infinite ideas machine

10 years for us - 2 years for them!

Spyblog makes the point that 10 years in jail for "possession of a false document" seems an unduly harsh punishment, especially as this would be an entirely new offence created by the introduction of ID cards - but simultaneously extended to, e.g. even non-UK driving licenses.

Clauses 27-36 of the Draft Bill [553 KB PDF file] do bear a little scrutiny - and beg a couple of questions:

Why is it that possession of false ID documents carries with it a maximum penalty of 10 years in prison, when unauthorised disclosure of ID information - an abuse of power / position that potentially undermines trust in the entire ID system - is punishable by a maximum sentence of 2 years and/or a fine?

Clause 31, though, reveals a level of uncertainty and paranoia that should not go unchallenged: why double the sentence for hacking the NIR? If you 'hack' pretty much any database in the country, the maximum penalty is five years - but tamper with the National Identity Register, and you'll get ten.

This is pure lunacy.

If you (have to) double the sanctions against hacker attacks to 'protect' your systems, then you demonstrate a basic lack of confidence in your security measures - which, no doubt, will make them even more attractive to 'recreational' (if somewhat foolhardy) hackers. And will have no effect whatsoever on the 'foreign nationals' who are highly incentivised to break in and compromise your systems.

Which brings me to another point - what platform(s) will the NIR use? Not Microsoft ones, surely (cf. the Governmemt Gateway)! The National Identity Register will, almost of necessity, be distributed across a number of systems and be vulnerable to attack via inherent weakesses in each. So I hope that someone in Government understands the many ways in which, e.g. Redmond's current version of 'Trustworthy Computing' is anything but...

On a broader point, if the general population is to be able to trust the security of the NIR / ID card system as implemented the Government should (must!) allow 'White Hat' hackers to probe its defences. The 'Black Hats' will be doing their best, so it would be crazy to penalise or threaten those who offer truly independent checks on what the Government and its chosen supplier(s) assert is the security of the system. Criminalising this sort of thing indictaes either a lack of faith in your security or a deluded assumption of infallability.

In the same way that exploits and cracks of common applications and Operating Systems are discovered and fixed, the NIR can only be made more secure - or be proved to be (techno)logically insecure - by the authorities and its suppliers addressing each known method of compromise. The reporting mechanism might get a little fouled up by the threat of 10 years in prison, but there doesn't seem to be an offense (yet) dealing with the publishing of exploits...

I can't quite imagine there being a 'Report a NIR vulnerability' button on the Home Office website any time in the near future!

Let's get together

Privacy International - in association with Liberty, Statewatch, Stand and the Foundation for Information Policy Research - are holding an afternoon meeting at the London School of Economics on 19th May called MISTAKEN IDENTITY, all about the Government's proposed National Identity Card.

They promise 'key figures in the fields of law, politics, security, technology and human rights' will be there, with details of the programme available at the the conference site.

UPDATED 6/5/04: The draft programme (with invited speakers) has now been published - subject to change, but its looking very interesting:

13.30 Welcome. Simon Davies, London School of Economics

13.40 The Rt. Hon David Blunkett, Home Secretary (invited)

14.00 Mark Oaten MP, Lib-Dem Home Affairs spokesman
David Winnick MP, Labour
Simon Thomas MP, Plaid Cymru
Lord Phillips of Sudbury

14.35 Q&A with audience

14.45 Dr Iqbal Sacranie, Secretary General, Muslim Council of Britain

15.00 Roger Smith, Director, JUSTICE

15.15 Q&A with audience

15.25 Sir John Stevens, Commissioner, Metropolitan Police (invited)

15.40 Paul Whitehouse, former Chief Constable, Sussex Police

15.50 Q&A with audience

16.00 Peter Williamson, President of the Law Society

16.15 Professor Ross Anderson, Cambridge University

16.30 Jonathan Bamford, Assistant Information Commissioner

16.45 Q&A with audience

16.55 Next steps

17.00 Close

Privacy, biometrics and the presumption of innocence

In an information society, absolute privacy exists only inside your own head.

Most people would agree with or admit to the need for at least a degree of privacy in everyday life (indeed it seems some, e.g. celebrities and politicians, are desperate for it!), but many do not fully appreciate the nuanced and often complex relationship between privacy and identity. Make no mistake, they are related - and, in the context of ID cards and a National Identity Register, a serious erosion of your own personal privacy may be just a single (mandatory) data field away!

An informative consideration of the privacy issues and options arising when implementing biometric security systems, the BioPrivacy Application Impact Framework and Technology Risk Ratings offered by the IBG BioPrivacy Initiative are well worth a few minutes' study.

The problem with using biometrics to 'tie everything together' in the NIR is that it will, once and for all time, give the State ownership of your identity: you will be who the State says you are - even if they are mistaken (and they do make mistakes!) - not who you assert, and can prove in a variety of State-and-otherwise-sanctioned ways, that you are. This really would be a fundamental change in UK civil society and has, justifiably, been characterised as the end of 'presumption of innocence'.

What may seem like a good idea now to those who believe that "if you've got nothing to hide, you've got nothing to worry about" may seem distinctly otherwise when, e.g. it is their 16 year old granddaughter who gets a permanent black mark on her ID record for having hung around with a dodgy crowd after school - some of whom were caught shoplifting.

As I understand it, the State exists to serve the people. With ID cards and an NIR, we are teetering on the edge of a slippery slope (of indeterminate steepness...) that leads to the State dictating who is a person. In a few short years if I don't want a State identity I will become, by default, either a criminal or a non-person!

Do something

If you are even remotely bothered by the intended introduction of ID cards, and it appears that - especially if we are made to pay for them - a large number of you actually are then please register your objection(s) using one or several of the mechanisms at your disposal:

1) e-mail the Home Office

"On 26 April 2004 the Government published 'Legislation on Identity Cards: a consultation' [553 KB PDF file]. This set out for consultation the Government’s plans for legislation on identity cards and includes the draft clauses of an Identity Cards Bill. We welcome comments on the draft legislation from individuals and organisations. These can be sent to identitycards@homeoffice.gsi.gov.uk by including the words ‘consultation response’ in the subject title." Or by clicking on the e-mail address in the previous sentence...

2) Sign an e-petition* or vote in a poll

I'm sure there are/will be several out there - please let me know of any I have missed, and I shall attempt to make this a comprehensive list:

Liberty petition - click on the 'Petitions' tab, then 'No to ID Cards' link.

Trevor Mendham's BBC iCan campaign - registered BBCi members' votes have more clout

Clare Hewitt-Horsman's 'No to National Identity Cards in the UK' petition - although I'm not sure Clare has read the UK Government criteria for e-Petitions [see below].

UPDATED 5/5/04: The Campaign to Stop the National Identity Card (CASNIC) have an online petition.

*The Government has agreed to accept electronic petitions containing more than 300 'genuine signatures'. They appear to respond to each petition individually, even ones on the same subject, so long as it meets their basic criteria. Of course, the Government do not have a particularly good track record on aggregating individual responses into 'ad hoc petitions', hence my suggestion that you object using each of the different mechanisms available to you.

3) Fax your MP

Via the excellent FaxYourMP.com. Please pay attention to their guidelines and instructions and do not abuse this genuinely useful service, e.g. by trying to fax someone who isn't your MP. I have found it gets me a timely written response on House of Commons headed paper from my MP every time I use it - but then he is a Liberal Democrat!

4) Write a letter

Pretty much the same effect as (3) above, but with possibly a higher impact / better response rate. To find out the contact details of your local MP use this handy 'Constituency Locata' on the UK Parliament site.

Of course, you can write to any named MP at the House of Commons, London SW1A 0AA - but before you do, here's some sensible advice from the BBC on 'Writing to a political representative'.

5) Join or support an organisation

There are many(!) but, with specific regard to ID cards, you will probably find the following most useful and up-to-date:

Privacy International

Liberty

Stand

Statewatch

Read all about it

For your delight and delectation, one freshly published Home Office consultation document: Legislation on Identity Cards | A Consultation [553 KB PDF file] and its official Press Release, DAVID BLUNKETT: NATIONAL ID CARD SCHEME IS THE KEY TO THE UK’S FUTURE.

The Government's current statements about Identity Cards seem to live in the 'Community and Race' section of the Home Office site, as do the Publications and Consultations Archives - well worth reading (although I recommend pre-emptive Anadin) for the background to and progress of UK Entitlement Identity Cards 'from the horse's mouth'.

Blunkett for breakfast

The BBC Breakfast with Frost programme have published a transcript of today's interview with David Blunkett. I must say the picture they have chosen does him no favours whatsoever - but unfortunately neither does much of what he says.

Anti-terrorism? Not necessarily!

The Government, and David Blunkett in particular, seem to be unclear on the real benefits of ID cards. Indeed, the Home Secretary has been making conflicting and contradictory statements on their potential to combat terrorism for quite some time - as evidenced by, for example, the record of Hansard on 3rd July 2002.

This month Privacy International have released a new study, 'Mistaken Identity; Exploring the Relationship Between National Identity Cards & the Prevention of Terrorism' [227 KB PDF file] which presents evidence and analysis to support the conclusion that Identity cards are not "a meaningful or significant component in anti-terrorism strategies". In fact, "[O]f the 25 countries that have been most adversely affected by terrorism since 1986, eighty per cent have national identity cards, one third of which incorporate biometrics"!

Similar points are touched on in the BBC's article, ID cards 'cannot stop terrorism' which reports recent objections from both Liberty and the Lib Dems with regard to terrorism, and the Earl of Selborne who warns of the "very real danger that we are sleepwalking into our technological future."

I object! And I know a few others who do, too...

In the spirit of the debate that the Government would have us believe has happened, the BBC's article Should we carry ID cards? carries a set of associated comments which they say "reflect the balance of the opinion we have received".

Note that these could be seen to belie Tony Blair's assertion earlier this month that "in relation to ID cards... I think there is no longer a civil liberties objection to that in the vast majority of quarters."

So does he think that groups like Stand, Privacy International and Liberty are entirely unrepresentative of public opinion, or that a significant number of outstanding questions are simply undeserving of an answer?

Methinks Messrs. Blair & Blunkett may have been reading too many (and too much into) recent headlines...

Lies, damned lies and statistics

Interestingly, the company (Detica) that commissioned the MORI report on ID cards that everyone is now referring to issued two 'contradictory' press releases today - a case of "let both sides quote us with something that suits their argument"?

On the one hand, British Public Gives Huge ‘Thumbs Up’ for National ID Cards - but on the other, British Public Sceptical Over Successful Introduction of National ID Card Scheme...

If you want to read the results of the MORI poll itself you can download it here: Detica - National Identity Cards.pdf [188 KB PDF file]

UPDATED 24/4/04: There's been a whole pile of commentary on this poll, here are a few of the highlights:

Silicon.com - ID cards: no data security fears – and no chance we'll pay for them

BBC NEWS - Public 'happy to carry ID cards'

The Register - UK public wants ID cards, and thinks we'll screw up the IT

Commentators seem to have picked up on scepticism about the Government's ability to implement ID cards, but take a range of views on the apparently overwhelming level of in principle public support for ID cards. It is disappointing that the (mainstream) press have not waded in with more substantial analyses - e.g. if you factor in 'desire to pay', the headlines would tell a completely different story!

I have to say also that I am less than happy with the methodology of at least one survey that I took recently - the Silicon.com Reader's Poll - which only attempted to qualify the responses of those who agreed with the principle of ID cards: disgreement in principle led to no further questions! I am not saying that the MORI poll was similarly flawed (in fact I highly doubt it) but, especially given my past experiences of (psychological) questionnaire design and social research, I would be wary of drawing any sweeping or definitive conclusions from what appears to be a very contradictory evidence base.

Where do hobbits come from?

Something I've always wondered - especially if junk DNA turns out to have something to do with species memory or the collective subconscious - is where the hell do the 'mythical races' come from?

Are Elves, Dwarves, Trolls, etc. actually harking back to the race memories of early man - CroMagnon, Neanderthal, et al.? As we developed an oral culture were we still co-existing, even interbreeding, with other Homo types - and, if so, what would a Neanderthal be to early us... and what would we be to them?

Of course, this is pretty batty - its far more likely that stories arose from experiences of people who suffered but survived genetic (and dietary / environmentally-induced?) disorders.

Or maybe someone had been eating badly-stored grain - (h)er(e we )go(t) on rye, anyone?

What are the issues?

Courtesy of the BBC, a pretty impartial collation of the main issues surrounding ID cards and what you can do about them - ID cards: an iCan briefing.

There are many aspects to this complex debate but if you are reading this, I assume that you're interested in finding out more - and this site is not a bad place to start.

It could take a while, though...

El Reg on the case

John Lettice's Special Report, ID cards: a guide for technically-challenged PMs, on The Register tackles many of the common misconceptions about biometrics and ID systems.

Misunderstanding the nature, limitations and implications of the use of biometrics is common and is something which I have professionally had to tackle in a public and voluntary sector context. Although there are some instances in which their use is justified, given current levels of maturity (i.e. not very) and the inherent fallibility (none can eliminate false negatives or false positives) of such systems, biometric implementations must be carefully managed - legislatively & organisationally as well as technologically - to ensure the actual benefits match up to the perceived ones, and that serious risks & negative consequences are avoided.

Getting my goat

OK, I didn't start this blog with the intention of it becoming a rant - and I hope it doesn't and won't come across as one - but there's something that's been bugging me (professionally as well as personally) for some time and I see no point in holding off / avoiding posting on it, e.g. just because so many others are doing so. In fact I hope I can add something to the debate.

What I am referring to is the introduction of biometrically-enabled National ID cards in the UK, and the concomitant creation of a National Identity Register.

Of course I don't object to having to identify myself where appropriate - I hold a current UK passport and driving licence, for example - but I do object to the creation of the single huge database that must, given current Gov't and corporate thinking, sit at the 'back end' of any ID card system.

I believe that ID cards and a NIR are unlikely to deliver sufficient 'benefits' (and it has yet to be made explicit precisely what these are supposed to be) to justify the cost of implementation and maintenance, and that they will be sufficiently vulnerable to exploitation and abuse that they will, from the outset, seriously impinge on the civil liberties of some individuals and minority groups within society. In the long term I fear that the groundwork may be being laid for widespread (and possibly systemic) abuse of personal privacy and - in the worst case scenario - State persecution by a future, more oppressive Government than the one that currently holds power.

The risks and consequences of failure(s) are too high to brush aside or 'shelve until later' - later will, quite simply for some, be too late.

Just because the present Gov't has been unable to legislate to its satisfaction for data sharing between its various arms and agencies (see the Department for Constitutional Affairs site on Data Sharing for more information) and is having technological difficulties or is finding progress too slow in aligning its various systems and databases (despite such sensible initiatives as the e-Government Interoperability Framework) does not give it carte blanche to rush / push through a solution with such far-reaching implications and effects. Especially when it has shown every sign of wishing to ignore or downplay significant public objections.

Enough for now, I'm sure I'll have more to say later.

Oh come on!

While I can't say I have been following the 'story' closely, it has been hard to avoid the whole David Beckham, did he / didn't he? situation recently. But I saw a headline in the supermarket today that really underlined the hypocrisy of the whole sorry affair - something along the lines of 'My marriage agony, by Victoria Beckham'.

Puh-lease! The only difference between any pain that Mrs Beckham may be feeling right now and that felt by any number of other women who find themselves in similar situations is that her marriage troubles are being splashed all over the media. And this is because... its precisely how she has chosen to live her life!

I am certain the Beckhams are going through a complex, painful, conflicted time in their lives - but they have got there through the choices they freely made. We do not need them held up as totemic of our more pedestrian feelings, for celebrities (as portrayed in the media) parody emotion; they celebrate the surface, the shallow, the unreal.

P.S. If Victoria were a real artist, she would take her pain and create something out of it - not use it to turn (yet) a(nother) quick buck.

Currently reading "Impossibility"

Subtitled "The Limits of Science and the Science of Limits", this is a whistlestop tour around the very edges of what we know - and, indeed, what we can know...

I've enjoyed John D. Barrow's books since I read "The World Within the World" at college, and this one (although a few years old now) highlights issues and raises questions that other popular science writers might shy away from or gloss over. Particularly mind-expanding is his explanation of what we can and cannot ever discover about the Universe.

That's Universe with a big 'U', i.e. everything that is, rather than the paltry visible universe (visible to us, that is) to which we are limited by the speed of light. We simply may never be able to prove some of the conjectures of physics / cosmology about the nature of the Universe, even - if 'inflation' due to gravity becoming temporarily repulsive occurred in the early stages of growth of our portion of it - whether it had a beginning or not!

Look out for the graph charting the growth in complexity of computers versus the (neuronal) complexity of the human brain.

Penguin malarkey

Its definitely old news by now, but I do keep finding myself drawn back to the wonderfully politically incorrect Yeti Sports site. Penguin smackin' has obviously struck a chord as there seems to be a bit of a craze for creating derivatives, some of which even improve on the original!

Kudos to Chris Hilgert and all at Edelweiss Medienwerkstat for wasting untold thousands of personhours, and single-handedly reviving the 'cute furry ice-dwellers' clubbing industry ;) Seal pups, beware!

Thoughts on Gmail

[With reference to "Google's Gmail could be blocked" article on BBC News.]

It is not just that Google want to scan people's e-mail and insert targetted ads, but what other 'features' they might implement in future - especially given their current use of a very long-lived cookie that can effectively be used to monitor your browsing behaviour. Linking these two together gives a US corporation powers far in excess of those even some Governments currently *admit* to...

As to the argument about not having to use the service if you don't want to - a service like this is bound to be promoted heavily, and the downsides of it obfuscated. The penalties for 'innocence' or 'ignorance' are, in this arena, getting higher & higher - and the (non-technical) public is quite evidently not sufficiently aware of personal data security issues hence, e.g. the current level of identity fraud.

Yes it should be down to banks, companies, organisations, and governments to implement systems and offer services that do not compromise your personal information - but, get real, they are not perfect and they are not even (some of them) ethically motivated!

Surface Location Engine

A little while back, I was discussing with my uncle and cousin an idea for a device to measure & model internal surfaces, storing and outputting them in digital 3D format - e.g. VRML/X3D, dxf, etc. I know you can get laser and infrared(?) 'tape measures' these days, but I was thinking of something a little more complex...

The SLE would combine 3 axis infrared or laser measurements - so the device knows exactly where it is in (internal) space at all times - and a 3 axis
digital spirit level, for accurate surface angle measurement. By scanning either automatically or at user-initiated reference points (press a button to add another point) the SLE can rapidly build an accurate 3D model of any internal space.

Combined with PC-based software, the SLE could quickly & efficiently:

- scan a room (or whole house) into a 3D modelling package. By combining
this with a menu-driven library of common domestic structures (e.g. in
PG's ISA), a close replica of the real room can be constructed.

- check a building for accessibility, e.g. wheelchair access, slopes,
etc.

Potential markets/users might include:

- Estate agents: 'clean house' viewing

- Construction: builders, fitters

- DIY: tie-in with stores, download product models to try in your virtual home

- Local government - building regulations, Health & Safety, etc.

I realise from past experience that I am never going to do anything about this, but that doesn't mean that someone else won't - or hasn't - and I'd really like to have one to play with if it ever gets built. N.B. this is not open season to spam me with DIY product ads!

Adventures in reality

My good friend Dave Kebab gave me this book of practical experiments by French philosopher Roger-Pol Droit last year, and I have been dipping into it again recently. There's something for everyone in it, from the casual 'coffee table' browser to the more committed (commitable?) intellectual explorer.

The author invites us to reconsider our most ordinary actions as unexpected philosophical events. Peeling an apple, trying to lie in a hammock, watching someone sleep, hearing your voice on an answering machine, playing with a small child - activities that, when considered outside of their routine, invite us to experience the familiar in startling new ways.

For example, have you ever actually tried counting to one thousand? Its neither as easy or as boring as you might imagine - and you end up with not just a sense of how big a thousand is, but an inkling of just how huge a million must be.

[Click on the image to check out the book at amazon.co.uk]

Why the name?

It refers to what I believe is the most amazing toy, tool and domain available to each and every one of us... our mind.

Imagination, creativity, invention - all these are, in our minds, unbounded.

Inside our heads we have the means to create worlds, to construct alternate realities, to contemplate the best and worst, the known and unknown, the possible and the impossible! Of course we cannot live solely inside our heads and the world outside introduces limits - practical, social, personal - and, hopefully, a sense of responsibility. Within these limits, though, there remain countless opportunities or challenges (glass half full, or empty?) and, if you keep an open mind, the very constraints of a situation can lead to ingenious, elegant or unexpected solutions.

I like finding out, talking about and doing this sort of stuff, so this particular 'infinite ideas machine' is intended as a playground, a workshop and an exploration - and, if I'm lucky, the vehicle for a conversation or two along the way :)

Hello world

So what's this all about? I must confess that at this stage I really don't know - it could just be a place to practice putting words on the screen and, over time, discovering the threads and common themes to my own rants and musings.

If some of the more sober assessments that I have read are true then this blog will be lucky to reach an audience in double figures (if that!) so I hope whoever's reading can forgive my somewhat self-conscious style. Its been a while since I shared my notebooks with anyone: most recently was probably the journal we were asked to keep throughout teacher training, and that was in 1991.

Professionally, of course, the internet and web are fundamental to what I do and have been since 1995 or so. I remember when these things used to be called 'homepages' and the only way to write HTML was in Notepad or BBEdit - how the world can change in a decade! N.B. for work-related stuff please drop by either Einstein's Attic or virtualised.net and send me a mail.