft method.

If the Meter ID of every BT customer is on their bill, one only needs there name and address (probably on the same bill!) to act on their behalf.

This seems to fly in the face of how any private key system would work. If it is a public key, what are the channels that ensure nobody else can use such an identity?

I predict this will go up in flames. I see the electric bills of past residents of apartments all the time, simply floating into mailboxes long after they've left. If BT still thinks they live there, then "IMU" when I use this info.

Forgive me if this opinion results from ignorance of BT magical "meter id" number. But nevertheless, private passwords exist for a reason. None of the source info here seems quite secure.

mug

Re:Yeah this definitely belongs under "privacy"

[Dman33]

Additionally, I would like to propose that the US (of which you are a citizen, Michael) already has a system in which you and every US citizen has a unique ID. This unique national ID is required to gain access to all sorts of things like employment, credit, loans and in most cases state driver's permits.

Yup, you and I both have Social Security Numbers... Now, they started as an honest (I hope) component of "The New Deal" and started being assigned in the mid-1930's. The problems arose during the cold war.. that is when the US govt started using the SSN as a type of national ID number... so, have you ever applied for a credit card without a SSN? Have you ever used a credit card online? (Can you even make purchases/transactions online without a credit/debit card?)

Just my $.02 on the matter...

Joy, Bliss. And the problems are ....

[blowdart]

I can see obvious problems with this, having had my identity stolen a little in the UK.

2 years ago I had a cheque (check) book and American Express card stolen from the post. They were stolen by either

• Postal workers
• People in my shared building

From that information the thieves now had my full name, bank details and details of a credit card I held (albeit a cancelled cards and cancelled cheques). From this information they purchased mobile phones, billed to me and applied for numerous store cards. I only discovered this when the bills started arriving.

Now, if BT's scheme goes off information available on the Electricity bill (keep in mind there are NUMEROUS electricity suppliers, so numerous databases to tie together), what is to stop someone stealing your electricity bill? Note that the electricy reference is per household, not per person. Now, tie this into the electoral role (which is already sold to marketers, and you can check and query it at your local library, so it's not private) that might almost be adequate.

Except the electoral role is updated once a year. You can actually manage to miss it completly if you move at exactly the wrong time.

Also people can choose to opt out of the data sharing that the electoral role provides (but not the information sharing to the credit agencies).

Lets not forget that BT is a private company, not answerable to anyone except the shareholders. I'm not sure if this is better or worse than the government forcing a scheme through.

Why is it "reactionary bible-thumping?"

[laetus]

Why do you label this "reactionary bible-thumping?"

For the subset of Slashdot readers who are Christians, this is a relevant comment. For two-thousand years, Christians have had a prophecy regarding the identification of every man, woman and child on this planet. For a Christian, the Mark of the Beast IS intelligent discourse because it is a very real concern.

Personally, I think your slight is more of a reactionary, knee-jerk response showing your anti-Christian bias than the Biblical quote being discussed.

Re:Why is it "reactionary bible-thumping?"

[kafka93]

Christians have had any number of prophecies which can be interpreted in any number of ways. Perhaps that justifies the application of any one of those prophecies to any subject that might be discussed on /., but it strikes me as a rather absurd approach.

Incidentally, I'm using "reactionary" in the sense of "being conservative" -- such references to the Bible, a book which though beautifully written is nonetheless a difficult source for either moral or intellectual discussion, smack of hysteria. Having a "very real concern" doesn't really mean anything -- I might be worried that aliens are employing these ids to catalogue us all and thus find appropriate mates for their martian daughters, but it doesn't make it my views any better considered.

I've nothing against biblical references, so long as there's any kind of real point or basis to them. But to start implying that the End is Nigh on the basis of nothing more than a silly government plan is, frankly, ridiculous.

Re:Yeah this definitely belongs under "privacy"

[shreak]

Actually your USA SSN is not guaranteed to be unique. Not only that but, unlike most modern numeric IDs, it can't be validated.

Most modern numeric IDs are generated with a built in hash (using extra digits in the number itself) So while you may only need 1000 IDs for you might make your id field much larger, say 1 - 1000000. This would allow you to use some of the digits for a "checksum"

This would make it more difficult to falsly create IDs, but more usefull, it makes it unlikely that you'd fat-finger them when transcribing.

All in all your SSN is a poor identifier. That's one reason (of many) why it should not be used the way it is today i.e. Everywhere!

=Shreak

Big Brother

[queenb**ch]

As a member of the IETF for PKI-X, I can tell you that this whole thing is about to sweep the world. It all operates off Public Key Infrastructure. Essentially, you get a cert from the government that they can use to identify you. While there are a lot of legitamate uses, I think that all forms of government should be treated with a certain amount of paranoia.

How much more damage would Hitler have done if he had computerized access to everyone's banking records and been able to track every transaction? How about identification papers, travel permits, work passes, etc. that are signed with virtually unbreakable encryption? Let's see if that still makes you feel warm and fuzzy about your government knowing who you are when you send email, while your are surfing, and what you do when you are on line.

Queen B

No ID system is the safest.

[cybercuzco]

The problem with ID systems are that the more "uncrackable" they are, the more they are trusted. The more they are trusted, the harder it is to make things right when people circumvent those ID systems. Look at DNA evidence. Im sure that some day, some murderer is going to figure out how to plant somone elses DNA on a crime scene, thus implicating the other person. DNA= Guilt in the eyes of todays courts. The safest ID system is a minmally secure one. That way, people are naturally suspicious of an ID even if it appears to be genuine. Mistrust of ID's prevents abuse more than a so called "bulletproof" ID