21/10/2008 by deepspacemillar.

On my interwebs session the other day, before writing up the ‘Some interesting links’ post, I came across this story on the Economist website.
It has a good commentary about the recent developments on ID-cards, including a section on the MyLifeMyID site and its recent closure. I had more or less forgotten about it until today, when user Morel’sGhost (many thanks for the tip, btw!) pointed out the story and that Virtual Surveys own Ray Poynter had commented on it, which is reproduced in its entirity below:

“First the declaration of interest, I am one of the Admins from the mylifemyid site and a director of Virtual Surveys, the company that ran and hosted mylifemyid.Secondly, a couple of quibbles. Surely, the use of the word “purportedly” is a tad tendentious. Over 50 million online ads were placed in locations such as Bebo and Facebook to promote the site, and over 1000 young people have indeed had their say. You are right to say many people dismissed the site as propaganda, but most of them said that before they saw the content. It is hard to describe a website which hosts so many anti-ID Card comments and Government propaganda.Finally, some information. The site reached its scheduled end on October 15, after three months of listening. The content of the site is now being analysed and a report will be presented to the Identity and Passport Service, who have committed to publishing the report on their website.”
(my emphasis added)
Now…I’m really not quite sure what to make of this statement. Has Ray just admitted that the site was a conduit for government propaganda? Is he claiming the site was somehow neutral or ‘evened out’ by the huge swathe of anti-ID comments that were left in response? This would be a significant revelation - meaning the site was a blatant government PR exercise all along, and that the admins were in fact biased and therefore the entire research flawed. I could speculate from now till Christmas, however, I feel Morel’sGhost summed it up pretty nicely:

“Ray Poynter can quibble all he likes but the Economist is spot on.mylifemyid was designed from the ground-up to present Labour’s ID plans in a positive and non-threatening light. The site’s moderators (including Ray) repeatedly posted specious and leading questions which, without exception, endorsed the Home Office’s arguments which (also without exception) were shot down, taken apart and ridiculed by participants. The site administrators quickly deleted any responses (in a supposedly open forum) critical of the study’s dubious research and ethical basis.mylifemyid’s “scheduled end” (i.e. deletion) was utterly inappropriate for an online consultation exercise which was publicly funded at a cost of £75,000. Study data should have been left online and in-situ for participants and interested parties to compare with the final report (which will anyway be utterly ignored by the Home Office - not even the most creative “researcher” could plausibly give a positive spin to the avalanche of negative comments triggered by the site).”…a website which hosts so many anti-ID Card comments AND Government propaganda.” You said it, Ray.”

EDIT: Ray Poynter responded here and on the Economist website regarding his earlier comment:

“Oops! What I meant (and what I thought I had typed) was “It is hard to describe a website which hosts so many anti-ID Card comments as Government propaganda.”

Very few comments were taken down from the site, and these were for abuse of the Ts&Cs, general abuse, or because they had been flagged by users as offensive. There were many posts that made comments about the site, its motivation, the way it was moderated, and except for the handful that fell foul of the abuse rule, they remained on the site.

I take Morel’s point about the case for not removing this type of project at the end of its period of action. We will certainly be recommending that future projects provide some sort of ongoing, public record of the discourse.

For example, I would be happy to debate whether the moderation was neutral or biased, but, without the material being available to all parties, I would be expecting people to simply take may word for it, and that would be unfair (and not necessarily likely to happen).

Ray Poynter, an Admin at mylifemyid”

Thanks for clearing that up Ray. I disagree with some of your points though - and I’ll be writing a post later on tonight to discuss this.

Posted in ID cards | 4 Comments »

21/10/2008 by deepspacemillar.

Ars Technica is a site I have great respect for. They have some of the most intelligent and detailed analysis of technology, science, business, and law on the web. So I was rather pleasantly surprised to find a great article on the erosion of privacy in the UK.
The article mentions how the RIPA laws that have come into effect over the last year have a provision which means you cannot withhold the encryption keys to encrypted data if the government asks for it as part of a criminal investigation. The penalty is 2 years imprisonment for ‘normal’ crime, and 5 years if the crime is linked to ‘terrorism’. The RIPA provisions also apparently trump the right to silence, meaning that you cannot choose to say nothing/provide no evidence.
As always though, the legislation is potentially useless against well organised criminals - who can use freely available programs to encrypt data, but with two (or more) different encryption keys. Each key can be made to unlock a different set of data, meaning that say, one key could open perfectly innocent data, and one could be encrypting your terrorism manuals and anti-ID card poster designs. The interesting element in such an approach is this: given the ‘innocent’ key, an outsider would only see the innocent data, and would have absolutely no knowledge of any other sets of data present, therefore being completely unaware of anything incriminating. Therefore, as mentioned, anyone who has their wits about them can circumvent the law as before.

The article goes on to mention the IMP database, the implications, and the backlash against it. It also mentions the new rules on purchasing mobile phones with ID, again nothing how serious criminals can easily avoid such measures. My favourite paragraph is this:
“Just as there are data encryption systems that can defeat RIPA, there are communication systems that defeat the proposed database, and which do so before the legislation has even been passed to create the database in the first place. This is truly pointless legislation that will make us no safer.”

The conclusion is equally scathing on the other points. Well worth a read.

Posted in ID cards | 1 Comment »

21/10/2008 by deepspacemillar.

According to the Sunday Times, Jacqui Smith is facing a rebellion from senior Home Office officials over the plans for the IMP database. A leaked memo showed that said officials opposed on the grounds that the database would be “impractical, disproportionate, politically unattractive and possibly unlawful from a human rights perspective”. The backlash has potentially caused the IMP proposals to be dropped from the Queen’s speech, and may now be reviewed by the Home Office. The Home Office refused to comment on the matter, but alternative proposals are apparently on the sidelines, including one where requests for information are sent automatically to the existing providers/database holders.

The story is here.

Posted in ID cards | 1 Comment »

20/10/2008 by deepspacemillar.

I have a number of interesting stories I’ve come across recently that don’t neccessarily warrant individual posts, so here’s a few of the more interesting ones, summarised for your perusal:

Home Office trying to persuade unions to drop opposition to ID cards
Warning: this one has a close-up picture of Jacqui Smith holding an ID card, if you’re squeamish, look away now
The Home Office is apparently trying to persuade the trade unions to change their minds on ID cards by trumpeting how ID cards will ‘reduce costs’ and ’save time’ processing workers for airport jobs. Of course, the Home Office neglects to mention that airport jobs are so strict because they made it that way. But I digress. Meg Hillier, the goon in charge of ID cards, claims some trade unions see the benefits of the scheme and that “Not all trade unions think that the position (anti-ID) is one that should remain,”. The story also has a few other interesting paragraphs…
“The first ID cards, for foreign nationals, will be introduced next month followed by those for airport workers in 2009. Young people will be targeted in 2010 and from 2012 everyone applying for a passport will be put on the national identity register.

ID cards, which carry the users’ fingerprints, will be valid travel documents with the EU and ministers hope that young people will see them as a cheap alternative - at £30 - to purchasing a £72 passport.”

The article also mentions the use of facial recognition systems when fingerprints are not reliable, and that the ID card scheme is ‘largely self financing’ and that no savings would be gained by scrapping it… Right…

Biometrics alone is not enough to prevent fraud
This article discusses some of the weaknesses in the biometrics used in the ID card system. Fairly short, but it has some interesting points on the security aspect of the ID cards.

ID card staff lose security passes
Continuing with security, the Guardian reports on how staff at both the Home Office and Ministry of Justice have managed to lose 3,492 security passes since 2001 (a rate of more than one a day). These offices are responsible for managing the ID card systems and NIR. This raises the question - if the physical security at these departments is so lax that security passes are leaking out like water through a seive, how can they be trusted to secure a database of such importance as the NIR, or indeed, the IMP database? Absolutely shocking.

Free Agent
The Guardian also has an interesting interview with the former head of MI5, Stella Rimington. In it, she describes how she believes the secret services have been widely politicised, her opposition to ID cards, 42-day detention and government inanity. An interesting interview.

High up with Jacqui Smith at the IPPR
An analysis on Jacqui Smith’s speech on the IMP database plans. From this, it sounds like her speech was as inane as I would have expected. The final paragraph, noting an exchange between the BBC’s security correspondant and Jacqui Smith over Lord West’s recent remarks about “another great plot building up again” is particularly interesting, I would have loved to hear that!

UK.gov plans ‘consensus’ on PAYG phone registry
So, you’ve got a database that records all the phone calls made in the entire country, and data linking nearly all of those calls to people by ID card. But wait! Some people are using Pay-As-You-Go phones, and you don’t know who they are! They could be terrorists! So what do you do about it? Simple - make it law for people to provide ID when purchasing a phone, and record their details and the number. You don’t want any missing entries on the database after all.
Another fine example of how ‘voluntary’ ID cards will be rather important in future, and how the nanny state will keep tabs on you, just to stop you hurting yourself…

UK.gov says: Regulate the internet
El Reg explains how the government wants to regulate the Internet. Yes, finally the government can protect us from the horrors of the web, and provide us with nice, clean, sanitised content from trusted sources, friends, and people with sufficently deep pockets. The article refers to comments made by head of Ofcom, Lord David Currie. I just wonder though, have these people ever used the internet? I mean, really, do they actually understand just how massive it actually is? Clearly not…

Posted in ID cards | 1 Comment »

20/10/2008 by deepspacemillar.

According to an article in the Inquirer, the government will be testing the NIR using criminal fingerprints supplied by the FBI.
The FBI is providing millions of records from their own systems for testing containing both flat fingerprints and rolled fingerprints. This is strange however, because rolled fingerprints are only used in criminal systems, where their better accuracy is needed in courts, etc. By its definition, the NIR doesn’t use rolled fingerprints, it uses flats, so it’s naturally quite strange to find the IPS has procured millions of full sets of rolled fingerprints.
The Inquirer submitted a FoI request earlier this year, asking the terms of the agreement with the FBI. They were been told that the information could not be released because some of it was sensitive, and also because it was sent by the FBI ‘in confidence’ and public disclosure would apparently be in-appropriate…
The obvious question is, why is the government using criminal type fingerprints to test the NIR? And why are they not forthcoming with an explanation?
I think this needs an explanation…

Posted in ID cards | 1 Comment »

19/10/2008 by admin.

Just a quick note - I’ve made a few minor changes to the blog. One of these is now the ability for unregistered users to comment. So if you don’t want to sign up, you can still contribute anonymously/without your email being stored. One of the others is the ability to subscribe (apparently) to posts.

Also there’s about 4 or 5 posts planned out that havn’t yet got round to being written. I’ve been busy all weekend so, look out for them soon

Posted in ID cards | 1 Comment »

18/10/2008 by deepspacemillar.

For anyone who still thinks the government actually has a responsible attitude to dealing with ‘terror’, this thursday’s Question Time had Geoff Hoon clear up any ambiguity by aggressively asserting that the governent absolutely has to have the new IMP database, or else we’ll have given terrorists a ‘licence to kill people’.
The panel was discussing the IMP and the related communications bill after a question from the audience - which initially had Geoff Hoon claim that the government wasn’t actually proposing anything radically new, just ensuring the government still had the ability to intercept data on the Internet when neccessary. From there, the conversation went downhill for Mr Hoon, with him claiming that it was actually new - it allowed the government to tap into new communication technologies (he seemed to be implying VoIP). He avoided explaining why the government needed a centralised database to acheive this.
Lib Dem Julia Goldsworthy pointed out the government can’t really be trusted, not only to not lose the information, but also to not abuse it, pointing out the recent revelations of local councils abusing terrorist powers. When she asked how far the government was willing to go to undermine civil liberties in the name of security against terrorism, Geoff Hoon angrily interjected:
“To stop terrorists killing people in our society, quite a long way, actually! …And if they’re going to use the Internet to communicate with each other, and we don’t have the power to deal with that, then you’re giving the licence to terrorists to kill people”
When the moderator asked him to clarify about undermining civil liberties, Geoff concluded:
“Because the biggest civil liberty of all is not to be killed by a terrorist!”

Bad show Geoff. Very bad show. By trying to make the implication that not granting these new powers, suddenly terrorists will have a free reign, you transformed your response into dross propoganda. If you wanted to make a reasonable case for the new powers, this wasn’t it. You also managed to imply that anyone not supporting these laws was somehow giving terrorists a ‘licence to kill people’. What on earth are you thinking, Geoff? To have such blinkered faith in the systems ability to stop these terrorist attacks, you must have seen some pretty convincing evidence. Are you also trying to imply that anyone not supporting these powers supports terrorism?
As I wrote in my last post, we havn’t seen strong evidence of the IMP database being able to work effectively. In fact we’ve seen the opposite. The government already has extensive powers to lock up people without trial, and has plenty of data at its’ disposal, held by ISP’s. What you’re asking for isn’t the ability to fight terrorism, you’re asking for indiscriminate powers to monitor the entire UK population for signs of ‘terrorism’, and the powers to view the content of their communications without them having done any wrongdoing. This is sickening.

Look, terrorism is a horrible thing. The vile people involved do terrible acts in the name of their cause. Their effects can indeed be terrifying and cause significant damage and cost of life. But this is a completely disproportionate response to the problem. We’ve lost more people in the last 10 years to a stupid war in Iraq (176) than we have to terrorism in the UK (52). Arguably, we wouldn’t have been attacked on 7/7 if we hadn’t have been involved in Iraq in the first place. So our government has a lot to answer for here, it is their decisions and actions that potentially caused the problem in the first place. I do not mean in any way to belittle the loss of life on 7/7. It was a tragic event. But the government needs to grow up  and treat us and our rights with respect.

Maybe it’s time to get off the high and mighty chair, Geoff…

Posted in ID cards | 2 Comments »

17/10/2008 by deepspacemillar.

Although it has been revealed by several sources in the past, yesterday Jacqui Smith introduced government plans for the Interception Modernisation Programme.
In case you aren’t aware of what this is, essentially the government wants to update current methods of obtaining communications data from the Internet and telecommunications systems. All done to ‘prevent terror’ of course! (we’ve heard that one before).

So how do they plan to achieve this?
Simple. Take the emails, text messages, phone calls and Internet history, along with the location, of every single citizen in the UK and put it on a database. A database controlled by the government of course, accessible by government agencies. The government is pretty adamant about it too, with Jacqui Smith herself declaring it to be “…not a Government policy which is somehow optional. It is a reality to which Government needs to respond”. Good on ye’ Jacqui, you tell ‘em!
Currently, all ISP’s and phone companies keep records on all their customers usage, which the police/security services can access if they have a warrant to do so. The IMP will completely change the way this system operates, centralising all this data, and allowing the government to access it without having to go through the hoops they went through before.

Unfortunately, this has some pretty nasty implications:

• Cost - £12 billion is the current estimate for the cost of setting it up. Judging by most other government IT projects, it would not be surprising to see this figure end up multiplied several times to reach the actual cost. What needs to be remembered here is the current state of the economy and the likelihood that things will not get better for some time. I’m quite amazed the government thinks it can afford this when there are so many poor bankers need bailing out.
• Privacy - I’ve lately come to the conclusion that the government doesn’t actually give a flying hoot about people’s right to privacy. This database would allow the government to profile you down to the finest details, and make very detailed assertions about your life, habits, and movements if they so wished, without your permission or knowledge and without you committing a crime. Essentially it is more intrusion into our private lives and it isn’t welcome.
• Security - As with any big, centralised database that is open to many users, there is great potential for security breaches. I think all I have to say about that is, imagine this database on a hard drive. Now imagine that hard drive lost or stolen. The government’s record on data security is completely woeful, and I would not be surprised if a plain un-encrypted version of this database somehow ended up left on a bus. The results would be horrendous. There are many other security risks, from hackers to corrupt officials to any other number of things. The most likely risk however is still plain old incompetence.
• Feasibility - Make no mistake, a database of this size would be absolutely enormous. The ability for the government to even make this work at all has to be considered. A half-working, broken system would be incredibly dangerous.
• Profiling - When you have such a sea of data, you want to look for patterns, so you can identify potential groups of people (in this case, we’ll say terrorists). The potential with methods like this is that if a normal, law-abiding citizen happens to match a ‘profile’ commonly seen with terrorists or criminals, they might end up being investigated. How long before police start raiding houses of innocent people who happened to match the wrong profile?
• It might not actually work - A recent investigation in the USA by the National Academies concluded that using databases to identify terrorists would probably not work, and in fact generate huge numbers of false positives. So not only would the database fail to prevent terrorism, but would cause innocent people to get investigated as potential terrorists. That doesn’t sound particularly promising.
• It all ties together - Between this massive database, the ID card database, and all the other government databases, the amount of information the government would have to call upon would be simply incredible. Tying them all together to create a pseudo-”super database” would be trivially easy to do. With all this information at their disposal, the government knows everything about you. Your medical records, tax records, bank records, driving records, where you go, who you meet, what you say, what you do, would all be open to scrutiny. Is it really worth this, just to enjoy the charade of ’security’ from terror?

It’s funny how the “Nanny State” turned out to be the big bad wolf after all.

Posted in ID cards | 2 Comments »

17/10/2008 by deepspacemillar.

So yesterday the MyLifeMyID site was taken down. It went with a bit of a fizzle, rather than a bang. In the last few days, the posts had slowed to almost zero, and the discussions slowed to almost a halt.
I’m personally disappointed that they took the entire site down. I would far rather they had locked the posts in some way and kept it for reference, or allowed us to continue to debate in one of the sub-forums. However, since they removed the entire site, they have removed all ability for their users to comment on the Virtual Surveys report and the government’s response. Unfortunately this was not really a surprise, considering Virtual Surveys have consistantly demonstrated a lack of useful interaction with their users. Are we honestly surprised?

[Edited: 20/10/08]
I have received several emails expressing a lack of any trust whatsoever in Virtual Surveys, and I have to say, I’m inclined to agree. I hope for VS’ sake they don’t dilute or bias the report to its knees. I certainly sympathise with that view. I hope they convey the full feeling of the community, and don’t dumb it down, or use language the government can easily twist or misquote. If they do, I personally won’t let it pass unchallenged, and if we can, we may organise some sort of press release or other action come the time.

Anyway -since they won’t provide a forum to discuss the results, this will hopefully serve as an alternative. Whenever the report is released, It will be discussed here in detail, and we will be closely monitoring the governments response…

Posted in ID cards | 26 Comments »

16/10/2008 by admin.

Welcome to ID-Watch.

This blog exists to provide a continued forum of discussion for ex-members of ‘MyLifeMyID’ and for all others who are concerned about the ID card system and the ‘database state’. Throughout, I plan to highlight any new developments in ID cards and the National Identity Register, but also provide focus and commentary on related issues. I hope through the comments system to be able to provide a strong avenue of discussion for all members, and a stronger, unified voice for our views to be heard. I have received contact from several people already, with ideas and content to be posted, and hopefully we will be able to continue this type of interaction.

As this is the first post, I’ll lay down a few ground rules for any members:

• I will not tolerate any spam or explicit advertising. Period
• Any material that is abusive, racist, bigoted, sexist, harassing, threatening, inflammatory, defamatory, or similar, is a bad idea, don’t do it. It will be treated very seriously
• Be smart and have courtesy for other users, treat them as you would like to be treated
• Swearing is allowed, but try to keep it to a minimum
• Illegal or inappropriate material is strictly not allowed. If you post copyrighted material, please have permission before doing so.
• You can post personal details if you like, but only your own, you may NOT provide in any way, personal details of any other member without their express consent.

And here’s what you can expect from the admin:

• Minimal moderation
• An effort to minimise bias
• Fairness for all users
• Transparancy at every level - any edits/bans/deletions will be fully documented, only blatent spam will be exempt from this
• Full community involvement

If you want to contact admin for any reason, please email the official address: admin@id-watch.co.uk
All correspondence will be treated in confidence.

Thanks for visiting.

Jonathan Millar
Admin
ID-Watch

Posted in ID cards | 1 Comment »