It Was Always Our Plan to Make Mistakes
A subtlety that I failed to hear about regarding the recently leaked Home Office strategy document outlining the latest push back of the shambling National Identity Register was the plan to insist that students must provide National ID Cards in order to apply for student loans and student bank accounts. As there will be no other reason to have a National ID Card (except maybe to allay fears of subliminal threats, eh, Blunkett?) this will potentially become a £93+ surcharge on attempting to pay for your education. It is also an absolutely transparent attempt to bring the scheme in through the back door. There is very little fraud to be had from setting up a student bank account, and none specific to student bank accounts. Furthermore the level of proof of identity required for getting a student loan is the same as it would be to get a National ID Card, so there is no added level of security for anyone in insisting on a National ID Card. Ah well. The chips on the ten-year NIR cards have a three-year warranty, which is the length of most degrees, so that's some small comfort.
The other measures laid out in the document are equally devoid of benefit. 2010 will see not only the introduction of further financial burdens on students, but the rolling out of cards to government workers who are in contact with the vulnerable. Leaving aside recent embarrassments such as the thousands of people not entitled to work in the UK who were cleared for security work by the Home Office, we are left with the question of who will benefit from this measure. Again the answer is no-one. The idea is that, before granny lets in the stranger claiming to be from Meals on Wheels, she will ask to see the stranger's National ID Card. Bereft of an external door fitted with a chip and PIN, fingerprint or iris scanner, all she will have to go on is the card itself. Cosmetic counterfeit cards are likely to hit the streets within months of the National ID Cards being rolled out, especially if they are to be required by resident foreign nationals (see Japan for details). In fact, whatever "anti-counterfeit" measures that are put in place are less important to duplicate if the card is to convince someone in a vulnerable position - Granny won't be able to read the tiny tiny writing, the kid down the road with Downs Syndrome won't necessarily understand about the threaded gold, or the watermark overlaying the photograph. But you can bet that they both have been told about the cards, that they both know to treat cardholders with a greater degree of trust than they would someone who had just wandered in off the street.
These measures are, of course, to get us used to the idea of the cards, of seeing them around the place. Openly, one of the reasons for rolling out the cards to foreign nationals is to see if the captured data on the foreign nationals goes walk about, which is hardly reassuring. It's a rare bit of open cyncicism, though, to pilot the scheme on people who don't have a vote. And the trouble with piloting it is that most of the issues we have with the registry are matters of scale, with many of the processing issues and issues of false positive and negative identification, are exponential.
Further worrying developments are that, subsequent to the rather wise hushing up of the iris recognition biometric (which is less likely to work correctly if you have brown eyes (you know, like the eyes that black people have) (you know, black people that are more likely to be stopped by police, more likely to be scuritinised by immigration officials...)) (and whereas you might say that the reason the iris recognition has been given a lower profile lately has something to do with the airport piloting of the technology, or the fact that the patent holder somehow found himself on the feasibility focus group tasked with deciding whether or not iris recognition was a feasible technology to use for the NIR scheme, I couldn't possibly comment) the fingerprint recognition has become more important. Which would be fine if that were harder to fool. As it happens, it is perfectly easy to take someone's fingerprint, say from a glass or a piece of paper, and construct a fake fingertip from jelly. As Dr Ben Goldacre pointed out in his Bad Science column, this is akin, then, to writing your PIN on every surface you ever come into contact with. Secure?
But wait! That's not all! Fingerprint data consists of quite a crude map, rather than the swirls we're all familiar with. This doesn't lose much in the way of accuracy, but allows computers to quickly match two prints of (hopefully) the same finger. It transpires that not only can you reproduce a fingertip from a fingerprint, it is now possible to take the "map" and construct a matching fingertip from that too! This, the Home Office will no doubt tell us, matters not, because it will be impossible for criminals to get the information off of the card in the first place. But the Home Office also said that about the passports; two hours and a brute force attack later, and the passport opened up its secrets.
The other measures laid out in the document are equally devoid of benefit. 2010 will see not only the introduction of further financial burdens on students, but the rolling out of cards to government workers who are in contact with the vulnerable. Leaving aside recent embarrassments such as the thousands of people not entitled to work in the UK who were cleared for security work by the Home Office, we are left with the question of who will benefit from this measure. Again the answer is no-one. The idea is that, before granny lets in the stranger claiming to be from Meals on Wheels, she will ask to see the stranger's National ID Card. Bereft of an external door fitted with a chip and PIN, fingerprint or iris scanner, all she will have to go on is the card itself. Cosmetic counterfeit cards are likely to hit the streets within months of the National ID Cards being rolled out, especially if they are to be required by resident foreign nationals (see Japan for details). In fact, whatever "anti-counterfeit" measures that are put in place are less important to duplicate if the card is to convince someone in a vulnerable position - Granny won't be able to read the tiny tiny writing, the kid down the road with Downs Syndrome won't necessarily understand about the threaded gold, or the watermark overlaying the photograph. But you can bet that they both have been told about the cards, that they both know to treat cardholders with a greater degree of trust than they would someone who had just wandered in off the street.
These measures are, of course, to get us used to the idea of the cards, of seeing them around the place. Openly, one of the reasons for rolling out the cards to foreign nationals is to see if the captured data on the foreign nationals goes walk about, which is hardly reassuring. It's a rare bit of open cyncicism, though, to pilot the scheme on people who don't have a vote. And the trouble with piloting it is that most of the issues we have with the registry are matters of scale, with many of the processing issues and issues of false positive and negative identification, are exponential.
Further worrying developments are that, subsequent to the rather wise hushing up of the iris recognition biometric (which is less likely to work correctly if you have brown eyes (you know, like the eyes that black people have) (you know, black people that are more likely to be stopped by police, more likely to be scuritinised by immigration officials...)) (and whereas you might say that the reason the iris recognition has been given a lower profile lately has something to do with the airport piloting of the technology, or the fact that the patent holder somehow found himself on the feasibility focus group tasked with deciding whether or not iris recognition was a feasible technology to use for the NIR scheme, I couldn't possibly comment) the fingerprint recognition has become more important. Which would be fine if that were harder to fool. As it happens, it is perfectly easy to take someone's fingerprint, say from a glass or a piece of paper, and construct a fake fingertip from jelly. As Dr Ben Goldacre pointed out in his Bad Science column, this is akin, then, to writing your PIN on every surface you ever come into contact with. Secure?
But wait! That's not all! Fingerprint data consists of quite a crude map, rather than the swirls we're all familiar with. This doesn't lose much in the way of accuracy, but allows computers to quickly match two prints of (hopefully) the same finger. It transpires that not only can you reproduce a fingertip from a fingerprint, it is now possible to take the "map" and construct a matching fingertip from that too! This, the Home Office will no doubt tell us, matters not, because it will be impossible for criminals to get the information off of the card in the first place. But the Home Office also said that about the passports; two hours and a brute force attack later, and the passport opened up its secrets.
Labels: National ID Card Scheme, National Identity Register, Politics
posted by Hamilton's Brain | 10:35 am
0 Comments:
Post a Comment
<< Home