Thursday, August 31, 2006

Am I missing something?

The much (and rightly) maligned "child register" will (it seems) exclude the details of children with famous or violent (or famously violent) parents, thus highlighting the fears over the lack of security for databases of this type.

What am I missing though? The purported use of this database was to track children who were at risk of abuse. Surely by excluding the details of those with violent parents, the database no longer does what it was ostensibly set up to do.

So two lessons we can take away: 1) large databases aren't secure enough for politician's children to feature on them and 2) the child register is not there to help children in abusive households. What other, ulterior motive could there be..?

Wednesday, August 30, 2006

Helena Kennedy speaks out

This entertaining article about Baroness Helena Kennedy's blunt attack on ID cards - I look forward to reading mor from her on this subject soon.

(P.S. apologies for the haitus: Root canal.)

Monday, August 07, 2006

The clones are coming

Various predictions have been given for when the biometric chip in ID cards/passports would finally be cracked - the Government was saying 5-10 years, the industry analysts (bidding for the work) were saying 2-5 years. The real answer:- 5 months.

Yes, the facial recognition chip was introduced in the UK in March. Hacker and employee of DN Systems, Lukas Grunwald, demonstrated an exploit to clone biometric chip data at the Black Hat conference on Thursday last week. In an exploit that took less than two weeks to perfect, Grunwald successfully figured out how to read, copy and burn the data on the International Civil Aviation Organisation (ICAO) standard passport chip.

At the moment, the data can't be changed. So is a cloned chip totally useless? After all - if it's not my face on the chip, what good will it do me? This report from The Register goes in to some detail, but the position as I see it is as follows:

1) The RFID chip crucially contains a serial number - a unique passport number - which currently appears on the passport itself in machine readable font. In future, the printed number will be ignored in favour of the number on the chip. Lists of the passport numbers of banned travelers or "persons of note" (for example, those convicted of football related violence trying to travel during the World Cup) will be checked by comparing the number on the chip against the passport numbers on the list.

2) A cloned chip with a "clean" passport's number, i.e. a passport that is not on any blacklist, won't trigger an alert. So if you can get the cloned chip to be read instead of your own then you can pass through security without triggering an alarm.

3) There are two ways that you can use a cloned chip: Firstly - by inserting it into a forged passport; secondly by "overlaying" the chip in the passport by disabling or shielding the original chip and attaching a new chip to your passport holder for example.

4) Of course the chip also contains facial recognition details. However, there will be prone to a number false negatives (deciding you aren't you because you've not shaved this morning). With false negative results of between 12% and 94% in the Biometrics Trial (See page 58 of the official report, how long before passport checking staff adjust their behaviour to let through the (conservatively) one in eight travelers who don't match their chip. The usual strategy to reduce false negatives is to relax the accuracy of the system. Simply put, to reduce the false negatives you raise the number of false positives: e.g. deciding you look enough like your brother to let you through on his passport. So clone the chip of someone who looks a lot like you and who either won't notice or won't mind that you've borrowed their passport to do so and you might just get through anyway.

5) So we're back to the "good old, bad old days" (pre March 2006), where trying to blag your way through customs on someone else's passport is possible as long as there's a fairly acceptable resemblance, right? Wrong - we could be could actually be worse off, from a security point of view. As The Register's report puts it:

"The mere presence of the reader, the chip and the general ePassport security pixie dust will - no matter what the circulars say - have a psychological effect on border control staff. They will tend, because the machine says the passport's clean, to drop their guard, not really inspect either picture or bearer properly. This kind of effect is well documented, and it's the same kind of thing as people walking in and out of companies unchallenged despite wearing a security tag in the name of 'Michael Mouse'."

No offence, but your facial biometric doesn't look so good...

See the latest news via Google on this story.

Friday, August 04, 2006

STC Reports on ID Cards

The House of Commons Science and Technology committee (STC) has released its report.

The report is of course focused on the science and technology aspects of the scheme. The STC starts from the premise that there is nothing inherently wrong with the introduction of the national ID card/register in itself. As a result, the following points made in the conclusions are a balanced view of the Government's management of the technological and scientific challenges only. So even where the report endorses the Government's management of the project, we at NO2ID and affiliated groups still oppose the project per se:

The conclusion starts by acknowledging that there are some things the Government is getting right, such as the use of limited trials and the plans for gradual roll out.

The conclusion then criticises the Government for it's lack of openness to advice from ICT and Social Science experts. The report states that "despite correspondence with the Home Office, [the STC is] still unclear about who actually has ... responsibility [for ICT] within the programme."

There is criticism of the confusion over the requirements that suppliers will be asked to address in the event of the procurement process taking place. The report points out that "[s]uch confusion has been exacerbated by the lack of transparency of the scheme. In addition, there is a lack of clarity regarding the overall scope of the scheme, the scenarios when the card might be used, the procurement process and the OGC [Office of Government Commerce] Gateway reviews."

The report makes the following suggestions for the improvement of the handling of the project:

"It is crucial that the Home Office increases clarity and transparency, not only in the areas identified as problematic but across the programme. Thirdly, we reiterate that once trials commence, if the evidence gathered indicates the need for changes in the programme, such changes should be made even if the timescale of the project is extended in consequence.

To be clear - there are five scenarios, best to worst case, that I can envisage:

  1. The ID Card scheme is dropped for civil rights reasons, with minimal further cost

  2. The scheme is dropped for practical reasons, with minimal further cost

  3. The scheme is dropped part way through implementation because the Government again fails in its project management duties, at huge further cost

  4. The scheme is implemented, with few problems, at great cost

  5. The scheme is implemented, with extensive problems, at even greater cost

My personal position: I'm not hoping that the scheme collapses in chaos - I'm hoping that the scheme is calmly and sensibly dropped. I confess I'd rather the scheme collapsed in chaos than was implemented well, by quite some margin. However, I know there are those who see a painful downfall as the first and best option, and others that would accept a well organised scheme over a chaotic withdrawal. I expect that particular debate to run and run.

It remains the case that the best scenario for all of us is for there not to be compulsory ID cards and for there never to be a national database, no matter how well they may be implemented.

For the latest news on this story, see Google News.