Spy BlogUK ID Cards at Blog City (thanks, Trevor!)
Chris Lightfoot gets in a shameless plug
ID Unknown, a p*ssed off punter whose individual response to the 2003 HO consultation (via Stand) was treated as a petition...
Suspect Paki courts controversy...
Fruitless Labour (short, but to the point!)
Spinneyhead seems to be having a few problems, but he's got the right idea...
And, of course, you could always buy the T-shirt while you're at it!
]]>Maybe the tone of the debate (what little there has been) is shifting - it's certainly time for more people to join in...
]]>And they're not even trying to walk before they run.
Project Semaphore, also announced yesterday, intends to track SIX MILLION people - beginning by the end of this year! I know the US is applying pressure on every other country to issue their citizens with biometric passports by the end of 2005 (we got a year's grace when the chips weren't ready in time), but emulating and then exceeding the worst aspects of Homeland Security has got to be the daftest response ever.
How much is this all going to cost? If just smartcards for UK citizens and one database will cost £3.1 billion (and the rest!) then the cost of e-Borders must be truly enormous. Where's the cost/benefit analysis? What *are* the benefits? And if it's intended to link in with ID cards (which it is) then just how much MORE of our personal data will be transferred to other countries for them to do with as they see fit, every time we travel?
]]>Both were unable to provide a convincing story as to why the government was introducing this measure. Without understanding the motives behind the development of the ID scheme, it will prove far more difficult to halt or reverse.
Uncovering the government's (not so) hidden agendas is one line of attack - and, as Philip acknowledges, there is no one simple answer. New Labour are very definitely fans of 'centralising control through data' - but I am certain that all governments fall prey to this, to some degree. It's the nature of any bureacracy to perpetuate itself, and managing everyone's identity is pretty much the mother of all bureaucratic moves. So much so that it takes a large step towards authoritarianism, even totalitarianism...
I don't believe that there is some highly organised plot in the UK (or globally) by a sinister 'them' who wish to control every aspect of our lives. Rather I think that opportunist politicians, heavily influenced by companies who stand to make enormous profits and civil servants who sniff a gravy train in the making, are being fooled into thinking that technological 'quick fixes' can dig them out of problems that are either of their own making (through poor management or bad decision-making) or so complex that no single initiaive can hope to have any effect.
Those in power are rarely smart enough to understand the full implications of what they are doing, and even if they are they know that (a) they are nowadays unlikely ever to be held accountable for their actions, so long as they are fairly near the top of the Westminster pile, and (b) it's probably worth doing anyway as a step towards making their name, gaining position or garnering a lucrative Directorship or two when they leave office - the public/media memory for all but the biggest cock-ups being so short.
Of course, individuals such as Blunkett and Blair are driven by a more messianic sense of self-belief than most and are therefore doubly dangerous. But they are not actually evil, and I'm sure that they genuinely believe that they are doing things for the best. They're deluded and wrong, and lots of us know it - which is why we have to do something about it.
What might be the possible motives / agendas behind the current ID scheme, then? Here's a list, in no particular order:
1) Stephen Harrison, Katherine Courtney, et al. at the Home Office see a chance to head up a multibillion pound department of 1,000s (if not 10,000s!) in a job that will make them for life - and probably come with a gong or two if they don't spectacularly screw the pooch in the meanwhile.
2) David Blunkett 'sees' an opportunity to be seen to be tackling a whole bunch of issues. His Christian Stalinist (paternalistic / authoritarian) principles mean that he's entirely comfortable with trampling over the rights of the (good) many in pursuit of the (bad) few. The problem is that he can't actually show how what he's doing is actually going to help, and can't make a strong and consistent case for ID cards without keeping secrets - the figleaf of 'commercial confidentiality' - or making wild assertions, retracting them, then alluding to them again - e.g. on terrorism. ID cards, then, as political panacea.
3) Who in government gets to control citizen IDs? Maybe the various schemes currently in development - the Children's Bill, ONS's Citizen Information Project, etc. - reveal some sort of intragovernmental struggle for supremacy. Whichever department ends up running the database will effectively 'own' the population: HO vs. IR/Customs vs. DH vs. ??? Even the new e-Envoy Chief Information Officer, Ian Watmore, is saying that the government's plans look nothing like 'joined-up thinking'!
4) New Labour are, by now, incapable of making an objective decision about any technology-based scheme - having been lobbied so hard by suppliers and the mega-consultancies, who stand to make enormous profits from any scheme that goes ahead. The tech companies are falling over themselves to land this one, which may explain why Mr Blunkett's costings are so commercially sensitive - they don't want anyone knowing how deeply discounted (and therefore unrealistic) some of the costs actually are. You would think that by now someone in government would be smelling a rat, with all the overruns and overspends on IT projects. Wake up! These companies may quote you a low price, but we all know it's going to cost several to many times more by the time the job's 'done'.
[This one's been sitting in Draft for too long, but it seemed worth publishing as is. Please add any other motives or agendas that you think may be involved...]
]]>Philip Chaston's, It's the Database, Stupid! on both White Rose and Samizdata.net goes into more detail and raises some good points, which I shall address in another post...
]]>Patrick Collinson's article Screen savers in the Guardian on Saturday explains the scheme. Essentially, it's a way for your employer to bulk-buy PCs and lease them to you via your pay packet over 3 years - saving you 33% in (basic rate) tax & NI. After a notional £50 payoff at the end of the lease period, the kit is yours - free and clear. Your employer even gets to claim back the VAT!
Send your boss on over to the DTI website and start picking out your dream machine...
]]>Kick-off is at 11:00am on Saturday 18th September at The Corner Store, 33 Wellington Street, Covent Garden, London WC2E 7BN (nearest tube, Covent Garden - although Embankment, Temple and Charing Cross are all only about 5 mins walk away). There'll be speakers, etc. in the a.m. followed by lunch, then folks will be heading off to various parts of central London to do campaign-y things...
T-shirts, badges & stickers will be available on the day - as will shed loads of our shiny new leaflets. Come along, show your support and hit the streets. Let's get things started!
]]>Market analyst Datamonitor warns "that as it became more difficult for fraudsters to commit card fraud, they [are] likely to turn their attention to identity theft."
BUT as card-not-present fraud is one of the most common forms of fraud in the UK, how do they expect new cards of any type to tackle this? Remember, Chip'n'PIN is not primarily about fraud at all - it's about liability shift: from the banks to the retailers, and thence to you...
The banks have done a lot of successful and quite sensible stuff to combat fraud, including the use of AI pattern-detection to identify unusual transactions. Following up on these automated alerts with a phonecall to the account holder (I've had a couple myself) makes for pretty good two-way 'authentication' of the transactions: "We think you've just bought something expensive in France", "I have, I'm on holiday there", "OK, have a good time" vs. "We see you've bought something expensive in Turkey", "Turkey?! I've never even been there", "Aha - we'll stop the transaction, then, and issue you a new card".
In many ways, the Home Office will actually be playing into the hands of the identity thieves by bringing in ID cards 'hot on the heels' of chip'n'PIN - providing the professional criminals with an ideal opportunity to accumulate multiple identities before their *real* owners even come to register!
Why is it that neither the banks NOR government in this country are looking seriously at Digital Certificate-based identity schemes? Is it because DCs don't pretend to be anything other than what they are - i.e. an identity token - and the powers that be are (a) too dumb to realise that this is all that any ID technology can *really* offer (i.e. a more or less secure/costly token), or (b) motivated by agendas other than those that they promote - e.g. reducing fraud liability to increase shareholder value rather than preventing fraud (and thereby saving us, the customer, money) for the banks, and being able to digitally surveil the entire population and being seen to be doing something about some intractable social problems rather than actually preventing anything for the government?
You decide.
]]>From Second sight in Thursday's Guardian:
The identities within these national ID computers [i.e. smartcards] used to transact business (in the general sense, such as voting, shopping, booking a squash court and every thing else) in terminals, over the internet and via the television set are therefore not "real" identities (whatever they may be) but virtual identities: a kind of identity that exists only inside computers. Identity management in the physical world using national ID computers will have to converge with identity management in the rest of the virtual world....
If this is to be the case, we need to enure that the way these virtual identities are created and used is what we, as a society, really want from the future. There is one particular thing I really do want from them: anonymity. Why should the virtual identity stored on my national ID card be limited to Dave Birch? Why can't I have a couple? Why can't my card tell the pub that I'm virtually King Arthur when I'm proving that I'm over 18? It's none of their business who I really am.
It seems to me that this could be one of the most interesting features of identity computers: their ability to reveal relevant facts about a person (this person is allowed to enter this leisure centre, for example) while simultaneously keeping the person's identity private.
This is a theme and principle that has underpinned the work I've been doing for years now in the voluntary & public sector. Why *should* people be expected to give over one bit more information than is necessary for the required transaction? It's hardly as if any agency or organisation from the banks to charities (or even the church), the government to multinational corporations have proven themselves to be utterly 'squeaky clean' when it comes to abuse or misuse of personal information. Individual ignorance, accident and oversight account for some of this - but the institutionalised trading of personal data without the knowledge of the persons being referred to is not only big business, for some firms/sectors it's a business model!
Just because we have to identify certain aspects of ourselves to certain individuals or authorities at certain times, does not mean we should have to provide them with loads of linked pieces of information about ourselves. With regard to CareZone, for example, we wanted kids on the system to be able to digitally establish that they were a looked-after child, and therefore entitled to access certain services, without exposing any unnecessarily-identifying personal information. To address this I designed a system of personae (virtual identities) that performed as more than just simple avatars within the online shared space: they also provided ways in which even very young children could safely understand, manage and use appropriate digital identities.
The approach I took at the time seemed related (at least in principle) to Stefan Brands' 'Private Credentials', published by Zero Knowledge Systems in late 2000 [456 KB PDF file], but there are a number of other credential-based schemes - e.g. the electronic cash system described by Chaum (whose excellent 1992 Scientific American article on blind signatures, Achieving Electronic Privacy, I highly recommend), Fiat and Naor at Crypto '88 - that might feasibly combine PKI & digital certificates to achieve the sort of anonymity (or just simple privacy!) that Dave Birch desires.
]]>More details in David Hencke's article in The Guardian. A slim chance of success, I expect - but good on 'em for having a go!
]]>Still, there's always time for a bit of fun (thanks to Mucho Sucko):
Scott Pakin's automatic complaint-letter generator.]]>A Nigerian 419 creator - set these two on each other & watch the sparks fly.
The George W. Bush Conspiracy Theory Generator - I suspect we've seen this before ;)
Generate your own Anarchist's Cookbook - it can't be any worse than the real thing.
See your name in hieroglyphs - does what it says on the box.
Create your own 3-panel cartoons - absolutely fantastic (check out the galleries) but don't forget to get a free login if you want to save yours.
Stitch your own Bayeux Tapestry - no, really! The peasants *are* revolting...
Some might say that this site shouldn't be here because it uses a human being to generate drawings. I don't care - they're great!
For those unexplained expenses when you've lost your (real) receipt.
My God, there really are some sick puppies out there. I'm sure you can make a better countdown.
Etch-a-sketch meets Paint - not sure who wins.
Don't laugh. It's serious.
Followed immediately by this and you've almost got the whole package!
Hours of fun making a computer say naughty things. And the French bird doesn't sound half bad...
Thanks to Phil in Brazil* for pointing this [blog] out to me ;)
Charlie Williams' brief, but incisive dissection of Blunkett's Response to the Home Affairs Select Committee report seems particularly apt.
*I met and conversed with Phil briefly, but very enjoyably, a few years back when he was working with Runtime Collective. If you make it to his Wiki, ThoughtStorms, I strongly recommend (strong) coffee...
]]>Last Thursday I wrote a letter to the Guardian, hoping to refute Blunkett & the Home Office's continued assertion that 80% of us support their proposals. We don't, and they know it - either that, or they're too bloody lazy or deluded to read anything but their own polls...
Anyway, it didn't get published and - to be honest - I didn't think it would. I put in too many figures and started to lose it a little at the end. If you've read much of this blog, that may not be too unfamiliar ;)
I thought it might just be worth putting the text of my letter up here, so here it is [scroll down for the happy ending]:
"Sir / Madam,
Your article on the home affairs select committee's criticism of David Blunkett's plans to introduce ID cards reveals the deep scepticism felt towards the scheme by MPs of all parties. What I find particularly disgraceful, though, is the fact that Mr Blunkett continues to assert that "over 80% in all focus group and opinion polls" support his proposals - as if this provided adequate justification for passing legislation, in any case!
He must be ignoring the recent Privacy International (YouGov) and Joseph Rowntree Reform Trust 'State of the Nation' polls that indicate levels of support as low as 61% nationally and just 56% regionally, in Scotland. Even the Detica (MORI) poll, hyped by the Home Office in May - in which the 80% figure was headlined - revealed that almost half (48%) of people would not want to pay for an ID card, and that 60% "have little or no confidence in the Government's ability to introduce ID cards without hitches".
Opposition to the proposals is deep, entrenched and growing rapidly as details of the scheme emerge. The Home Office, meanwhile, refuse to engage in proper and open debate, and roll on regardless with their increasingly unbelievable plans. If Labour truly think that ID cards have the support of the nation, they should put them in their manifesto and let the country decide before taking a step further.
And if Mr Blunkett wants to play cards, he really shouldn't let himself be caught stacking the deck.
Yours faithfully, etc."
Imagine my surprise when I was texted this morning to go buy a Guardian and, lo and behold, in the Letters section under ID cards are no panacea... it got published!
Edited to fit (thank God) and sandwiched between David Winnick MP and Dr. John Welford. I'm under no illusions - it was the NO2ID role that swung it, but gratifying nonetheless.
]]>It's been an interesting few days, kicked off by a fine evening spent selling NO2ID T-shirts and signing up supporters at the Big Brother Awards. 'Hi' to everyone (new) I met & remembered to tell about this blog.
And then, at about 1am on the 29th, a text arrived to tell me that someone had leaked the Home Affairs Committee report on ID cards to the Guardian...
Patrick Wintour's front page article, MPs attack Blunkett ID card plan, later that morning revealed the news that:
David Blunkett's plan for compulsory identity cards [would] be condemned by MPs... as improperly costed, poorly thought out, secretive and "lacking in clarity both over the scheme's scope and practical operation".
Of course - after the report had been officially released on the 30th - their Special Report, MPs say the case is made, but call for proper scrutiny, highlighted "the secrecy surrounding the costs of the scheme - put at anywhere between £1.3bn and £3.7bn" and gave a comprehensive summary of the concerns expressed by the Committee.
Today's Leader, Big brother database reports "the ever vigilant information commissioner Richard Thomas gave the most apposite warning about the government's draft identification cards bill yesterday. Forget the cards and concentrate on the national database that lies behind them and the people who will have access to it."
Indeed!
Meanwhile back to Thursday, and an honourable mention for NO2ID on The Register's write-up of the Big Brother Awards 2004 - uncannily timed to coincide with the launch of online sales of our campaign T-shirt on Cash'n'Carrion ;)
You can now read the HAC report itself here, or download the BBC's (advance) copy.
Mark Simpkins at consultationprocess has MoveableTyped the Summary, with the Report itself in the pipeline. Blogalicious!
David Blunkett's response is one of the most nauseating pieces of turd polishing I've ever had the misfortune to read. It reveals the next bunch of partial truths and outright lies that he's hoping to foist on the nation, and clearly identifies what he thinks people's concerns are or will be. No sign of any real evidence to back up his condescending reassurances and outrageous assertions, of course!
David Davies, the Shadow Home Secretary, is reported by 4NI as saying, "There are a whole series of problems, loopholes and weaknesses and the committee is absolutely right to highlight them. And this proposal may well lead to a very large database containing all the data about all citizens in one place, and that has serious civil liberties considerations too."
But while the the Tories have described the government's approach as "incoherent" and weak on detail, they have yet to come out as firmly against them. Hardly surprising given the fact that Michael Howard himself tried to introduce ID cards in the mid 90s, when he was Home Secretary - only giving up when he found them impossible to justify.
More from 4NI:
The Lib Dem Shadow Home Secretary, Mark Oaten, said that the David Blunkett's proposals were a "mish-mash of ideas" created to placate the Cabinet.“Mr Blunkett has failed to demonstrate to the Committee, the public, and to many of his Cabinet colleagues that his plans would prevent terrorism or cut crime," he said.
Maybe because the Guardian got the jump on them, the other broadsheets didn't make such a massive noise about the report - but still covered it:
David Barrett of The Independent noted Blunkett's refusal to publish details of the financing of the scheme in, Public facing 'clear risks' from ID cards scheme.
And John Steele in the Telegraph wrote, MPs scathing over plans for national ID cards.
The tabloids barely batted an eyelid, but some of them did at least write something:
The Mirror's, ID CARD PLAN IS 'FLAWED', called the scheme "poorly thought out and over-secretive", but unfortunately propagated John Denham's assertions that "ID cards would help in the war against terror, fight crime and and reduce illegal immigration." The latter being so patently untrue as to call into question whether either Denham or the Mirror journo need their heads examined (probably both)!
The Daily Record meanwhile managed just three sentences.
The local papers, or at least the Evening Times with MPs claim cost of identity card plan could soar and icNetwork's MPs criticise ID cards plan chipped in before being used to wrap some.
The technology press (especially online) have been pretty good at covering the many and varied flaws of the scheme and the thinking behind it, and this proved no exception:
ZDNet UK's MPs slam UK ID card proposal quotes several industry experts who question the government's "lack of technical assessment", doubt the validity of the card if identity verification is a "subsidiary issue", and the director of security strategy at Computer Associates wonders "exactly why a scheme is necessary at all".
Lucy Sheriff in El Reg seems pretty resigned to the fact that the government thinks ID cards: a bad idea, but we'll do it anyway. I'm sure a certain Mr. Lettice will have more to say on the matter when he returns...
Silicon.com labels ID cards "an expensive and dangerous folly".
And PublicTechnology.net's, ID Cards: MP committee backs them but criticises implementation & laws, is a pretty straightforward summary of the report that draws attention to current 'joined-up government' thinking: "MPs believe that there should not be a central database holding all individual information, but the identity card should enable access to all Government databases."
[Though strictly speaking it's not about the HAC report, Sarah Arnott in Computing asks some of The questions we want answered in the Data Debate. Watch this space!]
And the HAC report even got some coverage abroad, in Europe, New Zealand (via Reuters) and Bahrain! I couldn't find the Reuters feed, but Bloomberg's was pretty good.
Of course, the Beeb chipped in on the 29th with a piece about the "lack of openness" and use of the scheme as "a cover" to introduce a national fingerprinting system within five years. Well, doh! Their more in-depth coverage on the 30th,
ID card plans 'badly thought out', was much better - and not just because it quoted our (NO2ID's) very own Owen Blacker :)
A final couple from the political & legal angle:
ePolitix', Committee seeks clarity on ID cards, steers clear of being controversial but picks up on the main concerns. However, they report Blunkett as saying:
"ID cards will bring enormous benefits to us as individuals and as a society," he said."The government is acting now to prepare the UK for 21st Century challenges such as crime, security, the speed and nature of communication and international travel, and the number of sophisticated and complex transactions that we as individuals need to do effectively and securely."
Utter bullshit.
If he were genuinely interested in the latter, they'd have been incorporating Digital Certificates, not biometrics, into the smartcards. I am reminded of the question someone once told me to ask myself every time a politician opens his (or her) mouth: "Why is this lying bastard lying to me?".
Meanwhile, the good folk from Masons go into some detail in an out-law.com article that concludes with a pretty extensive list of the Information Commissioner's "major concerns".
We'll see what effect this all has when the dust has settled a bit - but, given this government's track record on listening to the British public, I don't expect that much will change. Maybe a name, maybe the price. They think it's all about managing public perception, but the fact is they could even drop the cards and I would still fight this outrageous piece of legislation tooth and nail.
Repeat after me: it's not (just) the cards, it's the database...
It's nothing less than the National Identity Register by the back door - creating dossiers on each and every child in the UK and, by association, their parents and/or guardians! The worrying thing is how little publicity this all-pervasive scheme with huge long-term effects is getting, especially given its pertinence to one of the most obvious gaps in the proposed ID cards / NIR scheme.
Add into the mix The Office for National Statistics' Citizen Information Project which proclaims it is "not about creating a comprehensive, centrally stored database on citizens", despite the fact that they are quite up front in saying:
"The unique reference number is primarily needed for the efficient running of the register. However, it could have a wider use, for example as a 'personal public services number' used across different public services. The design of the population register could facilitate the matching of records held in different databases."
They go on to say that, of course, this would *only* be possible if legislation is passed to permit such matching - but who the hell do these people think they are kidding? The government show every sign of passing several pieces of legislation of this type, doing their best to hide the construction of their 'database state' by burying the necessary clauses in superficially unrelated Draft Bills and initiatives.
Either they are thinking in a 'joined up' way, and this is clear evidence of their surveillance agenda, or the left hand really doesn't know what the right hand is doing - in which case they should really look at why they are attempting to build (at least) three costly centralised databases of unprecedented size and fill them with our personal data, when they haven't even been able to manage any of the existing identity databases to their own satisfaction!
]]>