Slashdot Mirror
UK National ID Card Cloned In 12 Minutes
Death Metal writes with this excerpt from Computer Weekly, which casts some doubt on the security of the UK's proposed personal identification credential: "The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning. The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card. Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes."
I just can't wait for national ID cards here in the States! It'll be great for plausible deniability: "Oh, you say you saw ID? Prove it was really me."
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
I think that will boost Nokia sales in the UK!
http://www.automatiq.se
With these things, that if it can be read by a device, then it can be broken. All that differs is how long will it take to break it..
People Talking in Movie shows.. people smoking in bed.. people voting republican.. GIVE THEM A BOOT TO THE HEAD!
Just ban cell phones and laptop computers!
I bet they head-hunted members of the Windows XP team to implement this in the UK. That can't be a coincidence. Great move guys...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Guess they got spent a bit longer on the security aspect than most Government IT projects then.
The advertisement on Slashdot off to the side said, "Security You Can Trust." How sarcastically fitting.
Does anyone have any technical details on how this was achieved?
-= This is a self-referential sig =-
I've not read TFA, because it's the Daily Mail, and I'd rather poke my eyes out with needles, but I'm assuming until I hear otherwise that this is duplication of an ID card, not creation of a new one: i.e. you end up with a clone, containing the original biometric data, rather than it being an exploit that can manufacture new, seemingly valid, ID cards for new individuals. Check the biometrics on the copy, and it won't match up with the person who's holding the clone.
Still bad, just not as scary as the headline suggests. Note the Mail's reason for existence is to print scaremongering headlines to give the UK's middle classes something to moan about: immigration, foreigners, bureaucracy in europe, etc.
Am I the only person here thinking that cloning a card containing biometric data means very little? I mean, unless you're gonna have plastic surgery too it makes little difference who has measurements of your cheekbones and ears. Not that I like ID cards mind you and I'm also nervous of biometric data being collected on me, but I'm not sure it's as much of a big deal as it might be.
If it's digital, exact copies are possible.
If it's digital, because of the convenience, analogue security measures will be taken less seriously.
If it's digital, uninformed politicians will think it cool, and believe in it like some do in 70 virgins.
If it's digital, the process is fast and can be automated, and the threat is increased a million-fold (out of arse, of course) by sheer statistics. We need slow electronics
If it's digital, tampering is undetectable.
Either way, this digitally secure ID thing can only lead to government saying: "Look! We've tried, and you also know that the only way to do this properly is to put you all in a database and track your every move."
Can we perhaps agree on forsaking digital security just because it's cheaper and faster in cases where we don't need it anyway (i.e. when people aren't up to no good)?
This is the sort of news which I would think the Government would suppress, as it undermines the validity of the card.
Not only does it make the card next to useless for performing any more than basic "You look like the guy on here, so you're that guy" driving-license-type identification, but it also gives "reasonable doubt" to the whole ID card technology.
Now all we need is someone to get these details onto the National ID Database (when constructed, if Labour stay in, which I sincerely hope they don't) and have a perfectly valid ID card manufacturing scheme. That, or we need to start living in Gattaca.
Finally had enough. Come see us over at https://soylentnews.org/
Twelve minutes, unreal.
I work in the smartcard industry and most of the time those "breaks" mean nothing: usually the "hacker" simply reads the publicly available information and claims that the system is "broken". The reaction of the public is always interesting and shows that many users do not understand the goals of such a system, probably because the politicians that buy those systems do not explain them very well.
However in this case the article claims that they were able to clone the card AND modify the information in the cloned card, which is really the hack that those cards are trying to prevent. This article is heavier on details than many others and that makes it more credible, but the details are still muddy. I hope that the journalist missed a crucial point and that this card is not as insecure as he thinks.
Small-scale, private smartcard-based systems can be cracked, usually because they are badly installed and used. Large-scale, private smartcard-based systems can be cracked (just look into the MiFare Classic debacle) but it involves months of hard work from people with PhDs and access to expensive equipement. Large-scale, govermental smartcard-based systems can be cracked, but I would be really surprised if it took only a few minutes. Unless that hacker presents the attack in details, I will file this one in the "baseless fearmongering in order to sell more papers" folder (which is already bursting BTW).
Nobox: Only simple products.
I thought with the departure of Jacqui smith, this diabolical scheme was being abolished? Why are they not listening, no one wants ID cards.
Especially if key data is local to the card, then again they do it with pin's on credit/debit cards, I'd imagine 10000 combinations doesn't take that long to crack. Who thought that was a secure idea.
Case Study: Phantasy Star online Ep 1 & 2. The character information was stored local to the user resulting in a mass of illegitimate items and characters.
The whole concept of a secure card is crap unless it verifies against an external DB.
The logic is simple:
If you fight City Hall, you WILL lose.
The Govt. is a beast and it will now put this hacker on a terror list, and for good measure add him to the s3x-offender list too.
This poor guy will spend ALL his money to fight the Govt. in courts, while the Govt. uses his tax money to fight him.
Until he squeals: "If the Govt. does it, then it must be the best.", the Govt. will continue to gag him and all others who criticize it.
"Doing what i can, with what i have." ~ Burt Gummer
You will be assimilated. Resistance is futile.
My favorite part of this article, was the response by the officials. Excuse us we need time to come up with an excuse, err.. a response to these allegations. We could just say, "Yes we care about the protection of your identity, but first I need to doublecheck the validity of that statement. Thank you."
The system is perfectly safe ... just don't let your card out of your sight for more than 11m59s. Citizens do have to take some responsibility after all!
Storing a simple hash of the card contents with the hardcoded UID of the card and checking if they match when reading a card is enough to prevent any such attack. While you can copy the card and even change contents on it, it will never validate as an authentic card. Aside from that, smartcards have really gotten quite smart, as far as I know, there are no practical attacks against the newer MiFare cards(most hacks on Desfire or newer systems target the implementation of the system, not the cards themselves).
Unless there have been leeps and bounds in smart card technology in the past couple of years I think this is an overstatement. A few years back I made most my money buying blank smart cards, copying the information from the satelite TV smartcards, changing a few places in the hexidecimal coding, and selling full unblocked TV. Of course we would tell the user to remove the cards from the boxes at night when the companys would do system checks that fry any unauthorized cards. And the cost of such equipment, $49.95. Not expensive and on about average, 15 minutes of work. If the UK is using the same format, that would be a real easy "hack".
Comment removed based on user account deletion
Which Nokia phone has the RFID hardware?
I was thinking of buying a dedicated rig to play with, but if I can just get a new phone instead it will work out much cheaper.
They cloned it and then changed the data! /. but sometimes it is a good thing to RTFA
I know this is
The whole point of the ID cards for the government is to collect even more private information about anyone they can and keep it in a database for ever.
These cards seem to be ICAO compliant, so the biometrics cannot be changed unless you are able to break X509 certificate infrastructure or either RSA or ECC signatures or SHA-2 hashes. Come on guys, you can see the gold coloured chip logo for ICAO compliant ePassports right above the name of the name of the holder. Ian Grant (author of the article), you are a misinformed idiot.
Whilst this is a failure of some rudimentary security system that was supposed to protect the data stored on the chip, this is anot a cloned card per se.
The chips on these ID cards, and the new UK passports, are there to enhance the integrity of the DOCUMENT, not be secure stand-alone identifiers alone. For instance you can easily copy the data on a chip once the security has been defeated but to accurately copy the paper part of the document including the watermarks, UV sensitive fibres, holograms, raised ink, irridescent coatings, etc. takes a lot of time and effort that most people won't bother with. Some do bother as a lot of bent banknotes will testify to.
These cards like the passports SHOULD when tested/checked be read by a human being who knows how to check the security features (e.g running your fingers over the top of a banknote to check the raised ink), check the details and the photo are correct and do not seem to have been tampered with, then they can check that the data on the chip matches the data printed on the paper/plastic. If they match then there's a very high chance that the card/passport is genuine.
Just checking one portion rather than the other defats the purpose of these designs.
Weak systems will always be exploitable. UK Border Control staff/Police/Home Office drones need to know that that no document is unforgeable and to maintain the integrity of a system requires knowledge and training on the part of those who are attempting to enforce it.
Smokey, this is not 'Nam, this is bowling. There are rules.
For years, people have mailed me with offers to increase my penis size. I've never believed them. But now I know that my biometrics can be changed. This must be so if the Daily Mail says so.
I want one of these cards. Yes, I'll take it in gold, with diamonds.
The researcher used a mobile phone to clone the card, suggesting that the card itself uses the same GSM SIM card protocols for reading and writing the data area. Probably the data is held in a 'phonebook' style bit of memory. Now here's the thing - people have been able to backup and modify the data on GSM cards for years - but this is not the same thing as cloning a GSM card.
If this is anything like the digital passports, then there is a signature. You can generate a fake passport card with your own photo and ID, and you can even generate your own signing certificate, sign the card, then stick it into an automated machine and it will show your fake ID+photo. There's an Wired article detailing the process. However, you can not travel on one of these - the architecture allows every nation to have its own Certification Authority, but the passport readers have to be set up to accept it. There's no way to become your own CA, and then magically get your card accepted.
So, back to the story. It looks as though it's easy to update the data on this card. So what? Until they demonstrate that the data on the card can actually be used to do something nefarious (like authenticate yourself as another person to claim benefits) without setting off alarms the moment the card is plugged into the actual system, then what threat is this? How do we even know that the cloned card is a true copy - the Daily Mail isn't exactly known for its rigorous approach to science news.
"The Home Office has dismissed the report. "This story is rubbish. We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened," said a spokesperson.""
http://www.theregister.co.uk/2009/08/07/id_card_hacked/
U+F8FF
From a previous article on cloning e-passports: In fact, van Beek says he didn't change data on a passport chip.
So van Beek denies that he can actually change the data, and yet the Daily Mail say he can? Hmmm.
Also, the British government isn't in the business of biometric chip design - the card was actually designed by the Thales Group. Blame the government for the policy, but if there was a technology screw up, blame Thales.
As the goverbent has responded saying they don't care, the researcher should wiki leak the process so we can all have a go, 'll have max benefits on mine, I shall also change my name on it to a Mr G Brown.
The attack is simple:
A criminal gang starts scanning lots of cards. This can take place at airports, concerts and so on. The actual person doing the scanning is a low-ranking know-nothing who is just following orders. Disposable.
The scanned details go into a large database controlled by the gang. It will contain tens or hundreds of thousands of cards.
Someone wanting a card goes to the gang and sits in front of a camera. The face scanner looks at their facial geometry and gives a list of cards which have faces which look closest. Pick one, pay up and you've got yourself a new cloned ID in minutes.
Forgery? Not in this century.
Facial is sufficient for most uses envisioned by Big Brother. For instance, if you have an Australian passport, you probably already know about the new walk-through system being introduced for Genuine Aussies. Go through the channel, the facial recognition system remotely reads your card, looks at your face and lets you go through.
Don't be too surprised if armed police bust into your home at 6AM. If I were going to do a kidnapping or murder, I'd be carrying a clone of someone else's ID.
Yours would do. Nothing personal.
There needs to be a PUBLIC Parliamentary Inquiry and the first question should be: What high priced idiots did you hire to build this? Seriously, some very high level people need to be kicked out the door for this.
In the public sector there are consequences for gross negligence, usually people get fired, there are lawsuits, sometimes there's jail time. I still can't get my head around why there is apparently so little accountability when tax money is wasted on projects that are poorly conceived or poorly executed, like this one.
I thought with the departure of Jacqui smith, this diabolical scheme was being abolished?
Sadly that was Government spin. The "not compulsory" simply means that they're not currently planned to be mandatory for everyone, however, they will still be mandatory for a range of people, in particular anyone wanting a driving licence or passport. I.e., soon you will no longer be able to get a passport on its own, you'll have to get one combined with the ID card, with all that entails such as the massively increased cost (over £120 including processing fees), and your fingerprints and other details going on the national identity register database.
In fact, despite the alleged climbdown, only recently did MPs approve the £1000 fines for failing to notify the authorities of a change in details.
Don't be misled - ID cards are still going forward.
Many of the United States are on the path to have a national ID card as well. But not New Hampshire. The ability of any average citizen to testify on any bill before the Legislature is one of the strengths of the governmental structure here. I enjoyed testifying before the NH State Senate that there is no such thing as a completely secure database.
Part of the Second American Revolution!
I thought this was Slashdot. Where in the hell is the information on the hack itself?
"...And then the magical hacker waved a wand over it and it was cloned. After cloning the card, the grand wizard placed it in his magical Black Box of Mystery and managed to change the data!"
Incredible! Who needs details?
Any relation to Hugh? If so we can expect a skit about this any day now.
The Time to Hack any product, protocol or program can be calculated as
Useful Time of the target - (How useful the target is + How common the target is + How much boasting about how Unhackable the target is)
So in this case any national id card for any first or second world country yah TTH is about 12 minutes
Any person using FTFY or editing my postings agrees to a US$50.00 charge
The issue isn't really with the ID cards (although they stir up a lot of antagonism with memories of WWII).
The issue is with the centralised database used to track all transactions. The card could work locally using biometrics and digital signatures, but the government seems keen that all uses of the card are online with access recorded in the id database. The access is linked to the unique reader ids, so they can track you using it. The card itself is essentially irrelevant.
Here's what Señor Socialism should have done:
1) Kept his trap shut about matters of which he knew NOTHING.
2) When looking for other courses of action, refer to (1).
Aside from that, good luck on getting any elected official in washington right now (aside from Ron Paul and a couple other 'kooks') to use the word "unconstitutional" when referring to any action taken by a police officer that could extend to observations of their own organizations' methods.
And the government expert witness, on the goverment's payroll of course, will say the ID is nearly infallible and you'll end up in jail.
I think this is symptomatic of the biggest single problem with so many government powers.
Things will inevitably go wrong in any system as large and complicated as running a national government. This will be true even if everyone tries to be diligent and acts with nothing but good intentions. There is no point either pretending that this won't happen or pretending that it would be better if we dropped all government systems that could possibly cause such problems no matter how much good they might otherwise do.
However, there should always be a system in place that allows mistakes to be detected and put right quickly, and without making things any worse for the unlucky victim. This is particularly true in cases of mistaken identity or other factual errors, where the consequences might be anything from financial loss such as being denied benefits or overtaxed, through loss of reputation and all the damage to relationships and career that might entail, right through to violent arrest and detention (or worse).
As a declaration of interest, I am particularly sceptical about any claims relating to ID, because I was once overtaxed significantly due to a case of mistaken identity at a government tax office. It was bad enough that I was left short of money to pay my rent without warning, but even worse that it took nearly three months and a huge amount of effort on my part to get it put right, and I never received so much as a real apology or full explanation afterwards. I can forgive a data entry error by someone who's probably earning near the minimum wage and typing hundreds or thousands of these numbers every day. I can't forgive a system that damages me for months afterwards because it can't acknowledge that it made a mistake.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Google "Jeremy Paxman" or "Robin Day" to discover how political interviews should be conducted.
While I agree with you that the BBC make a reasonable effort to be critical of the government when it's justified, I have to challenge the claim that Paxman is a good political interviewer.
Perhaps he once was, and of course his endless repetition of a single question when a government spokesman would not answer is legendary. Today, however, several prominent BBC hosts/interviewers, including Paxman, seem intent on speeding through a long list of loaded questions and not even pretending to offer guests a chance to reply properly.
I actually find it refreshing when a political old hand who is on the show to make a real case cuts the interviewer down rather abruptly by asking to be given a chance to reply (or something a little more pointed than that). To paraphrase a little, I might not agree with what they're going to say, but I still respect their right to say it. Robust questioning is fine, necessary even. Cutting through spin to get to the real details, sure, go ahead. But not giving a guest a chance to reply to the challenges put to them is just a pointless waste of everyone's time.
Getting back to the topic at hand, the whole ID cards issue has been ridiculously mismanaged by much of our media in the UK. There are genuine arguments both ways; indeed, many of the negatives are more about the National Identity Register than the ID cards themselves. But instead of getting proponents in to make a case for real advantages and allowing opponents to talk about the big picture and not just the cards, we get this endless stream of cloned interviews, locking onto the same political spin from several years ago, backing guests from both sides into a corner before they start and not advancing the debate at all.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
... they don't get Tuttle confused with Buttle, what's the big deal?
Have gnu, will travel.
No, there was never any doubt.
Planning to be moderated ± 1: Bad Pun.
Did you read the page you linked to? It says:
'In Hiibel v. Sixth Judicial District Court of Nevada , the Supreme Court upheld state laws requiring citizens to disclose their identity to police when officers have reasonable suspicion to believe criminal activity may be taking place. Commonly known as "stop and identify" statutes, these laws permit police to arrest criminal suspects who refuse to identify themselves.'
http://www.knowmyrights.org/faq/4th-amendment/when-do-i-have-to-show-id.html
This is why I'm studying IT security. Boy does this field need some help.
Someone flopped a steamer in the gene pool.
If a system of compensation were created, then perhaps the government would be less tolerant of mistakes.
We send people to death row on little more than unreliable eye witness testimony
We do?
The US does. The Innocence Project has proven the innocence or had arranged the pardon of 4 people this past week. Ernest Sonnier had been in prison 23 years for rape when a DNA test cleared him. A report on the lab that originally ran tests that was used to convict him "details dozens of testing errors and questionable practices uncovered at the Houston lab." I don't recall if it was Alabama or Louisiana but one of them had a problem with an investigator, he had been caught manufacturing evidence. In one case though though he had been caught the state supreme court has upheld the conviction on another person on deathrow ruling to the effect than just because he manufactured evidence once it doesn't mean he did in all cases. Yet they wouldn't allow new tests.
Falcon
Should there be a Law?
either lobby to get the law changed, or MOVE OUT OF MY COUNTRY.
I enlisted in my country's military to defend it, did you?
That is all!
Falcon
Should there be a Law?
Trouble is, when given the choice, the vast majority of people would choose to not pay for military support, thinking "everyone else is paying for it, it won't matter if I don't".
That's alright by me, I've said for years we should have a citizens military with a small core of professionals. We don't need a military as big as we have, or one spread all over the world.
Bank runs don't make for stable economies. I suspect you're not an economist - a lot of economists put a lot of thought into what the government is doing, and a lot of them think it was the best course of action.
And other economists who put as much if not more thought into it opposed the bailouts.
A lot of us citizens don't necessarily mind bailing out the banks (given sufficient oversight), but like I said, if you don't like it, you can always vote for someone who shares your views. (You're about to complain that such a person would never get elected. Shouldn't that tell you something about the views of the majority of Americans?)
No, that tells me government has gotten too big and exists outside the limits put on it by the Constitution of the USA. Fine, if you want government to do something it does not have the power to do, propose an amendment, don't treat the Constitution as toilet paper.
Falcon
Should there be a Law?
what with the scrawniness and nerdiness...
I was both of these too when I went in. Scrawniness? I was 6 foot and weighed 165 pounds. Nerdiness? While in high school I debated with myself whether I'd major in Computer Engineering or a Marine Science, CE won. If I knew then what I know now I would have done a double major, CE and a Marine Science, perhaps Oceanography or Marine Biology. I took both computer science and Marine biology classes in school as well as chemistry. Though only 1 year of bio was needed to graduate I took 4 years of science.
When I went down to the recruiting station they asked me was I wanted my MOS, Military Occupation Specialty, to be. You could hear all the gasps when I said infantry. The person looked at my ASVAB scores again then stammered I could go into any field I wanted to, why would I want to go into the infantry. Actually at first I said I wanted to go into the Special Forces but he said you can't enlist into the SF but had to request it once you were in. Here I was a scrawny and intelligent kid wanting to be in the Special Forces? GASP. But within a year of going in I met all qualifications to earn the Expert Infantry Badge but 1, the qualification I did not meet was the requirement that the person be in the army at least a year. I didn't know that at first and was wondering why I didn't get it so I asked my CO, Commanding Officer, and he told me about the 1 year requirement. Then he said I could get it next year, but I old him I didn't need it, I wanted to know if I was capable.
By far the hardest part of being in the Army was following orders, I'd come right out and say I thought an order was stupid if I thought that, and keeping my hair cut. When I went in my hair draped my shoulders but they don't like your hair touching your ears.
Falcon
Should there be a Law?
If this hack is really that easy, you should be able to come up with a security expert willing to counter than government security expert.
It's not merely a matter of finding an expert who can counter the government expert, the defendant also has to pay them and they have to be available and willing to testify.
Falcon
Should there be a Law?
the Prof followed him outside and put his hand on the cop. Big difference.
I don't know if the prof touched the officer, but the officer asked him to step out. Big difference.
The professor was simply being immature:
I doubt you're Black, many have felt they were harassed by law enforcement for no reason other than their colour. While the professor may of taken it too far, for many Blacks it is a natural reaction. What bothers me is that there were two officers there, one is Black and both White and Black officers back this White officer.
Instead the professor postured, took it too far, and a situation that should never have happened occured. The professor was simply immature and should grow up.
I don't know or recall his name but a judge on the Larry King show said the officer went too far too. I think it would of been handled much better if Obama had proposed the Beer Summit sooner and not said anything about who was at fault before then.
Falcon
Should there be a Law?
There are court cases saying you have to present ID if demanded by a cop.
That I know of there is no law requiring people of have ID in the US, and it's hard to require people to show ID they don't have. Searching... I found this that says "The rules are different for drivers and immigrants, who are required to provide identification upon request."
The woman who made the call has been harassed and ridiculed for the call. I don't see how that's an anonymous tip.
I agree, and I thought I heard someone say on CNN the professor thanked the woman for calling the police.
Falcon
Should there be a Law?
If you don't see a problem with being tracked, you would have loved living in NAZI Germany or the Soviet Union. If you don't see a problem with having to prove you're innocent and not the the police having to prove you're guilty then perhaps you'd like to have lived in Spain during the Spanish Civil War and General Francisco Franco's dictatorship.
"They that can give up Essential Liberty to obtain a little temporary safety deserve neither Liberty nor Safety." Benjamin Franklin
Falcon
Should there be a Law?
I have no problem showing my ID if asked (I'm 41, and was never asked to show it, except while driving through police "blocks", maybe 10 times or so). I'm Ok with exchanging this bit of "freedom" or "privacy" for better security.
I don't have a problem showing my driver's license if I'm driving but I have a problem showing ID otherwise, and I'm 47. I am not willing to give up any liberty for the illusion of feeling safer either.
What is the downside?
Giving government more power over you. Police are supposed to serve and protect not demand ID whenever they feel like it.
Falcon
Should there be a Law?
He had every right to bitch about his unjust treatment
First, thanking the woman isn't backing down, it's showing you appreciate a neighbor watching your home. Also he may of had the right to bitch but there's a difference between that and becoming belligerent. Instead of yelling at the officer he could have asked for his name and badge number then said he was going to file a complaint. Whatever you do you don't yell at an officer.
If I were in Gates shoes, I'd be hiring a lawyer and prosecuting the cop to the full extent of the law.
If I were in Gates shoes, I'd try to find out why the officer acted the way he did before going off half cocked. And that's exactly what I have done, I've been pulled over while driving not knowing the reason, and each tyme I asked why. I remained calm and polite then was left alone. If I thought I was harassed or pulled over for a fishing expedition I would have filed a complaint.
Hot heads don't solve anything.
Falcon
Should there be a Law?
I win :P
Okay, so what classes did you take in high school? How much science?
Falcon
Should there be a Law?
Mitigating factor - I believe in an afterlife.
I don't, nor should I have to to have justice.
So no, I would not believe it's better to let ten guilty people go free than to convict one innocent person. (In fact I'm quite sure the false positive rate is much, much smaller. Try not to misrepresent it as 1 in 11, ok?)
You may not but I do, I don't believe in your superstitious beliefs of an afterlife. I'm sure China will accept you though, then when you're executed the government will even bill your family the cost of the bullet.
I am willing to allow a tiny false positive rate rather than allow a large false negative rate - and if the event arises that I am falsely convicted, I will maintain that stance.
Fine, move to China, just don't force me to live in your world.
Falcon
Should there be a Law?
The old fashioned ink-on-paper method with a few holograms added is very effective. There's no way for someone to read that ID as long as you keep it on your wallet, out of view.
Until you're mugged or robbed. They are still forgeable. I prefer that over RFIDs though.
Falcon
Should there be a Law?
Unfortunately, ID cards by their nature cannot be produced in a central, well guarded, press.
Actually they can be. Unlike some states that make and give people their ID or driver's license where they go to get it, Minnesota mails them from a central location. The federal government does, or can do, the same with Passports.
Falcon
Should there be a Law?
The power to require ID, "papers please", and to track citizens to start with.
How about you present an alternative to our current justice system which gets a smaller false positive rate while maintaining a low false negative rate.
Seeing as there's this thing called innocent until proven guilty the burden is on you not me to prove the justice system has to have more power. You're the one who wants to punish the guilty, I want the innocent free. And I'd rather have 10 guilty go free than falsely punish one innocent.
Falcon
Should there be a Law?
The best idea with keeping information secure is to not give it away
Only until security is broken. Just as with closed source vs open source software, closed security is only good until it's broken. With open source though thousands can read and improve the code. Security by obscurity doesn't work that well.
Not that I think ID cards should use open info, I don't agree these cards are needed at all.
Falcon
Should there be a Law?
Papers please
What do you use to identify yourself?
I only want to have to identify myself when I want to, such as writing a check, which I haven't done in years or cashing a check.
Social Security card?
I don't want to and don't carry my Social Security card. Read yours some tyme, it's illegal to require it as an ID card.
Driver's license?
Guess what? Driver's licenses are called that because they are licenses to drive, not ID cards. They used to identify people as being licensed to drive.
How hard it is to forge one of these?
I don't care how easy they are to forge, the only legitimate use for an ID card is for financial transactions, and maybe for driving. Social Security? I don't believe in it, I believe in personal responsibility. Nor do I believe in income tax, a person shouldn't have to pay taxes on what he or she works to earn.
Falcon
Should there be a Law?
In the state of Illinois its already illegal to walk around without an id. They can actually fine you for not having some sort of state or federal id on your person when you step outside your house.
That's illegal in the US. In the Hiibel v. Sixth Judicial District Court of Nevada case the US Supreme Court has ruled that persons are required to identify themselves to law enforcement, however all they required was the person giving their name. "All nine Justices agreed that a person who is not behaving in a way that gives rise to an articulable suspicion of criminality may not be required to state his name or show identification."
Falcon
Should there be a Law?
Yes, photo and fingerprint. But the old card had the FP printed on it. Now it's inside the chip, not readable from the outside
And what happens if you lose your fingerprints? Tough luck? More than once I almost had mine compleatly sanded off on more than one finger.
Falcon
Should there be a Law?
I dare you to prove they are needed.
Falcon
Should there be a Law?
I would not be able to clone your card, then change the biometrics to my height etc. and pass myself off as you.
The difference is that with all the data on a server all it takes is one corrupt employee to create fake IDs or change data on people's cards. Oh yea, that's right there hasn't been any Anthony Blunts, Guy Burgesses or other Cambridge Five spies never mind any working for organized crime.
Facon
Should there be a Law?
"Wired" magazine has a better article.
Falcon
Should there be a Law?
van Beek says he didn't change data on a passport chip.
That's true, however he also said "I'm making another chip which works like the original chip, and that's the chip I'm reprogramming."
He changed another chip.
Falcon
Should there be a Law?
such as electronic voting, passports with chips etc -- is that geeks are often against it. Geeks, who generally love technology and gadgetry, are saying no.
Actually I think it's logical geeks are the one who often oppose stuff like this. They are the ones who would know the problems with them and how they can be abused. Unless of course they get caught up in the euphoria of new technology.
Falcon
Should there be a Law?
that wikipedia article is only one paragraph and puts a completely different spin on the "Rule" (and it is an inviolable rule from what i am told) as it fails to mention that the entity with the deeper pockets is spared the inconvenience of a lawsuit in many cases due strictly to the cost of entry.
For example, to reclaim a small piece of property a certain neighbor expropriated from me, it will cost me $20K. Mind you, this is a case with zero gray area, no dispute where the boundary line is, as a permanent survey marker sits in plain view. He has deep pockets and went ahead and built knowing exactly what it would take for me to dispute it. sure enough, i have reluctantly decided to let him keep it because $20K is just too much of my modest fortune to spend on 200 sq ft of land. If a case involves more debatable things, expert opinions, more depositions, witnesses, research etc., the costs go up quickly. parties of average income just usually can't afford to mount even the simplest of lawsuits. Judges can award 'damages' that can offset the costs of litigation, but there has to be some recognizable suffering or tangible loss. they cant just award you the money simply bc the defendant is a flaming douchebag.
look sig is kool
Maybe the solution is to elect men who aren't corrupt?
Like that has worked out so far. HAHA! I seriously doubt most people who go into politics or government start out corrupt. "Power corrupts, and absolute power corrupts absolutely" isn't just a saying. Even the USA's Founding Fathers couldn't avoid it. Alexander Hamilton, who is believed to be one of the writers of the Federalist Papers advocating a weak federal government with most political power resting in the states, grabbed for more power at the federal level as president.
Or better, actually weed out corruption! What a novel idea...
Like that hasn't been tried before. Ah but it was tried, after J Edgar Hoover and Richard Nixon abused their power. The power of both the FBI and presidency was cut down because of the scandals arising from abuse. Bush Jr then grabbed for more power after 911 though. I didn't hear many Republicans or conservatives complaining about that. But they're out now complaining, and making up stuff, about health care reform and Obama.
Only rarely does a politician come out in opposition to what his or her party proposes or pushes for on substantial issues.
Falcon
Should there be a Law?
compliment
Not me. Carding people, even older looking people, is nothing more than a defensive measure. I once worked in a convenience store and if someone came in to buy alcohol or tobacco I carded if they didn't look at least 40. Law enforcement would have Police Explorers, young people contemplating careers in law enforcement, go in and try to buy age restricted merchandise. Anyone caught selling to under aged people were arrested and charged with a crime. Some people wouldn't card just the person buying but everyone in the party. I've been to places that will not sell to parents who have children with them. I think all this is BS.
Falcon
Should there be a Law?