Category: Public Sector and NGO

Indian summer

Posted on by 3 Comments
Greyscale backing image
[Dave Birch] The Indian government has ambitious plans to issue a billion Unique Identifiers (UIDs) in the next few years, thus creating a national population register. There were many reasons for this, but one was social inclusion.

The upper and middle classes have many forms of identity but the poor often have none

[From ‘The idea is to be inclusive. The upper and middle classes have many forms of identity but the poor often have none’]

This is something that can get overlooked in the discussion about identity cards. One of the reasons why an identity card of the type conceived by the British government is so uninteresting to people like me is that I already have plenty of other forms of primitive identity documentation (ie, identity documentation that doesn't work online)such as a driving licence. So the marginal benefit of an additional expensive mini-passport is vanishingly small. But if I didn't have something like a driving licence, then how could I prove who I am? This may not matter when my horizon extends no further than my village. But suppose I want to get a mobile phone, or a mobile money account, something that will improve my lot in life significantly? Then the lack of documentation is a real barrier and means exclusion. Yes, of course the security services and law enforcement agencies want an national ID register, but the issue about the relationship between identity and inclusion is genuine, and important.

Lamenting that lack of identity proof often resulted in harassment and denial of services to the poor and marginalised, Prime Minister Manmohan Singh on Wednesday urged all ministries and departments to support the initiative to provide a unique identity number to all Indian citizens in order to improve the delivery mechanism of the government’s pro-poor schemes and programmes.

[From Back UID scheme for sake of poor: PM to ministries]

A great deal of government help targeted at the poor never reaches the intended recipients.

, , ,

Continue reading “Indian summer”

What a cunning stunt

Posted on by 1 Comment
Greyscale backing image
[Dave Birch] I am, very literally, green with envy. I count myself as a reasonably good speaker, and I try to use narrative and historical examples to explain key principles. But nothing beats a good demo, and I saw an excellent one today, one that I wish I’d thought of!

At the Intellect conference on Identity & Information in London today, Edgar Whitely from the LSE gave a terrific presentation. He was pointing out that the principle of data minimisation in identity systems is important, but he did it in a particularly arresting way.

Here’s what he did.

He showed this recent newspaper photograph of the British Home Secretary, Alan Johnson, showing off his new ID card and holding it up to the camera. This version comes from The Guardian

Alan Johnson reveals the design of the British national identity card. Photograph: Stefan Rousseau/PA

As you can see in the picture, for reasons that will be not fully explained in a moment, the UK ID card has the holder’s full name, date of birth and place of birth on it. These three data points are sufficient to uniquely identify the overwhelming majority of the population. So Edgar went to the Identity & Passport Service birth certificate ordering service and put in the details from the Home Secretary’s card. He then paid his £10 and… with a suitably theatrical flourish, Edgar produced the copy of the Home Secretary’s birth certificate that he had been sent in the post. Note that Edgar hadn’t done anything wrong. As James Hall, the head of IPS who was on the same panel, pointed out, in the UK anyone can order a copy of anyone’s birth certificate. He said that if you are a celebrity then hundreds of people will order copies of your birth certificate every year, which had never occurred to me. I’m sure James is right, but it does seem a little odd that people who want to commit identity theft will simply have to look at their mark’s ID card to get started.

Edgar hadn’t used the birth certificate to open a bank account or get a driving licence or anything, he was just making the point that if we don’t adopt the right principles (eg, data minimisation) for identity systems, then we run the risk of making identity theft worse. It was a great presentation and a super stunt. Well done.

Anyone familiar with my deranged rantings about psychic ID (ie, virtually nobody) will be familiar with the general point: a characteristic of a 21st-century ID scheme is that it should only give up information necessary to enable a transactions, nothing more or less. So, if you are authorised to ask my ID card whether I am over 18 or not, that’s all it should tell you. Not my name, not my address, not my age or date of birth. Just whether I am over 18 or not and that’s it.

The current ID card scheme does not have this key characteristic, not for any functional reason but because the ID card and passport were jumbled up for a political purpose — the purpose being, as far as I know, to make it harder for an incoming administration to scrap the scheme — that constrains the design and implementation. Since the government wants the ID card to be used as a travel document within in the EU, it has to have certain human-readable information on it. That’s why it gives away the key data points that make it tempting for criminals to kick-start their identity theft antics.

Continue reading “What a cunning stunt”

Another model that the UK could try

Posted on by 1 Comment
Greyscale backing image
[Dave Birch] I’m going provide a case study on the use of multi-application smart cards with EMV “chip and PIN” software on them that I think contains some useful nuggets for us in the UK to ponder over, because the case study is about combining payment (EMV) and digital signature (PKI) applications on the same card.

Identity folks will have to understand a little about the payment folks’ EMV standard to understand the dynamics. There are actually three flavours of EMV, the international card scheme standard for chip transactions. These are Static Data Authentication (SDA), Dynamic Data Authentication (DDA) and Combined Data and Application Cryptogram (CDA). Most of the cards out on the streets in the UK are SDA cards without enciphered PIN (the PIN is not encrypted from the PIN pad into the card).

SDA cards are cheapest, which is why our banks issue them, but they can be cloned and used in terminals that are offline, so they are a security risk. DDA cards are not vulnerable in this way, but they are more expensive, both because the cards are more sophisticated — they have a cryptographic co-processor to handle asymmetric cryptography and take longer to “personalise” — but UK banks will have to replace SDA with DDA by end of 2010 (indeed, Consult Hyperion work with banks to help them to migrate in a cost-effective way). CDA cards cost the same as DDA, but still need to be planned for.

For technical reasons, CDA cards are more secure than DDA cards. Why? Because CDA protects against the “wedge attack”. It is possible to insert a device that would let a genuine DDA card generate a legitimate digital signature but then intercept the request for an application cryptogram and return a bogus one for a different amount to the terminal. The terminal would carry on regardless. This is not possible with CDA since both the DDA signature and cryptogram are delivered by the card at the same time.

OK, so all this is well-known, but why does it matter to the digital ID world? Well, if a bank goes to the expense of issuing DDA or CDA cards, then the presence of re-usable cryptographic software and the cryptographic co-processor mean that it is a minimum of cost and complexity for the card to carry an additional PKI application as well as the EMV application. Almost all of the PKI application’s “guts” are already on the card because they are used by the EMV application. What’s more, the card can generate its own key pairs (which is very good for security) and then, provided you have the infrastructure, third parties can sign the card’s public key(s) to create a wide variety of public key certificates to deliver interesting services. The card can store these certificates if it has enough memory or store pointers to the certificates online somewhere if it doesn’t.

Here’s a real example.

Continue reading “Another model that the UK could try”

Isn’t this stuff serious?

Posted on by 1 Comment
Greyscale backing image
[Dave Birch] OK, so I’m in a tiny minority but I think that security and privacy are important. I think that the state of security and privacy in the digital world demand a proper strategy, of which some form of digital identity infrastructure is a critical part. That’s why I’m always glad to see the government appointing people to tackle the difficult issues around the technology infrastructure that our future depends on. When I was googling something else, I discovered that Paul Murphy is Britain’s “Minister for Digital Inclusion”. This is a real post, not something I made up for the blog. In addition to pottering about at UK online centres (of which there are 6,000 in the U.K.!) his brief includes “data security and information assurance”. Imagine my surprise, then, when I read that:

Paul Murphy states that he is “not a technical person”.

[From Minister for Digital Inclusion gets Strategic – Convergence Conversation]

Shouldn’t we get someone who is?

Continue reading “Isn’t this stuff serious?”

Time for a National Privacy Card scheme

Posted on by Leave a comment
Greyscale backing image
[Dave Birch] There was a bit of media attention around the recent report on government databases from the Joseph Rowntree Foundation (the authors include Forum friends William Heath and Angela Sasse) but I’m not sure that the government was listening. The report was quite strong on the extent of the problem within government:

A quarter of all government databases are illegal and should be scrapped or redesigned, according to a report.

[From BBC NEWS | UK | Call to scrap ‘illegal databases’]

The way to protect personal data most effectively, particularly in large organisations such as the government, is not to store it in the first place. This may seem unworldly. After all, I want Tesco to provide me with a good service, so why shouldn’t I give up some of my personal data in order to get it? Setting aside the issue of whether what I bought in Tesco yesterday is “my” data or not, I am perfectly happy to have, and wield, my Tesco Clubcard. After all, it’s not in my real name and Tesco never ask me for data I don’t want to give them, so I’m more than happy for them to record what I buy. And, to their credit, I can say with hand on heart that I have never once received junk mail, spam or unsolicited phone calls for the imaginary alter-ego who shares my home, from which I deduce that Tesco have kept to their side of the bargain and not disclosed “my” data to a third party. So why am I concerned about the government having big databases of stuff about me?

Continue reading “Time for a National Privacy Card scheme”

How do these ideas make it through to implementation?

Posted on by Leave a comment
Greyscale backing image
[Dave Birch] In the US, there is something called the Enhanced Drivers Licence (EDL) which is used not primarily as a means to demonstrate someone's entitlement to drive a motor vehicle but as a proxy identity card.

The Smart Card Alliance says it recommends an immediate review of the decision to use EPC Gen 2 RFID technology in US travel documents. “The Alliance is prepared to endorse the correct use of any technology that provides adequate protection of privacy and identity information. However, as the US Passport Card and EDL programmes were being defined, the Smart Card Alliance went on record advising against using an insecure EPC Gen 2 RFID solution that puts the privacy and security of US citizens’ personal information at risk.”

[From Security Document World – Biometrics, Passports, ID Cards and Visas]

Who cares? After all, what does it matter if a fraudster gets hold of your driving licence details. All they can look up is whether you have a licence or not, right?

Still, victims-rights and privacy advocates remain concerned about one important Real ID requirement, which dictates that state DMVs interlink their databases and make all their drivers' records and identity documents available. The final rule says that both an individual's "full legal name" and "true address" must be stored in the DMV database, regardless of what's displayed on the card and encoded on its bar code. It also requires that motor vehicle departments scan and store "source documents," such as birth certificates, to verify a driver's license applicant's identity.

[From Real ID worries domestic violence groups | Tech news blog – CNET News.com]

Hhhmmmm. There may be some interacting unexpected consequences around the collision between identity and entitlement here. This is what happens when you jumble together entirely different concepts under the banner of "common sense".

Continue reading “How do these ideas make it through to implementation?”

No digital identity, no digital Britain

Posted on by 1 Comment
Greyscale backing image
[Dave Birch] I haven't had time to read the Carter report on Digital Britain yet, but I will try and catch up with it sometime soon. I've had a quick look at a few bullet points and not seen anything particularly interesting. There's been plenty of comment from sources that I pay attention too, though.

The long awaited (and somewhat delayed) Digital Britain interim report has been released, and, like the Gowers Report on intellectual property before it, this one seems way too "balanced" for its own good… For example, it says that the country should have universal broadband (of at least 2 Mbps), but doesn't explain how. It just offers up some vague statements about hoping that private sector ISPs reach that goal, and urging the BBC to promote the wonders of broadband to those who haven't signed up yet… The same sort of vague uselessness is found in the part on copyright and file sharing.

[From Digital Britain Report: Blank Promises, Vague Statements And Everything Is Hedged… | Techdirt]

It's hard for the people putting these sorts of reports together to take any real stance on issues, I'm sure, because they have to obtain some consensus. But perhaps some more real vision is needed at times like these, and that necessarily will mean that some sectors of industry will have to accept change. Because our customers are more interested in the transactional side of things, I'm always looking to see how the plans of the great and good will stimulate new business and what the impact on industry might be. Unfortunately, the early comments that I've been reading are not promising: apparently, one of Carter's suggestions is to impose a tax on broadband access and give the money to industries that have failed to adopt new business models in response to technological change. At first, I assumed he must be talking about sheep farmers, because the law dating back to 1572 requiring everyone to wear wool hats on Sunday isn't being properly enforced any more, but it turns out that he was talking about pop stars and record companies.

Carter appears to ask traditional industries to look to new business models, but offer them a subsidy at everyone else's expense if they can't find any. What's more, the voice of those industries is given disproportionate weight. Now, while it is generally true that at the dawn of new businesses this must always be true — since the new businesses that might grow up around broadband don't yet have a voice to be heard — that's no reason no to extend the range of voices to be heard. As the Open Rights Group say,

We are looking at the report in detail, but we are extremely concerned that the voice of consumers and citizens is being marginalised.

[From The Open Rights Group : Blog Archive » Digital Britain: leaving consumers out of the picture]

Indeed. Not only will citizens be marginalised, they will also be penalised.

Under the proposed scheme, the government would legislate a "Code on unlawful file-sharing" that ISPs would have to follow.

[From "Digital Britain" to legislate graduated response for ISPs – Ars Technica]

Why telephone companies aren't required to follow a "Code on unlawful bank robbery" that requires them to monitor telephone conversations and report the planning of bank robberies to the police, I don't know, but what I do know is that fining kids and kicking their parents off the Internet is not the way to build a healthy and prosperous 21st century business.

Continue reading “No digital identity, no digital Britain”

Vote “no” to yesterday’s technology

Posted on by Leave a comment
Greyscale backing image
[Dave Birch] The recent Pew report on the Future of the Internet makes the same point that I have been droning on about for ages. Looking at PCs and the web doesn’t tell you anything about the future, because the future is mobile.

“Clearly, in the long run, mobile wins,” says Consult Hyperion’s Birch. “For most people, in most of the world, most of the time, the mobile phone is the most important device.”

[From FST]

Now, in some advanced countries, it is seen as natural to being to transfer applications that hinge on identity over to the most personal interweb interface, the mobile phone. An interesting case study is Estonia. We’ve looked before at Estonia’s use of new technology and they are back at the forefront this month:

Lawmakers approved a measure Thursday allowing citizens to vote by mobile phone in the next parliamentary elections in 2011… The mobile-voting system, which has already been tested, requires that voters obtain free, authorized chips for their phones, said Raul Kaidro, spokesman of the SK Certification Center, which issues personal ID cards in Estonia.

[From Estonia to vote by mobile phone in 2011 – International Herald Tribune]

This is a similar architecture to that being deployed in Turkey, where the key pair at the heart of scheme is stored in the SIM and the on-board application uses it for digital signatures.

Continue reading “Vote “no” to yesterday’s technology”

Personal development

Posted on by Leave a comment
Greyscale backing image
[Dave Birch] I was given a useful insight into a different perspective on identity, the developing countries perspective, when I spoke on a panel at the Chatham House conference on Technology and Development. I’d actually been invited along because I know about mobile payments and mobile banking in developing countries, not because I particularly know anything about NGOs, foreign aid or so on, but it gave me the opportunity to sit in on some discussions that I wouldn’t otherwise have heard. For example, one of the audience asked a question about the deployment of mobile phones in the development world, a question that would never have occurred to me. The question was about security and privacy, and I won’t violate Chatham House rules by giving away an identifying information, suffice to say that the core of the question was about the use of mobile phone data, mobile phone location information, call records and billing information. In some countries, where you are and who you call is dangerous information that can have disastrous consequences.

Continue reading “Personal development”

Codpiece

Posted on by Leave a comment
Greyscale backing image
[Dave Birch] Now that Britain has declared the nation of Iceland to be part of the axis of evil…

The freezing order against Landsbanki, which owns failed internet bank Icesave, was issued under the 2001 Anti-Terrorism, Crime and Security Act.

[From Iceland bank freeze ‘used anti-terror laws’ – politics.co.uk]

…a new Cod War may be just around the corner. Hence it is diverting to remember the previous cod wars and the key contribution of the Icelandic people to the story of cryptography. Implausible as it may sound, I have in front of me a splendid book by Mark Kurlansky called “Cod: Biography of the fish that changed the world“. Within its pages it a lovely story of the neverending struggle between security and new technology.

The Anglo-Danish Convention of 1901 gave the British permission to fish up to three miles from the coast of Iceland, a state of affairs that the volcanic colony was most unhappy about. By the late 1920s, the Icelandic Coast Guard had started to arrest British (and German) trawlers found within its (as it saw) territorial waters. From 1928, the British trawlers were equipped with radio and started passing coded messages between themselves to alert each other when Coast Guard vessels were in and out of harbour. “Grandmother is well” meant that the Coast Guard were in port, for example. In an early example of governments attempting to legislate new technology, the plucky Icelanders made it illegal send to coded wireless messages. This had no impact whatsoever, of course: British seafood companies simply devised new code systems for the trawlers to use. Think about it: how on Earth would an Icelandic wireless operator know whether “Tottenham Hotspur are the pride of North London” was a coded message or gibberish? Then came World War II. Iceland got independence from Denmark in 1944, but more importantly the British trawlers were requisitioned for the war effort, so Iceland found itself with the only fishing fleet in Northern Europe and Britain’s “sole” supplier (tee hee).

Things were quiet for a while, until the First Cod War in 1958 when the might of the Royal Navy (which was recently told not to arrest Somali pirates in case they claim asylum) was deployed against the Icelanders. Then, in 1972, the Cod War started. Iceland extended its territorial waters to 50 miles and the British once again sent the fleet. But in the intervening period, the Icelanders had developed and deployed a secret weapon (literally: it was a closely-guarded secret until first use). The Icelandic Navy could never outgun the British Navy (and in any case didn’t want to actually shoot at us) so they assembled a fiendish weapon: a net cutter. When they found a British trawler, they would sail behind dragging a net cutter and the trawlers net (worth a lot of money) would head for Davy Jones locker while the fish made for the underwater hills. Things did turn nasty — with ships getting rammed and live shells being fired, the Icelandic government refused to allow injured British seamen treatment — until eventually NATO made Britain back down.

Continue reading “Codpiece”

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.