Slashdot Mirror
U-Turn On UK ID Cards
An anonymous reader writes "The UK appears to be watering down its national ID card system, with the revelation by the government that it will now only check the cards against a central biometric database in a minority of cases. Critics are saying it not only renders the whole scheme pointless, but will pose a security risk by making it far easier to use copied or cloned cards. 'But an Identity and Passport Service spokesman denied the system would be vulnerable to fraud: 'The majority of instances where people use their identity cards will be day-to-day situations where the cards offer a convenient method of proving identity such as a young person proving their age to buy alcohol,' he said.'"
convenient method of proving identity such as a young person proving their age to buy alcohol
"A claim for equality of material position can be met only by a government with totalitarian powers." Hayek
Personally I'd be more worried about some junior level government worker losing my data along with that of everyone else in the country when he goes digging through his pocket for enough change to buy lunch at the pub down the street.
So, this system will not be susceptible to fraud because young people will use it to buy alcohol, an activity known to create a black market in fraudulent identification. Brilliant!
Why, without your clothes, you're naked, Miss Dudley!
"check the cards against a central biometric database in a minority of cases." It says "minority of cases", I hear "Minority Report, welcome to 1984"
[]'s ereke
They feel the resistance so now they roll the IDs out as an inferior version of the original proposal. As soon as they push them through, they will turn around and make them mandatory in every possible situation, blaming it on worsening terror and crime situation.
Not if they loose the database each week and screw up _both_ the biometric data signing and
UID, which given the history of UK government seems most likely.
While a Brit, thank God I live in Switzerland, where the populace is educated, public data secure and FOSS is ever more popular while the Bundesrat can't pass laws the people don't like.
What the USA and UK need is Universal Democracy, and the Internet would allow large populations to get there.
What the democracies also need to is to issue X509 certificates, free, to everyone at birth
keeping the key card till children come of age.
I'm jealous of you folks in the US, at least you've got a new government in 2 months time. We're stuck with the same leadership over here for likely another 18 months or so. Given the current recession and the billions plowed into bailing out the UK banking system, I'm pissed off that such big budget projects such as this - with dubious benefits - are still on the agenda.
"I bless every day that I continue to live, for every day is pure profit."
Our Spiffy, Shiny, Radically New(tm) system that is horribly vulnerable to fraud isn't vulnerable to fraud because we will only be using it to do what the old and busted system was perfectly capable of doing! (Is there some aspect of this that isn't completely insane that I've missed out on?)
If they're seriously proposing this as being used primarily for things like proof of age when buying alcohol with no means to confirm the validity of the card, how exactly are they going to protect against things like this?
Frog, meet pot. Water's not too hot at the moment for you, is it?
Get your own free personal location tracker
There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant -- a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Except available without having to pass a driving test.
'But an Identity and Passport Service spokesman denied the system would be vulnerable to fraud...' ...and the ship is unsinkable, the volcano is dormant, the electronic voting system is un-hackable, and that really popular operating system doesn't totally suck.
But I thought "People 'can't wait for ID cards'":
The cards will be available for all from 2012 but she said: "I regularly have people coming up to me and saying they don't want to wait that long."
Someone should tell Jacqui that the people who stand to make lots of money from producing ID cards for the government wanting it to be done sooner don't count as a representative sample of the British public.
It seems to me that much of the problems with any form of national ID card could be mitigated if you had different cards for different purposes. If I need to be able to assert that I'm old enough to buy something, all I need is a difficult-to-forge card that asserts that fact, and ties that fact to me (with my photograph perhaps). Such a card has no need for my name, my address, or any other facts about my identity. If you wanted to get fancy, you could digitize all of this information and have nothing appearing on the card at all.
Similarly, a license to drive should be based on my ability to drive. My identity doesn't matter, at least beyond what's needed to prove that I'm the rightful holder of the license. I might need to present some identification to the government when I obtain the license, but that doesn't need to remain with it. So you could have a separate card (or set of digital credentials) for that.
It's the concentration of all of this into one card that makes that one card so valuable to thieves and a police state. But for most of the uses of the various identity/license/payment/shopper cards, they need to know very little about me. Usually just an account number of some kind, a way to ensure authenticity (digital signature, watermark) and a way for people I present the card to to verify that I'm the rightful holder, if that even matters (like a photograph, or a hash of any kind of biometric data). Why must everything be tied to a government identity?
Reprehensible woman. Put her in the stocks.
First say the system won't be used for this or that to quiet opposition and then introduce it. Once deployed the scope creep begins. For the amount of data leaks the UK government has had, it surprising that UK citizens allow any personal information to be captured digitally at all.
My ism, it's full of beliefs.
.... even in its watered down state, donate a little cash to the splendid NO2ID campaign: - I gave them £20 earlier this week and every little helps.
Did anyone really expect that the back end database would be checked for all use, no matter how trivial? No, of course not, so saying this is simply a statement of fact, and, if anything, an attempt to convince people that they are backing down, when it is nothing of the sort.
The most worrying aspect of the id system is the creation of the biometric database, not the card itself. The card itself may be the most visible, but it's almost a red herring, so you will see more ploys like this to show the government "giving in" on the card aspect, without any budge on the crucial part of the database itself, which is scariest part.
In short, this "watering down" claim is a decoy, and means less than nothing.
Exigo spamos et dona ferentes
May I offer a radical or extreme solution?
The ONLY "ID card" that simply can't be faked is the person himself. In other words you don't issue ID cards at all. When the cop on the street wants to know who you are he takes some measurement of you, such as say a photo of your face and or asks you speak out loud into a microphone, to get a voice sample. Then this info gets compared to a database. Any other system can be faked.
If you think about it, this is how "ID" used to work centuries ago. People would just know you on sight. Very few people ever travelled far from home so they always lived with people who knew them. Technology could bring back such a system.
On the other hand, there are people who really are looking forward to just being able to carry around one piece of plastic that serves as an all-purpose ID card. I think they're crazy, and I expect you do too, but I'm not sure it's my place to deny them the right to jeopardise their identity in that way. The only argument I can see for doing so would be to avoid compromise and loss of confidence in larger systems.
Something tells me they'll still get the expats in the end, probably when we renew our passports.
I bet she weighs the same as a duck.
Reprehensible woman. Put her in the stocks.
Give her a taste of her own medicine - lock her up for 42 days - and if she's good, someone might even remember to feed her.
After all, anyone who spreads such blatant lies must be a terrorist.
"She's furniture with a pulse"
Except available without having to pass a driving test.
So like a citizen card then?
Not everything that can be measured matters; Not everything that matters can be measured.
They seem to have forgotten about Clarence Willcock, a businessman who refused to produce his ID card to a police officer or to his nearest police station within 48 hours.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Unlike a driving license, you won't have to take a driving proficiency exam in order to obtain one, nor will it be taken away from you if drive recklessly.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
I'm not convinced that boiling the frog even works. Can anyone point to any evidence that it does (or doesn't) work? If it does work, how long does it take? Hours? Days?
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
I certainly think she's lame as one.
Baka Drew
"No, the purpose is selective enforcement"
...and selective enforcement, is a slower way to boil a frog. The point being, once they have a basic system implimented in law, they can then introduce new technology, controls and additional laws over time. So at first, introduce selective enforcement, then over time, widen the scope to much greater levels of enforcement. This way, they slip the full idea past opponents as opponents, *at this time* only have to agree on small parts of the overall idea. The control freaks who want this system, are starting to tread more carefully, now they are getting more (unwanted) attention on their plans. They still intend to have the full system, but they are now bring it in bit by bit. Don't want to heat the water too fast, or the frog will jump out the water.
But its wrong for the opponents of this system to say this is a U-Turn. "U-Turn" is political talk for implying a back down. This isn't a back down, the control freaks still want this system, no matter how many times they are told it will not work.
There are 10 kinds of people in the world... those who understand binary and those who don't.
It seems to me that much of the problems with any form of national ID card could be mitigated if you had different cards for different purposes. If I need to be able to assert that I'm old enough to buy something, all I need is a difficult-to-forge card that asserts that fact, and ties that fact to me (with my photograph perhaps). Such a card has no need for my name, my address, or any other facts about my identity. If you wanted to get fancy, you could digitize all of this information and have nothing appearing on the card at all.
This is the well known principle of avoiding putting all of your "eggs" in one basket.
Similarly, a license to drive should be based on my ability to drive. My identity doesn't matter, at least beyond what's needed to prove that I'm the rightful holder of the license. I might need to present some identification to the government when I obtain the license, but that doesn't need to remain with it. So you could have a separate card (or set of digital credentials) for that.
There's also a security advantage in that the only thing your driving document is good for is driving a vehicle where you have passed a test. It cannot be used to impersonate you in respect of anything unrelated to driving. Unlike the current situation where, especially in the US, what is really a "machine operator's permit" has been overloaded with all sorts of things which have absolutly nothing to do with driving a motor vehicle on the public highway.
It's the concentration of all of this into one card that makes that one card so valuable to thieves and a police state.
And risky for your if it is stolen or even compromised. It can even be used to do things you have no intention of doing in your name.
But for most of the uses of the various identity/license/payment/shopper cards, they need to know very little about me. Usually just an account number of some kind, a way to ensure authenticity (digital signature, watermark) and a way for people I present the card to to verify that I'm the rightful holder, if that even matters (like a photograph, or a hash of any kind of biometric data).
The problem is that "identity cards" actually address the wrong "problem". A bank dosn't need to know "who you are" so much as they need to know that you have legitimate access to an account, e.g. are you the same person who opened it? Indeed a bank accepting a document issued by a third party (or even fairly public knowlage about a customert) as proof that someone is their customer is a rather large security hole.
On the other hand, there are people who really are looking forward to just being able to carry around one piece of plastic that serves as an all-purpose ID card. I think they're crazy, and I expect you do too, but I'm not sure it's my place to deny them the right to jeopardise their identity in that way.
Just because some people are foolish is no reason to demand that everyone acts like a fool. (Or for everyone to live in houses made of straw build using bricks would would be "discrimination against" those who think straw is a good building material.)
This bit makes no sense at all.
This sounds like having a credit card without putting the account number on the card ... I can't see how it would work.
Unless the card contained enough other information, like national health number, driving license number, name and date of birth, which you could lookup in the central database .... and get the Niro number.
And of course, only authorized people would be allowed to do that. Like the police, immigration, the local council, high street banks .... mobile phone shops, car hire companies, and the big supermarket chains (Tesco offers banking and financial services).
I kind of thought that was the whole reason for the system. A method of establishing a persons identity so that you could look up their details in the database. How long before commercial companies realize that if they take all the data that is easily accessible on the card (name, date of birth etc) and create a hash value, then that itself becomes a unique identifier that they can use. Combine the hash with the persons full name (from the card) and the chances of collision are fairly remote ... creating a unique identifier for every person in the UK based on the data from their ID card, which can be used "to track a person's everyday activities".
I made no such demand, or even suggested such.
I was merely making the point that I've met Real People who don't worry as much about privacy as you or I, and are looking forward to trading what privacy they have right now for a little convenience, and that any proposed system should be able to included their (ill-considered) desires as well.
You could still do this, and stay within the spirit of compartmentalization, by digitizing all of the data on the card, and using a card+reader that allows you to (securely) decide which bits of information you want to share.
Theoretically possible, but I suspect that eventually, there would be a diverse range of card readers out there and no way for a card user to easily determine whether they are a) official and b) uncompromised. See also chip and PIN.
With a sufficiently capable card, you could make your select on the card itself. But we're straying too far into the realm of science fiction, unfortunately. Maybe in another 50 years.