Sunday, December 03, 2006

Piss off Patsy

Patricia Hewitt wants to know who doesn't want her department to have access to their medical records. Sir Liam Donaldson is the rotweiler that is putting the bite on GPs to release the names and addresses of those people who don't want their medical records putting on the national spine. So you can't ask for confidentiality on confidence!

In the meantime the government is handing over the names and addresses of patients to Mori so that they can send out questionnaires. Anyone concerned aboout keeping visits to their GP confidential should email gppatientsurvey@dh.gsi.gov.uk with their name and NHS number before Friday the 8th. Another Public Service Announcement from Aberystwyth No2ID.

Friday, December 01, 2006

Send your GP a christmas card

Or at least send them the letter here:

The Big Opt Out

expressing your desire to not have your details added to the NHS spine.

The latest Medix poll shows that 52% of GPs would not upload their patients' records to the spine, and only 13% would be willing to proceed without consent. An even more recent survey by JRRT shows that 53% of patients are opposed to automatic uploading of their records, with only 27% in favour.

The text of the letter is as follows:




Exercising right to opt out

Dear Doctor,

As you are probably aware, the Government is intending to ask you to transfer the electronic medical records of your patients onto a national database called the “spine”. They intend you to do this without first seeking the consent of your patients. It is BMA policy that patients should give their individual consent prior to their information being transferred on to the national database.

There are substantial concerns about the privacy and confidentiality of information transferred onto the national database, not least because promised software security safeguards called “sealed envelopes” will not be in place and because the patient’s instructions with regard to who may access the records can be overridden. I do not believe that such a large database, with so many staff users, can be regarded as secure.

I would be grateful if you would ensure that none of my records held by you are entered onto the national system. Would you please also file or scan a copy of this letter in my records and also record my dissent by entering the “Read code” - ‘93C3. - Refused consent for upload to national shared electronic record.’ into my computer record. I am aware of the implications of this request and will notify you should I change my mind.

This request is itself confidential. Please do not divulge my decision, in an identifiable manner, to anyone other than to clinicians who are providing care to me and who might otherwise place information about me on the national care records service.

Further information for GPs is available online at www.TheBigOptOut.org/?page_id=9

Yours sincerely,



There are pdf, text and word versions you can customise and print.

Next Meeting

Tuesday December the 5th, 8pm, upstairs in the Cambrian Hotel (oppposite the station).

Wednesday, November 29, 2006

Suspect Nation

Not sure how long this will stay up on YouTube - catch it while you can.

Monday, November 27, 2006

E Petition against ID cards

The e-petition against ID cards on the 10 downing street website has broken the 4000 signatures mark. Only the Repeal the Hunting Bill petition has more. The scale of the opposition to the ID cards plan is being ignored by this high handed government. Head over there and sign it if you can.

NB - the postcode details are only required to show that you live in the UK. I don't beleive that this is any better than asking folks to decalre that they are in the UK (it's not hard to find a UK address to use online). Nevertheless, this is how the website is set up - using a work address or somesuch may make you feel more comfortable!

Tuesday, November 21, 2006

No job without ID cards

The Scotsman carries a worrying (but not unexpected) article that was first published in 2005 but which has received strangely little follow-up from the media. Working for the Royal Bank of Scotland, HBOS, Tesco, British Airways, BP, Lloyds TSB and Shell could become impossible without an ID card. The onus is now on a job applicant to provide an ID card (costing upwards of £100), to prove their entitlement to work.


This invidious move will keep many in the poverty trap. The up-front costs of applying for work such as travel to and from the interview, work clothes and the first months' travel and living expenses can make it difficult to reenter employment for the homeless or extremely poor. Charities provide some crisis funds to help people into work, but the cost of an ID card and travel to the interrogation centre will only add to the burden. On top of which (as I've stressed many times) it is those at the lowest end of the socioeconomic spectrum that are likely to have most difficulty obtaining ID cards as they are statistically more likely to have had frequent house moves and job changes. This ID cards scheme, as well as its other flaws, will be more regressive than any tax.

Monday, November 20, 2006

Henry Porter Doc on More4

For those who have More4 the Henry Porter documentary will be repeated on the 29th at 10pm. Well worth a watch - the last 15 minutes in particular were eyeopening - even for a cynic like me!

For those who have seen the documentary, the extremely skilled cracker at the end was Adam Laurie based here.

Tuesday, November 14, 2006

An appeal for help:

Just had the following email from the No2ID national coordinator, Phil Booth. If you are willing to help with this then please reply directly to him, as detailed below. The more data we collect, the more likely we can show up the flaws in the "security" of your passport.



Dear all,

We need some help with some research that we are doing into passports.
Time is of the essence!

I assume that at least some of you will have relatively new passports, having renewed at some point in or since May. Some may have chips in them, some will not. As we've said before, the information stored on the chip at present is no more than what you see on the photo page, plus (we can now confirm) up to 18 measurements that have been derived from a scan of your photo.

What we are trying to determine is the sequence in which passports are issued, for a stunt that we hope to perform in the very near future.

If you are willing to help, please e-mail me [passports@no2id.net - subject "mrz"] with *just* the first FOUR digits of your 'MRZ number' - that is, the first four digits (reading from the left) of the bottom row of numbers on the photo page of your passport - plus the date your passport was issued, the office from which it was issued, and whether or not your passport has a chip in it. If more than one person in your family renewed their passport, we be very grateful for this data from each of you.

Please DO NOT send any more than the above information. We do not wish to compromise your privacy or the security of your passport in any way, and what you will be sending is useless to anyone except for the specific problem that we are tackling.

I do hope you can help us, sorry if this mail seems a bit mysterious - but all will become clear in a short while.

Cheers,

Phil

P.S. I'm sending this request to so many people that I'm afraid I'll be unable to respond to any other queries. If you have a new passport and are willing to share the data with us, please do. If you have any misgivings, or I have not explained things clearly enough, then just ignore this e-mail.

Monday, November 06, 2006

Monthly meeting...

... tomorrow (Tuesday the 7th), upstairs in the Cambrian at 8. See you there.

Thursday, October 26, 2006

Coalition of the willing

I though it was only the tin foil hat brigade that seriously believed that the NIR would be part of the architecture for a new world order. I was wrong.

A telling quote:

"'We would violate the privacy laws of individual countries if we shared data as we wanted to,' said Potter [Troy Potter, biometrics programme manager for the US Department of Homeland Security's biometric border control programme]."

We already know this - given the illegal requests for data about airline passengers that the US immigration service insist are necessary.

Porter went on to say: "The last thing we want is for someone who has changed their ways and then we keep harassing them." What - by illegally disenfranchising them?

Too folorn to take this story fully apart right now. I may return to it when the disbelief and dispondency clear up.

Tuesday, October 24, 2006

From the Reg

This makes worrying reading for anyone with an RFID passport. Tin foil passport wallets on!

Monday, October 09, 2006

They "misunderestimate" again

Press hooha today over the latest government "figures" for the ID card project. The latest estimate comes in at £5.4 billion - far short of the £19 billion suggested by the independent study carried out at the London School of Economics.

Trebles all round? Perhaps not. It looks as though there have been a few oversights in coming up with this figure. For a start, 70% is pledged to the rollout of "next generation" passports. Not the cards, just the passports. How much is the rollout of the cards, card readers, face scanners and fringerprint readers going to cost? Apparently not more than 30% of £5.4 billion.

But wait - it's worse: another 15% is budgeted for the IT costs. That's just £8.1 billion in IT costs. Compare this to the £12.4 billion already spent on the NHS IT fiasco, not to mention the £15 to £20 billion it is estimated will be required to make the NHS system workable. The Government just can't seem to get IT projects right (see entries on this blog passim). The identity register will be no more straighforward than the NHS project, with plans to share data throughout all Government departments.

So that's only £8.1 billion left over for all of the other costs - rolling out the plastic, the readers, the scanners, the manpower, the cost of chasing conscientious objectors (of whom there will be at least 11,365). And the up-front costs of consultants, advisors, PR agencies and feasibility studies are already eating into this at a rate of £63,000 per day.

Look again at the report by the LSE. Whose figures look more credible?

Thursday, October 05, 2006

Shilling for da man...

Sorry to do this - I know this site isn't fantastically "monetizable" but any advertising link you click on will help raise money to buy posters and flyers. It's better than hanging 'round town with a collecting tin. Also, if you follow one of the firefox links from this site and install the software in question, that also raises money. I can strongly recommend Firefox - it is better and more secure than IE. Google pack has popup and spyware killing tools and Picasa looks a lot like iPhoto - so download it only if you aren't lucky enough to have a Mac!

I promise the ads will go when we have enough money to buy some posters/leaflets. For reference - the ones we're after are this and this. If you're a generous printer prepared to give good rates on A5 leaflets in return for a big shout out on the blog (indeed, even a permanent advert!) then please email aberystwyth@no2id.net.

The processing centre is opening soon. When it does, the database will have us all no matter what the Tories or Lib Dems may do. Help us stop it before it is too late.

Wednesday, October 04, 2006

How democracy works

The conservative party conference has thrown up some interesting position statements on ID cards. Pauline Neville Jones, head of the Tories' policy group on national and international security thinks that the Conservatives should back the cards in principle. Nevertheless, Cameron has decided to follow the lead of David Davis and to pledge to scrap ID cards if the party comes to power before the scheme has been introduced.

In Pakistan, ID cards are already in existence and are being used to systematically erode support for Benazir Bhutto. I'm not sure that Musharraf has party conferences.

Meeting Apologies

For those of you who tried to find us in the Varsity - their decision to hold a pound night threw a spanner in the works royally - I promise to find us a better venue for November.

Tuesday, October 03, 2006

Who do you trust with your data?

My landlady is lovely. I've only really spoken to her about four times but she's very nice: solicitous of my welfare and keen to fix any problems with the flat. However - I have rented from some right sod in the past, including one chap who was using our (student) house as a mailing address to commit housing benefit fraud from. Would I trust him to have access to the details on my ID card? According to the IPS I might have to. And the kid behind the counter in Blockbusters. And "Retailers of all kinds, including Internet companies".

But the real sting in the tail is this - according to section 9 of Schedule 1 of the Identity Cards act:

"The following may be recorded in the entry in the Register for an individual-

(a) particulars of every occasion on which information contained in the individual's entry has been provided to a person;

(b) particulars of every person to whom such information has been provided on such an occasion;

(c) other particulars, in relation to each such occasion, of the provision of the information."

Renting a house because you've left an abusive spouse or parent? It's on the register. Renting videos that, unbeknownst to you, have been pirated? It's on the register. Paid for information about a medical condition, or bought something to spice up your marriage online? It's on the register.


With a huge recruitment campaign to staff the 69 new "processing centres" it is inevitable that some less than savoury folks will get jobs. Security clearances will pick up those with existing criminal records, but not the abusive spouses, stalkers or those that can be induced to sell or give away information who will be applying for these jobs. And even those who are model employees, acting in the best of faith, can still end up handing your data over to criminals and extortionists.

Hand on heart - who do you trust with your information? Because as much as I like my landlady, there are things I don't even tell her.

Sunday, October 01, 2006

Next Meeting

This Tuesday (3rd October), upstairs in the Varsity at 8pm. We'll be planning the next phase in the v-petition project, and publicity events for the opening of the new, aberystwyth-based "processing centre". Free badges! All welcome!

Wednesday, September 27, 2006

Feeling a little fresher?

Student Vols Dan and Arwel are up at the Uni today handing out leaflets and some of our ace new badges. The idea is to get enough signatures to set up a "Students against ID" chapter - which would be affiliated to Aberystwyth No2ID but which can autonomously run student centered events like film nights, debates and so on. Look out for them - and pick yourself up a badge whilst you're at it!

They'll also be working on our surprise new project... no details as yet but if you do happen to see them up at the arts centre, you may get your chance at 15 seconds of fame!

Monday, September 18, 2006

The Great Repeal Act

The Lib Dems have today announced that they would dismantle much of the current government's legislation. Successive Labour Home Secretaries have introduced over 3,000 new offences since 1997 and the Lib Dems are running a poll to see which of these are the most unpopular. No ambiguity over their stance on ID cards though - the Identity Cards act, passed in March this year is number 2 on their "Top Ten Laws to be Scrapped". The rest of the list highlights some more of the attacks on human rights and justice that this government has carried out. Okay - so it's a stunt, but a good one. Register your voice at www.greatrepealact.com.

Thursday, August 31, 2006

Am I missing something?

The much (and rightly) maligned "child register" will (it seems) exclude the details of children with famous or violent (or famously violent) parents, thus highlighting the fears over the lack of security for databases of this type.

What am I missing though? The purported use of this database was to track children who were at risk of abuse. Surely by excluding the details of those with violent parents, the database no longer does what it was ostensibly set up to do.

So two lessons we can take away: 1) large databases aren't secure enough for politician's children to feature on them and 2) the child register is not there to help children in abusive households. What other, ulterior motive could there be..?

Wednesday, August 30, 2006

Helena Kennedy speaks out

This entertaining article about Baroness Helena Kennedy's blunt attack on ID cards - I look forward to reading mor from her on this subject soon.

(P.S. apologies for the haitus: Root canal.)

Monday, August 07, 2006

The clones are coming

Various predictions have been given for when the biometric chip in ID cards/passports would finally be cracked - the Government was saying 5-10 years, the industry analysts (bidding for the work) were saying 2-5 years. The real answer:- 5 months.

Yes, the facial recognition chip was introduced in the UK in March. Hacker and employee of DN Systems, Lukas Grunwald, demonstrated an exploit to clone biometric chip data at the Black Hat conference on Thursday last week. In an exploit that took less than two weeks to perfect, Grunwald successfully figured out how to read, copy and burn the data on the International Civil Aviation Organisation (ICAO) standard passport chip.

At the moment, the data can't be changed. So is a cloned chip totally useless? After all - if it's not my face on the chip, what good will it do me? This report from The Register goes in to some detail, but the position as I see it is as follows:

1) The RFID chip crucially contains a serial number - a unique passport number - which currently appears on the passport itself in machine readable font. In future, the printed number will be ignored in favour of the number on the chip. Lists of the passport numbers of banned travelers or "persons of note" (for example, those convicted of football related violence trying to travel during the World Cup) will be checked by comparing the number on the chip against the passport numbers on the list.

2) A cloned chip with a "clean" passport's number, i.e. a passport that is not on any blacklist, won't trigger an alert. So if you can get the cloned chip to be read instead of your own then you can pass through security without triggering an alarm.

3) There are two ways that you can use a cloned chip: Firstly - by inserting it into a forged passport; secondly by "overlaying" the chip in the passport by disabling or shielding the original chip and attaching a new chip to your passport holder for example.

4) Of course the chip also contains facial recognition details. However, there will be prone to a number false negatives (deciding you aren't you because you've not shaved this morning). With false negative results of between 12% and 94% in the Biometrics Trial (See page 58 of the official report, how long before passport checking staff adjust their behaviour to let through the (conservatively) one in eight travelers who don't match their chip. The usual strategy to reduce false negatives is to relax the accuracy of the system. Simply put, to reduce the false negatives you raise the number of false positives: e.g. deciding you look enough like your brother to let you through on his passport. So clone the chip of someone who looks a lot like you and who either won't notice or won't mind that you've borrowed their passport to do so and you might just get through anyway.

5) So we're back to the "good old, bad old days" (pre March 2006), where trying to blag your way through customs on someone else's passport is possible as long as there's a fairly acceptable resemblance, right? Wrong - we could be could actually be worse off, from a security point of view. As The Register's report puts it:

"The mere presence of the reader, the chip and the general ePassport security pixie dust will - no matter what the circulars say - have a psychological effect on border control staff. They will tend, because the machine says the passport's clean, to drop their guard, not really inspect either picture or bearer properly. This kind of effect is well documented, and it's the same kind of thing as people walking in and out of companies unchallenged despite wearing a security tag in the name of 'Michael Mouse'."

No offence, but your facial biometric doesn't look so good...


See the latest news via Google on this story.

Friday, August 04, 2006

STC Reports on ID Cards

The House of Commons Science and Technology committee (STC) has released its report.

The report is of course focused on the science and technology aspects of the scheme. The STC starts from the premise that there is nothing inherently wrong with the introduction of the national ID card/register in itself. As a result, the following points made in the conclusions are a balanced view of the Government's management of the technological and scientific challenges only. So even where the report endorses the Government's management of the project, we at NO2ID and affiliated groups still oppose the project per se:

The conclusion starts by acknowledging that there are some things the Government is getting right, such as the use of limited trials and the plans for gradual roll out.

The conclusion then criticises the Government for it's lack of openness to advice from ICT and Social Science experts. The report states that "despite correspondence with the Home Office, [the STC is] still unclear about who actually has ... responsibility [for ICT] within the programme."

There is criticism of the confusion over the requirements that suppliers will be asked to address in the event of the procurement process taking place. The report points out that "[s]uch confusion has been exacerbated by the lack of transparency of the scheme. In addition, there is a lack of clarity regarding the overall scope of the scheme, the scenarios when the card might be used, the procurement process and the OGC [Office of Government Commerce] Gateway reviews."

The report makes the following suggestions for the improvement of the handling of the project:

"It is crucial that the Home Office increases clarity and transparency, not only in the areas identified as problematic but across the programme. Thirdly, we reiterate that once trials commence, if the evidence gathered indicates the need for changes in the programme, such changes should be made even if the timescale of the project is extended in consequence.


To be clear - there are five scenarios, best to worst case, that I can envisage:


  1. The ID Card scheme is dropped for civil rights reasons, with minimal further cost

  2. The scheme is dropped for practical reasons, with minimal further cost

  3. The scheme is dropped part way through implementation because the Government again fails in its project management duties, at huge further cost

  4. The scheme is implemented, with few problems, at great cost

  5. The scheme is implemented, with extensive problems, at even greater cost



My personal position: I'm not hoping that the scheme collapses in chaos - I'm hoping that the scheme is calmly and sensibly dropped. I confess I'd rather the scheme collapsed in chaos than was implemented well, by quite some margin. However, I know there are those who see a painful downfall as the first and best option, and others that would accept a well organised scheme over a chaotic withdrawal. I expect that particular debate to run and run.

It remains the case that the best scenario for all of us is for there not to be compulsory ID cards and for there never to be a national database, no matter how well they may be implemented.


For the latest news on this story, see Google News.

Thursday, July 27, 2006

Terror strategists "not interested" in ID card/register

The home office security document Countering International Terrorism: The United Kingdom's Strategy has been out a couple of weeks now and I've finally got round to reading it (well, it is hard to sleep on these hot nights...). Let's see what the report thinks about ID cards and the register:



























Term [1]Occurrence
Intelligence35
Legal/lawful/legislation29
Prosecution10
Disadvantage/inequality [2]8
Biometric [3]3
Identity2
Identity Card(s)/ID Card(s)/Card(s)0
Identity register/register/database0



Pretty round and ready - but a good indication of how much importance the home office really places on ID cards as an anti terrorist measure. How much is that again... 0


[1] Includes variants - so the number of occurrences for the term disadvantage, for example would also include occurrences of the terms disadvantaged, disadvantages, disadvantaging...

[2] occurrences of "disadvantage" and related terms (n=3) always refer to social and economic disadvantage, which is why they have been grouped with inequality.

[3] "Biometric" refers to plans for biometric visas for non UK citizens. These biometrics would be used only to determine whether someone had the right to enter the UK and whether those that had entered on temporary visas had departed within the allotted time. They would not be used to trace movements within the UK, as far as this report is concerned, biometrics are for enhanced border control only. The rights and wrongs of this can be argued, but it certainly does not equate to an ID card, and falls far short of the plans for the ID register.

Monday, July 24, 2006

Times gets another leak

The Home Office is increasingly looking like a sieve - showering leaks all over the place. The Times seems to be the best beneficiary so far. The most recent leak is featured in yesterday's Sunday Times.

The leaked report, a Market Soundings exercise that was undertaken to test the readiness of the potential suppliers to tender for ID cards, discloses several worrying facts. First and most worryingly, the Times reveals that "the security system protecting the card and the national database could be infiltrated by criminal gangs involved in identity theft", something that NO2ID has been warning about for a long time. The report quotes potential suppliers as estimating that current chips could be forged within 5 years. Suppliers consulted also raised concerns that being associated with the ID card scheme could be bad PR because of the public resistance to ID cards.

This report strongly suggests that the Government is once again cherry picking the information it chooses to place in the public domain - the case for ID cards has indeed been "sexed up". It also suggests that the groundswell of resistance, spearheaded by NO2ID, is at least giving the suppliers cause to stop and think.

Friday, July 21, 2006

Doomed, Dumped or Business as Usual

(From the No2ID newsletter)

You may well have seen reports suggesting that the Home Office ID programme is in trouble. A series of e-mails leaked to the Sunday Times from OGC (the Office of Government Commerce, part of the Treasury) and UKIPS (the new Identity & Passport Service) revealed that senior civil servants believe the project to be yet another fiasco in the making.

Government spin has been predictable, first claiming that the ID scheme was 'under review', then "broadly on track", and now proceeding "at the same pace".

So what is fact and what is fantasy?

FACT: the ID scheme that the government has been selling for the last two years or more is a lie. With no clearly-expressed goal or justification, 'feature creep' almost every time ministers opened their mouths, and a complete unwillingness to listen to real experts in the field, the Home Office has lumbered itself with something impossibly complex, horrendously expensive, and utterly unworkable.

FACT: they passed the Act anyway, spending tens of millions in the process. The biggest threat to everyone's civil liberties is leaving a law on the statute books which permits compulsory registration, lifelong surveillance and population control by ID. But we also risk seeing billions of pounds of taxpayers' money (which could be far better spent elsewhere) being thrown away in pursuit of this authoritarian delusion. Even worse, a botched attempt could expose all our most personal information - leaving some with no control over their private lives or identities for the rest of their lives.

FACT: the government will proceed regardless. This programme has been politically driven from the outset and will remain so. Blair can't afford a U-turn, and the ID programme (or more accurately, the National Identity Register) is target=cio>at the heart of government strategy. The bureaucrats would love for us to all be neatly numbered, so our data can be shared ever more 'efficiently' - and the suppliers still stand to make billions, whether they deliver or fail.

The danger from the ID scheme is greater than ever.

Now the government is looking at issuing cut-down 'early variant' ID cards that would 'protect' your identity with nothing more than a four-digit PIN. A gift to fraudsters. The government will still fingerprint, iris scan, background check and interrogate you for a passport - but then simply store all your data in their database. No 'benefits' or services for the public. Just all the costs, risks and intrusion.

We have to redouble our efforts. It is more important than ever that we get the message out to a public that may think 'ID cards' are off the agenda. Street stalls, leafleting - even going door-to-door. Now is the time to wake people up to the real and present danger of the ID scheme.

The battle continues...

Find out how to get involved locally, or how to join the national campaign, by contatcing aberystwyth@no2id.net.

Thursday, July 13, 2006

The Register "calls it"

Time of death, Wednesday 12th July 2006 10:20 GMT

Is this where complacency bites us firmly in the arse? Is this the bit where we dissipate, leaving the Act on the book for a later, more competent, more ruthlessly efficient government (exactly the kind of government that we don't want to have the powers vested in them by the ID Cards Act 2006)?

Hell no - we won't go. Right?


(Update - ZD net has a nice rundown of everything wrong with the management of the ID project qua project. If I were to write a synopsis of this blog's postings on project management I couldn't do better than that piece. Up till now the IT press has been slightly skeptical, but mainly pro the scheme - there was a lot of potential money in it after all. Now the battle about technical and managerial viability seems to be won you'll be seeing a lot more on the civil liberties/human rights angle in the coming weeks and months. The project may be on its knees but the Act hasn't gone away.

Tuesday, July 11, 2006

Smell the glee...

Schadenfreude. It's such an ugly word [1]. But if you feel like indulging your baser instincts, through the magic[2] of Google News, follow this link

What am I on about?

[1] Actually - it's quite a pretty word - say it with me "Schadenfreude.... Schaaaaaadenfreude"

[2]"Any sufficiently advanced technology is indistinguishable from magic." Clarke's Third Law [3]

[3] "Any technology distinguishable from magic is insufficiently advanced." Benford's Corollary

From Iraq: "Massacred according to their identity cards"

A salutary example of what can happen when sectarian hatred and identity cards are combined appears today in The Scotsman.

Let me be clear - I am in no way comparing the horror of what must surely now be considered a civil war in Iraq with our domestic agenda. However, this is one, admittedly extreme example of the fact that ID cards serve to diminish the rights of the powerless in any society. Whether the power in question is to abduct individuals and transfer them to overseas authorities or to commit murder at a checkpoint, ID cards will assist in the targeting of those who have most to lose.

Sunday, July 09, 2006

Dooooooomed, Doooooooomed

Not us - ID cards.

The Sunday Times today carries an article that analyses a leaked exchange of emails between David Foord, Mission Critical Director of the Office of Government Commerce and Peter Smith, Acting Commercial Director, IPS [Identity and Passport Service].

Things were smelling a little fishy in recent weeks - first there was the unexplained delay in putting up the invitation to tender in Official journal of the EU, reported on this blog in June. Then there was the Government's repeated refusal to comply with the information commissioner's ruling that they release the cost-benefit analyses of the project (see previous post).

Expect to see the wheels start to come off in earnest now - time for us to put a stick in the spokes!

Thursday, July 06, 2006

Nothing to hide, nothing to fear, II

So the DWP has decided to appeal against the information commissioner's ruling that the Department of Work and Pensions (DWP) should release their cost/benefit analysis of the ID card/NIR scheme. The Information Comissioner's ruling came in response to a Freedom of Information (FoI) request from Lib Dem MP Mark Oaten.

The article quotes the DWP as saying that "releasing such information prematurely could stop ministers and officials discussing the pros and cons of policies". How giving MPs all the available information about the costs and benefits of the system will prevent rather than assist in such discussions is a mystery.

Wednesday, July 05, 2006

First Monthly Meeting

We were fortunate enough to have one of the members of the original Aberystwyth No2ID group come along last night. He filled us in on the successes of the original group (including getting Ceredigion Council to pass a motion against ID cards. We have plenty of ideas about taking the fight forwards. We expect to be visible in town, on campus and in the local media soon. And we need your help.

If you're concerned at the thought of your movements being tracked (and in the coming weeks this blog will give you plenty of reasons why you should be worried), about the waste of public funds, about the infringement of civil liberties, about the gift to any future government that chooses to use the cards as a repressive tool, then join us. We need:

People to hand out leaflets
People to design and print materials
People who can speak Welsh - we're short on bilinguals!
People with imaginative ideas about getting the message out there
People who are prepared to take part in debates and interviews
People who are prepared to scan the news
People prepared to write letters the HSotW (Home Secretary of the Week).
People who will write freedom of information requests
Everyone inspired, passionate or just plain pissed off enough to want to do something productive.

The next meeting is on the 1st August at 8pm in Fresh Ground - in the meantime you can email aberystwyth@no2id.net, or call 07092 880 562 and leave a message - we'll call you back.

Tuesday, July 04, 2006

Newsflash - Newport goes RFID

I've just heard on the ID groups mailing list that people are starting to receive RFID tagged passports. Investigations are ongoing to determine:
1)What is stored on the chip
2)From what distance the chip can be read
3)Whether it is (legally and technically) possible to cancel the chip.

Watch this space.

Meeting tonight

Exciting news - we've been approached by a BBC political correspondent who is interested in hearing more about the Aberystwyth campaign. You humble organisers are working on a reply as we speak. We hope to have them interested in some of the events we'll be organising. To get in on the ground floor, join us at our first monthly meeting at the lovely Fresh Ground cafe from 8 this evening.

Emma & Phil

Monday, July 03, 2006

Data mining - not just for the "good guys"

Data Mining is the use of intelligent software tools to look for interesting patterns in large volumes of data. Credit card companies do it - to look for unusual patterns of spending to try to prevent fraud for example. Financial institutions do it to try to work out what they can "cross sell" to their customers, or to determine who is credit worthy. Law enforcement agencies use it to help trace murderers

With that in mind, I've been meaning to blog this for some time. It happened in America but could easily happen in the UK to any large repository of personal data. Records of Armed Forces Veterans and active personnel have been stolen. More recently 1,500 employees of the National Nuclear Safety Administration have had their details accessed by hackers unknown. The article raises the spectre that the data is sufficiently extensive to be "mined".

With volumes of data this large, it's not just the danger of individuals being impersonated that is the concern. There is the emerging problem that data mining could be used to search for important patterns that could be used by [insert bogeyman of choice here].

The technology to intelligently mine data is only a free download away. The desire to "get at" data, whether from curiosity or some more sinister motive is well documented. The central storage of volumes of personal data in the National Identity Register will be one huge weak point that will be hard to protect.

Tuesday, June 27, 2006

Knighton No2ID event

If you're near Knighton in Powys this weekend, look out for the no2ID stall run by Knighton Action for Peace & Justice and the local MP, Roger Williams. They'll be around from 10-midday and you'll have a chance to find out more about the ID card scheme, and to sign the petition.

Wednesday, June 21, 2006

New posters

We've been busy designing new materials to advertise the campaign. Look out for them around town soon.

Big Brother is Coming

Next Meeting

The monthly meeting will be on the 4th July at 8pm in Fresh Ground Cafe. All welcome.

Information Comissioner's Comments -- June 2005

This is a little over a year old but very relevant and makes some of the case against ID cards cogently and compellingly. In a three page statement, the information comissioner sets out his concerns. The full PDF version concludes:

"The measures in the Bill go well beyond establishing a secure, reliable and trustworthy ID card. The measures in relation to the National Identity Register and data trail of identity checks on individuals risk an unnecessary and disproportionate intrusion into individuals’ privacy. They are not easily reconciled with fundamental data protection safeguards such as fair processing and deleting unnecessary personal information... The Commissioner hopes that during the passage of the Bill parliamentarians will not just focus on the desirability of ID cards but look into the acceptability of government recording so many unnecessary details of their own and their constituents’ lives. "

Sadly - too few of the parliamentarians did as the information comissioner hoped. It's up to us now to reopen this debate.

Tuesday, June 20, 2006

YAGITFU*

*Yet Another Government IT Foul Up:

It's worth checking your National Insurance (NI) contributions for 2004/5 if you're planning to retire soon, as it seems that HMRC (Her Majesty's Revenue and Customs) has managed to lose 30 million individual's records. Apparently 98% of those records are now back up to date but that's still 600,000 of us with wonky NI records. Would the NIR be any better? It's hard to imagine that it would be, unless HMRC aren't taking NI records seriously...

Friday, June 16, 2006

The Great Immigration Fraud

Have you ever had your credit card declined in a shop? It's an embarrassing feeling - and particularly frustrating when it turns out to be an error on the part of the bank. Was your last payment applied to the wrong account? Your direct debit mysteriously cancelled? Has some artificially intelligent system decided your recent spending looked a bit suspect, and it would be nice if you rang the bank before you carried on using your card? Now imagine if it wasn't your credit, but your very right to exist in this country that was called into question. This is all too possible, if the National Identity Register (NIR) is used as a population tracking system.

It's come to our attention that David Blunkett is extolling the virtues of the ID card and the NIR as a way of tracking "illegals". And you can only track illegals if you track all the "legals" too. However, the article above outlines some of the reasons why this is a false hope/empty threat (depending on which side of the immigration debate you sit). Here are a few highlights of the reasons given, and a few reasons why we believe the "Catch Immigrants" claim is as empty as the "Stop Terrorists" claim:



  • For this to even have a chance of working, it would first be necessary to make carrying the ID card compulsory for everyone in the UK, and to insist that the ID card was checked on a regular basis. This is inconsistent with the Government's current claims that the ID card won't be made compulsory. It also doesn't bode well for the overall cost of the scheme.


  • Nor does it address the loophole regarding legitimate visitors from the EU who probably can't be compelled to carry ID cards because of freedom of movement laws - this will be tested in the court at great expense. This arguably means we'd need a second, parallel system, something like France's Carte de Sejour - this hasn't been budgeted for, as far as we can tell.


  • The data needed to populate the tracking database are far from the "clean data" of which David Blunkett speaks. As the article nicely puts it - the only clean database is an empty database: as records are added and updated, it is inevitable that some error will creep in. Even if the database itself is perfectly implemented, it is impossible to rule out operator error. Be prepared to have your ID card (and your status as legitimate resident of the UK) called into question. Irritating of you're trying to access your bank account, potentially lethal if trying to access healthcare.


  • The data available from various sources, even within the home office, is stored in many different places and in many different systems - and these don't all necessarily play nice together. The recent debacle concerning the failure to deport of criminals for whom immigration was recommended by the sentencing judge demonstrates this only too well. Collating these into the NIR would be problematic, to put it mildly.


  • To track someone, you need to keep records of where they are and what they are doing. So data is going to be collected on a regular basis and the number and type of places that the card must be shown at expands dramatically. Had an appointment with a specialist? It's in the database. Applied for a new job? It's on the file. Won the lottery and bought a stack of investments? It's all in there my friend. Therefore the potential for abuse of, and the temptation to access the data is very high indeed.



So again, we're being sold a pup - the home office is pandering to the baser racist instincts of the population/making empty promises to hardworking families it can't keep*. Don't believe the hype - either the ID card won't track anyone, or it will track us all - are you prepared for the cost, should that come about?



(*delete as appropriate - depending on which newspaper you read)

Thursday, June 15, 2006

Blackheath says no to ID!

News from South London: In a small, but interesting survey, Lewisham Lib Dems discovered that over 60% of Blackheath residents oppose id cards. Perhaps a similar survey residents of Aberystwyth is in order?

Tuesday, June 13, 2006

Tendering process behind schedule

The F.T. reports that the procurement process seems to have stalled, with no date being given for the call for proposals. The ID card project will be the largest and most complex ever undertaken by the government, with around four different "packages" of work and involving up to 20 different suppliers.


It could well be that the multisuplier route is an attempt to avoid the costly mistakes caused by relying on single suppliers in the past. However, problems are most likely to arise where "the idea [for the system] has not been subjected to systematic thinking about the objectives, how it will work, how human beings will interact with it, and so on", according to Philip Virgo, strategic adviser to user group the Institute for the Management of Information Systems, in this article. Given the frequent changes in the avowed purpose and scope of ID cards, it looks like this is one point of failure that is all too likely to be repeated.

Recent notable failures in UK HMG IT procurement:

Friday, June 09, 2006

Information commissioner rules

"Nothing to hide, nothing to fear" - and yet the government has been leery of releasing information about the ID card scheme into the public domain. As reported in the Guardian and the Beeb the government now has 30 days in which to come up with an appeal as to why this information can't be released to the public domain, or to release it. Expect and indigestible set of figures on the morning after England are knocked out of (oh alright then, or win...) the world cup.

Wednesday, June 07, 2006

Some more fun at the expense of ID cards

[Emma writes] So you're reading a blog, and what's more it's a No2ID blog. That already proves to us that you're a media-savvy, intelligent and discerning human being. Nevertheless, the paranoid lawyer on my shoulder wants me to point out that the site featured is indeed a satire and I am in no way trying to suggest that the eventual forms for ID cards would be exactly like the ones on this site.

Forged passports illegal once more

... or always were illegal, depending on who you listen to. According to the Reg and Criminal Law Week the ID cards act managed to repeal the existing Forgery and Counterfeiting act, but did not reinstate the provisions that make owning a forged passport illegal. The Government denies and such loophole existed, but nevertheless plugged it last night with a statutory instrument. What happens to those charged with having forged passports in the three month period during which the loophole did (or did not) exist remains to be seen.

Friday, June 02, 2006

Just a little satire:

Life isn't all doom and gloom - this, from Youtube, should raise a wry smile:

US DHS concludes that RFID chips are unsuitable for "human tracking"

You may already be familiar with RFID chips as the tags that are sometimes found in books or attached to CDs and DVDs to prevent theft. Increrasingly, these chips are being added to passports as a way of permitting contactless reading of passport data.

However, in a recent report from the US Department of Homeland Security "disfavoured" the use of RFID tags for person ID purposes:

"RFID can reduce the delay when people pass through chokepoints that require identification. However, transmission of information from cards to verifiers is not a significant cause of the delay in such transactions compared to the authorization and verification steps.

"RFID permits the use of encryption, which can control forgery and tampering with
identification documents. This is not a unique characteristic of RFID, however. It is part of many digital technologies, including contact chips, bar codes, magnetic stripes, and watermarked printing.

Against these small incremental benefits of RFID are arrayed a large number of privacy concerns. RFID deployments’ digitally communicated information is easier to collect, save, store, and process, and is, therefore, more easily converted to surveillance than other methods. The silent, unnoticeable operation of radio waves means that individuals will always have difficulty knowing when they are being identified and what information is being communicated, leaving them vulnerable to increased security risks such as skimming and eavesdropping. "

Wednesday, May 31, 2006

Passports: can you give them away?

1500 passports are still going missing in the post each year, and that's not including the passports that are lost by, or stolen from, their owners.

The plan for registering for a national ID card/passport includes turning up at a centre in order to be interviewed and to submit to background checks. This process will be for nothing if cards are then lost in transit. They could potentially be printed at the centre, but with a target of 600,000 id cards issued each year, this will be a time consuming process.

While passports are falling into the hands of those who aren't entitled to them, some applicants are being refused passports that they are entitled to, due to an assumption that everyone is still in touch with their mother. Expect to see more of this kind of thing as background checks become more onerous.

Deeply insecure

One of the persistent claims by the government is that the National Identity Register and ID card will make us more secure from the threat of identity theft. There's no doubt that identity theft is increasing and that identity-jackers are increasing in sophistication. However, what is still more concerning is how readily these impostors are able to use government owned data:

"How does a joined-up, centralised database threaten us more? One answer appears in the body of the Thomas report which shows that the security of databases ranging from health records, to the driver and vehicle licensing authority and the police national computer, which has 10,000 entry points, is regularly breached... Warrants obtained by Thomas resulted in the arrest of a private detective working from his home in Hampshire who had regular access to BT's phone records, the DVLA and police computer... Thomas's team realised how extensive was the market in unlawful personal data and how easy it is to steal from official records. Imagine a determined stalker gaining access to this proposed unified system and NIR."
Henry Porter, 28/05/06, the Guardian

Creeps

I used to be a paid up code-monkey, in my halcyon days. We have a name for what happens when the client starts to add 101 new requirements as the project progresses: "Feature Creep". And it's the stuff of nightmares. Requirements added after a project has been scoped and examined for feasibility tend to be ad hoc, ill thought through and badly cost-controlled.

So it's no surprise to learn that the plans for the the national ID card and register are ballooning. This article details just a few of the requirements that have been added since the publication of the initial plans in New Labour's 2005 manifesto.

This is only one of the reasons why the projected costs of the project have soared.

ID Card Rebel in remembered in Oxford Dictionary

In the 1950s, Britain was still in somewhat of a post-war funk, and ID cards that were introduced in wartime had been retained by the peacetime Labour government. Harry Willcock was a Liberal councilor from Leeds who was stopped for a motoring offence in London in December 1950. He refused to hand over his identity card to the police. His conviction for the motoring offence was upheld in the high court, but the judge remarked that the extension of the ID card bill had "tended to turn law-abiding subjects into lawbreakers, which was most undesirable, and the good relations between the police and the public would be likely to suffer".

Why is this relevant? Because in this country there is still the presumption that the relationship between citizen and state is one in which the state is the servant of the citizen, not vice versa. In times of national crisis, governments will often seek to alter that balance of power, and ID cards and registers are just one of the ways in which they seek to achieve that aim. Other measures recently have included bills that make possible ASBO's (anti-social behaviour orders, which use civil process to create personal, criminal laws) and some of the more outré provisions of the Serious Organised Crime and Police Act.

IBM researcher slams ID card Scheme

Michael Osborne of IBM's Zuric based research labs has denounced the plans for the National Identity Register (NIR). Among his criticisms were the lack of reliability of the biometrics (iris scans fail to correctly identify individuals ten percent of the time, finger prints don't do much better, failing four percent of the time), the cost and the security risk. Osborne's main concern is that the NIR will become a magnet for hackers.

However, Osborne does seem at ease with the idea of an ID card itself. He suggests instead that the data be stored on the card itself. However, the data that the government plans to collect includes not only biometrics but health service data, tax records, driver records, electoral register records. The risk of storing that data on an easily lost or stolen card doesn't bear thinking about.

Welcome to Aberystwyth No2ID

The national No2ID campaign is beginning to gather momentum and a number of local groups have been set up. This blog will bring together some of the national news regarding ID cards as well as containing information about local campaign activity.