Just when the banks would have you think that Chip'n'PIN was going to save your bacon...
Market analyst Datamonitor warns "that as it became more difficult for fraudsters to commit card fraud, they [are] likely to turn their attention to identity theft."
BUT as card-not-present fraud is one of the most common forms of fraud in the UK, how do they expect new cards of any type to tackle this? Remember, Chip'n'PIN is not primarily about fraud at all - it's about liability shift: from the banks to the retailers, and thence to you...
The banks have done a lot of successful and quite sensible stuff to combat fraud, including the use of AI pattern-detection to identify unusual transactions. Following up on these automated alerts with a phonecall to the account holder (I've had a couple myself) makes for pretty good two-way 'authentication' of the transactions: "We think you've just bought something expensive in France", "I have, I'm on holiday there", "OK, have a good time" vs. "We see you've bought something expensive in Turkey", "Turkey?! I've never even been there", "Aha - we'll stop the transaction, then, and issue you a new card".
In many ways, the Home Office will actually be playing into the hands of the identity thieves by bringing in ID cards 'hot on the heels' of chip'n'PIN - providing the professional criminals with an ideal opportunity to accumulate multiple identities before their *real* owners even come to register!
Why is it that neither the banks NOR government in this country are looking seriously at Digital Certificate-based identity schemes? Is it because DCs don't pretend to be anything other than what they are - i.e. an identity token - and the powers that be are (a) too dumb to realise that this is all that any ID technology can *really* offer (i.e. a more or less secure/costly token), or (b) motivated by agendas other than those that they promote - e.g. reducing fraud liability to increase shareholder value rather than preventing fraud (and thereby saving us, the customer, money) for the banks, and being able to digitally surveil the entire population and being seen to be doing something about some intractable social problems rather than actually preventing anything for the government?
You decide.
Dave Birch gets it.
From Second sight in Thursday's Guardian:
The identities within these national ID computers [i.e. smartcards] used to transact business (in the general sense, such as voting, shopping, booking a squash court and every thing else) in terminals, over the internet and via the television set are therefore not "real" identities (whatever they may be) but virtual identities: a kind of identity that exists only inside computers. Identity management in the physical world using national ID computers will have to converge with identity management in the rest of the virtual world....
If this is to be the case, we need to enure that the way these virtual identities are created and used is what we, as a society, really want from the future. There is one particular thing I really do want from them: anonymity. Why should the virtual identity stored on my national ID card be limited to Dave Birch? Why can't I have a couple? Why can't my card tell the pub that I'm virtually King Arthur when I'm proving that I'm over 18? It's none of their business who I really am.
It seems to me that this could be one of the most interesting features of identity computers: their ability to reveal relevant facts about a person (this person is allowed to enter this leisure centre, for example) while simultaneously keeping the person's identity private.
This is a theme and principle that has underpinned the work I've been doing for years now in the voluntary & public sector. Why *should* people be expected to give over one bit more information than is necessary for the required transaction? It's hardly as if any agency or organisation from the banks to charities (or even the church), the government to multinational corporations have proven themselves to be utterly 'squeaky clean' when it comes to abuse or misuse of personal information. Individual ignorance, accident and oversight account for some of this - but the institutionalised trading of personal data without the knowledge of the persons being referred to is not only big business, for some firms/sectors it's a business model!
Just because we have to identify certain aspects of ourselves to certain individuals or authorities at certain times, does not mean we should have to provide them with loads of linked pieces of information about ourselves. With regard to CareZone, for example, we wanted kids on the system to be able to digitally establish that they were a looked-after child, and therefore entitled to access certain services, without exposing any unnecessarily-identifying personal information. To address this I designed a system of personae (virtual identities) that performed as more than just simple avatars within the online shared space: they also provided ways in which even very young children could safely understand, manage and use appropriate digital identities.
The approach I took at the time seemed related (at least in principle) to Stefan Brands' 'Private Credentials', published by Zero Knowledge Systems in late 2000 [456 KB PDF file], but there are a number of other credential-based schemes - e.g. the electronic cash system described by Chaum (whose excellent 1992 Scientific American article on blind signatures, Achieving Electronic Privacy, I highly recommend), Fiat and Naor at Crypto '88 - that might feasibly combine PKI & digital certificates to achieve the sort of anonymity (or just simple privacy!) that Dave Birch desires.
ImpeachBlair.org have published the report, A Case to Answer [607 KB PDF file], written by Glen Rangwala - lecturer in politics at Newnham College, Cambridge - and Dan Plesch - honorary fellow of Birkbeck College, London - for Adam Price MP (of Plaid Cymru) and his group of 11 MPs. They will be tabling a motion when parliament returns to force the prime minister to appear before the Commons and defend his record in the run-up to the war.
More details in David Hencke's article in The Guardian. A slim chance of success, I expect - but good on 'em for having a go!
After a short break in Cornwall (avoiding the flash floods) and Wiltshire, I'm just getting back into the swing of things - and trying not to feel *too* guilty for neglecting to blog. Actually, things have really got quite busy what with the NO2ID campaign, a couple of my other projects / ventures starting to take off, and an imminent house move...
Still, there's always time for a bit of fun (thanks to Mucho Sucko):
Scott Pakin's automatic complaint-letter generator.A Nigerian 419 creator - set these two on each other & watch the sparks fly.
The George W. Bush Conspiracy Theory Generator - I suspect we've seen this before ;)
Generate your own Anarchist's Cookbook - it can't be any worse than the real thing.
See your name in hieroglyphs - does what it says on the box.
Create your own 3-panel cartoons - absolutely fantastic (check out the galleries) but don't forget to get a free login if you want to save yours.
Stitch your own Bayeux Tapestry - no, really! The peasants *are* revolting...
Some might say that this site shouldn't be here because it uses a human being to generate drawings. I don't care - they're great!
For those unexplained expenses when you've lost your (real) receipt.
My God, there really are some sick puppies out there. I'm sure you can make a better countdown.
Etch-a-sketch meets Paint - not sure who wins.
Don't laugh. It's serious.
Followed immediately by this and you've almost got the whole package!
Hours of fun making a computer say naughty things. And the French bird doesn't sound half bad...
No, really.
Thanks to Phil in Brazil* for pointing this [blog] out to me ;)
Charlie Williams' brief, but incisive dissection of Blunkett's Response to the Home Affairs Select Committee report seems particularly apt.
*I met and conversed with Phil briefly, but very enjoyably, a few years back when he was working with Runtime Collective. If you make it to his Wiki, ThoughtStorms, I strongly recommend (strong) coffee...
Now here's a thing.
Last Thursday I wrote a letter to the Guardian, hoping to refute Blunkett & the Home Office's continued assertion that 80% of us support their proposals. We don't, and they know it - either that, or they're too bloody lazy or deluded to read anything but their own polls...
Anyway, it didn't get published and - to be honest - I didn't think it would. I put in too many figures and started to lose it a little at the end. If you've read much of this blog, that may not be too unfamiliar ;)
I thought it might just be worth putting the text of my letter up here, so here it is [scroll down for the happy ending]:
"Sir / Madam,
Your article on the home affairs select committee's criticism of David Blunkett's plans to introduce ID cards reveals the deep scepticism felt towards the scheme by MPs of all parties. What I find particularly disgraceful, though, is the fact that Mr Blunkett continues to assert that "over 80% in all focus group and opinion polls" support his proposals - as if this provided adequate justification for passing legislation, in any case!
He must be ignoring the recent Privacy International (YouGov) and Joseph Rowntree Reform Trust 'State of the Nation' polls that indicate levels of support as low as 61% nationally and just 56% regionally, in Scotland. Even the Detica (MORI) poll, hyped by the Home Office in May - in which the 80% figure was headlined - revealed that almost half (48%) of people would not want to pay for an ID card, and that 60% "have little or no confidence in the Government's ability to introduce ID cards without hitches".
Opposition to the proposals is deep, entrenched and growing rapidly as details of the scheme emerge. The Home Office, meanwhile, refuse to engage in proper and open debate, and roll on regardless with their increasingly unbelievable plans. If Labour truly think that ID cards have the support of the nation, they should put them in their manifesto and let the country decide before taking a step further.
And if Mr Blunkett wants to play cards, he really shouldn't let himself be caught stacking the deck.
Yours faithfully, etc."
Imagine my surprise when I was texted this morning to go buy a Guardian and, lo and behold, in the Letters section under ID cards are no panacea... it got published!
Edited to fit (thank God) and sandwiched between David Winnick MP and Dr. John Welford. I'm under no illusions - it was the NO2ID role that swung it, but gratifying nonetheless.