Identity Cards

Data Loss

Up until Monday, we hadn't had any of our data lost by the government (as far as we knew). We shouldn't have been one of the 25 million lost due to being child benefit claimants, or one of the many other breaches. Some of the breaches are potentially very serious should it fall into the wrong hands, for example, the list of military applicants, of prison officers, or (and think of the children!) families with young kids.

However, Monica may have been among the three million lost on Mondays.

It does annoy slightly that they always call it 'lost', this can imply that the issue is that government no longer has the information. This isn't the problem - it's 'duplicated, then lost'. The issue is that people who shouldn't have the information ultimately acquire it.

Having the entire population on one big database is not a way to improve security. It's a big target for identity theft, and recent history shows that it cannot be kept totally secure.

Having said that, the 'losses' that have happened have been rather silly. Lots of data transported without strong encryption, often when there was no need to transport it. It shows a general carelessness that is not befitting anyone claiming to be worthy of trust with this data.

You can take this survey to find out how likely it is that the government has treated your information shoddily.

For more on the proposed ID card database, see the No2ID website, including this rundown of the issues.

The ORG data loss questionnaireYou hand over your personal details to councils, hospitals, employers and businesses all the time. But these institutions don’t always keep that data safe. In fact, since HMRC lost its entire database of child benefit claimants last year, high profile data losses have hit the headlines with worrying regularity. But how does this affect you and your family? Click here to find out how likely it is that a government department or corporate entity has been losing your data recently.

Industry and Government want to aggregate and share more and more of your personal data. Schemes like the National Identity Register, ContactPoint and the Intercept Modernisation Programme are just the tip of the iceberg. But data insecurity is inevitable if large datasets are stored centrally and accessed by hundreds of different people. Data loss can lead to identity fraud and harassment for anyone affected. It is also likely to further complicate or even threaten the lives of those who are fleeing abusive relationships or on witness protection schemes. And that’s without even getting into the debate about how data sharing and aggregation can change the relationship between citizen and state [.pdf].

Once you’ve taken the test, please share the link - http://www.openrightsgroup.org/dataloss/ - with friends. And if you learn of other incidents that should be added to the questionnaire, then please add them to our list of UK privacy debacles, which feeds into the questionnaire.

Thanks to Sam, Glyn, Casey and Rowan, the Open Rights Group volunteers who conceived and realised this project. Finally, please note that the application does not record users’ responses or IP address. In fact we don’t store any user data, which means there is no danger of us losing or leaking anyone’s personal information.

More Data Loss

So, the Government has managed to lose a USB stick containing the details of tens of thousands of criminals. We should not focus on the fact that this is the data of criminals - that will be of little concern to many - but instead look at what's happened here in terms of data protection. Once again it has been possible to copy records en masse, save them to removable media unencrypted and walk out with them.

A picture of a USB Key

This time it was a USB key, but in the past it has been CD Roms. Discs have been lost containing the data of 4 million people, of 25 million people and there have been many other cases.

This does not breed confidence in the future security of the ID database - a massive bonanza for identity theft if it got into the wrong hands.

It simply should not be possible to export large amounts of data without a high clearance.... and such clearance should only be given to people who have been drilled until their ears bleed about safeguarding that data. In particular, if on usb, it is attached to a lanyard and doesn't leave your neck until it is wiped. Even then, the data should not be on any removable media unless encrypted (and this should be automatic to prevent the human-error factor).

More to the point, if the data has to be moved from A to B, what is the problem with an encrypted ssh tunnel from one system straight to the other? What's wrong with 'dropping' fields which are not needed at the receiving end before sending?

NO2ID - Stop ID cards and the database state

These data losses indicate a massive systemic failure in the design of government systems, a carelessness with the data with which they're entrusted, and a laissez-faire attitude at the highest levels. Just as the loss of the child benefit discs was not the fault one one low-level civil servant, this should not be pinned on the unfortunate who dropped the usb stick (though they should know better). This should be viewed as a failure of design - people should not have been able to do this, even if they were trying to be malicious.

It's just another case which demonstrates the flaws behind the concept of an ID card database, which if ever compromised would be the biggest boon to identity theft ever seen.

The Nasty Party

'The Nasty Party' used to be a term applied to the Tories. This is most emphatically no longer the case. Putting aside historical issues for a moment and looking at recent weeks:

Kathz wrote about an issue (mirror) which I noted, but did not post about until now. That is of Labour playing nasty in Crewe.

The Labour Party is putting out an official leaflet which carries a picture of the Conservative candidate and the question, "Do you oppose making foreign nationals carry an ID card?"

Maybe the Conservative party policy isn't clear on the issue. But Labour (government) policy isn't just about foreign (non-EEC, by the way) nationals. Soon we shall all have to carry ID cards. The government is preparing to collect our biometric details so that it can store them on a database. The ID scheme targeting foreign nationals is simply starting with a soft target - people who don't have votes.

The Labour leaflet in Crewe hasn't been published to open up a debate on ID cards. The government has made it very clear that the introduction of ID cards is not open to debate. This leaflet is about race. It's about fuelling fear and race hatred to hold a vulnerable seat in a parliamentary by-election. The implication of the leaflet is that foreigners are dangerous and only the Labour Party will keep them under surveillance.

Spreading suspicion is dangerous. Mistrust is often a two-way process.

(Another source)

In other news, Labour want to institute a database recording the internet activity and phone calls of everyone in the country 'just in case'. (source)

Jonathan Bamford, the assistant Information Commissioner, said: “This would give us serious concerns and may well be a step too far. We are not aware of any justification for the State to hold every UK citizen’s phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable. We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky - the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen.

Let us all recall that Government doesn't have a good track record with large databases, with multiple leaks over the past year - including the one leak of the records of some 25million families.

As an interesting aside, Guido notices that the number of stress related sick days at the treasury has dramatically reduced since Brown became PM.

Get your German interior minister's fingerprint here

A fundamental flaw with biometric ID cards has been demonstrated in a very high profile way.

In the most recent issue of Die Datenschleuder, the Chaos Computer Club printed the image [of the fingerprint of Wolfgang Schauble, Germany's interior minister] on a plastic foil that leaves fingerprints when it is pressed against biometric readers. (my emphasis)

"The whole research has always been inspired by showing how insecure biometrics are, especially a biometric that you leave all over the place," said Karsten Nohl, a colleague of an amateur researcher going by the moniker Starbug, who engineered the hack. "It's basically like leaving the password to your computer everywhere you go without you being able to control it anymore."

Schauble's fingerprint was captured off a water glass he used last summer while participating in a discussion celebrating the opening of a religious studies department at the University of Humboldt in Berlin. The print came from an index finger, most likely the right one, Starbug believes, because Schauble is right-handed.

Whoops.

NO2ID - Stop ID cards and the database state

The Last Enemy

The BBC has an article spawned from the new programme, 'The Last Enemy'

A comparison is often made with ID cards on the Continent, yet they are nothing like the UK ID card because they hold far less information.

Yet it's not simply a case of pointing a disapproving finger at the "tentacles" of the state. There's a laziness in the constant expressions of "they are watching us". In fact we have an intelligence service who work incredibly hard and are passionate about saving our lives. But if you let police make the laws, quite logically you end up with a police state.

And there's a similar laziness in the belief it's only the guilty who have something to lose; the innocent have nothing to hide. To many the perils of a surveillance society seem abstract, a load of "what ifs" that will never have much bearing on most of our lives.

Yet the innocent do have something to hide - their privacy, and that is linked to dignity. The innocent will have to prove every day that they are innocent by what is on their card.

Via No2ID. The programme goes out on Sundays, BBC1, 9pm.

Clarkson in ID theft

Following the recent case where the bank details of 25 million were lost, Jeremy Clarkson was of the opinion that it was a fuss over nothing. He published his bank account details in his newspaper column.

But Clarkson admitted he was "wrong" after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.

The most surprising thing about the story was the phrase Clarkson admitted he was "wrong"

As I've said before, it's not the fault of the underpaid guy who physically performed the act of copying the data, it's the fault of those higher up who designed a system which was capable of having all 25 million records copied in one go at the click of a button.

On a related topic... ID cards...

(Update: No2ID report this story.... I, along with probably countless others, emailed it to them, so it's no surprise to me!)

The fault of low level civil servants?

Regarding the recent data leak:

The Conservatives say the crisis is down to "systemic" errors at HMRC - but the government insists it was the fault of low level civil servants.'

Source

Rubbish - why was it possible for a low level civil servant to download the entire database in one go and burn it to CD? (i.e. the potential is there to steal it).

A low level civil servant should only be able to view a record at a time, and not export the records at all. This is trivial.

I still can't believe that they thought it'd be too expensive to drop sensitive fields.

It was too expensive...

Following the fiasco of losing the personal details of 25 million people it has emerged that the audit office did not request all of the information that was sent:

'the NAO wanted only limited child benefit records but was told in an e-mail from a senior business manager in March that to remove more sensitive information was too costly and complex.

Please correct me if I'm wrong, but this should be trivial for any well set up system. In the commercial 'filemaker' system, one can choose which records to export. If, as is more likely, the database was SQL, one could make a copy of the database and then drop unwanted tables, or fields. For anyone managing an IT system, this should have been trivial.

Someone who is responsible for decisions on such a large and costly database really should be able to manipulate that data easily.

For the record, the SQL syntax (after about 15 secs of research) is:

ALTER TABLE <table_name> DROP <field_name>

or even

DROP TABLE table_name

Methinks the 'it was too expensive' excuse is just so much baloney.

Some Links to finish off: NO2ID - Stop ID cards and the database state

Update: qwghlm has a post on this too.

Records on 25million families lost

This includes bank details for 7 million families, national insurance numbers and so on. The information was sent, by unrecorded delivery, through the post. This is information worth millions, if not billions, in the wrong hands.

Source

The records include parents' and children's names, addresses, dates of birth, child benefit and national insurance numbers and in some cases, bank or building society details.

And then they wonder why I don't trust this government, or any government, with all of my personal information on a centralised ID database?

On the bright side, the discs are 'password protected'. That's all right then, dictionary brute force attacks have almost never been shown to work....

In other news, last week the Information Commissioner’s Office asked the UK to criminalise severe data breaches. Good job for the powers that be that this hasn't happened yet!

Even if this was the mistake of some underling, the fact that the systems were so lapse that this information could be burned to CD is a massive problem.

Update: The banks are advising that people don't need to phone them and say 'give me a new bank account number'. They would say that, it's a lot of work - but on the precautionary principle, there is no reason not to do this. In fact, if my bank said there was no need, I would respond by saying 'if you won't give me a new account number, I'll move my account'.

Update 2: Don't accept 'ID card database would be safe as it's protected by biometrics' - this is so much tosh, the biometric info is just another record in the database.

Update 3: No2ID now has this story

ID cards in Gaza

The BBC has an article about the terrible situation in Gaza, in which we learn that ID cards are being used as a way of identifying 'suspect' people.

He said Hamas gunmen had checked ID numbers before deciding what to do with people. Anyone whose number began with a four was suspect.

Why? Because that is how Israel, which granted the permits, signified any Palestinian who returned from abroad after the Oslo peace accords in 1993. And the largest number of these belonged to Yasser Arafat's Fatah faction.

Admittedly, the UK is not Gaza, but is it stretching the imagination too much to imagine that a nationwide ID scheme with an overarching database which contains biometrics on us all could never be misused? 'Never' being quite a long time.

A British Institution?

Liam Byrne has talked on the subject of ID cards, saying it was 'time to get on with it' and they'd become a 'great British institution'. Oh dear.

Mr Byrne, the immigration minister, said: "In 20 years time, I suspect that the National Identity Scheme will be just a normal part of British life - another great British institution without which modern life, whatever it looks like in 2020, would be quite unthinkable."

Yes, that's the worrying thing, Mr. Byrne. (Not so much the card, but the database which is a compulsory aspect).

Update: No2ID have spotted this story too. Andrew comments:

Mr Byrne fails to mention that this ID card, which he insists will become crucial to my daily life, will not belong to me, and that the Home Secretary reserves the right to take it away from me completely at any time.

Even when I have "my" ID card, the Home Office expects me to have to put it into card readers at doctor's surgeries, post offices, banks, shops and hospitals in order to verify my entitlement to carry out daily transactions. If the Home Office central computer says "No", I will not be allowed to carry out that transaction.

This effectively gives the Home Office a day-by-day, case-by-case veto on many of the actions essential to my daily life.

Here's the crucial question everyone should ask themselves - Do you believe that you will control "your” ID card? Or will it instead come to control you?

Passport Costs Rise Again

Via No2ID, we learn that the cost of passports are due to rise again. Much of this rise is connected to the fact that the ID card database is being tied in with passports, thus making the ID card appear cheaper than it really is.

According to the Daily Mail:

The cost of a British passport is to rise for the third time in less than two years, ministers announced today.

Charges for a standard 10-year adult passport will increase from £66 to £72 in October.

Until December 2005 the travel document cost £42, meaning that when the new fees are introduced there will have been a 70 per cent rise in just 22 months.

Writing about a previous price rise in the Daily Telegraph in November 2005, Philip Johnston made the link to the spiraling cost of the ID card programme, and reminded us that:

… when Labour took office in 1997 and a standard 10-year adult document was £18.

In other words, the price the government charges for a passport has exactly quadrupled in 10 years.

You don't have to wait for your existing passport to expire. If you renew now, you'll have up to 9 months from your existing passport added on. With the price rise (with more rises expected), you're at break even, even if you have some years to go - add on the benefit of not having to get the ID card and it's worth doing.

Papers, Please.

The Home Office is considering giving police the power to stop anyone at will and demand to know where they're going and proof of ID. Vaguely reminiscent of the powers used in the USSR. Of course, it wouldn't start like that, or be intended like that, but it's a possible consequence.

Currently, there must be 'reasonable suspicion'. Why is that not enough?

The government is considering giving police officers across the UK "stop and question" powers under new anti-terror laws, says the Home Office.

The proposal, allowing police to ask people about their identity and movement, is among measures being considered by Home Secretary John Reid.

The measure is so far used only in Northern Ireland. Edit: Where there was a history of a substantial fraction of the population planting bombs on a regular basis. Thankfully, this is not the case in the UK despite the climate of fear

Police elsewhere have to have "reasonable suspicion" a crime has been committed before they can stop people.

Anyone who refuses to co-operate could be charged with obstructing the police and fined up to £5,000, according to the Sunday Times.

So, by the letter of this proposal, if stopped and questioned, saying 'why?' or protesting in any way (not unreasonable if there were no reason for the stop) could end up with a charge of obstruction.

ask people about their identity and movement? Hmm, another argument for ID cards is in the making 'It'll be easier to prove who you are when stopped for no apparent reason'.

More Information

Database of Prejudice

The Guardian today posts an editorial about the links between the DNA database and ID cards. Here are some choice quotes:

A quarter of those whose DNA details have been stored on the national police database after being arrested, but not charged or convicted, were black, Asian, Chinese or Middle Eastern. As these groups form 9% of the overall population, it means that innocent members of ethnic-minority communities are almost three times more likely than innocent white people to have details of their DNA on the database - and up to eight times more likely in rural areas such as Avon and Somerset.

The database also includes DNA samples from victims and witnesses who have given their "consent". One can only wonder how many white, affluent suburban dwellers are asked for a DNA swab after calling the local bobby to a break-in.

While carrying a card will not be compulsory for Britons, it will be for non-EU nationals - handily covering the majority of non-white migrants. How many times will police officers fail to differentiate between a British or European-born black or Asian person and somebody who has arrived from outside the EU?

Brown on ID Cards

My short lived optimism has well and truly expired. Golden Brown has confirmed that 'Yes. We are going through with the ID plan'.

From Radio 4’s Today program via No2ID:

R4: Are you committed to the ID card plan?

GB: Yes. We are going through with the ID plan, and -

R4: No rethink.

GB: What I said yesterday, I think it's a very important point here, if you are in a situation, where you or I, could easily have my identity stolen, then that is a threat to my privacy and my civil liberties, and that is an increasingly common feature of our society.

…. But what I feel that you've got to show people is that as you have to take measures to deal with the security of the country, you've also got to show people that the civil liberties of the individual are respected, that there will be no arbitrariness; that at the same time there will be proper accountability for any decisions that are made, and of course the strengthening of the Parliamentary procedures for accountability, and at the same time the assurance to people that their identity or any other aspect of what they do will not be treated in an arbitrary way, is an important part of what I believe is the British constitution, what I believe is what people in Britain have valued over the centuries, that the civil liberties of the individual are upheld.

I’m absolutely sick to the back teeth of politicians blatantly misusing the term ‘civil liberties’, redefining the term to fit their arguments with noone ever bringing them up on the issue.

If you look in the dictionary, the term ‘civil liberties’ is defined as:

‘The freedom of a citizen to exercise customary rights, as of speech or assembly, without unwarranted or arbitrary interference by the government.’

ID Cards will be the epitome of governmental interference in the freedom of a citizen, which makes it even more galling that they are using the term to support the idea!

A request to all the journos out there… next time you’re interviewing a politician, and they mention our hallowed civil liberties, please interrupt them and enquire as to whether they know the meaning of the notion.

And as for our glorious pseudo-leader’s assurances of non-arbitaryness, what can be more arbitrary than the emerging ‘Computer says No‘ culture, which will no doubt be perpetuated by their hare-brained schemes?

I'm also tired of politicians answering 'No rethink' with two paragraphs of blurb instead of just saying 'No'.

Further thoughts on ID cards

Tim Worstall points out the following (something which I thought was pretty obvious when I posted the other day, but he's right, it does need pointing out - there are people out there who don't want to pay for ID cards, but don't mind if the government pays... this is a similar argument.

The Government says much of the cost will be recouped from charges for combined biometric passports and ID cards which will be introduced next year. These are predicted to cost £93 but this may have to rise to £100 or the taxpayer will have to meet the additional expense.

As, in this case, the "taxpayer" and "ID card holder" will be the same group, whether the money's raised by a charge or from the general revenue doesn't really make much difference, does it?

The ID card scheme is especially worrying when they can't even manage a database of junior doctors without putting it online (source)