Saturday, 29 August 2009

High tech police surveillance

Computer Weekly reports that the Metropolitan Police is looking for suppliers of portable biometric identity card readers.

A tender notice published in the Official Journal of the EU said the Met was looking to award a three-year framework agreement to supply, support and integrate handheld mobile identification units (MIUs).

The deal would cover all UK police forces, the Serious & Organised Crime Agency, UK Borders Agency, HM Revenue & Customs, Home Office, Ministry of Defence, Foreign & Commonwealth Office and related agencies.

The unit must be able to capture and display the information held on microchips and machine readable zones in passports, bank cards, ID cards, credit cards and other identification documents.

It must be able to capture one or more of 2D or 3D facial images, fingerprints and irises. It must also provide secure data communications across a secure police gateway.

Thursday, 27 August 2009

Healthy database to help sick one get better?

Criminal records bureau (CRB) checks are proving to be spectacularly inaccurate - in the year ending in March 2009, there were 1,570 identity errors.

The Register has learnt that proposals to use ID cards are being quietly developed alongside official "research" into how to incorporate fingerprint data into employment background checks.

Phil Booth, national coordinator of NO2ID, said that:

"This is entirely consistent with the various forms of coercion strategy they've been working on to create artificial 'volunteers' for ID cards. Biometrics are part of them wanting clean, unique identifiers. It's patently ridiculous given they want people to give their fingerprints in high street shops."

The CRB will soon be under more pressure to process checks. It expects a large increase in disclosure requests when the new Vetting and Barring Scheme (VBS) comes into force from October. The VBS will mean everyone who has working or voluntary contact with children or "vulnerable people" - estimated at 11.3 million - must be centrally registered.

Expect more 'mistakes' and the cry that if only we had ID cards all would be well.

Tuesday, 25 August 2009

Liberty video

Liberty has produced a clever video about identity loss.

Monday, 24 August 2009

Men who know a thing-or-two

Polite society, to which obviously we all aspire, is full of little acts of ceremony; exchanging comments about the weather is typical, this is safe ground on which to begin a conversation with a stranger. However, time moves on and now data loss by government, the idiocy of the ID card system and national databases have become accepted ice-breakers, try it sometime!

The proof of this attitude change comes in off-hand references to these things in out-of-the-way places. The author Anthony Horowitz (above right) is screenwriter for the ITV drama about life in the UK during the Second World War called, 'Foyle's War'. In a newspaper article about his research for this programme, he gave some interesting background detail. Between 1939 and 1945, 178,000 new indictable offences were created, Horowitz quotes 'The People's War' by Angus Calder as his source for this.

Clearly the population was now more likely to fall foul of the law than before. These new laws were applied by overzealous officials and were in fact counter-productive, as respect for the law diminished and crime soared. The 'official' line on the issue of identity cards during WW2 fails to record the great resentment this caused.

A sullen population fought back and fake ration cards became common. At the start of the war this sort of behaviour would have been condemmed by the vast majority of the population. But by the end it was regarded by many people as an essential, just cheeky rather than criminal.

Of all this Horowitz says - “It's been interesting to watch New Labour cobble together laws to combat the so-called war on terror, laws that have proved equally contentious and unpopular”.

He went on - “It's always struck me how little understanding recent Home Secretaries have shown of the British psyche”.

Who could disagree with that?

And so to Griff Rhys Jones, (see right) usually described as a comedian, who has drawn attention to himself, as comedians do, by being controversial! In a recent newspaper article about architecture, with one of his quotes as the title, “Politicians don't care about heritage” – he gets quite strident.

It's the same again in another article, this time with the title, “Down with bad buildings”, here Jones says -

“Bad buildings make bad citizens. The malaise is national, and to mend cities marred by ugly banalities, the next government must first appoint a Commission for Demolition. One candidate would be London's so-called Identity and Passport office”.

What more needs to be said!

Friday, 21 August 2009

Reclaim your DNA

The European Union "Prum Treaty" allows automated access to national police databases holding biometrics and data on DNA, fingerprints and vehicle registrations.
The proposed Stockholm programme aims to harmonise databases and IT systems to make this process easier. The European Extradition Warrant allows the courts of any EU country to call on those of another to order the automatic extradition of anyone suspected of offences under 32 headings, including "xenophobia" and any criminal offence affecting public order and security.

Considering that the analysis of biometric data can be unreliable, see The Biometric Delusion it would be sensible not to have your details on such databases.

Damian Green has finally managed to have his DNA removed after a four month battle as he is considered an 'exceptional case' but 850,000 other innocent people remain on the DNA database. According to the Met, just 231 people have asked that their DNA be removed from the database under this procedure since 1 January, but to date, just 31 requests have been agreed to.

Now if more of these innocent people requested their DNA be removed then the police might just find that complying with the ECHR judgement easier than fighting against all these requests. If you know anyone in this position point them towards this website.

Just think of the possibilities for error when the 27 countries of the European Union are involved! If your DNA is not listed then you can't be innocently connected to a crime using this database.

Tuesday, 18 August 2009

Create your own ...DNA

The public has an exaggerated view of the accuracy of DNA testing. Politicians and police add to this false impression by implying that, if only all our DNA profiles were on a single database, then no murderer or rapist would ever escape justice. This is far from the case.

A partial DNA profile is usually found at a crime scene and when this is compared to a individual's full profile there may be a match but it could easily be a false match. The more profiles there are on the database the greater the possibility of false matches. Also, naturally, if your DNA is not on the database you cannot be falsely accused of a crime.

Between 2001 and 2006, over 50,000 matches with crime scene profiles, namely 27% of the total, involved a list of potential suspects being given to the police, rather than one single suspect, because matches with multiple records were made.

In addition to this we now find that DNA can allegedly be created artificially.

Scientists in Israel have demonstrated that it is possible to fabricate DNA evidence. This artificial DNA could then be applied to surfaces of objects or incorporated into genuine human tissues and planted in crime scenes. They show that the current forensic procedure fails to distinguish between such samples of blood, saliva, and touched surfaces with artificial DNA, and corresponding samples with natural DNA. See here.

“You can just engineer a crime scene,” said Dan Frumkin, lead author of the paper, which has been published online by the journal Forensic Science International: Genetics. “Any biology undergraduate could perform this.”

Monday, 17 August 2009

12th September 2009 -Action Day

Freedom not Fear 2009 has its 2nd International Action Day on 12th September 2009 in as many capital cities as possible around the world to demonstrate against the total retention of telecommunication data and other instruments of surveillance.

The German site sets out a manifesto.

The GB site tells us that it: has found a sponsor who will print 1Million stickers which we want everyone to stick on every Public building, vehicle, every bank cash machine and every CCTV post; our message will be heard!

Sunday, 16 August 2009

ID card by stealth

The London borough of Hillingdon has begun issuing "HillingdonFirst" smart cards to residents to "offer access to services and privileges not available to non-residents".

The council began sending cards out to residents over 18 on 15th June. Hillingdon council states on its website:

"We will only store and print your name and card number. No address or financial information will be stored or printed on the card".

In other words the card is a key to a backend database that collates the other information that is stored. The card is being touted as a "Privilege Card" with businesses running loyalty discount schemes for card holders. Issuing residents with a unique card number will allow the council and participating businesses to share data indexed according to the card number.
Source: NO2ID newsletter

Saturday, 15 August 2009

Confusing identity

The Register has a special report on the problems with biometrics. The government's vision for the National Identity Scheme (NIS) is that it will become - "an essential part of everyday life, underpinning interactions and transactions between individuals, public services and businesses and supporting people to protect their identity." The core of the information used to prove identity is biometrics yet David Moss gives exhaustive arguments as to why this cannot happen.

Repeated government announcements and publications continue to speak of biometrics as though they have near-100% reliability. That is what people have been led to expect but the promise cannot possibly be delivered. All the published data on facial geometry, iris prints and the new-style fingerprints suggests that you a reliability rate of 81% is the maximum that can be achieved.

Tuesday, 11 August 2009

The screw tightens

Computer Weekly reveals that refusal to provide the authorities with your encryption key could land you in jail for five years.
The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Two people have been convicted so far but their sentences and crimes are unknown.

The Register reports on the non-news regarding local authority snooping under RIPA powers, informing us that most snooping is carried out by the police, GCHQ and MI5. They have demanded communications data from telephone and internet providers well over half a million times annually and all that's required is permission from a senior officer. It notes that under the Interception Modernisation Programme (IMP) this will be so much easier.

Who is responsible to the voters in our 'democracy'? Did I hear you reply:"Parliament"? Bless you, no. The three former High Court judges responsible for scrutiny of snooping - the Interception of Communications Commissioner, the Intelligence Services Commissioner, and the Chief Surveillance Commissioner - all deliver their reports directly to Number 10.

New dawn?

In years to come political scientists,analysts and historians will see this as the age of the database. No problem faced by government was solvable without the creation of a database. No Minister could look their fellows in the eye without being the Minister who introduced another database. No civil servant could claim to serve the public without doing so via a database. In the world of the free market, evolution would give us the databases we need. While others believed that, come the revolution, everyman would have his own database and all databases would be equal.

Thus it will come as no surprise to you to know that John Denham, the Communities Secretary, wants to introduce a database and the Denham proposal is all to do with landlords. Naturally it is possible to make a case for this, to suggest that this is a 'good thing', but that is a job for Denham himself. All we have to note is that there is a familiar pattern here. The origins of the idea are to crack down on rogue landlords who fail to repair property or who improperly retain their tenants’ deposits. And you may say, 'there is nothing wrong with that', well actually there could be.

The idea is that landlords who behave that way now will sign up to a database and reform; common sense tells you they will simply carry on as before. Rather as a general database will not solve problems with terrorism, as would-be terrorists will duck out of the system, so will errant landlords. As with all databases there is a fee, the current proposal is that it should be £40 to register.

Also, as with all databases, it is started to do one job then ends up doing another. The data here could be given to tax inspectors and so far, so they say, that's all. However, common sense tells us that the police will get access and all in good time the information on landlords will end up as a building block in the National Information Register. Common sense also tells us that there will be leaks, inaccuracies and misuse by a whole range of authorities, much as local authorities saw fit to misuse legislation intended for one purpose to go spying on wheely bin use! That costs will soar is inevitable.

Failure to comply by simple oversight could result in legal proceedings thus further clogging up our law courts. If legislation in this area is not being properly applied then Denham should issue instructions to the relevant authorities and force them to apply existing law. Only if all else fails should he contemplate introducing new legislation, which should be of a specific and focused nature. But yet another database just looks like a bad case of 'me too' thinking.

So, new dawn and new database and well done Minister? Perhaps not.

Saturday, 8 August 2009

Another fine government IT mess

ZDNet writes that the a researcher who claims to have cloned a UK identity card, see here, has had his offers to demonstrate the security breach turned down by the Home Office.

The Home Office, however, said it had asked the researcher (Adam Laurie) to provide the cloned card to it a "couple of weeks ago", but as he had not done so, the hacking claim was unsubstantiated.

As even Labour ministers have called the Home Office: "not fit for purpose," I think we tend to believe Mr Laurie.

Adam Laurie showed that removing the data group which alerts a scanner that the ID card has been tampered with means that no security issues are flagged up. He gives detailed information as to how the card was 'cloned' and changed. The Home Office just says this is impossible.

Added to this Computer Weekly has obtained Freedom of Information data which reveals that nine staff have been sacked from their local authority jobs for snooping on personal records of celebrities and personal acquaintances held on the core database of the government's National Identity Scheme.

They are among 34 council workers who illegally accessed the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the ID card programme.

Hence we have civil servants hacking the database and ID cards that can be cloned and altered. It's our private information, it's our lost identity and we are paying for it!

Thursday, 6 August 2009


The Daily Mail has an excellent article detailing how an ID card can be cloned and its the details changed. The falsified card was accepted by passport checking software.

The Home Office response was:

'We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened. The identity card includes a number of design and security features that are extremely difficult to replicate. We remain confident that the identity card is one of the most secure of its kind, fully meeting rigorous international standards.'

In contrast, Ian Angell, professor of information systems at the London School of Economics, commenting on the Mail's investigation, said:

'This has put a huge nail in the coffin of the National Identity Scheme. The Government can no longer say ID cards will protect us from identity theft. You have proved that they won't.'

To help us get out of this recession the Bank of England is engaged in Quantitative Easing. Opponents of this QE scheme suggest it produces nothing of real value and is mere manipulation. They also say it is akin to 'printing money', inferring that it's not 'the real thing' and therefore fake.

The government are convinced that ID cards can help us have a better society. However, a fake ID card can be produced in just minutes. This is fake security, a falsehood, how does this help anyone?

Monday, 3 August 2009

In whom we trust?

Overtis Systems, the data safety specialists report that the ContactPoint database is riddled with security failings so serious that “even a child” could steal sensitive information from it, see here.

The size of the database makes it difficult to monitor suspicious activity and it remains so easy to copy the data that a child would be capable of doing it.

Ongoing faults mean the system is vulnerable to viruses and spyware, and users could have their sessions “hijacked” while away from their computers.

However, a government spokesman says: “ContactPoint has numerous security controls in place which include procedural user controls and the effective management of those controls".

Now, whom do you believe?

Nothing 2 hide, nothing 2 lose!

Regular NO2ID campaigners will both have grown used to, and been made weary by, comments by the confused such as “I've got nothing to hide”. This little mantra is trotted out as if it is the coup de grĂ¢ce in the debate. It is, of course, nothing of the sort, it is meaningless. It is not an endorsement of ID cards and the supporting database.

The same people who trot out this remark would be justifiably horrified if their neighbours were sent copies of their health records. But of course this sort of thing 'never' happens. We can all sleep soundly while the state watches over us. Up to a point Lord Copper, up to a point!

For we now see that not only does the state lose our data if fails to protect it too. One would have thought that MI5 would be an organisation more than capable of keeping a secret. But it turns out that it has fallen down in this respect.

The breach of MI5 security that occurred recently is a "small issue" according to a Whitehall spokeswoman. Small for whom, is the unanswered question here?

Nothing to hide is all very well as a thoughtless comment but when it comes to keeping data how about “nothing to lose?” In other words the state should aim to keep the very minimum amount of data on its citizens based on the fact that all held data is vulnerable.

This is in direct contrast to the situation now where the state seeks to always increase the amount of data held and with no real prospect of improving its security.

An accident is waiting to happen, see here.