Entry tags:
That massive HMRC leak of data
This is a classic example of a story the reporting of which is itself the problem. The data has been lost; with reasonably high probability it's been lost to people unable to do anything with it, in which case nothing has actually happened. If it is lost to people able to do things with it, it increases the background risk of identity theft, but there is nothing whatsoever that any given individual can do given this information - it's even less useful than the 'avian flu exists; refrain from handling dead wild birds if at all possible' news items of the start of the year. The useful mitigation has to be done at the level of large-scale identity users, essentially the banks.
But the information has been presented in a way that clearly has worried people; and to worry twenty-five million people about something which ought to be giving sleepless nights to two dozen teams in the back offices of major banks doesn't seem a publicly valuable act ... raising blood-pressures by on average one quarter-micron of mercury will statistically cause some number of heart attacks, which will statistically cause some number of deaths that would be considered front-page, questions-in-the-House bad news if caused by men with knives.
I'm not sure this particular large data-leak can't be spun as a strong argument for ID cards. It means that it can be argued that bad-guys-unspecified have the NI numbers, dates of birth and bank information for near enough everybody, at which point any organisation prepared to let somebody do something to my detriment given only my NI number, date of birth and bank information is presumptively negligent.
I don't think this troubles me too much - I am fairly happy to open bank accounts by appearing in person with a cheque, a passport and a gas bill - but it's clearly troublesome for people for whom getting to the bank is hard, or for whom the cost of getting a passport is significant.
There's certainly an argument that I can imagine being made, of the shape 'previous proof-of-identity systems which we believed adequate are compromised; requiring time-consuming authentication processes from everybody is expensive; what we need to do is to move to some other method of authentication, for example these beautiful high-tech public-key-authentication-on-secure-processor ID-cards what the selfless people at EDS have prepared for us'.
But the information has been presented in a way that clearly has worried people; and to worry twenty-five million people about something which ought to be giving sleepless nights to two dozen teams in the back offices of major banks doesn't seem a publicly valuable act ... raising blood-pressures by on average one quarter-micron of mercury will statistically cause some number of heart attacks, which will statistically cause some number of deaths that would be considered front-page, questions-in-the-House bad news if caused by men with knives.
I'm not sure this particular large data-leak can't be spun as a strong argument for ID cards. It means that it can be argued that bad-guys-unspecified have the NI numbers, dates of birth and bank information for near enough everybody, at which point any organisation prepared to let somebody do something to my detriment given only my NI number, date of birth and bank information is presumptively negligent.
I don't think this troubles me too much - I am fairly happy to open bank accounts by appearing in person with a cheque, a passport and a gas bill - but it's clearly troublesome for people for whom getting to the bank is hard, or for whom the cost of getting a passport is significant.
There's certainly an argument that I can imagine being made, of the shape 'previous proof-of-identity systems which we believed adequate are compromised; requiring time-consuming authentication processes from everybody is expensive; what we need to do is to move to some other method of authentication, for example these beautiful high-tech public-key-authentication-on-secure-processor ID-cards what the selfless people at EDS have prepared for us'.
no subject
Assuming that biometric technology is good enough, we could have (at vast expense) a system whereby everybody is authenticated by biometrics. The known issues with biometric security will come to the fore, and once biometrics become more commonly faked, loss of biometric data which can't be altered will be a large problem. However, we can only authenticate biometric identities in person, so we'd have to do away with phone / Internet / postal banking and purchases.
I agree entirely that it needs to be harder to do bad things with personal information like NI numbers; unfortunately it's a fairly hard problem in practice (Schneier has a few good things to say on the issue). Until that's the case however, I'm going to continue to campaign against large-scale databases which will only make these leaks bigger, more frequent and more damaging.
no subject
You need a bit of intelligence, of the wolverine-on-PCP paranoid kind, in the chip on the ID-card, but since the current claim is that ID cards will cost twice as much as an iPod Shuffle, a few megabytes of flash memory and an ARM7 core could easily be put on the card, and a Bunnie Huang or Marcus Kuhn would happily for a few hundred thousand dollars design you a security system that they couldn't break.
You could get the little boxes made by Inventec in Taiwan for about thirty pounds now.
no subject
You're talking about 30 quid for every household computer in the country, plus those at libraries etc., to install these. It's a drop in the ocean compared to the National Identity Register (but the cost of setting up that scheme, dragging people in for interviews etc. still has to be met). Still, compared to the £450m cost of card fraud, it's quite a lot.
And it only protects against problems where people are misrepresenting their identity, rather than their circumstances. I don't have figures to hand, but that seems to be the minority (this is almost certainly covered in the DWP investigation into ID cards which the Government is currently being sued to publish).
(this all being said, I would really like to see some kind of centrally-designed, locally-managed PKI-infrastructure-type biometric ID, without some big database behind it)