Tuesday, 29 April 2008

Government allows foreign countries to spy on motorists

"Routine journeys carried out by millions of British motorists can be monitored by authorities in the United States and other enforcement agencies across the world under anti-terrorism rules introduced discreetly by Jacqui Smith," reveals the Daily Telegraph.

Under the authorisation signed on 4 July 2007 by Jacqui Smith, video feeds and still images captured from roadside TV cameras, along with personal data derived from them, can be transmitted out of the UK to countries such as the US that are outside the European Economic Area.

Even given how keen the Government is on information sharing, this is surprising (not least because Smith failed to mention it in a statement she made to Parliament less than two weeks later when outlining Metropolitan Police exemptions to the 1998 Data Protection Act). Of course, it raises the obvious question of who will have access to information stored on the National Identity Register.

Fortunately, Meg Hillier, Parliamentary Under-Secretary of State for Identity, and Duncan Hine, Director of Security at IPS, explained all during a session with the Home Affairs Committee. The first question is asked by Conservative MP David Davies:

David Davies: Will non-European enforcement agencies have access to the database [the National Identity Register]? For example, will the American law enforcement agencies have access to this database?

Meg Hillier: European nations are currently signing a protocol with the United States on passenger name records. The existing protocols that we have would govern the data from the National Identity Register.

David Davies: That is a yes, then, basically.

Later, Labour MP Karen Buck asked:

Karen Buck: In terms of other government departments that can seek access to the information on the database without my consent, in each case is it always that that information will be a data request and that those agencies will not have direct access to the database?

Meg Hillier: Yes.

Ms Buck: It will not be, for example, the Police or Customs will have any access to the database itself? It will always be filtered through that one to 100 members of staff who are vetted and trained for the purpose of managing this database.

Dr Hine: Broadly, we will be following the same policy we do with the passport database, which is to provide verification against a specific question rather than wholesale complete extracts of the data.

Ms Buck: The word 'broadly' alarms me. What we are talking about here is: what are the exceptions as a general assurance?

Dr Hine: A number of exceptions are picked out in the original legislation around law enforcement and intelligence services.

Ms Buck: I am sorry, Chairman, I think this is really important. We need to drill down into those exceptions, not into the generality, on which I am perfectly happy to accept assurances, but those exceptions. What are the criteria and how many people, because in the end all of this data loss and the anxiety of that data loss relates to those exceptions, to those extra people, to that chain that can open up quite quickly.

Dr Hine: For even the exceptions, I would say that we still consider ourselves the stewards of that information; so any information is only passed to another party after they have satisfied us that they have got the security processes, the right accreditations, the right business process and procedures and we continue to audit those on a regular basis.

Which brings us back to the Home Office's generosity with our vehicular information. Refusing to say how many times images had been sent from London to other countries, a Government spokesman did add:

“We would like to reassure the public that robust controls have been put in place to control and safeguard access to, and use of, the information.”

So if you were wondering what the Government's stance was on data sharing, that statement and Dr Hines' reply sum it up quite neatly: "Trust us".

Friday, 18 April 2008

NO2ID Birmingham April meeting

A date for your diary: the next meeting of NO2ID Birmingham will be in the Deritend Training Room in St Martin's church in the Bull Ring on Monday 28 April from 7.30pm till 9pm.

We'll have a special guest speaker: Matty Mitford, NO2ID Local Groups Co-ordinator.

On arrival, the church asks that we use the Arts Café entrance on the side of the church opposite Borders bookshop. Room allocations are displayed on a plasma screen in reception.

Room sponsored by Martin Graham - www.martingraham.com

Saturday, 12 April 2008

The spiralling cost of ID cards

"Spending on consultants by the Home Office has rocketed by 2,000 per cent under Labour to almost £150m a year," reveals the Daily Mail.

"One of the major reasons for the expenditure is trying to get the controversial ID cards project off the ground.

"The cash could otherwise have been spent putting 10,900 extra police on streets for a year."

In the period 1997/98 to 2006/07 spending by the Identity and Passport Service - the arm of the Home Office in charge of the ID cards project - rocketed from £237,000 to £30m.

Wednesday, 9 April 2008

Wanted - for crimes of identity theft

Wanted - Smith and BrownNO2ID Birmingham followed up the national organisers' fingerprints campaign today by calling on Prime Minister Gordon Brown and Home Secretary and Redditch MP Jacqui Smith to prove their faith in the National Identity Register by adding their own name and prints with the following press statement.

Press release
IMMEDIATE
9 April 2008

ID CARD REBELS OFFER £1,000 FOR REDDITCH MP’s FINGERPRINTS

Civil liberties groups NO2ID and Privacy International are joining forces to offer £1,000 to anyone who can get hold of the Prime Minister’s or Home Secretary’s fingerprints in a campaign designed to highlight the dangers of the universal collection of fingerprints in central Government databases.

NO2ID and Privacy International have issued Wild West-style ‘Wanted’ posters accusing Gordon Brown and Jacqui Smith of ‘identity theft’ and endangering personal security. The poster states that ‘the fingerprint must be obtained lawfully.’ The £1,000 reward will be paid to the charity of the ‘bounty hunter’s choice’.

Michelle Graham, NO2ID’s Birmingham Co-ordinator, said: “Fingerprints can be reproduced from prints left on beer glasses, doorknobs or anything with a hard surface. When Jacqui Smith says that linking us by our fingerprints to the national database is a security measure, what she’s actually doing is opening the door for fraudsters and criminals to have one central point of access to our identities. If the Identity Register is such a great thing, why is the Government targeting foreign nationals and students instead of signing up MPs themselves?”

The move could leave both groups open to prosecution for incitement. Speaking in The Observer on 6 April, Simon Davies, director of Privacy International said: “I'm sure the Government will seek legal advice to see if we can be prosecuted. But it would be a foolish government that would try to charge civil rights groups.”

ENDS

Notes for editors:
1. For further information please contact Michelle Graham on 07734 087470 or email birmingham@no2id.net.

2. A pdf of the poster is attached. For a PNG or jpeg, visit: www.privacyinternational.org/article.shtml?cmd[347]=x-347-561230
3. German hackers recently obtained the fingerprint of the German Interior Minister and printed 4,000 copies of it. The fingerprint came from a glass the Minister drank from while speaking at a University in Berlin. The image was printed on a plastic foil that can be fixed to a person’s finger and used to replicate an individual's prints on doors, telephones or biometric readers. For more information see: www.theregister.co.uk/2008/03/30/german_interior_minister_fingerprint_appropriated
4. NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. Scroll down www.no2id.net for a list of 'database state' initiatives that NO2ID is actively opposing.

Sunday, 6 April 2008

I feel safer already

Jacqui Smith raised an interesting point in her speech at Demos last month.

"Because your name will be linked by your fingerprints to a unique entry on the National Identity Register," she said, "you will have much greater protection from identity theft. No-one will be able to impersonate you, like they can now, just by finding our your name and address and personal details."

And she's probably right: no-one will be able to impersonate you like they can now.

No, they'll find new ways of doing that.

Take the good people of The Chaos Computer Club. In protest at proposed laws to add fingerprints to German passports, the 'hacker club' has published what it says is the fingerprint of Wolfgang Schauble, Germany's interior minister.

The Register explains:

In the most recent issue of Die Datenschleuder, the Chaos Computer Club printed the image on a plastic foil that leaves fingerprints when it is pressed against biometric readers.

No-one from the Germany-based group has been able to test the foil to see if it can fool a computer into believing it came from Schauble. But the technique has been shown to work with a variety of other people's prints on almost two-dozen readers, according to a colleague of the hacker who pulled off the demonstration.


The whole research has always been inspired by showing how insecure biometrics are, especially a biometric that you leave all over the place," said Karsten Nohl, a colleague of the researcher who engineered the hack. "It's basically like leaving the password to your computer everywhere you go without you being able to control it anymore."

The print is included in more than 4,000 copies of the latest issue of the magazine, which is published by the CCC. The image is printed two ways: one using traditional ink on paper, and the other on a film of flexible rubber that contains partially dried glue. The latter medium can be covertly affixed to a person's finger and used to leave an individual's prints on doors, telephones or biometric readers.

I feel safer already.