Re-posted from archive of infinite ideas machine 2004: [LINKS UNCHECKED]
Our friends at Spy Blog and White Rose both wrote up the NO2ID public launch on Saturday. WTWU’s account, NO2ID campaign launched to the public even has pictures – well, one at least: here.
Philip Chaston’s, It’s the Database, Stupid! on both White Rose and Samizdata.net goes into more detail and raises some good points, which I shall address in another post…
Re-posted from archive of infinite ideas machine 2004: [LINKS UNCHECKED]
Come to NO2ID’s launch event as advertised on Upcoming.org, Indymedia and the NO2ID site.
Kick-off is at 11:00am on Saturday 18th September at The Corner Store, 33 Wellington Street, Covent Garden, London WC2E 7BN (nearest tube, Covent Garden – although Embankment, Temple and Charing Cross are all only about 5 mins walk away). There’ll be speakers, etc. in the a.m. followed by lunch, then folks will be heading off to various parts of central London to do campaign-y things…
T-shirts, badges & stickers will be available on the day – as will shed loads of our shiny new leaflets. Come along, show your support and hit the streets. Let’s get things started!
Re-posted from archive of infinite ideas machine 2004: [LINKS UNCHECKED]
Just when the banks would have you think that Chip’n’PIN was going to save your bacon…
Market analyst Datamonitor warns “that as it became more difficult for fraudsters to commit card fraud, they [are] likely to turn their attention to identity theft.”
BUT as card-not-present fraud is one of the most common forms of fraud in the UK, how do they expect new cards of any type to tackle this? Remember, Chip’n’PIN is not primarily about fraud at all – it’s about liability shift: from the banks to the retailers, and thence to you…
The banks have done a lot of successful and quite sensible stuff to combat fraud, including the use of AI pattern-detection to identify unusual transactions. Following up on these automated alerts with a phonecall to the account holder (I’ve had a couple myself) makes for pretty good two-way ‘authentication’ of the transactions: “We think you’ve just bought something expensive in France”, “I have, I’m on holiday there”, “OK, have a good time” vs. “We see you’ve bought something expensive in Turkey”, “Turkey?! I’ve never even been there”, “Aha – we’ll stop the transaction, then, and issue you a new card”.
In many ways, the Home Office will actually be playing into the hands of the identity thieves by bringing in ID cards ‘hot on the heels’ of chip’n’PIN – providing the professional criminals with an ideal opportunity to accumulate multiple identities before their *real* owners even come to register!
Why is it that neither the banks NOR government in this country are looking seriously at Digital Certificate-based identity schemes? Is it because DCs don’t pretend to be anything other than what they are – i.e. an identity token – and the powers that be are (a) too dumb to realise that this is all that any ID technology can *really* offer (i.e. a more or less secure/costly token), or (b) motivated by agendas other than those that they promote – e.g. reducing fraud liability to increase shareholder value rather than preventing fraud (and thereby saving us, the customer, money) for the banks, and being able to digitally surveil the entire population and being seen to be doing something about some intractable social problems rather than actually preventing anything for the government?
You decide.
Re-posted from archive of infinite ideas machine 2004: [LINKS UNCHECKED]
From Second sight in Thursday’s Guardian:
The identities within these national ID computers [i.e. smartcards] used to transact business (in the general sense, such as voting, shopping, booking a squash court and every thing else) in terminals, over the internet and via the television set are therefore not “real” identities (whatever they may be) but virtual identities: a kind of identity that exists only inside computers. Identity management in the physical world using national ID computers will have to converge with identity management in the rest of the virtual world….
If this is to be the case, we need to enure that the way these virtual identities are created and used is what we, as a society, really want from the future. There is one particular thing I really do want from them: anonymity. Why should the virtual identity stored on my national ID card be limited to Dave Birch? Why can’t I have a couple? Why can’t my card tell the pub that I’m virtually King Arthur when I’m proving that I’m over 18? It’s none of their business who I really am.
It seems to me that this could be one of the most interesting features of identity computers: their ability to reveal relevant facts about a person (this person is allowed to enter this leisure centre, for example) while simultaneously keeping the person’s identity private.
This is a theme and principle that has underpinned the work I’ve been doing for years now in the voluntary & public sector. Why *should* people be expected to give over one bit more information than is necessary for the required transaction? It’s hardly as if any agency or organisation from the banks to charities (or even the church), the government to multinational corporations have proven themselves to be utterly ‘squeaky clean’ when it comes to abuse or misuse of personal information. Individual ignorance, accident and oversight account for some of this – but the institutionalised trading of personal data without the knowledge of the persons being referred to is not only big business, for some firms/sectors it’s a business model!
Just because we have to identify certain aspects of ourselves to certain individuals or authorities at certain times, does not mean we should have to provide them with loads of linked pieces of information about ourselves. With regard to CareZone, for example, we wanted kids on the system to be able to digitally establish that they were a looked-after child, and therefore entitled to access certain services, without exposing any unnecessarily-identifying personal information. To address this I designed a system of personae (virtual identities) that performed as more than just simple avatars within the online shared space: they also provided ways in which even very young children could safely understand, manage and use appropriate digital identities.
The approach I took at the time seemed related (at least in principle) to Stefan Brands’ ‘Private Credentials’, published by Zero Knowledge Systems in late 2000 [456 KB PDF file], but there are a number of other credential-based schemes – e.g. the electronic cash system described by Chaum (whose excellent 1992 Scientific American article on blind signatures, Achieving Electronic Privacy, I highly recommend), Fiat and Naor at Crypto ’88 – that might feasibly combine PKI & digital certificates to achieve the sort of anonymity (or just simple privacy!) that Dave Birch desires.
Re-posted from archive of infinite ideas machine 2004: [LINKS UNCHECKED]
Thanks to Phil in Brazil* for pointing this [blog] out to me 😉
Charlie Williams’ brief, but incisive dissection of Blunkett’s Response to the Home Affairs Select Committee report seems particularly apt.
*I met and conversed with Phil briefly, but very enjoyably, a few years back when he was working with Runtime Collective. If you make it to his Wiki, ThoughtStorms, I strongly recommend (strong) coffee…
