Sunday, December 31, 2006

Wishing you all a Happy New Year

This evening, Citizen Andreas will be visiting a reasonably wealthy friend of his in Cambridge.

Citizen Andreas will be enjoying his hospitality and have been guaranteed a prime place on the floor in one of the bedrooms of his rather comfortable abode. Citizen Andreas will not be paying a penny for the privilege.

In the past, Citizen Andreas and his friend have had disagreements on the subject of copyright, he therfore fully expect to be lobbied on the subject.

Citizen Andreas is dreading the Daily Mail headlines in the new year, but would like to wish everyone a happy new year.

citizenandreas [at] slick47 [dot] co [dot] uk

Saturday, December 30, 2006

On Renewal

PragueTory wrote a rather good post on the subject of Renewal of the Labour party. About whether the Labour party has will be able to renew itself and once again capture the hearts and minds of the voters in the way it did in 1997. He suggests that at the moment Brown is very much associated with the status quo, and that if Brown gets to be PM without a fight renewal is an impossiblity and Labour will be launched on the road to electoral defeat. I think he might be right.

I admire Brown, his handling of the economy has been very good (not perfect IMO) but he has presided over years of steady growth in the economy, and left a trail of shadow chanellors in his wake. The problem with Brown I feel is the way that most people view him, the view I get from people is that he is not that likable and not that trustworthy. Brown has his virtues, but they have been very much overshadowed by the more general perception of him as a dour accountant.

What I feel that Gordon will need is a fight, he needs to have his ideas challenged and he needs to reaffirm his passion for his beliefs and he needs to convince the electorate that he is the right person to take the country into the future. A leadership contest is, I feel, the perfect platform for this. The Tory (less said about Lib dems affair the better) leadership contest was a brilliant example of this, as the candidates debated the issues they gained a newfound respect for each other, the whole affair really reinvigorated the Tory party.

While the nature of the Labour party's renewal will have to be different, the electorate will be much more willng to accept a Gordon Brown who has had fight for his position as leader. To that end I would like to see John McDonnell (I would like to see another candidate as well*, but I'm not sure if anyone else will stand) get enough signatures to stand for the leadership, if he gets his signatures, he is far more of a threat since in a leadership contest vote is divided between trade union members, grassroots members and Labour MP's. McDonnell has good support among the grassroots members and is likely to get a good deal of support from the unions. Although I feel Brown would win, I don't think he could afford to be complacent.

*although not Michael Meacher

citizenandreas [at] slick47 [dot] co [dot] uk

Thursday, December 28, 2006

Take away the executive pay...

Top bosses' salaries 'race away' according to the TUC. While us citizens are apparently 6% better off since 2000 when taking inflation into account, top bosses salaries have doubled in the same period.

I'm sure the usual cadre of right wing bloggers will point out that in fact taking x,y or z into account the actual figures are 6.74% for the citizens and that bosses have merely had an 89.7% increase. They'll then no doubt start arguing about restrictions on entepreneurs and how people should be free to earn as much as they like.

I don't believe that British business has become twice as productive in the last 6 years, so how exactly is it justified? This is abuse of power, and in this citizen's opinion the explanation for it lies not in economics but in sociology.

In a large FTSE company, renumeration for a small group of people is not limited by the real world factors, there is no actual market pressure on wages. Executive pay tis judged according to what other executives earn, as this has risen, it has resulted in what seems to be a competition to keep up. It is this pychological competition that hat has driven wages up, rather than any demand for the skills that our executives possess. It is this sociological effect that the government will need to counteract in order to put a lid on exective pay.

citizenandreas [at] slick47 [dot] co [dot] uk

Wednesday, December 27, 2006

Today's word is "Draconian"

After Draco, the Greek scribe who made some really harsh laws, a bit hackneyed in my opinion but a favourite for describing state imposed restriction? My favourite use of the term has to be...

"Repeal of the ban on full automatics -- ownership of which requires some of the most draconian screening procedures on the federal books"

From the site of the Constitution Party's 2004 Presidential Campaign.

On Christmas eve, the Daily Telegraph chose to use the word to describe the potential £1,000 fine that could be levied for failing to inform the NIR of a change of details.

The article is creating a fair deal of alarm about about it, aand is accompanied by an even more disapproving leading article. Perhaps, they should be a little more shocked about fact that another government agency has been getting away with a similarly "draconian" policy for years.

Can anyone tell me how is this dramatically different to the set of fines imposed by the DVLA? The one potential difference I can think of is if there is a charge for doing this. Since forcing people to pay each time they move house, or in the situation of a death or marriage will be quite restrictive (although the charge for making an update will determine how restrictive).

I would hope that this cost has been factored in to the initial cost, I've sumitted a question on the government site about it since it's not something they answer on the site itself. I hope that if there is an associated cost, it is quite small but I'll have to wait to find out.

citizenandreas [at] slick47 [dot] co [dot] uk

Sunday, December 24, 2006

Merry Christmas Citizens

This citizen is signing off for the christmas period, hope you all have a good one.

citizenandreas [at] slick47 [dot] co [dot] uk

Thursday, December 21, 2006

Back on the Subject of ID cards (ish)

The subject of the new UK passport with it's RFID chip has got some people quite worked up. It also encouraged a lot of discussion by security experts. I made the point earlier on that these security vunerabilites would not necessarily apply to the ID card when it was created. In addition to this, I feel that there are a few other myths that need to be addressed.

Initial Points
The first point to make is that the chip on the passport is intended to be read all around the world, the information about how to access the passport has been published by the ICAO. The chip is designed to be readable. So this quote...

“The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a ’secret key’. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.”

...is deeply misleading, it is that way by design (ICAO's design, not the Home Office's). The protections are in place so that anyone attempting to access the chip needs to open and look at the passport to be able to access the information on the chip.

Accessing the Information
Oft confused are the subjects of encryption, access control and digital signing, this is something that needs clarifying. Encryption is the encoding as data in such a way that it can only be read by someone who has the encryption key. At it's simplest:

"Hello World" -> "Ifmmp Xpsme"

Unreadable unless you can work out the pattern used to encrypt the data. The UK passport encrypts it's conversation to the RFID scanner, but the data held on the passport itself is not encrypted the purpose of this security feature is to prevent "conversations" between a chip and a scanner being eavesdropped.

Authentication is a method of obtaining access to a system, a username and password, or simply a password. The passport is protected a simple access control system. What the Guardian article refers to is the authentication system that uses a password based on data contained on the last page of the passport.

Digital signing is a method of ensuring a document is authentic, it is in essense a unique stamp on a document. A digital signature consists of two parts a private and public key. The private key is kept by the issuing authority and used to sign the document, the public key is distributed and can be used to verify a document's authenticity. Any alterations to a document and the digitial signature is invalidated. The UK passport is digitally signed to prevent forgery.

Why All This Matters
The article puts forward the scenario where a postman is able to steal your passport letter, initiate a brite force attack against the RFID chip and return it a day late having stolen the data on the passport. This sounds plausible and would be very hit and miss, passports are not renewed that often so the number of cloneable passports a single postie could obtain would be very low.

Having stolen this data, it may be theoretically possible to clone a passport, but the data on the chip could not be altered in any way due to the digital signature. This would mean that the ID criminals would need to find someone who looked like you to use the passport. It also means that this method could not be used to clone passports for sale on the black market. Additionally, once biometrics were added to the passport, an identity thief would also need to find a method to mimic these biometrics.

And the dangers...
Traditionally, criminals have obtained fake passports by posing as someone else and applying for either a new passport or a replacement passport, using their photos. If we compare the two methods.

Traditional
  • Obtain detailed background doucmentation on a person
  • Send off for a passport application

EPassport Cloning
  • Bribe a postie
  • Research the people in the postman's area
  • Obtain passport letters, brute force attack the RFID chip
  • Construct a replica passport with a cloned ID chip
  • Find someone who looks similar to the passport user to use the passport

Passport cloning is far to difficult a process involving far too much effort for it to be worthwile to ID criminals.

citizenandreas [at] slick47 [dot] co [dot] uk

Monday, December 18, 2006

Protectionism Anyone?

I'm an avid reader of the Guardian's economics correspondent Larry Elliot. I like his hard headed matter of fact kind of tone, in this case on the subject of BAe systems and the Saudis.

There is little point in defending what the government has done, the best I can say is that it's realpolitik in action and that I doubt the Tories or the Lib Dems would have behaved any differently had they been in power.

The point that Larry makes is that blocking the SFO enquiry is essentially protectionism, something that is often considered a bad thing among pretty much universally among the main parties. He then makes the point that since the government sees fit to support arms dealers, perhaps it might consider providing support for less controversial industries.

For me, this is one area where my opinions part ways with those of the Labour leadership. Like Larry, I view portectionism as a potentially useful potential policy option. I'll admit sometimes you can't stand in the way of the market, but I question the current PROTECTIONISM=BAD mantra and put it to people that it's not quite as clear cut as that.

citizenandreas [at] slick47 [dot] co [dot] uk

Sunday, December 17, 2006

The "Shambles" memo

Todays Daily Mail has the wonderful story about a leaked downing street memo. Basically suggesting that labour is slowly losing ground to the Tories. It pulls no punches in allocating the blame for this to Gordon Brown.

The key point in the story of me is the line "The memo, written in the past few weeks", this line heavily buried in the story indicates that the memo itself is a few weeks old. Removing the memo from it's original context makes it hard to really judge why it was originally written.

Curously absent from the news and the blogosphere are:

  • The full text of the memo
  • The confirmed identity of the author (Citizen Dale reckons Phillip Gould, commenters on his blog suggest that he does use the kind of hysterical language found in the memo)
  • When it was written (A few weeks is more than just a tad vague)
  • When it was leaked
  • Who leaked it
Sadly non absent are the shouts of glee from right wing bloggers. Let them shout I say, if a Tory paper publishing some outdated government memo really rocks their boat. Who am I to stand in their way? Let's save our big clunking fists for stories that actually matter.

citizenandreas [at] slick47 [dot] co [dot] uk

Monday, December 11, 2006

Database Usage and the Meta Database

NO2ID mention the idea of a meta database on their site, it seems something appropriate to bring up while discussing how private companies might use services provided by the national identity register. Before going on, i'll try to go over one of the key concepts of the ID card database.

The IRN
In any IT system that keeps track of peoples names and addresses, a common practice is to assign each one a unique number. This ensures that a record can be guaranteed as absolutley unique and be kept track of over it's lifetime in a system.

The IRN (Identity Reference NUmber) is the unique identifier that is assigned to a person when they are first entered on to the system. THe idea being that by performing a Detection of Multiple Identities Check you will be able to ensure that a person is only recorded once on a system and can be told apart from people who may have lived at the same address or have similar names.

Uses and Abuses
In the IT systems of government departments would be able to make use of the IRN to better identify someone. For example, by recording the IRN of a benefit claimant they would be able to check if this IRN is already on the system to see if the person is already claiming benefit. Someone convicted of a child abuse could have their IRN recorded, meaning that by making a background check requiring an ID card you could instantly know if someone was safe to employ.

This cartoon (originally posed by Citizen Dale) demonstrates the potential danger posed by misuse of the IRN. A company could aquire a lot of information based around someones IRN.

For example, companies like Experian currently use a combination of name and address to identify people for credit reference checks. By using the IRN they would be able to keep much better track of people. Marketing companies could potentially consolidate data based around this IRN and know a huge amount about someone (what kind of car you drive, whether you've just had a child, what you tend to buy at the supermarket). If not kept in check, there is a very great danger to people's privacy.

My thoughts
I don't advocate the kind of usage that I've highlighted above, but I dont believe that ID cards will lead to this kind of usage provided it is taken into consideration. I'm not sure exactly what the home office has in mind for making private data available but I would propose the following.

  • No private company should be able to use the NIR to extract data, they may only check data they have been given againt it. (e.g. Rather than being able to ask "this is ID Card number 4612787295, this is their biometric, what are their details?" they can ask "This person claims to be Citizen Andreas of 26 Loyal Citizen street, their ID number is 4612787295 and this is their biometric, are these details correct?")

  • Only a very limited set of companies (I'm mainly thinking banks and financial institutions) should be permitted to make use of the IRN (this would prevent the kind of privacy abuse noted above.



I'm currently in two minds as to whether companies should be allowed to check data they have without a card number and biometric. This would allow marketing companies who send out large mailings to eliminate out of date addresses. I'm open to opinions on the subject.

If these kind of concerns are taken aboard I think it is possible to have an ID card system that addresses many of the legitimate privacy concerns.

Thursday, December 07, 2006

I've not heard this one in a while, but thanks to anyonebutblair for bringing it up.

"We will introduce ID cards including biometric data like fingerprints, backed up by a national register and rolling out initially on a voluntary basis as people renew their passports"

My opinion on this particular argument is that it is a bit of a mess up by whoever wrote this bit of the manifesto. Voluntary in this case meant "it will not be compulsory for everyone to have an ID card initially". Most people I suspect would not interpret to mean this, but I would put it to you that this kind of wording is open to interpretation.

A manifesto is a statement of a party's intent, but I don't think that it's wording should be interpreted in the same way as one might interpret a tightly worded legal document. I'm of the opinion that an ID card scheme will be of maximum benefit when they cover 100% of the population. This delay, I feel would have been one of the first nails in it's coffin.

The issue remains whether the manifesto could be interpreted as misleading the public. On this issue, I would say that anyone who objected to ID cards would simply not have voted Labour and would unlikely have been swayed by the idea that for a short while the scheme would be voluntary.

Common Hacking and Data Theft Tactics, a Spotters Guide #1, Brute Force Attacks

If I were to limit the blog entirely to ID cards it's probably going to get a bit dull, so i'll intersperse it a few posts on computer and data security. I wouldn't count myself as an expert on the subject, but I've written a few authentication systems in my time and know some of the common tactics hackers use.

Brute Force Attacks
I remember an episode of The New Adventures of Superman where when confronted with a password screen superman keeps typing words ant super speed until he gets the right password, this is essentially a brute force attack. An automated computer program fires off login attempts using a dictionary to provide potential passwords.

As an example, assuming it takes about 30,000 attempts to arrive at a password and you can make 5 attempts a second, you should arrive at a password in about over 100 minutes.

Prevention Tactics
Ambiguous Error Messages
In most situations when trying to gain access to a system you need to supply a username and a password. Often the error message will be something in the form of "Your username or password was incorrect" it does not say which is wrong since this could provide additional feedback to a hacker. As in the following example.

Username: johnsmith
Password: aardvark
Your username is incorrect

Username: johnjones
Password: aardvark
Your username is incorrect

Username: johnanderson
Password: aardvark
Your password is incorrect

Username: johnanderson
Password: abacus
Your password is incorrect

Timing
A simple tactic is to pad out the time it takes to make a login attempt, force the computer to wait say 2 seconds before performing the actual check. In the example above this would increase the amount of time to gain access to 16 hours and 20 minutes

Strong Passwords
A common tactic is to make a password a combination of letters and numbers, this drastically increases the number of potential combinations.

Lockouts
Another tactic is to only allow a limited number of access attempts before locking the user out of the system. After 10 failed access attempts to an account the system might disable any further attempts for a period of time (say 3 hours), or until a system administrator is called in to re-enable the account.

Sunday, December 03, 2006

Response to an Earlier comment

In one of my earlier posts, I recieved the following comment, i've repuduced it in italics, with my responses as appropriate.

Every one of us will effectively have to apply to the government for permission to exist, or at least exist in any way which involves using public services. And even if the principle does not trouble you, the practical effect will be to create an entirely new layer of hassle.

As you might guess, the principle really doesn't trouble me. I don't believe the remit of the ID card will extend much beyond what existing documentation does. What hassle is caused would seem to be fairly minor.

The innocent, we are told, have nothing to fear. But the lesson of the Family Tax Credit and Child Support Agency fiascos is that no government computer scheme ever avoided massive inconvenience to the innocent. Those schemes were a fraction of this one's complexity and size. Even if the technology works, what if some bureaucrat enters your data wrongly -- as in the case of the 2700 innocent people falsely accused by the Criminal Records Bureau, many of whom were consequently turned down by universities and employers? If your card is lost, damaged or stolen, how many hours of Greensleeves on the call-centre hotline will it take to replace it?

The government has thousands of computer schemes all over the country, a number of high profile ones have had problems but the complexity of the ID cards scheme is overstated. In terms of size and complexity, it is still well behind a number of private sector systems.

The chances of a bureaucrat entering data incorrectly are low, in a previous job I held in the marketing industry, our data entry pool achieved over 99% accuracy despite the fact that they were aiming for volume over accuracy. Even when mistakes were made, they were generally simply typos rather than incorrect addresses. The entry of data in the case of the ID card scheme will focus heavily on accuracy and is likely to have an extremly low level of mistakes.

When your card is lost, it will take time to replace, granted but I don't believe that it will cause any more problems then with the loss of any other official document.

As for the Criminal records bueau, the 2700 people who were falsly accused were accused because of inaccurate identity data, something the ID card scheme is designed to fix.

In an age when everyone agrees on the need to reduce red tape, ID cards will require an enormous and expensive new bureaucracy, complete with a dozen new crimes and offences for the citizen. Did you know that you will be required to tell (and pay) the police every time you move house -- with a £1000 fine if you forget? Did you know that your friends and neighbours can be forced to give information about you? Do you think the constabulary and courts have better things to do? The justification for all this needs to be very strong, but it is not. ID cards are a solution looking for a problem.

I accept that there will be new crimes and some new bureaucracy, but I will already be fined £1,000 if I fail to do the same with my car's V5 Log Book or my driving licence. This just seems to be the standard fines associated with not keeping ID information up to date. As for the bureaucracy, it's will be judged on the benefits it gives.

In all the years of debate and argument, no one has yet explained how exactly the cards will reduce terrorism or crime. Will muggers be obliged to show you their ID before they hit you over the head? Did Spain's compulsory ID system prevent the Madrid bombings? French and Japanese identity cards do not stop illegal immigration to those countries, nor have Italian ones defeated the Mafia.

The government claimed that 35% of terrorists use false or multiple identities: which means, by my reckoning, that 65% of terrorists use their own identities. They do so because they are not known to the authorities as terrorists, a factor which can only increase. ID cards may be able to reduce the use of false and multiple identity among British citizens; but the vast majority of Islamic terrorists are not British citizens.


I don't want to address thgis in too much detail here, since I've covered it earlier in my blog. ID cards are no panacea for terrorism, but they will be a valulable tool in the identification and detection of terrorists.

ID cards might, it is true, help reduce certain types of fraud. But even by the government's own reckoning, identity-related benefit fraud amounts to no more than £50 million a year; NHS tourism to "a few hundred million"; and all identity-related fraud, public and private sector, to a total of £1.3 billion. An ID card scheme would cost at least £6 billion.

The cost of £5.4 billion is described as the set up and running of the scheme over 5 years. If we factor in £50m from ID fraud, and say £200m from health tourism we're halfway there. If we add the little of the total £1.3bn to the mix we're not far off.

"If you've nothing to hide, you've nothing to fear," the goverment insists -- but why then is it hiding its estimate of the true budget despite the orders of the Freedom of Information Commissioner?

Identity cards may seem popular now -- but the more people learn more about it, the the more resentment will build. Making law-abiding citizens pay £100 to take a day off work and report to the police station to be fingerprinted like common criminals will not be quite the vote-winner that Labour thinks.


I believe the information has been witheld since media scutiny might affect the results of the review. The £100 cost is pricey, but it's not miles above the existing cost of renewing a passport. Being fingerprinted is cause for a little trepidation, personally I think that any police access to these fingerprints will have to be very strictly limited.