[Dave Birch] I was in the US recently, and had occasion to visit a number of office buildings. At some of these, in order to comply with security requirements, I was asked to provide “picture ID”. A couple of times, I produced my UK driving licence, which the guards looked at and then handed back, waving me through, despite the fact that they couldn’t possibly have known whether it was real or not. So what was the point? This is what is called “security theatre”, where the people involved (in this case, me and the guard) are both acting out our scripts to show security to the people around us. No actual security is involved. Were I a devotee of Osama bin Laden trying to get in to one of these buildings, I would simply have my accomplice call to make an appointment (perhaps posing as a security equipment salesman) using the same John Smith and then show up with a Western Australian driving licence in the name of John Smith with my picture on it. In fact, I’d lay a pound to a penny that I’d get in with Narnian driving licence. What is going on? If I’m going to see a contact at BigCompany, could he just use his digital identity to sign my Consult Hyperion public key, thus creating a credential certificate that I could load into my phone and that the guard could read using his PC, and which his PC could then resolve up the certificate chain to determine, in milliseconds, that I am entitled to enter the building?

In fact, what would be the point of the guard at all? I could just wander up to the building and present myself to the door: the door would ask my phone for a certificate, the phone would present it, but only if I am holding it (by my voiceprint, for example). That wouldn’t be theatre.

But the real world seems to value theatre more than security, because theatre is easy to understand but security is complicated, and very difficult to explain security to political advisors with politics degrees. And real security is constantly being subverted by politicians anyway, whereas since theatre isn’t security, it doesn’t matter how much of it you have, nor whether it is tragedy or comedy.

ENAC, Italy’s civil aviation authority, wants airlines to accept ID such as driving, hunting and fishing licences.

[From BBC News – Ryanair may ground Italian domestic flights in ID row]

You can see how it will get difficult for airlines, ferries, car rental companies and other travel-related organisations if they required to accept all sorts of strange documents as valid travel documents. This has already led to problems.

A man has received an apology from the Home Office after his ID card was refused as he tried to board a ferry to Rotterdam.

[From BBC News – Apology after ID card is refused]

I thought this story was rather good, for a couple of reasons.

Mr Eastwood said: “When I approached check-in and flashed my ID card, the two girls on the desk looked at each other and said: ‘We can’t accept that’. It was like they had never seen one before.”

[From BBC News – Apology after ID card is refused]

I’m sure they hadn’t, but how they were supposed to tell it from a Portugese fishing licence I’ve no idea, and now that the scheme is about to be abandoned, there will be a few thousand of these cards in circulation and this problem will re-occur. This is why it makes no sense to have “smart” travel documents that are validated by people and not machines capable of determining their authenticity.

It’s as confusing for the rest of the public. For reasons not germane to this discussion, my teenage son had to produce some identity as part of a commercial transaction before Xmas. His American passport was rejected. “I’m sorry”, said the clerk, “we can’t tell if it’s real’. I couldn’t resist asking “how can you tell if a British passport is real?” and the clerk said “we can’t, but we keep a photocopy of it”. Theatre.

Identity is a mess, and it isn’t just in Europe, and it isn’t just for travel.

I thought that the most interesting part of this story came further down. The Home Office, the British government department in charge of the identity card, said that they had notified travel companies about the new id cards last year, presumably including their description of the key authenticity tests, which was:

Physical checks can also be performed on the card. As it is made entirely from polycarbonate, it will have a distinctive sound when flicked, and the holder’s image will always be in grey-scale.

[From Digital Identity Forum: Gambling on ID security]

So since the government had created this new identity document and had informed the travel companies as its existence and mechanisms to establish its validity, who should pay when it is declined?

The Home Office has said they will refund him the travel costs and the price of the ferry tickets.

[From BBC News – Apology after ID card is refused]

Another cost of the ID card scheme that not even the LSE factored into their spreadsheets!

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

1 comment

  1. And of course, the “papers please” crowd have rarely given any thought to what real benefit will come even from a verifiable “identity” proof. Parliament has it right: check visitors for weapons; who cares what their name is?

Leave a Reply to Ian BrownCancel reply

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this:
Verified by MonsterInsights