Slashdot Mirror
U-Turn On UK ID Cards
An anonymous reader writes "The UK appears to be watering down its national ID card system, with the revelation by the government that it will now only check the cards against a central biometric database in a minority of cases. Critics are saying it not only renders the whole scheme pointless, but will pose a security risk by making it far easier to use copied or cloned cards. 'But an Identity and Passport Service spokesman denied the system would be vulnerable to fraud: 'The majority of instances where people use their identity cards will be day-to-day situations where the cards offer a convenient method of proving identity such as a young person proving their age to buy alcohol,' he said.'"
convenient method of proving identity such as a young person proving their age to buy alcohol
"A claim for equality of material position can be met only by a government with totalitarian powers." Hayek
Personally I'd be more worried about some junior level government worker losing my data along with that of everyone else in the country when he goes digging through his pocket for enough change to buy lunch at the pub down the street.
So, this system will not be susceptible to fraud because young people will use it to buy alcohol, an activity known to create a black market in fraudulent identification. Brilliant!
Why, without your clothes, you're naked, Miss Dudley!
"check the cards against a central biometric database in a minority of cases." It says "minority of cases", I hear "Minority Report, welcome to 1984"
[]'s ereke
They feel the resistance so now they roll the IDs out as an inferior version of the original proposal. As soon as they push them through, they will turn around and make them mandatory in every possible situation, blaming it on worsening terror and crime situation.
'But an Identity and Passport Service spokesman denied the system would be vulnerable to fraud
Yeah, when was the last time those stupid scheming scammers actually managed to pull something off?
Not if they loose the database each week and screw up _both_ the biometric data signing and
UID, which given the history of UK government seems most likely.
While a Brit, thank God I live in Switzerland, where the populace is educated, public data secure and FOSS is ever more popular while the Bundesrat can't pass laws the people don't like.
What the USA and UK need is Universal Democracy, and the Internet would allow large populations to get there.
What the democracies also need to is to issue X509 certificates, free, to everyone at birth
keeping the key card till children come of age.
I'm jealous of you folks in the US, at least you've got a new government in 2 months time. We're stuck with the same leadership over here for likely another 18 months or so. Given the current recession and the billions plowed into bailing out the UK banking system, I'm pissed off that such big budget projects such as this - with dubious benefits - are still on the agenda.
"I bless every day that I continue to live, for every day is pure profit."
The majority of instances where people use their identity cards will be day to day situations where the cards offer a convenient method of proving identity such as a young person proving their age to buy alcohol,'
You mean, like a driving license?
Our Spiffy, Shiny, Radically New(tm) system that is horribly vulnerable to fraud isn't vulnerable to fraud because we will only be using it to do what the old and busted system was perfectly capable of doing! (Is there some aspect of this that isn't completely insane that I've missed out on?)
if I actually read the story before posting? Cuz I didn't.
If they're seriously proposing this as being used primarily for things like proof of age when buying alcohol with no means to confirm the validity of the card, how exactly are they going to protect against things like this?
Frog, meet pot. Water's not too hot at the moment for you, is it?
Get your own free personal location tracker
There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant -- a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
'But an Identity and Passport Service spokesman denied the system would be vulnerable to fraud...' ...and the ship is unsinkable, the volcano is dormant, the electronic voting system is un-hackable, and that really popular operating system doesn't totally suck.
But I thought "People 'can't wait for ID cards'":
The cards will be available for all from 2012 but she said: "I regularly have people coming up to me and saying they don't want to wait that long."
Someone should tell Jacqui that the people who stand to make lots of money from producing ID cards for the government wanting it to be done sooner don't count as a representative sample of the British public.
It seems to me that much of the problems with any form of national ID card could be mitigated if you had different cards for different purposes. If I need to be able to assert that I'm old enough to buy something, all I need is a difficult-to-forge card that asserts that fact, and ties that fact to me (with my photograph perhaps). Such a card has no need for my name, my address, or any other facts about my identity. If you wanted to get fancy, you could digitize all of this information and have nothing appearing on the card at all.
Similarly, a license to drive should be based on my ability to drive. My identity doesn't matter, at least beyond what's needed to prove that I'm the rightful holder of the license. I might need to present some identification to the government when I obtain the license, but that doesn't need to remain with it. So you could have a separate card (or set of digital credentials) for that.
It's the concentration of all of this into one card that makes that one card so valuable to thieves and a police state. But for most of the uses of the various identity/license/payment/shopper cards, they need to know very little about me. Usually just an account number of some kind, a way to ensure authenticity (digital signature, watermark) and a way for people I present the card to to verify that I'm the rightful holder, if that even matters (like a photograph, or a hash of any kind of biometric data). Why must everything be tied to a government identity?
But I thought "People 'can't wait for ID cards'":
The cards will be available for all from 2012 but she said: "I regularly have people coming up to me and saying they don't want to wait that long."
Someone should tell Jacqui that the people who stand to make lots of money from producing ID cards for the government wanting it to be done sooner don't count as a representative sample of the British public.
Multi-Pass? That's what we need.
Reprehensible woman. Put her in the stocks.
See here
So why do we need this scheme or central government database again?
Is underage drinking a problem, it wasn't for me. There was always older siblings to buy drink for me and I was never once asked to prove my age when buying drugs. Perhaps that's really the governments big plan, to stop 14 year olds from drinking beer so they consume more narcotics and partake in more of the ever present weed?
In case there's were any remaining doubt to our friends from around the world, here's all the proof you need that the UK government are complete fucking morons.
First say the system won't be used for this or that to quiet opposition and then introduce it. Once deployed the scope creep begins. For the amount of data leaks the UK government has had, it surprising that UK citizens allow any personal information to be captured digitally at all.
My ism, it's full of beliefs.
.... even in its watered down state, donate a little cash to the splendid NO2ID campaign: - I gave them £20 earlier this week and every little helps.
Did anyone really expect that the back end database would be checked for all use, no matter how trivial? No, of course not, so saying this is simply a statement of fact, and, if anything, an attempt to convince people that they are backing down, when it is nothing of the sort.
The most worrying aspect of the id system is the creation of the biometric database, not the card itself. The card itself may be the most visible, but it's almost a red herring, so you will see more ploys like this to show the government "giving in" on the card aspect, without any budge on the crucial part of the database itself, which is scariest part.
In short, this "watering down" claim is a decoy, and means less than nothing.
Exigo spamos et dona ferentes
'The majority of instances where people use their identity cards will be day to day situations where the cards offer a convenient method of proving identity such as a young person proving their age to buy alcohol,' he said.'"
Whoever said that should read the law. The law as passed makes it an offence for almost anyone or olmost any organisation to even ask to see one's ID card. The only bodies allowed to do so are very presecriptive and so are the punishments for anyone breaking this law. The fact that a government spokesperson is so misinformed about the law they're supposed to be defending highlights the absolute mockery of this situation.
The only way an ID card will prevent deaths from terorism is if it's made of kevlar and happens to stop a bit of shrapnel, and unless we want little old ladies being arrested in the street for forgetting their ID card then it's logically flawed in preventing almost any crime.
The only think it will do is make the proffits from ID theft/fraud even more lucritive and tempting and the crimes which will enable them will become more tempting...which may well lead to kidnaping, murders etc in order to allow someones ID to be stolen. The staff maintaining the system will all need heavy protection and high security monitoing to prevent them being subject to extortion etc.
May I offer a radical or extreme solution?
The ONLY "ID card" that simply can't be faked is the person himself. In other words you don't issue ID cards at all. When the cop on the street wants to know who you are he takes some measurement of you, such as say a photo of your face and or asks you speak out loud into a microphone, to get a voice sample. Then this info gets compared to a database. Any other system can be faked.
If you think about it, this is how "ID" used to work centuries ago. People would just know you on sight. Very few people ever travelled far from home so they always lived with people who knew them. Technology could bring back such a system.
On the other hand, there are people who really are looking forward to just being able to carry around one piece of plastic that serves as an all-purpose ID card. I think they're crazy, and I expect you do too, but I'm not sure it's my place to deny them the right to jeopardise their identity in that way. The only argument I can see for doing so would be to avoid compromise and loss of confidence in larger systems.
Something tells me they'll still get the expats in the end, probably when we renew our passports.
I bet she weighs the same as a duck.
Reprehensible woman. Put her in the stocks.
Give her a taste of her own medicine - lock her up for 42 days - and if she's good, someone might even remember to feed her.
After all, anyone who spreads such blatant lies must be a terrorist.
"She's furniture with a pulse"
The People standing to many money for ID cards, is only EDS, everyone else loses. EDS wins just about every UK government IT contract and then goes horribly over budget, see for example the NHS computer system debacle. I'd like to see the public finance office (which audits UK government contracts), have a good look into EDS contracts.
Meanwhile ID, are 10 billion pound waste of money, that will create move government intrusion into peoples lives cost the average person money and time, and offer nothing of true value in stopping crime. 10 billions buys a lot of police office on the streets and investigating crime. Why waste it on fakable bits of plastic that everyone will have to replace each time they lose a wallet.
A Further problem will the new cards, is if they are dropping the biometric ID, or rarely using it, then each time I have an ID card stolen, i'm opening my self up to identity theft. So the new
plan would me more vulnerable to ID theft not less.
This is standard practice for governments in the UK - ask for a totally over-the-top thing to start with (more than you want) then when you tone it down slightly people stupidly see it as a "victory".
Unfortunately, the "representative sample of the British public" still thinks ID cards are great. At least, until they realise how much it's going to cost. Those of us who are actually opposed to them on libertarian grounds are a pitifully small minority. :(
I'm not convinced that boiling the frog even works. Can anyone point to any evidence that it does (or doesn't) work? If it does work, how long does it take? Hours? Days?
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
The Dutch introduced, quietly, ID cards for everyone, then after a couple of years made not carrying ID punishable by fine. You already have to present ID for numerous silly reasons and they're quietly adding more. Cop walking by? Show DI. Youngsters buying alcohol? Show id. Want to buy food in a supermarket? Some refuse cash, which means either bank cards and electronic transfer (which gives them your ID) or credit card, for which they demand ID.
What freaking business does everybody have with MY ID?!?
If real cash isn't good enough for these bozos, I want anonymous electronic cash.
I want an ID card with which I can prove I'm old enough to buy alcohol without divulging my name, birthdate, ssn, address, medical records, and so no and so forth. It can be done, and the technology is called ``zero knowledge proofs'' -- prove I know/have/am something without divulging the info.
I want a government that respects and forces everyone else to respect my privacy. This, people, is not it. These are governments that have joined various security vendors in a circle jerk for harder binding of identity for people, using biometrics and RFID and whatnot else, and all that does is make identity theft easier and harder to undo, in addition to treating everybody as a criminal from the start.
Can we please all wake up and demand privacy protected ID from our governments?
I certainly think she's lame as one.
Baka Drew
"No, the purpose is selective enforcement"
...and selective enforcement, is a slower way to boil a frog. The point being, once they have a basic system implimented in law, they can then introduce new technology, controls and additional laws over time. So at first, introduce selective enforcement, then over time, widen the scope to much greater levels of enforcement. This way, they slip the full idea past opponents as opponents, *at this time* only have to agree on small parts of the overall idea. The control freaks who want this system, are starting to tread more carefully, now they are getting more (unwanted) attention on their plans. They still intend to have the full system, but they are now bring it in bit by bit. Don't want to heat the water too fast, or the frog will jump out the water.
But its wrong for the opponents of this system to say this is a U-Turn. "U-Turn" is political talk for implying a back down. This isn't a back down, the control freaks still want this system, no matter how many times they are told it will not work.
There are 10 kinds of people in the world... those who understand binary and those who don't.
IDs as a service are very nice. It is tremendously useful, that you can give someone your ID, and even more one that is legally binding, as it is issued by the state. Much better and less troublesome than an electricity bill for example. The pragmatic approach of the US which uses drivers licenses for this is also acceptable, but it creates problems if the state sacks your license.
The real problem becomes increasingly clear and that is the problem of the black box. If you store the biometric data of millions in a government database, there is no control over who uses it for what, who is manipulating data. There is no sensitivity to this problem, amongst the laymen whatsoever.
It seems to me that much of the problems with any form of national ID card could be mitigated if you had different cards for different purposes. If I need to be able to assert that I'm old enough to buy something, all I need is a difficult-to-forge card that asserts that fact, and ties that fact to me (with my photograph perhaps). Such a card has no need for my name, my address, or any other facts about my identity. If you wanted to get fancy, you could digitize all of this information and have nothing appearing on the card at all.
This is the well known principle of avoiding putting all of your "eggs" in one basket.
Similarly, a license to drive should be based on my ability to drive. My identity doesn't matter, at least beyond what's needed to prove that I'm the rightful holder of the license. I might need to present some identification to the government when I obtain the license, but that doesn't need to remain with it. So you could have a separate card (or set of digital credentials) for that.
There's also a security advantage in that the only thing your driving document is good for is driving a vehicle where you have passed a test. It cannot be used to impersonate you in respect of anything unrelated to driving. Unlike the current situation where, especially in the US, what is really a "machine operator's permit" has been overloaded with all sorts of things which have absolutly nothing to do with driving a motor vehicle on the public highway.
It's the concentration of all of this into one card that makes that one card so valuable to thieves and a police state.
And risky for your if it is stolen or even compromised. It can even be used to do things you have no intention of doing in your name.
But for most of the uses of the various identity/license/payment/shopper cards, they need to know very little about me. Usually just an account number of some kind, a way to ensure authenticity (digital signature, watermark) and a way for people I present the card to to verify that I'm the rightful holder, if that even matters (like a photograph, or a hash of any kind of biometric data).
The problem is that "identity cards" actually address the wrong "problem". A bank dosn't need to know "who you are" so much as they need to know that you have legitimate access to an account, e.g. are you the same person who opened it? Indeed a bank accepting a document issued by a third party (or even fairly public knowlage about a customert) as proof that someone is their customer is a rather large security hole.
On the other hand, there are people who really are looking forward to just being able to carry around one piece of plastic that serves as an all-purpose ID card. I think they're crazy, and I expect you do too, but I'm not sure it's my place to deny them the right to jeopardise their identity in that way.
Just because some people are foolish is no reason to demand that everyone acts like a fool. (Or for everyone to live in houses made of straw build using bricks would would be "discrimination against" those who think straw is a good building material.)
This bit makes no sense at all.
This sounds like having a credit card without putting the account number on the card ... I can't see how it would work.
Unless the card contained enough other information, like national health number, driving license number, name and date of birth, which you could lookup in the central database .... and get the Niro number.
And of course, only authorized people would be allowed to do that. Like the police, immigration, the local council, high street banks .... mobile phone shops, car hire companies, and the big supermarket chains (Tesco offers banking and financial services).
I kind of thought that was the whole reason for the system. A method of establishing a persons identity so that you could look up their details in the database. How long before commercial companies realize that if they take all the data that is easily accessible on the card (name, date of birth etc) and create a hash value, then that itself becomes a unique identifier that they can use. Combine the hash with the persons full name (from the card) and the chances of collision are fairly remote ... creating a unique identifier for every person in the UK based on the data from their ID card, which can be used "to track a person's everyday activities".
I made no such demand, or even suggested such.
I was merely making the point that I've met Real People who don't worry as much about privacy as you or I, and are looking forward to trading what privacy they have right now for a little convenience, and that any proposed system should be able to included their (ill-considered) desires as well.
You could still do this, and stay within the spirit of compartmentalization, by digitizing all of the data on the card, and using a card+reader that allows you to (securely) decide which bits of information you want to share.
Theoretically possible, but I suspect that eventually, there would be a diverse range of card readers out there and no way for a card user to easily determine whether they are a) official and b) uncompromised. See also chip and PIN.
With a sufficiently capable card, you could make your select on the card itself. But we're straying too far into the realm of science fiction, unfortunately. Maybe in another 50 years.