Mad men

[Dave Birch] My prediction for 2013? We’ll be in New York a lot more! Consult Hyperion have been Mad Men for a couple of months and CHYP USA Inc. is open for business. We’re at 535 Madison Avenue, New York, NY and our new joint Managing Directors there, Lanny Byers and Howard Hall will be happy to hear from you.


Lanny and Howard bring more than half a century of expertise in digital money and digital identity between them and we’re delighted that they agreed to come on board.

  • Lanny Byers brings over 20 years of experience in the electronic payments industry in card program management and consulting. Having held SVP and GM positions within Card Groups at Bank of America and Western Union, he has since gained 11 years’ consulting experience, first at MasterCard and more recently with his own independent consultancy delivering payment and loyalty solutions.
  • Howard Hall, a veteran of the start-up and early stage technology arena, has extensive background in electronic security and identity having built and sold several companies including Vericept to Trustwave and most recently Riverglass to ASG Software.

As many of you probably know, Consult Hyperion has had customers in the USA for many, many years and these have included industry leaders in the retail electronic transaction space such the major payment schemes, innovators in the mobile payment space and key players in transit ticketing. But we’ve decided to take the extra step of creating a US presence and bring on board as US team at this time because we think there are a great many organisations in the US who will want to take advantage of our wholly independent (we are not tied to any suppliers, nor do we develop our own products) help to design, develop and deploy transactional solutions.

Oh, say can you see... etc etc

So why now? There are three main reasons for making the decision to create a US subsidiary now:

  1. The US liability shift and EMV migration. We know how to help organisations go from stripes to chips without wasting money. In particular we already have experience as independent consultants to US banks migrating from stripe to chip in Europe as well as experience helping Canadian organisations (including Interac) do the same. And we have specific experience in helping transit operators move to chips too.
  2. The explosion in mobile. We know how to help organisations go from chips to devices following flexible product and service strategies. We’ve worked on mobile payments and mobile identity for some of the world’s largest telecommunications companies, including Vodafone, Verizon and Telefonica.
  3. The escape to the cloud. We know how to help organisations go from devices to clouds without opening up cracks in the systems that might be catastrophic downstream. We’ve been chosen by start-ups and legacy providers alike to help develop new online transaction systems and perform the crucial risk analysis that such systems demand.

Transactions are hard. They have to work every time, at scale and in the face of everything that people and technology can throw at them. Making them secure means understanding the technology, the business and the social context. We have track record of doing this, stretching back to our very first assignment for the Bank of England Central Gilts Office in 1986, and are looking forward to support organisations in the US who want to do the same.

You can follow CHYP USA Inc. at @chypUSA and continue to keep up with the latest thinking at the intersection of digital identity, digital money and digital networks at Tomorrow’s Transactions, where our US team will soon be posting their perspectives on the evolution of the secure electronic transactions in the US..

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Welfare dependence

[Dave Birch] A discussion earlier today touched on the British Government’s impending shift to “universal credit” in a reorganisation of the way that welfare benefits are paid. I saw in The Telegraph that the government was floating the suggestion that the payment systems be used to enforce moral judgements over the less well-off.

Iain Duncan Smith has asked his officials to see if so-called ‘problem’ families should receive their welfare payments on smart cards, rather than in cash.

[From 120,000 troubled families could be legally banned from spending benefits on alochol and tobacco – Telegraph]

The Daily Mail appears to have some more specific information on the design specifications for these new cards, which certainly seem to be using the very latest technology.

Plans being drawn up by Work and Pensions Secretary Iain Duncan Smith will see the 120,000 problem families targeted with Oyster-style cards which can only be used in certain shops.

[From Iain Duncan Smith: ‘No booze’ smart cards for benefit claimants who spend their handouts on drugs and alcohol | Mail Online]

I’m not entirely sure what they mean by “Oyster-style” (Blue? Rectangular? Contactless? Not issued by a bank? A closed loop solution?) but I’m guessing that what they actually mean is pre-paid. Now, as far as I am concerned, this is actually a good way to deal with the transition to universal credit. Forcing banks to provide “basic bank accounts” that welfare recipients don’t want to use is a dead end. These accounts are a backward-looking, money-losing, non-solution to the problem of the underbanked. Allowing non-banks to provide pre-paid solutions (perhaps rather like the O2 Wallet, with smartphone management capabilities and a companion EMV card) is surely a better way forward.

Anyway, as far as I know, welfare recipients will be getting their cash on smart cards anyway. It may have slipped Mr. Smith’s mind, but starting next year all benefit recipients, let alone “problem families”, will be getting their welfare payments on smart cards since the new Universal Credit system means the end of welfare cheques, benefit books, Post Office cards and everything else. All benefits will be paid into bank accounts and to get them out you will need a debit card. In the UK, these have been smart for some time, as I’m sure Mr. Smith’s chauffeur could have told him. But perhaps it is the journalists who do not realise this? Perhaps what Mr. Smith has actually asked his officials to look into is selective Merchant Category Code (MCC) restrictions on pre-paid cards and debit cards issued with basic bank accounts?

I will happily stave off the demands on the public purse by telling Mr. Smith’s official’s management consultants that this is a waste of time. All it means is that benefit recipients will have to trade (inefficiently and at a discount) to get the booze, fags and weed. Given the entrepreneurial nature of the criminal underclass, a likely outcome would be the invention of an intermediate currency for the black economy (e.g., detergent bottles). Yet Mr. Smith appears to know this already, which makes his floating of the idea of payment system as policeman even more puzzling.

Mr Duncan Smith said he was against using a US-style food stamps system because they are often traded as a form of currency.

[From 120,000 troubled families could be legally banned from spending benefits on alochol and tobacco – Telegraph]

It’s not clear to me why he thinks that removing the physical medium of exchange would make any difference to the marketplace dynamics. Especially as the US experience has already proved this to be the case.

Complying with a law signed by President Obama in February may cost taxpayers more that it saves. That’s one conclusion of a white paper issued today by the Electronic Funds Transfer Association, which represents ATM networks and owners and processors, as well as financial institutions and state welfare agencies.

[From Preventing Welfare Clients from Using Their Benefits at “Vice” Locations May Be Costly and Ineffective, Announces Electronic Funds Transfer Association –]

if you ban welfare recipients from accessing ATMs at casinos, it just means that they go to the ATM at the gas station over the road from the casino and pay twice as much to get their money out. I’m sure there are a great many honest taxpayers who are upset at the idea of welfare recipients using their (i.e., the taxpayers) money to buy booze and would like them not to. But turning Visa and MasterCard into moral chaperones for every rendezvous between card and terminal isn’t a way to do that.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Who wants low-cost bank accounts?

[Dave Birch] Once or twice I’ve had e-mails from people who say, to paraphrase, “you only hate cash because you work for electronic payment companies who would benefit from the end of cash”. This is partly true: Consult Hyperion, I’m proud to say, has been chosen by many of the world’s leading electronic payment companies to provide consultancy support and advice. But it is wrong to say that I only hate cash because of that. I hate cash for a variety of reasons and only some of them relate to boosting the business of our customers. There are moral reasons for hating cash too, and one of them is that it discriminates against that least well-off in society.

A group of development organisations, foundations and private companies, including Citi and Visa, have formed the ‘Better Than Cash Alliance’ to lobby for a shift towards electronic payments in the fight against global poverty. The alliance – comprising the UN Capital Development Fund (UNCDF), US Agency for International Development (USAID), Bill & Melinda Gates Foundation, Citi, Ford Foundation, Omidyar Network, and Visa – is calling on governments, the development community and private sector to adopt the use of e-payments for programmes that support people living in poverty.

[From Finextra: ‘Better Than Cash Alliance’ to push e-payments in fight against poverty]

Now, this is a matter very close to my heart, so I can hardly be expected to be a dispassionate observer. As I have long maintained, the poor are the chief victims of cash. People trapped in a cash economy pay higher transactions costs, their money is lost and stolen, they lack access to basic financial services such as a savings and insurance and so on. So I am wholly in favour of this initiative. But what should its goal be? Generally speaking, in the US and the UK, insofar as the government has any policy toward financial inclusion it is based on bank accounts and starts with the observation that lots of people don’t have them.

About 8.2% of U.S. households, or nearly 10 million, lack a bank account, according to survey results released Wednesday by the Federal Deposit Insurance Corporation. That’s up from 7.7%, or about 9 million households, in 2009

[From 10 million households don’t have bank accounts – Sep. 12, 2012]

This issue is wider than the unbanked, though. There are other categories of mismatch between the conventional banking products on offer in our economy and the needs of substantial fractions of the population. There are, for example, people who are underbanked, people who have some banking products but they don’t really use them or use the most appropriate ones.

By underbanked, Javelin is referring to those who don’t have a checking account or a primary banking relationship. They may have a prepaid card. (The unbanked have no bank relationship at all.) They tend to be young — 36% are 18 to 24 years old.

[From Who Are the Underbanked? – American Banker Article]

The underbanked that Javelin surveyed (they are around 15% of the adult population of the US) had mobile phones and an average income of more than $50,000 per annum. This is a sizeable target market for “near bank” services that I’ve written about before, but I imagine that there are at least another 15% (and probably more) of the adult population who are overbanked. These are the great many people who have bank accounts but don’t really need them. This group are either paying for banking services that they don’t need or are losing banks’ money on “free” services. Therefore, I feel that the “near bank” market could account for around a third of the population. If we take the unbanked, underbanked and overbanked together, then, I would strongly argue that bank accounts are the problem, not the solution.

Such customers with balances under $100,000 are, in the words of JP Morgan Chase CEO Jamie Dimon, “no longer profitable,” in most cases.

[From 3 Ways Dodd-Frank Made Banking Worse For Consumers – Business Insider]

You can’t really blame the banks for this. They exist inside a regulatory framework, with legacy infrastructure and cost structures that mean they simply cannot provide free or really low-cost services and furthermore can no longer cross-subsidise. Therefore it makes no sense for governments to enforce a ridiculous “lose-lose” settlement on the market, whereby banks are forced to provide an unprofitable “basic bank account” product of some kind to people who don’t want or need them. That is unsustainable.

The five biggest banks – Wells Fargo, Bank of America, JPMorgan Chase, Citibank and US Bank – have raised fees on their checking accounts so that customers who do not hold a combined minimum balance with the banks (sometimes as high as $1,500 a month) or have direct deposit are paying anywhere from $84 to $144 a year for basic services.

[From Big Banks Should Offer Low-Cost Bank Accounts – Bank Think Article – American Banker]

If bank accounts aren’t the solution, then what is? In recent times, the prepaid card has become the main alternative to a bank account and, indeed, for the majority of unbanked and overbanked people, prepaid card products are a decent alternative.

Budget-minded people fare slightly better with checking accounts; the average monthly service fees come to $3.99 for a checking account, versus $4.50 for a prepaid card. For everybody else, though, even people who handle their money responsibly most of the time, prepaid debit is cheaper.

[From Checking Accounts More Costly Than Prepaid Debit Cards | Moneyland |]

This has been a recurrent theme on this blog too. Often, when I speak to an audience of “banked” people, they don’t understand why anyone would want to use a prepaid card product instead of just going and getting a basic bank account (which in the UK is still free). But there are lots of reasons why prepaid cards are useful, even to the banked, when conventional bank accounts are not, especially when they are energised by the connection with mobile. Just being able to see the card balance on your mobile is sufficient to transform the usability.

a psychological and experiential disconnect between those who have traditional, full-service bank accounts and those who don’t. Hard-core bank customers may never understand how, to the unbanked and the underbanked, prepaid cards can look great-even honest.

[From Trying to Understand the Unbanked s Acceptance of Prepaid Cards – American Banker Magazine Article]

This is a great point and the article makes it well, but it does miss one aspect of this market. I have a full-service bank account, yet I also have an number of prepaid cards. I have my prepaid US dollar and prepaid Euro cards that I use when travelling, I have a prepaid Visa card (from O2 Money) that is the “house” card that the kids use when they go to the store to get groceries or school supplies or go on a trip and I have a prepaid Mastercard in my Google Wallet, although that’s getting switched off shortly.

So. prepaid looks like it might be a better solution than a basic bank account. Prepaid cards as they stand now, though, don’t fulfil all of the requirements for a near-bank account. Where are the standing orders and direct debits, for example? In the UK, this isn’t an idle speculation but one of great interest to many of our clients who have been looking at this for some time because there’s about to be a big change in the UK and it will stimulate demand for near-bank services. The welfare system in the UK is switching to a new “universal credit” system where all benefits will be unified and paid monthly in arrears.

claimants will receive just one monthly payment, paid into a bank account in the same way as a monthly salary

[From Universal Credit – DWP]

If you’re wondering why our clients care about this, it’s because it represents a money flow of around £2 billion per month that is up for grabs. The government has been sort of hoping that basic bank accounts will be the destination for this money, but for the reasons noted above, this is in question. In my opinion, what is needed is neither a bank account nor a pre-paid card but a payment account: a prepaid transactional account with an associated card, more like my O2 Money account than my Barclays Bank account but with additional functionality to emulate, in essence, instruments such as standing orders and direct debits.  A software wrap around a Payment Institution (PI) with an electronic money licence (ELMI) and a set of rich standard interfaces should do the trick. We can achieve financial inclusion if we employ some clear thinking around this sort of account and stop focusing on bank accounts. I thought Deutsche Bank’s response to the European Commission consultation on bank accounts in May illustrated this point well. They said

We believe that making payment accounts available to every citizen in the EU benefits all market participants. However, reasons for financial exclusion differ in the Member States and therefore might require different measures in order to achieve better financial inclusion. The percentage of people not having a bank account is an indication but not a proof that those people are actually financially excluded.5 Real financial exclusion is often associated with an inability to provide a proof of identity or domicile (e.g. immigrants, homeless people), unemployment or financial distress in general and low educational attainment.

In this one paragraph, they make very sensible points about financial inclusion but they switch between talking about “payment accounts” and “bank accounts” with no differentiation. But there clearly is a difference: a “payment account” to my mind is the type of prepaid account noted above, offered by either a bank or a Payment Institution. There are plenty of viable candidates who could offer such an account and make money from it. Retailers, to my mind, are in pole position but another obvious category is telcos. I know from one of the projects that we are working on in the UK that even among the long-term unemployed smartphone usage is very high indeed, so the mobile operators could be in a good position to offer payment accounts. It is worth highlighting that both Visa (with Vodafone) and MasterCard (with DT) have already begun forming the kind of partnerships that could deliver some new approaches.

MasterCard and Deutsche Telekom have announced that they will work together to roll out services across DT’s footprint in Europe, starting with an NFC wallet solution in Poland in Q3 and Germany following soon after. For now, the U.S. is not being factored in as part of the deal. In all, Deutsche Telekom has 93 million mobile subscribers in Europe, and 129 million world-wide… This service will also be SIM-based, the two companies say. Under the terms of the deal, MasterCard will be working with DT’s payment subsidiary ClickandBuy, which has the e-money license that is necessary to operate mobile payment services.

[From MasterCard Ties Up With T-Mobile For NFC Mobile Payments In Europe | TechCrunch]

I think, given the current state of development, companion open-loop cards make sense and offer an interchange income stream to cross-subsidise other functions. I notice that SFR, for example, announced just a card last week, much like the O2 Money card and similar offerings elsewhere. The transition to Universal Credit in the UK means, oddly, that the public sector may well stimulate creative and inventive players to enter the already crowded wallet marketplace because the carrot of the initial volume of government benefits is so great and if it does, I’m sure the combination of mobile wallets and chip-and-PIN cards will be the combination of choice. I’ve been invited by the Government Banking Service to give a talk about this at a forthcoming event so I will let you know how it all went later in the year.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

National cybersecurity

[Dave Birch] I very much appreciated being invited along to speak at the Cyber Security Forum 2011 in London. I’m sorry that I couldn’t get along to the first sessions (the demands of clients trumped the future security of our great nation) but I sat through most of it. When I wandered in and sat down, avoiding the temptation to go to “Iceland – New Opportunities” instead, and I loved that within the first ten minutes I had heard about Machiavelli, the scientific illiteracy of the British civil service and how to get stuff done in ancient Greece.

It wasn’t all fun though. A chap from the Institute for Security and Resilience said that the measure of strategic capacity is the capacity to innovate, and he sounded sceptical of UK plc’s abilities in this space, making an interesting point about they way in which the British system puts specialists and entrepreneurs under the control of generalists (referring to, I think, the well-meaning but amateur way in which government manages IT).

But to the point. It turns out that the UK has cybersecurity strategy. It’s available online from the Cabinet Office (revised version 25th November 2011 PDF), so I quickly downloaded it and skimmed through it in time to get to the panel on the “vision for a cyber smart economy” that featured Baroness Pauline Neville-Jones, who is the UK Government’s Special Representative to Industry on Cyber Security. She was great: amongst other things she asked why UK educational establishments are training more Chinese people in cyber security than British nationals…

I spoke on the panel on SMEs chaired by Alex van Someren with Nick Kingsbury and Mark West, and that was most enjoyable, but the highlight of the day for me was the wide-ranging discussion between Joseph Menn of the Financial Times, Caspar Bowden (no longer with Microsoft) and the writer Cory Doctorow. They are very smart and very interesting guys, so hearing them range across software patents, copyrights and privacy was genuinely fascinating. The UK Cybersecurity Strategy doesn’t actually mention copyright at all and it only mentions “intellectual property” once (on page 9), but in terms of a vision for a cyber smart economy, I would have thought that informed discussions about this were rather central to that vision.

The reason that they are not is, as was covered in the discussion, twofold. Cliff Richard and his stooges are against internet privacy for entirely sociopathic reasons to do with what economists call “rent-seeking regulatory capture”, but he finds a sympathetic ear in the government because

  1. the government don’t want privacy either – they want to be able to listen in to your internet conversations and if that means leaving them open to Chinese cyberwarriors as well as record companies then so be it – and find sobbing pop stars a useful smokescreen and
  2. because it’s more fun talking to pop stars than to dreary middle-aged “experts” (e.g., me).

At the end of the event my perspective on all of this was reinforced as essentially infrastructural. In particular, we lack national identity infrastructure, so we’re starting from a low base. In the UK, we need to accelerate the Cabinet Office’s Identity Assurance Programme to formulate something along the lines of the US Department of Commerce’s National Strategy for Trusted Identities in Cyberspace (NSTIC) and then mandate its use for public sector services: no identity, no service. If we don’t mandate it, and instead rely on citizens to protect themselves (and the rest of us) then we have no hope.

Citibank’s Rich Detura… runs global consumer fraud policies, which is an expansion from his previous similar role for Citibank’s US-specific role.

“Consumers’ use of technology is far outpacing their ability to comprehend the security implications of their actions”

[From Great quote from Citibank’s Rich Detura – Javelin Strategy & Research Blog]

If we don’t take this kind of action, we’re going to end up with two internets, as I’ve written before. With no end-to-end identity management, the rich will instead turn to secure networks that lock out undesirables (or, alternatively, lock in undesirables who know what they’re doing).

“The concept of a more secure network that customers or vendors are willing to pay for is probably the only way to provide the security that people want to have,” says Ted Schlein of Kleiner Perkins.

[From Founding father wants secure ‘Internet 2’ –]

I don’t want that, because I think an open internet is a tremendous power for creativity and innovation. Let’s have a working national and international identity infrastructure instead. As an aside, Hugh Eaton (Director Security and Intelligence) said that, as Bruce Schneier always does, that when it comes to security or dancing pigs, you always get dancing pigs. I think this should be updated for the 21st century: when it comes to security or newspaper headlines about security, you always get newspaper headlines about security.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Reflecting on NSTIC

[Dave Birch] I’ve been reading through the final version of the US government’s National Strategy on Trusted Identities in Cyberspace (NSTIC). This is roughly what journalists think about:

What’s envisioned by the White House is an end to passwords, a system in which a consumer will have a piece of software on a smartsphone or some kind of card or token, which they can swipe on their computers to log on to a website.

[From White House Proposes A Universal Credential For Web : The Two-Way : NPR]

And this is roughly what the public think about it

Why don’t they just put a chip in all of us and get it over with? What part of being a free people do these socialists not understand?

[From White House Proposes A Universal Credential For Web : The Two-Way : NPR]

And this is roughly what I think about it: I think that NSTIC isn’t bad at all. As I’ve noted before I’m pretty warm to it. The “identity ecosystem” it envisages is infinitely better than the current ecosystem and it embodies many of the principles that I regard a crucial to the online future. It explicitly says that “the identity ecosystem will use privacy-enhancing technology and policies to inhibit the ability of service providers (presumably including government bodies) to link an individual’s transactions and says that by default only the minimum necessary information will be shared in transactions. They have a set of what they term the Fair Information Practice Principles (FIPPs) that share, shall we say, a common heritage with Forum friend Kim Cameron’s laws (for the record, the FIPPs cover transparency, individual participation, purpose specification, data minimisation, use limitation, data quality and integrity, security and accountability and audit).

It also, somewhat strangely, I think, says the this proposed ecosystem “will preserve online anonymity”, including “anonymous browsing”. I think this is strange because there is no online anonymity. If the government, or the police, or an organisation really want to track someone, they can. There are numerous examples which show this to be the case. There may be some practical limitations as to what they can do with this information, but that’s a slightly different matter: if I hunt through the inter web tubes to determine that that the person posting “Dave Birch fancies goats” on our blog comes from a particular house in Minsk, there’s not much I can do about it. But that doesn’t make them anonymous, it makes the economically anonymous, and that’s not the same thing, especially to people who don’t care about economics (eg, the security services). It’s not clear to me whether we as a society actually want an internet that allows anonymity or not, but we certainly don’t have one now.

The strategy says that the identity ecosystem must develop in parallel with ongoing “national efforts” to improve platform, network and software security, and I guess that no-one would argue against them, but if we were ever to begin to design an EUSTIC (ie, an EU Strategy for Trusted Identities in Cyberspace) I think I would like it to render platform, network and software security less important. That is, I want my identity to work properly in an untrusted cyberspace, one where ne’erdowells have put viruses on my phone and ever PC is part of a sinister botnet (in other words, the real world).

I rather liked the “envision” boxes that are used to illustrate some of the principles with specific examples to help politicians and journalists to understand what this all means. I have to say that it didn’t help in all cases…

The “power utility” example serves as a good focus for discussion. It expects secure authentication between the utility and the domestic meter, trusted hardware modules to ensure that the software configuration on the meter is correct and to ensure that commands and software upgrades do indeed come from the utility. All well and good (and I should declare an interest a disclose that Consult Hyperion has provided paid professional services in this area in the last year). There’s an incredible amount of work to be done, though, to translate these relatively modest requirements into a national-scale, multi-supplier roll-out.

Naturally I will claim the credit for the chat room “envision it”! I’ve used this for many years to illustrate a number of the key concepts in one simple example. But again, we have to acknowledge there’s a big step from the strategy to any realistic tactics. Right now, I can’t pay my kids school online (last Thursday saw yet another chaotic morning trying to find a cheque book to pay for a school outing) so the chance of them providing a zero-knowledge proof digital credential that the kids can use to access (say) BBC chatrooms is absolutely nil to any horizon I can envisage. In the UK, we’re going to have to start somewhere else, and I really think that that place should be with the mobile operators.

What is the government’s role in this then? The strategy expect policy and technology interoperability, and there’s an obvious role for government—given its purchasing power—to drive interoperability. The government must, however, at some point make some firm choices about its own systems, and this will mean choosing a specific set of standards and fixing a standards profile. They are creating a US National Project Office (NPO) within the Department of Commerce to co-ordinate the public and private sectors along the Implementation Roadmap that is being developed, so let’s wish them all the best and look forward to some early results from these efforts.

As an aside, I gave one of the keynote talks at the Smart Card Alliance conference in Chicago a few weeks ago, and I suggested, as a bit of an afterthought, after having sat through some interesting talks about the nascent NSTIC, that a properly implemented infrastructure could provide a viable alternative to the existing mass market payment schemes. But it occurs to me that it might also provide an avenue for EMV in the USA, because the DDA EMV cards that would be issued (were the USA to decide to go ahead and migrate to EMV) could easily be first-class implementations of identity credentials (since DDA cards have the onboard cryptography needed for encryption and digital signatures). What’s more, when the EMV cards migrate their way into phones, the PKI applications could follow them on the Secure Element (SE) and deliver an implementation of NSTIC that could succeed in the mass market with the mobile phone as a kind of “personal identity commander”.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Moving transactions online

[Dave Birch] Well I managed to get myself invited to the launch of Forum friend Sir Bonar Neville-Kingdom‘s new book. As the government’s technology outreach czar, he makes a point of having his personal assistant Patricia use all forms of new information and communication technology. He has, of late, been dictating tweets for her to place on the Twitter and now, to ensure that these valuable insights into the heart of British government IT policy are preserved for posterity, they have been gathered together in “The Twitters of Sir Bonar Neville-Kingdom“. I wasn’t sure about the current regulations concerning the photographing of key civil servants, but I managed to sneak a few pictures and have put them on Flickr for the general public to peruse. Here are a few of them so that you can see what was going on (I spotted known activists in the crowd and am perfectly prepared to hand my footage over to the relevant authorities on the condition of pseudonymity).

Given Sir Bonar’s famous “ring of soup” formulation for government identity management services, I was keen to ask him how he sees the evolving balance between privacy and surveillance. In particular, I was curious about his views on Umair Haque succinct note that

The internet itself isn’t disempowering government by giving voices to the traditionally voiceless; it’s empowering authoritarian states to limit and circumscribe freedom by radically lowering the costs of surveillance and enforcement.

[From The Social Media Bubble – Umair Haque – Harvard Business Review]

Unless we take steps to build an identity infrastructure that embodies certain protections, encodes certain balances, then I think it is perfectly reasonable to anticipate a path whereby governments become authoritarian by default, simply becuase they can and not because of any directed or debated policy. I don’t think that you have to be some kind of privacy nutter to find this a concern: unfortunately, I was not able to put this point to Sir Bonar because he had to leave for a pressing bottle of claret, but I perhaps I will be able to catch up with him again in the not-too-distant future.

Masters key

[Dave Birch] This whole internet thing is getting more and more complicated. I’m trying to work out what government policies toward the internet are, so that I can help our clients to develop sound long-term strategies with respect to digital identity. To do this, we need to understand how the security environment will evolve and what the government’s attitude to security is. Should people be allowed to send data over the internet without interference? The US government thinks so.

Since 2007, Congress has inserted a total of $50 million of earmarks into the State Department’s budget to fund organizations dedicated to fighting Internet censorship.

[From Rebecca MacKinnon: No quick Fixes for Internet Freedom –]

Uh oh. This cannot be popular with people in favour of internet censorship, such as U2’s boss.

U2 manager Paul McGuinness said that the only reason the music industry had tanked over recent years was not because outfits like U2 peddled the same boring crap that they did in the 1980s, but because of the introduction of broadband.

[From Comment: Broadband only useful for pirates – U2 manager screams blue murder | TechEye]

Setting aside the fact that the British music industry earned more money than ever before last year, U2 are totally wrong to expect the rest of society to pay to uphold their business model in face of all technological change. Bono is wasting his time calling for Chinese-style internet censorship in order to maximise record company profits, or at least he is if the US government is going to continue funding the opposition.

China syndrome

[Dave Birch] What should government policy on identity be? Not specifically our government, or EU governments, or any other government, but governments in general. Or, let’s say, governments in democratic countries. OK, that’s a very big question to tackle. Let’s narrow it down to make a point: what should government policy on the internet be? No, that’s still too big and perhaps to vague. Let’s focus down further on a simple internet question: should the government be allowed to see what is going through the internet tubes. Of course! One of their jobs is to keep me safe from drug-dealing Nazi terrorist child pornographers who formulate devilish plots with the aid of the web.

According to reports, the FBI is asking for the authority to require all Internet communications platforms build in a “backdoor” allowing law enforcement easy wiretapping access

[From Should Government Mandate “Backdoors” for Snooping on the Internet? | Center for Democracy & Technology]

In parallel, the FBI is talking to technology companies about how they could be making it easier for criminals to see your credit card details and for the government to read to your e-mail.

Robert S. Mueller III, the director of the Federal Bureau of Investigation, traveled to Silicon Valley on Tuesday to meet with top executives of several technology firms [including Google and Facebook] about a proposal to make it easier to wiretap Internet users.

[From F.B.I. Seeks Wider Wiretap Law for Web –]

This, superficially, sounds likes a good idea. Who could object? We don’t want the aforementioned Nazi drug-dealing child pornographers plotting terrorist acts using the interweb tubes with impunity. No right-thinking citizen could hold another view. But hold on…

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

[From U.S. enables Chinese hacking of Google –]

It’s not that simple, is it? If you create a stable door, then sooner or later you will find yourself bolting it long after the horse has had it’s identity stolen. What I can’t help but wonder about in this context is whether the content actually matters: suppose you can’t read my e-mail, but you can see that a lot of mail addressed to Osama bin Laden is coming from my house? Surely that would be enough to put me under suspicion and trigger some other law enforcement and intelligence activity?

Travel advisory

[Dave Birch] When we think about electronic identity, we tend to think in terms of the identity structures that we are familiar with from the physical world, so we talk about passports and borders. But the current system of passports, visas and border controls doesn’t work terribly well — see the discussions ad infinitum about the recent Dubai death squad’s comedy disguises and simple faked passports — so I’m not sure it’s much of a basis for exploration. Why do I say this? Well, because I’ve been to a few presentations about the various systems involved recently and have been trying to understand some of the dynamics to help our customers develop some longer-term strategies around identity.

One of the problems is that there is so much going on. Start with moving on from SIS. The SIS2 (Schengen Information System 2) will store biometrics to prevent visa fraud. After a three year transitional period, SIS2 must check with the new Visa Information System (VIS). VIS will require fingerprints and these will be matched via AFIS (so that if, say, a Moroccan person applies for visas in both French and German consulates then this will be known). The fingerprints are currently kept for five years. The Central VIS will connect via a new secure network (S-TESTA) to the national VIS systems and these national systems are connected in turn to the national consulates overseas. Are you with me so far?

What’s the point? Well, it’s so that when a non-EU person applies for a visa in Schengen country, the details will be passed up to the central system and then they will be checked when the passport is presented at Schengen border control. The purpose of all this is to defeat a common immigration fraud, which is that a bona-fide Chinese businessman (say) gets a visa to come to a Schengen country, and gives it to someone else. That person enters Schengen and then sends the passport and visa back to China by DHL. The next Chinese person enters Schengen, and then posts it back again… Will SIS2 fix this? Surely the problem will shift to the feeder documents. It’s impossible to imagine that an EU consulate somewhere can accurately verify and validate passports from 196 countries, but let’s put that to one side for a moment. There are plenty of people who think that SIS will end up causing more problems than it is solving.

The number of computers with access to the Schengen Information System has doubled to 500,000 thanks to the extension of the EU.

[From Half a million PCs can access Schengen’s ‘secure’ database • The Register]

Since half a million PCs around Europe can access the system, that means that to all intents and purposes everything on the system is public.

Statewatch, a group that monitors civil liberties in Europe, said it was aware of a case in Belgium where personal information extracted from the system by an official was sold to an organised criminal gang.

[From 500,000 EU computers can access private British data | Technology | The Observer]

There’s another system coming online as well, the Euro Border Surveillance System, or Eurosur. This aims to reduce illegal migrants entering EU by sea, particularly aimed at Mediterranean). Good luck on that one. Spain has had some positive results from using satellite tracking (positive in the sense that the immigrants go to Italy instead) but I’m sure Eurosur will help further.

Then there’s the new e-passport. As has been discussed many times before, the current e-passport is a complement to the physical passport: that’s why it’s a chip inside the passport, not a chip instead of a passport. Almost everywhere you go in the world, the chip is not used, but in the future it may be. There’s security, naturally. The e-passports have Basic Access Control (BAC), which we’ve also discussed before. BAC locks the passport so that you have to physically read the passport MRZ in order to read the data from the chip (this is not strictly true, by the way, because the MRZ data isn’t random, but that’s a detail). Extended Access Control (EAC) is the next step: for one thing, it stops people from cloning the chips. But it adds additional functionality as well so, from 28th June 2009, member states have been required to issue EAC e-passports only.

Back to the difference between the chip and the book. If the e-passport is going to store data that isn’t on the passport (eg, your fingerprints) then these must be encrypted so that they can only be read by authorised authorities. An EAC passport will therefore only give up data to readers that it can authorise through the use of asymmetric cryptography (the reader must present a certificate signed by a recognised authority) and the passport can then encrypt and sign its own data. There’s something called Active Authentication as well, so the e-passport contains a key pair: the secret private key and the not secret public key (which appears in Data Group 14, DG14, in the data).

Unfortunately, shifting to EAC adds complexity because there are now two trust chains: the data trust chain (so that the readers can verify the passport data) and the terminal trust chain (so that the passport can verify the reader data). You can imagine that co-ordinating both of these chains across the globe has turned out to be something of a problem: every reader has to have every valid certificate from every country in it. The Brussels Interoperability Group (BIG) is responsible for harmonising the e-passport specification throughout the EU and has also been responsible for the certificate policies, protection profiles, conformance tests and interoperability tests. At ID World, Bob Carter from IPS said that the most difficult job was trying to work out how to exchange certificates between countries and he is, of course, right. One thing that is not yet in place is the protection profile from readers (a lesson from chip and PIN deployment in the UK: there’s no point having secure chips and wholly insecure readers).

It would be nice to be able to set a date when we might move to a wholly e-passport world, but to get there we have to get rid of visa stickers. There’s a name for this too: ESTA (Electronic System for Travel Authorisation). If this could be achieved, then there is no need to have manned border control, since introducing people into the loop could not improve the system in any way. This is a very appealing prospect to governments, but I think there is a real concern here: if a criminal is able to get a legitimate visa certificates, smart card, e-stamp or whatever else and is never questioned by a human security official, then once they are inside the perimeter they can operate with impunity.

Panic buying

[Dave Birch] For reasons that are uninteresting to discuss, I happened to be involved in a meeting about the UK ID card scheme. Now, to be clear, I am not against ID cards, but I am against this one. I don’t want it scrapped on economic grounds, I want it scrapped because it is the wrong card for the 21st century in a supposedly advanced country.

For those concerned about the implications ID cards would have on our privacy, abandoning the scheme for budgetary reasons alone is not so much winning the argument as putting it on ice.

[From ID cards: there’s more than money to lose | spiked]

One part of the conversation was what might be salvaged from the scheme given the £100 million or so that has been spent on management consultants and the contracts that have already been signed with suppliers. The assumption was, as it was put to me, that since suppliers are much smarter than the government, these contracts would cost a fortune to cancel.

Home secretary Jacqui Smith has revealed that scrapping ID cards would cost £40m in compensation for suppliers. The Tories, who have promised to stop the initiative should they win the next general election, have attacked Smith for engineering a “poison pill” defence of the government’s ID card proposals.

[From Scrapping ID cards would cost £40m – 24 Mar 2009 – Computing]

So given the initial conditions, instead of just wishing away the rather pointless internal passport that has been created at vast expense, is there something else we could do with the systems in place? Let’s not panic and scrap it, wasting even more public money.

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.