infinite ideas machine

Re-posted from archive of infinite ideas machine 2004:

Click on the pic to check out the NO2ID campaign site.

Re-posted from archive of infinite ideas machine 2004:

[After a coupla days off – hooray for Bank Holidays!]

Someone who White Rose now tell me wishes to remain anonymous (!) proposes a UK anonymity card:

“A more palatable alternative might be the UK anonymity card. Perhaps we would be persuaded to submit to a one-off secure registration process if the result gave us a card which could read and confirm our thumb print, but held no other personal information. It would just need a royal crest and text to the effect that the bearer is entitled to the service in question. It would prove you are the necessary age, or that you have a clean driving licence, but no more. The authentication is local and off-line, so it does not tell a central database who and where you are, and what you are doing. If you try to use it fraudulently or beyond the authorised limits, you are still nicked.”

Meanwhile, Sarah Arnott in Computing thinks that ‘ID cards for the right reason‘ mean:

“In the real world people can ‘see’ who you are. The same needs to be true in cyberspace and an obvious role for the government is to create that guaranteed online identity.

No longer is it a question of government as ‘Big Brother’ invading our privacy, but of it making the most of its unique position at the centre of society to provide a much-needed service.

ID cards should not be about the negative ‘freedom from’, but the positive ‘freedom to’.

With a government-issued biometric ID card, swiped through a reader as I open my browser, I am free to buy, sell, bank, chat, pay my council tax, apply for a job – whatever it is I want to do – without having to remember a hundred passwords or retype my address a hundred times.”

And Steve Bowbrick’s, ‘Second sight‘, on Guardian Online proposes an altogether different approach:

“I’d like to see Britain invest all the planned ID card budget in simpler, cheaper and more effective measures to increase trust, interdependence and transparency within our communities and institutions. The end result, though doubtless small, will surely be more useful than devoting the next 20 years of our national life to getting flawed ID cards working and preventing the bad guys from stealing the keys.”

Alternatives abound, based on the growing perception that the Government’s proposed ID card / NIR scheme is: (a) likely to be very unpopular – public support for ID cards is falling rapidly, and resistance is growing (see Detica’s MORI poll [188 KB PDF file] 80% pro on 22/4/04 vs. PI’s YouGov poll [45 KB PDF file] 61% pro on 19/5/04); (b) almost bound to be impractical and expensive, if it even works at all (biometrics ain’t all they’re cracked up to be, as past and current problems with the UKPS trials are showing); and (c) misconceived, misdirected* and unlikely to deliver the ‘benefits’ proposed by the Home Office (i.e. countering terrorism, preventing illegal working and reducing identity fraud).

*In fact, the whole exercise increasingly looks like a classic piece of misdirection, e.g. why is the National Information Register not included in the title of the Draft Bill when, in fact, it underpins the entire scheme and is the thing that requires/underlies the majority of the proposed legislation?

There is a clear agenda on the part of the Home Office to create a new ‘clean’ database but is this meant to enable the sort of ‘joined-up’ eGovernment that New Labour have promised, but just can’t seem to deliver? Or is it motivated by the desire to be seen as a technological ‘world leader’, while meekly complying with increasingly invasive EU and US data-sharing ‘requirements’?

Either way – and I’m sure there are other reasons behind this – what we could be left with, if the current proposals become law and the scheme goes ahead, is a surveillance culture in which personal privacy will count for next-to-nothing, and a society in which trust is dictated by little chips in pieces of plastic and Government database records over which we, the people, will have little to no control.

Re-posted from archive of infinite ideas machine 2004:

John Leyden in The Register’s, FBI apology for Madrid bomb fingerprint fiasco, points out the dangers of over reliance on supposedly ‘infallible’ biometric evidence. As it turns out, the FBI incorrectly matched a digital copy of a fingerprint found on a bag full of detonators to an Oregon lawyer – who also happened to be a Muslim convert.

This New York Times article reveals just how much faith the FBI had in their systems:

“Court records unsealed Tuesday showed that the Spanish authorities had raised questions about the FBI’s fingerprint match to Brandon Mayfield, 37, a Portland-area lawyer. Yet FBI officials were so confident of a match they described as “100 percent”, they never bothered to look at the original print while they were in Madrid on April 21 to meet with Spanish investigators.”

Reading further down the article, you begin to get a sense of the sort of ‘guilt by association’ that might become increasingly prevalent when or if our identity records are held in a centralised database. If this sort of thing happens when the dots are being joined by ‘intelligent’ human agents, how many more errors will occur when it’s a piece of software doing the detective work?

UPDATED 25/4/11: Seven years later, the Feds pay out millions to wrongfully accused terror suspects, including Brandon Mayfield.

Re-posted from archive of infinite ideas machine 2004:

“If you’ve nothing to hide, you’ve got nothing to fear” is still bugging me (I’ve been wearing that T-shirt again…) and this SecurityFocus article, Firm names ‘statistically likely’ terrorists, begins to articulate why. [The firm is called Seisint, and even a quick look at the services they offer – and how they achieve them – begins to make my blood run cold. Go ACLU!]

Given that ID cards / NIR are being proposed as a means to combat terrorism and serious crime – something Blunkett and others initially headlined, but have since been forced to downplay – and that so much (public) money is going to be spent on the project, it is inconceivable that UK Police and Intelligence services will not be allowed to use software such as that described in the article, i.e. profiling individuals based on their NIR records.

Which is where the whole “If you’ve nothing to hide, you’ve got nothing to fear” thing begins to break down:

• You may have done nothing wrong… but you may well fit the profile of people who have – or who the authorities think might.
• You may not knowingly mix with terrorists or criminals… but who has lived in your house before you? Or who are those mates your kid met at college? What does a terrorist look like, anyway – and do you really think they’ll be carrying an ID card stamped ‘Suicide Bomber’?
• And if something goes wrong with the technology or database records – which, of course, it never does! – how are you going to prove that you aren’t that conman / extremist / murderer?

Of course, if ID cards do come in and you’re white and middle class – like me – then you probably won’t ever be stopped on the street and asked for your ID. That will (has, and continues to) happen to those of us that have darker skin, or look Asian or who dress according to their faith. Just because the risk to you personally is low, do not assume that holds for everyone – just start by examining your own prejudices!

No, I’m afraid “If you’ve nothing to hide, you’ve got nothing to fear” sounds to me, at best, like the sound of people collectively burying their heads in the sand and, at worst, it’s nothing more than saying “I’m all right, Jack…”

…FOR NOW!

Re-posted from archive of infinite ideas machine 2004:

Thanks to SpyBlog for (my) first heads-up on yesterday’s announcement of PA Consulting being awarded the ID Card scheme “Development Partner” contract by UK Home Office, also covered by The Register, BBC News, Silicon.com and others.

Any and all of the above are more informative the less-than-forthcoming Home Office Press Release, repeated on PA Consulting’s site.

The runner up – Deloitte – must be upset, especially as they were still in the running last week when The Scotsman revealed in its article, Advice on ID cards came from firm ‘set to make millions’, that the company had seconded one of its staff to work at the Home Office advising on the planned ID card network from September until March…

But, as John Lettice kindly pointed out to me, this is not so much about Deloitte trying to pull a fast one as the fact that “uk.gov is so addicted to getting free help from the industry that there is no way it can make a measured purchase decision about anything”. Secondments are apparently common practice in UK government IT, and PA Consulting themselves have in the past ‘lent’ members of staff to, e.g. the eEnvoy’s department.

All the big players do it, so is there any wonder that the government often displays such wild enthusiasm for ‘magic bullet’ IT solutions? Or that the smartcard agenda is so deeply embedded in government thinking that, ID cards or not, we are ploughing ahead with a ‘chipped’ future with scant regard for the long term social or financial consequences?

I’ll leave you with a quote from an article written back in 2000 by the Home Office’s new ‘Development Partner’:

“Integrating customer access is a radical proposition, but as a focus for effort it offers the promise of being one of the single most visible and effective initiatives in improving public services yet undertaken by this Government, and possibly any other since the Second World War. And it could be rolled out in the lifetime of a single Parliament. All this, and it would actually save public money. If New Labour is serious about empowering the customer of public services and of adopting radical measures to get more from less, then focusing on customer access is one of the answers.” – PA Consulting Group, ‘E-nable the customer to join-up government’ [full paper no longer available online]

No agendas there, then!

UPDATED 25/5/04: a timely reminder by Philip Johnston in the Telegraph of PA Consulting’s shaky track record re. the ‘shambolic’ start of the Criminal Records Bureau in 2002. Remember when a whole pile of kids couldn’t go back to school after the summer hols because their new teachers hadn’t been police checked? Thank you, PA! And (for the record) Capita, too.