Slashdot Mirror
UK National ID Card Cloned In 12 Minutes
Death Metal writes with this excerpt from Computer Weekly, which casts some doubt on the security of the UK's proposed personal identification credential: "The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning. The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card. Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes."
With these things, that if it can be read by a device, then it can be broken. All that differs is how long will it take to break it..
People Talking in Movie shows.. people smoking in bed.. people voting republican.. GIVE THEM A BOOT TO THE HEAD!
And the government expert witness, on the goverment's payroll of course, will say the ID is nearly infallible and you'll end up in jail. We send people to death row on little more than unreliable eye witness testimony, why do you think anyone gives a damn how many people may have copies of your ID?
I've not read TFA, because it's the Daily Mail, and I'd rather poke my eyes out with needles, but I'm assuming until I hear otherwise that this is duplication of an ID card, not creation of a new one: i.e. you end up with a clone, containing the original biometric data, rather than it being an exploit that can manufacture new, seemingly valid, ID cards for new individuals. Check the biometrics on the copy, and it won't match up with the person who's holding the clone.
Still bad, just not as scary as the headline suggests. Note the Mail's reason for existence is to print scaremongering headlines to give the UK's middle classes something to moan about: immigration, foreigners, bureaucracy in europe, etc.
All it takes is theft of a single piece verification hardware, or a single breach of security to extract the private key. This will probably even go unnoticed. And we can't simply give everyone new ID each time an unauthorized person had access to a government computer, can we?
No, the justice system is stacked in favor of the largest entity involved, regardless of whether or not it's in the state's interest. Didn't you notice that "victimless crimes" don't go punished when millions of people lose their life's savings as a result of a single individual, but /do/ go punished when someone may have lost a single DVD sale?
My favorite part of this article, was the response by the officials. Excuse us we need time to come up with an excuse, err.. a response to these allegations. We could just say, "Yes we care about the protection of your identity, but first I need to doublecheck the validity of that statement. Thank you."
Anti-ID card people, not just the "right wing" (ohnoes!) Daily Mail, always said that something like this was inevitable regardless of the effort put into securing the cards. The Government always brushed their concerns aside while expanding the list of people who would have access to the National ID Register.
If you got a Government spokesman on Question Time, and you were able to get into QT to ask an awkward question, then he would be as evasive as they have always been. Probably he'd just try to distract attention from the real issues. But the point is moot because all QT questions are vetted. The BBC wouldn't want to put the Government on the spot.
The tao of democracy: the government you can vote for is not the real government.
Storing a simple hash of the card contents with the hardcoded UID of the card and checking if they match when reading a card is enough to prevent any such attack. While you can copy the card and even change contents on it, it will never validate as an authentic card. Aside from that, smartcards have really gotten quite smart, as far as I know, there are no practical attacks against the newer MiFare cards(most hacks on Desfire or newer systems target the implementation of the system, not the cards themselves).
The reaction of the public is always interesting and shows that many users do not understand the goals of such a system, probably because the politicians that buy those systems do not know what they are either.
FTFY. From the politicians' point of view the goal of the system is either a) to protect against every possible threat to individual or national security; or b) to help them keep their seats - depending on how cynical they are.
I think unforgeable ID is up there with Perpetual Motion Machines on the list of impossible. Just as good (and expensive) engineering can make machines that will run for a long time. good (and expensive) engineering can make the cost of forgery high, This is the way money is protected from forgery: the cost of the machinery to make it is very high. This is no problem for the Mint, which amortizes it of millions of banknotes. But for criminals, it means the number of notes they have to circulate before getting their money back is very high, and risks leaving a trail back to them. Unfortunately, ID cards by their nature cannot be produced in a central, well guarded, press. The technology for creating them must be cheap enough to distribute to hundreds of local offices. Which means it is cheap enough for criminals to duplicate. Conversely, the value of one really well forged ID card is high, whereas the value of one forged banknote of value ordinary enough to pass around easily is not very great.
But I entirely agree with you (and TFA): the ID card system is a stalking horse to get a central database of the population in order to keep an eye on everybody. Freedom includes the freedom to err. If you wish, as the authorities seem to, to remove all possibility of error, you tautologously remove all freedom.
Consciousness is an illusion caused by an excess of self consciousness.
Yeah.... it's really popular to say that. Like Microsoft *^%*%$(*($ sucks!.
In this particular instance, it's not so easy to go with the cynicism. If this hack is really that easy, you should be able to come up with a security expert willing to counter than government security expert.
EXTRA points, if you clone the Judge's ID while in the courtroom and buy 100 black 12" dildos in his/her name and produce the receipt.
Judge's follow the money and actual proof. I will agree, that when a case becomes circumstantial, and the defendant has a bad lawyer, things can go wrong quickly. However, I doubt after the 500th case where proof was brought before the judge by such PAC's like the EFF, that ANY judge will seriously give credence to such a provably shitty ID system.
That original poster brings up a VERY good point, if not sarcastically, and for apparent personal/unethical gain. If the ID system is really that bad, how can an informed judge (the responsibility of the lawyer and an affect of case precedence) allow evidence based on that system to put you in jail in a criminal trial? It's credibility is sorely lacking, and it should have been well known at that point that any whiz kid with a laptop could clone your National ID. If it really is that easy....
Now a civil trial may be a different matter.... You would have to convince the jury that your ID was cloned and that it really was not you. If they don't believe you, you're fucked. Civil trials have a heck of lot less to do with proof and right and wrong, as they do with who is more attractive to the jury.
Well I think we are mostly in agreement. What you are talking about is corroborating evidence, motive, and intent. I do agree when there is an eyewitness that states it was you that provided the ID during the criminal act, it becomes very difficult to argue about the ID at that point.
The original poster, much farther up the thread, was basically stating, "prove it". Eye witnesses help do that. Any type of corroborating evidence is going to help to do that.
However, when the use of the ID becomes the only evidence from the state, the situation changes dramatically IMO. It would be as if you could show the DNA evidence was wrong 75% of the time. If that were really true, you could never convict on that alone.
You are right though, as you seem to imply, that most cases in a courtroom are going to have substantially more evidence than a National ID card to establish that the defendant was the person committing the crime. As it should be, really.
But the point is moot because all QT questions are vetted. The BBC wouldn't want to put the Government on the spot.
Audience response to question (ie. follow-up questions) is not vetted. As for not putting the Government on the spot, I often see 'The Government' looking very uncomfortable on QT.
Thanks for your opinion but you present no evidence for this belief.
BBC is no more going to criticize the government's ideas, than would PBS criticize the Congress.
I'm guessing you live outside the UK. The BBC has a long and well documented history of complaints from all factions of UK Government. Google "Jeremy Paxman" or "Robin Day" to discover how political interviews should be conducted. Programmes like "Newsnight" and "Panorama" frequently run stories that are highly critical of government policy.
Actually, you are incorrect. There are court cases saying you have to present ID if demanded by a cop.
The cop was responding to a possible house break in. He had to "cross the threshold" to verify this, and he had to verify the person he was talking to was the actual owner. If they believe that a crime is/has occured, there are lower thresholds to entering a possible crime scene. Their job, at that point, is to verify that a crime hasn't occured, and hold anyone who may have committed the crime.
It wasn't an anonymous tip. The woman who made the call has been harassed and ridiculed for the call. I don't see how that's an anonymous tip.
I'll throw in that the professor shouldn't have started by showing the cop his college ID. That doesn't verify that you live at the house, and not everyone knows all the professors at a school.
It's thoroughly depressing to see in our society the authoritarian outlook that someone deserves to be arrested for giving "attitude", in his own home no less. The officer's job is to protect and serve. As two police chiefs interviewed on NPR stated, an officer in that situation should be attempting to get done what he has to and then de-escalate the situation. There was no valid ground for arrest here (which is likely why the charges were dropped).
People shouldn't be dicks to cops, just as they shouldn't be dicks to people in general, but only in an authoritarian society can the cops arrest anyone who they feel does not show them the proper respect. This is the real issue of the case, which has been lost amongst all the discussion about race.
"You call it a new way of thinking; I call it regression to ignorance!" -- Operation Ivy
Please avoid the use of the term "victimless crime" when talking about fraud, theft, or copyright violation. It muddies the waters for true victimless crimes -- personal drug use, consensual sex work, communist ideals, etc.
I agree that we can't fold to every whim of the police and let them abuse our rights, but...
A lady saw a guy breaking in a door and called the cops; the guy owned the house, so he had a right to do so. But a reasonable person would also understand that if you just broke into your house, there is a chance a neighbor called the cops. That happened and all he had to do was show his ID so the cop could verify it was his house. When he didn't do that, the cop had a duty to all land owners to detain him until he could verify who owned the house.
Should he have been arrested? Maybe. Surely if he never showed ID; how else can they verify the info? Even if he did, he probably took an hour of the officer's time. Do you know who pays those bills? We all do. Screw this one guy for wasting the time of everyone (now even the president) on a situation that should have been easily resolved if he wasn't acting like a horse's ass.
No comprende? Let me type that a little slower for you...
Yeah...uh huh. You haven't actually had to deal with the cops, have you? You see they have this little thing called "disorderly conduct" that pretty much means whatever the fuck they want it to mean that day. Don't show ID? Well he was being 'disorderly" so we had to haul him in, where of course we ran his prints and found out who he was.
Trust this old greybeard son, you don't get phrases like DWB (driving while black) or testilying integrated into the language by actually having cops give a shit about the constitution. I have traveled all over the south, and talked to many that go cross country pretty much constantly and our findings match. For every 1 decent cop you got about a half dozen "bullies with badges" that are just DYING for you to give them even the flimsiest excuse to seriously fuck with you.
I had a friend that was a long time cop take early retirement just to get away from all of his fellow cops. He said the new recruits were more like gangbangers than cops and pretty much spent their days looking to "stir up some shit", his words. So you go right ahead and tell that 220 pound steroid monster with a badge who thinks he IS the law how you know your rights and refuse to show ID and see how quick you are in the back of that patrol car. Lets just hope he doesn't decide you are "resisting arrest" while he is at it. Look up "tuning up" a suspect if you don't get the reference.
ACs don't waste your time replying, your posts are never seen by me.
No, you don't. You have to identify yourself if asked, but you DO NOT HAVE TO PRODUCE ID. If the cop says "Show me some ID" it's perfectly legal and appropriate to say "I'm Pitabred. I don't need to show you any ID."
The grandparent poster was correct, and your correction scares the hell out of me. Learn your rights. Use them. Or you lose them.
My blog. Good stuff (when I remember to update it). Read it.
I don't get why people think they're "forced" to pay taxes. Taxes are simply the fee for receiving a service (or rather, a set of services) which is provided by the government. If you don't pay the fee, you shouldn't receive the service; that's how paid services work.
Now, sure, the government can throw you in jail if you don't pay your taxes. But even then, you're still receiving services you haven't paid for - you're getting free food, free cable TV, free room and board, and so on.
If you don't want to pay taxes, either lobby to get the law changed, or MOVE OUT OF MY COUNTRY.
That is all.