22 November 2007

Bad Times for Labour & English Football.

Both Gordon Brown and Steve McClaren are suffering from the same syndrome...
- unsurprising cowardice in the face of enormous unreasonable pressure. The civil servant responsible for 'discgate' and Scott Carson's nervy performance (rabbit in headlights) both signify an underlying problem with our country.

When Joe Cole refused to defend McClaren on Tuesday when asked if he would like McClaren to continue in the job, I sensed the game was up. It was clear that McClaren had not got the confidence of his players.

I don't think sacking McClaren is going to address the underlying problem with English football and I don't think sacking one person will change a culture of negligence at work. That is not to say that both shouldn't be sacked, just that it won't make any difference.

I have heard that England, don't have the quality players, that money has reduced players' incentives and passion, that Croatia are too good. There are three simple answers to these - (i) England have more top league players than Croatia (ii) Croatian players earn similar vast sums (iii) Croatia lost to Macedonia on Saturday. So I don't think we can say the poor quality of our players or high wages were the problem.

Before the game, I thought McClaren was right to start with Scott Carson in place of Robinson and also start Wright-Phillips. Although I wouldn't have played Lampard, it did sort of make sense to play him alongside Gerrard with Barry playing the holding role. In hindsight Carson looks a mistake, but who knows what mistakes Robinson (who must be so thankful he was dropped) or James would have made in the conditions. So all in all, although McClaren could have made the changes earlier, when DeFoe and Beckham came on it did get us back to 2-2, so it is hard to say what McClaren could have done differently. More indicative of the poor state of English football was the terrible condition of the pitch - which was totally inexcusable. It was not a good advert for our World Cup bid. The underlying problem is, the fear that the English players displayed in the knowledge of an idiotically impatient populace fed by an idiotic media. The best teams need time and stability - something our national side is never going to get.

The government losing 25m people's data is ironically likely to boost the case for ID cards (as it happens I doubt a single person will be defrauded because of this loss). Millions of call centre workers and employees have access to these details and people lose this sort of data every day - that should not be the problem. The problem is that this sort of data is useful. We have to make it more difficult for people to commit fraud. Although I reject the government's current scheme, some sort of ID scheme using biometrics has got to be the answer in the future.

Gordon Brown (and Steve McClaren) have got to start showing some courage and allowing people to take risks. This means that mistakes will happen and although we have to minimalise these - we shouldn't react hysterically to every mistake. Making mistakes is sometimes how we make the quickest progress. Apparently Gordon Brown was persuaded not to go the England game today because the Sun said he has been 'bad luck'. This is a perfect example - Brown should have turned around and made a big point about how this superstitious nonsense will make no difference to how the England team will perform. Instead he took the safe option in fear of being ridiculously blamed for the result. Absolutely pathetic. This is his (and our) problem. We need to be stood up to. Ultimately we will respect leaders that do that.

51 comments:

  1. "We have to make it more difficult for people to commit fraud. Although I reject the government's current scheme, some sort of ID scheme using biometrics has got to be the answer in the future."

    One does not logically follow the other and any government scheme involving a massive IT project can and will go wrong. The reason that people object to ID cards is not some childish contrariness but because it changes our relationship with the state for the worse.

    "Millions of call centre workers and employees have access to these details and people lose this sort of data every day - that should not be the problem."

    That is the problem. You think, having admitted the above, that ID cards are a sensible move? Have you been measured for the long sleeved white canvas blazer recently?

    Finally re the OEGK. I don't think he should go to England games until he can bring himself to say the word.

    ReplyDelete
  2. Falco, my understanding is that, if all a fraudster needs is a few details like name, address, bank sort and account number, NI number and they can obtain loans etc in your name. It says to me that the system is wrong. Surely this info should not be enough? When I see supermarkets in Germany where customers pay with their fingerprints (and this makes it more secure for both) I think surely we can make it a bit harder for the fraudster and biometrics seem ideal for this task. The biometric pin seems a good idea.

    ReplyDelete
  3. Firstly the scheme you refer to is a voluntary one run by a private company. Extend this further to cash machines for instance and you would have a rather high incidence of the digitally impaired.

    More importantly, If the sort of information that has leaked out recently can get out so can the biometric data. Then you're really fucked because anything based on it will be considered very reliable. It won't be but it will be thought of that way.

    Even more depressing is the inevitability of such a register being used for other purposes. How long after everyone's finger prints are on file do you think the police will have the power to search it?

    I may be being unfair but please do not come back with "Those who have done no wrong etc.." This is something that we should fear and resist.

    By the way, whenever I leave a comment I have to put the verifyer in twice. Is this intentional or am I being a muppet? (Yes I check that it is spelt correctly)

    ReplyDelete
  4. Falco, Of course we have to be aware that someone could copy someone's fingerprints (although I think it unlikely and certainly a lot more difficult to perform than getting hold of other data, nobody should assume it can't be done). I think the biometric pin gets around that problem though - this is where you have to enter different fingers in a specific order. Of course, no system will ever be perfect - it is just about making things as difficult as possible for the crook. Chip and pin for instance has been a big success.

    You have to think the government are malicious to think that sharing this info with them is a problem - it is not. When you are poor, homeless, ill etc. for all their faults, I know the government is the best hope. That is why I would trust the government with my name and address and fingerprints etc. These are trivial pieces of info - I really don't see how it would be a problem.

    By the way, the verifier is a problem, don't know why. If I have taken longer than about 5 mins to write the comment, I have to put the code in twice as well.

    ReplyDelete
  5. I realise that I was not being unfair:

    "You have to think the government are malicious to think that sharing this info with them is a problem - it is not."

    Even if, (and by god it's an if), the current administration is not malicious, giving more power to government now, allows future more malicious governments to use it.

    Why should you, I or anyone who has not been convicted of a crime entrust their fingerprints or DNA to the government? Even if you have an entirely benign administration they will screw such a database up because it is too large to be competently handled at present. Nor is it possible to have no malicious elements in a government.

    How many times does the endemic incompetence of big government have to be demonstrated to you before you realise that yet more governmental powers are not our "best hope". We need some government but as it does not do things very well or efficiently we should limit its powers to those it must rather than could have.

    ReplyDelete
  6. The government losing 25m people's data is ironically likely to boost the case for ID cards

    No.

    I invite you to take a look at any blog or web forum, newspaper letters page etc etc - you will see that many people have drawn the obvious conclusion from this sorry affair - that the government cannot, and should not be entrusted with your personal data, let alone the "crown jewels" of biometric identification which you and the politicians talk about with any understanding of what it is or how it works.

    Only in the minds of delusional control freaks and crazy civil servants could this total incompetance be seen as a good reason for us to hand over more cash and more data so the politicians and civil servants can be even more fucking useless with it.

    ReplyDelete
  7. You have to think the government are malicious to think that sharing this info with them is a problem No you don't - you just have to look at what bunch of fucking useless incompetents they are, and imagine that the Tories and Liberals wouldn't be any better. If this is the best any government can manage with our data, then we don't need a malicious one - just a totally crap and incompetent one - which is exactly what we've got.

    ReplyDelete
  8. Falco, my understanding is that, if all a fraudster needs is a few details like name, address, bank sort and account number, NI number and they can obtain loans etc in your name. It says to me that the system is wrong. Surely this info should not be enough?

    You are wrong about that, but not to worry, assuming you can.

    OK - talk to the banks, talk to the Police , but don't spend billions on a scheme that WONT STOP FRAUD at all. You are looking in the wrong place for the solution. IF it was really that prevalent and that easy, it amazes me that you haven't had your identity stolen - maybe no-one wants it.

    ReplyDelete
  9. Urko, lets see if we can agree on a few things.

    Is the real problem that the government (or anyone else) loses some basic info - name, address, bank & NI numbers? We cannot expect to keep this info absolutely safe. Every day this info is in the post and millions of items of post go missing every day. Millions of people who regularly move, share flats and postboxes have post nicked unbeknown to them. These tend to be the poorest people at risk.

    The real problem is the lack of security in applying for loans and credit cards. To open a loan or credit card should have to be done in person (this would have the added bonus of making people think twice before getting into debt) with decent photo ID and maybe other biometric ID as well to make this even more secure. The market is not going to help on this, because it would be pointless for any bank to do this unilaterally and it would lose them business as well. It has to come from government with pressure from voters to enforce it across the whole industry.

    Maybe the present government ID scheme is not good enough - the jury is out on that, but one thing for sure, you would object to it even if it was a brilliant scheme. Nearly all the people opposed to ID schemes that I speak to are opposed for ideological reasons first and then conveniently add in practical objections later. Maybe they are right - but I would not be surprised if their practical objections are exaggerated.

    ReplyDelete
  10. Of course we have to be aware that someone could copy someone's fingerprints (although I think it unlikely and certainly a lot more difficult to perform than getting hold of other data, nobody should assume it can't be done).

    It's actually very easy and cheap. Some gelatin and putty will do the job nicely. Don't have someone's thumbprint to hand? Mug then and chop it off. If you want to be a little more sophisticated, you can use an etching kit, along with superglue, digital photography and simple photo editing software to create a fake print that will fool scanners easily and cheaply.

    The only way to protect our biometric identifiers is not to share them in the first place. This is blindingly obvious common sense to everyone except government and their supporters who appear to be bereft of such qualities.

    These tend to be the poorest people at risk.

    And your evidence for this wild assertion is? Now, I'm an identity thief... Who shall I steal from? Someone who hasn't two pennies to rub together or someone with a few bob in the bank?

    Neil, it really is about time you started letting go of some of those bigotries, they are becoming too repetitive by far. The "poor" are not stupid and they do not need the patronising hand of the state to look after them. When it comes to managing and securing personal information, the best guardians of the information is the individual - not the government who have demonstrated conclusively that they are not fit to govern, let alone manage information.

    ReplyDelete
  11. Longrider, Poorer people tend to live in rented accomodation and move more often. They also are more likely to live in flats where the postbox is shared. Criminals will take the easiest target, whoever it is. Obviously they would hope for someone with many thousands in the bank - but even the poorest could be ripped off a decent amount - overdrafts, credit etc.

    As for biometrics, that supermarket in Germany has not had the problems you suggest - and their customers seem to agree. How easy would it be to wear this mould on your fingers with staff watching? There are ways to get around this anyway, like a biometric pin. The mugger would have to cut off all the fingers and thumbs off and know which order to place them on the readers. I don't see it happening somehow.

    ReplyDelete
  12. Identity thieves operate to make money. What they want is people with a decent credit history so that they can raise loans and make expensive purchases. poorer people without credit cards or even bank accounts make a poor (sic) target.

    Just because the German system hasn't had problems yet does not make a case for giving government our biometric details. At present, the market is too small. Make it lucrative enough and it will happen. Given that it is as simple as setting up a phishing site, it is an inevitability.

    I for one have no intention of using fingerprint shopping. I can change a PIN or password, I cannot change compromised fingerprints, nor can I replace a forcibly removed digit. People who spout biometrics as if they are the best thing since sliced bread for ensuring security demonstrate that they understand little of security, less of technology and none of common sense.

    ReplyDelete
  13. Longrider - "poorer people without credit cards or even bank accounts make a poor (sic) target".

    Ironically, the poorer half of the population are now more likely to have credit cards (you can have a great credit history and be massively in debt with no assets, also rich people are less likely to be tempted as they don't need them) and the vast majority have a bank account.

    "I cannot change compromised fingerprints" - A biometric pin is as difficult to crack as a four digit number and it can be changed just as easily.

    As for this obsession with cutting off fingers - it is you that is not using common sense. By the time the criminal has made his elaborate finger moulds - the biometric pin would have been changed. Anyhow most muggers might opportunistically nick a wallet or even drag someone to the cashpoint with a knife - but cut their fingers off for a small chance of a few quid - no way.

    ReplyDelete
  14. Yet again, Neil, you demonstrate that you have been taken in by the fallacy that is "secure" biometrics, just as ministers have. The most secure arrangements are frequently the most simple. A PIN can be changed at will - we don't need biometrics behind it - indeed, they are pointless. An alphanumeric password, likewise.

    If you don't think that criminals will cut off peoples' digits to get at the biometric identifiers, then you really have no idea of the real world. Crime is market driven. If the rewards are sufficient, people will do it. They currently steal credit cards with changeable PINs knowing full well that the time available to use them is limited - I speak here from personal experience. There is no evidence to suggest that they will not do the same with biometric systems once such systems are established. They are already breaking into the "secure" Chip 'n' PIN system.

    I do not have an obsession, it is you who does. My choice not to indulge in fingerprint shopping is a pragmatic one, based on an understanding of both technology and security - I simply do not need to use biometrics to keep my information secure. I have no desire to give my fingerprints to shops or financial institutions, because I can operate without doing so, and I certainly don't trust government with them. That lack of trust was borne out rather dramatically this week.

    As for poorer people having credit cards - sure I don't doubt that a good many do. They will need to have a minimum level of income to get one in the first place, though, so are not that poor, are they? Lower paid and poor are not necessarily the same thing. For the past couple of years I was seriously low paid - i.e. less than my outgoings. And as for your assertion that "rich" people will be less likley to be tempted by credit cards is more risible bigotry and lacks understanding as usual, I'm afraid.

    My point, though, is that you are claiming that poorer people are more likely to be the target of identity thieves, yet you have nothing other than your own prejudices to substantiate this. It is an assertion and constantly making the same assertion over and over doesn't make it true.

    ReplyDelete
  15. Maybe the present government ID scheme is not good enough - the jury is out on that

    If by that you mean that it hasn't been implemented and fucked up yet, then you are correct. As an IT manager I prefer not to implement things which have serious conceptual and design flaws, as do the current plans for ID Cards.

    but one thing for sure, you would object to it even if it was a brilliant scheme

    This must be the most childish defence of the ID scheme I have yet to see. Propose a 'brilliant' scheme and let's see shall we?

    Nearly all the people opposed to ID schemes that I speak to are opposed for ideological reasons first and then conveniently add in practical objections later

    And of course your support for ID Cards in the face of near universal opposition is not at ideological, is it? As it happens there is nothing wrong with 'ideological' opposition to ID Cards. My ideological opposition comes directly from my socialist principles, which say that ID Cards will disproportionately affect the poor and marginalised in our society, who will find themselves asked to establish their bona fides far more frequently than white middle class housewives. This how ID Cards operate in the other European countries which have them and why they have significantly worse race relations than this country. Ask a Turk in Germany or a Muslim in France what they think of ID Cards.

    But the corker with ID Cards is that they won't do what it says on the tin: reduce crime, reduce identity fraud, reduce benefit fraud, 'help' in some nebulous undefined way with reducing terrorism. But we will still get all their negative social effects anyway.

    Maybe they are right - but I would not be surprised if their practical objections are exaggerated

    Tell you what, Neil. Why don't you find out for yourself, instead of relying on your prejudices.

    ReplyDelete
  16. Longrider, Stephen, I accept that the present government scheme has problems. But the technology is improving all the time and the government will have to produce a scheme that works at least reasonably well if they do go ahead.

    Eventually some other country is going to implement a biometric ID scheme and make us all look silly. You people and your fear of anything new are the reason the UK never does anything first anymore. That is why we never join things like the Euro, which is rapidly catching up the dollar as the world's reserve currency.

    I think Longriders' attitude to biometrics sums up the irrational position of a lot of ID card haters. To suggest that a numeric pin is as secure as a biometric pin is ridiculous. The biometric pin has all the security of the numeric pin but with the added difficulties for the fraudster of getting hold of fingerprint or other biometric info (let alone making all the moulds or whatever it is). I notice Ministry of Truth's unity is now considering a national ID scheme, and I don't think you can accuse him of being technically illiterate or prejudiced.

    Of course 'chip and pin' was not perfect, but fraud has been significantly reduced. Are you suggesting it is not a worthwhile thing to do? Longrider, you are living in the dark ages.

    As for chopping off fingers. Muggers murder people to get their money, so of course some will do so, but if you make something more difficult and increase the chance of them being caught and give stiffer penalties (chopping off fingers has to be more serious than nicking an handbag and easier to catch the perpetrator) then crimimals will look at more easier crimes or even at making money legitimately.

    ReplyDelete
  17. Longrider, Stephen, I accept that the present government scheme has problems. But the technology is improving all the time and the government will have to produce a scheme that works at least reasonably well if they do go ahead

    This not about incremental improvements in technology, this is about fundamental design considerations. Centralised identity management of the form that Labour wishes to implement is a bad idea. I could take you though the arguments for that step by step, but what would be the point, as you are incapable of understanding even the simplest rules of statistical inference and I am not going to waste my time on someone who posts flip answers to detailed arguments.

    Eventually some other country is going to implement a biometric ID scheme and make us all look silly

    There are two points here: the biometrics securing unique identification and the insecurity of the National Identity Register. It is perfectly possible to have biometrics without the NIR. Undoubtedly biometric technology will improve over the years, though whether it will ever be sufficiently robust to be usable in a national scheme is doubtful, but I don't rule it out altogether. If another country manages to do it, say, in two decades time then we can learn from their mistakes and not waste a lot of money in the meantime. I am guessing you do not work in an employment that requires you to justify your spending if you characterise this as 'looking silly'.

    You people and your fear of anything new are the reason the UK never does anything first anymore

    I find it pretty gobsmacking that a technical and mathematical illiterate such as yourself has the gall to call me a luddite! I am a technologist, which means that I know what can and cannot be achieved with it.

    That is why we never join things like the Euro, which is rapidly catching up the dollar as the world's reserve currency

    Your argument is all over the place. The ERM fiasco of 1992 is the main reason why we are not in the Euro. And of course, your hero Gordon Brown.

    I think Longriders' attitude to biometrics sums up the irrational position of a lot of ID card haters. To suggest that a numeric pin is as secure as a biometric pin is ridiculous

    Why is it ridiculous?

    The biometric pin has all the security of the numeric pin but with the added difficulties for the fraudster of getting hold of fingerprint or other biometric info (let alone making all the moulds or whatever it is)

    I could take you step by step why biometrics may be no more secure than PIN. It's to do with the number of loci stored; the care with which the biometic is captured; how prevalent and reliable scanning devices are. But past experience shows me that you'll simply ignore it so I won't bother this time.

    ReplyDelete
  18. Your slavish adherence to "technology" that you clearly do not understand is based upon ignorance and bigotry. How may times do you have to be told that I do not object to new technology? However, being a pragmatists, I understand its limitations.

    Also, I have used biometric PINs - so I have an understanding of what is involved. It doesn't take a great deal of intelligence to work out that a compromised biometric identifier is compromised forever and therefore is less secure than a password that can be changed, The only people who think otherwise are government ministers and their equally ignorant sock puppets.

    Yes, I would reverse chip and PIN. Unfortunately, people presume that it is "fraud proof" and "secure". Consequently, when it is hacked - as has been demonstrated, the banks automatically blame the customer; assuming that they have given away the PIN. Therefore, for the consumer it is less secure than a simple signature. This is not dark ages (again, you spout ignorant nonsense) - it is again, common sense. When faced with a logical argument you resort to the ad hominen - nothing new here.

    As for your assertion that we will look silly if another country adopts a similar scheme and we do not - again a purile and childish thing to say. Frankly, I would sooner look silly than have my identity stolen, thank you very much.

    I really wonder why I bother. You are never going to be able to grasp a logical argument nor shift from the party line. Nor will you cease to spout Labour party hyperbole in the face of contrary evidence. If this stuff was being proposed by a Tory government we would be hearing a different story from you. That it is a nasty authoritarian Labour one makes it all okay. It is utterly sickening and morally and intellectually bankrupt.

    ReplyDelete
  19. Stephen, A couple of key sentences in your reply indicate we are actually in complete agreement here.

    I am not defending the government's ID scheme which I agree is full of flaws but you also said the following...

    "I could take you step by step why biometrics may be no more secure than PIN".

    That was all I was saying, at the very very unlikely worst the biometric pin is no less secure than a pin. Longrider tries to claim it is worse. He also opposes chip and pin - which has been a big success (not perfect just better). If this is not opposing new technology in the face of the evidence what is? I don't know how else it can be described.

    "Undoubtedly biometric technology will improve over the years, though whether it will ever be sufficiently robust to be usable in a national scheme is doubtful, but I don't rule it out altogether".

    I am more optimistic than you but at least you agree biometrics have a future unlike Longrider.

    ReplyDelete
  20. Longrider - "compromised biometric identifier is compromised forever and therefore is less secure than a password"

    Even if a criminal got hold of all the biometrics of a person (and it is not as easy as you suggest), it would still make a biometric pin at least as safe as a pin. Until you can admit that, we cannot have a sensible discussion.

    As for ad hominem attacks - I steer clear of them despite being exasperated with your replies and insults. If you care to look back over this thread and count how many insults you and others have thrown in my direction you might think twice about accusing me of this.

    ReplyDelete
  21. Stephen - "your hero Gordon Brown". You have obviously not read much of my blog. At best any support is lukewarm as these posts here and here more than demonstrate.

    ReplyDelete
  22. As for ad hominem attacks - I steer clear of them despite being exasperated with your replies and insults. If you care to look back over this thread and count how many insults you and others have thrown in my direction you might think twice about accusing me of this.

    Really? For a man who deliberately libelled me in order to misrepresent my position and who regularly accuses me of being either a Luddite or living in the dark ages because I refuse to go along with your wild assertions and generalisations, that's pretty rich.

    Even if a criminal got hold of all the biometrics of a person (and it is not as easy as you suggest), it would still make a biometric pin at least as safe as a pin. Until you can admit that, we cannot have a sensible discussion.

    Ah, yes, the technique so beloved of the old witchfider generals. I must admit that I am guilty of witchcraft even if I am not or we cannot have a sensible discussion. Again, coming from you, that's rich.

    I have explained exactly why biometric security is no more secure than other, simpler methods and brings with it, its own set of risks. I have also explained how, given mass acceptance, criminals could clone biometrics as readily as they currently clone bank cards or set up cashpoint scanners. Biometrics suffer from a single point of failure. Once gone, they are gone forever - and given that we leave our fingerprints on every flat surface we touch, it is, as Ben Goldacre pointed out, like leaving our PIN on a post-it. That was a good analogy and demonstrates just how insecure this system really is. Any system made by man can and will be broken by man. It is up to us to make reasoned decisions based upon an assessment of the risk as to what we are going to do. I will be using alphanumeric passwords, thank you very much.

    Your fanaticism is reminiscent of the religious zealot. Your gods may be secular, but they are gods nonetheless - and false ones to boot.

    So, no, I will not admit that black is white.

    ReplyDelete
  23. Longrider, your hysteria about biometrics is ridiculous. How can a biometric pin be less secure than a numeric pin when for both you are inputing four variables out of ten in a specified order? And the process of obtaining the biometrics and making moulds etc, even if that was easy to do - which it isn't, is an extra obstacle the criminal has to get over. If you cannot even admit this, then there really is no point discussing it, because your argument is based purely on hyperbole.

    As for libel, you are pathetic. I just pointed out that by arguing that speed is not a real problem on our roads and that speed cameras are pointless, you are effectively encouraging people to speed (i.e brake the law). Attack me all you want but that won't make your argument any stronger, I give up, I really do.

    ReplyDelete
  24. I am not hysterical - another ad hominem from you.

    I have placed before you rational, factual arguments. That you lack the ability to understand them - or are deliberately obtuse is your problem, not mine. All you do is make yourself look a fool to anyone reading this. To suggest that I am hysterical is absurd.

    Who should I take seriously on this subject; a qualified and competent mathematician such as Tsutomu Matsumoto who has a background in security or you, someone who demonstrates abject ignorance in both? A no-brainer really.

    As for the libel - you persist in repeating again the same falsehoods.

    A word of advice (why I'm bothering, lord only knows) when you spout off about a subject that you know little if anything about and someone who has professional expertise points out the flaws in your reasoning, trying to teach them to suck eggs - or deliberately misrepresenting their argument - is the wrong approach. It makes you look an idiot.

    When you have the relevant experience, training and qualifications, you can preach to me about road safety. When you have the relevant expertise, training and qualifications, I'll start to listen to you on security matters.
    Until then...

    ReplyDelete
  25. Neil, if you won't listen to me or Longrider on the subject of biometrics, perhaps you will listen to the signatories of the following letter:

    http://dooooooom.blogspot.com/2007/11/biometrics-are-not-panacea-for-data.html,

    who are Ross Anderson, professor in Security Engineering at the University of Cambridge Computer Laboratory; Richard Clayton from the same department - who advised the House of Lords Inquiry into Personal Internet Security; and former Ministry of Defence and Nato employee Brian Gladman.

    ReplyDelete
  26. Stephen, Longrider, nobody is claiming biometrics are perfect or impossible to get around. What I am claiming is that a biometric pin is at the very worst, at least as effective as a pin, and realistically much more difficult to crack. That is all, It is better not perfect. To reject something because it is not perfect is your clever sounding argument - but it is wrong. As I have already said - even if the biometrics were completely compromised, a biometric pin has the same security as a pin - cracking the biometrics would be like knowing the numbers 1 to 10 but not what order the four digit code should be typed. It does not require a PhD to know that. I am not impressed with your link - it has nothing to do with biometric pins.

    Discgate has already shown it is impossible to safeguard people's privacy if we are to live in the modern age. You may want to go back to a world that only ever existed in your heads but that is impossible. The problem is not lack of privacy - which will always be breached, the problem is the ease at which this info is useful to criminals. ID cards and biometrics tackle this problem.

    ReplyDelete
  27. Have you read the letter Neil? Did you understand it? The letter says that Darling's comments about 'biometrics' safeguarding the data were highly misleading and that the government should halt the ID Cards programme for a thorough going review on both the biometrics and information security. Do you or do you not not agree with that?

    ReplyDelete
  28. Stephen, I would agree that a review would be sensible, yes. Overall, though I think the technology will improve. Many millions of people around the world now enjoy the extra security and convenience of biometric shopping. I know this does not mean that a database and ID card system for 60m people would work as well, but I think it is possible. More needs to be done to ensure that the biometric security and any database has the necessary safeguards but what I don't agree with is to rule out the technology for ever as Longrider seems to do. Pointing out that biometrics have flaws does not mean a biometric pin is not secure as this has the extra level of security of a pin built into it.

    ReplyDelete
  29. I think you do Longrider a disservice, and since he and I come from very different political traditions, I don't think I can be accused of special pleading for a political ally. His points about biometics are substantially correct. They are a single point of failure - improving technology can do nothing to alter that irreducible fact. They can be spoofed and they are not unique. I think that the cost and relaibility of biometric scanning devices is likely to be a significant obstacle to the roll out of any ID Card. If this project does go ahead, I am convinced that it will go ahead without biometrics. But if it does, that will be the final nail in the coffin for ID Cards, because Blunkett sold them as the 'gold standard' and people will rightly ask, why the hell should I pay for another piece of frigging plastic.

    The Cambridge professor has echoed and expanded the points I made earlier. Of course we can't predict what might happen in decades time, but that is the sort of timescale that will be needed to make biometrics industrial strength, if ever they can be. Any identification system predicated upon them is a dead duck. And we get back to the question: if I can present a driving licence or a passport to identify myself now, why the hell does the state want to change that? Without biometrics there is no good answer to that question.

    ReplyDelete
  30. Neil, your constant rantings about luddites are just getting a bit weak now. Your complaint about ad hominem is just ridiculous considering how often you have attempted to heap these personally insulting jibes on anyone who has a contrary opinion.

    I have lost count of the times you have been shown that you are gainsaying (rather than engaging in intelligent debate of the issues, which you have so amply demostrated is beyond you) people who not only have a vastly superior grasp of technology than you, but also, ironically, make greater and more effective use of it than you do.

    What you and Darling never answer (because there isn't an answer) is how government control, licensing and taxation of our identities will actually work in a practical way.

    Surely if your magical "biometrics" (which term, you, in common with Darling and the other true Luddites like Blair who couldn't work his iPod or read his own e-mail, continue to quote in spite of being ignorant of its real meaning) are to stop fraud and check benefit and health entitlements, the biometrics will have to be checked every time a transaction occurs? Have you event the slightest concept of how much cost and admin overhead this would introduce? What happens if I need treatment and your biometric reader says no?

    You are the unthinking luddite.

    ReplyDelete
  31. Urko , I am not claiming to be an expert - but I don't believe someone who tells me from the start that regardless of the practicalities they oppose it for ideological reasons. Look, maybe it will work, maybe it won't - that has to be demonstrated. It either will be demonstrated or it won't, if it doesn't work as you lot claim - then it won't happen will it? However, if it does work...well like numerous fringe groups before you, your scare stories will remain exactly that and you will no doubt quietly move on to your next irrational fear.

    ReplyDelete
  32. As I've seemingly come up in despatches, I should say that what I am mulling over is the feasibility of a zero knowledge proof based ID system, which would be a very different animal to what the government are proposing, not least because ownership of, and authority for use of, personal data would reside with the individual and not with the state.

    ReplyDelete
  33. Unity, I agree that the government scheme is flawed but it is good that you are looking of ways of making it work with better safeguards for the individual. This is a much better attitude than just rejecting it ou of hand. It is that attitude I object to as luddite.

    ReplyDelete
  34. Neil: "Look, maybe it will work, maybe it won't - that has to be demonstrated".

    That's the beauty of history - you can learn from it without having to try and re-try everything again and again.

    There is nothing that governments around the world haven't tried in one form or another over the past century - including ID cards - and

    IF you can point to a country that has ID cards and all the benefits that are supposed to flow from them (what exactly?)

    THEN you win the argument

    ELSE Shut up.

    ReplyDelete
  35. you will no doubt quietly move on to your next irrational fear.

    you just can't ever ever accept that anyone has a right to an opinion other than you can you?
    You never give a straight answer to any question, you consider to support crap ideas that are pointless and don't work, and yet you make pathetic accusations against anyone who makes a reasonable argument against you. You are symptomatic of why I left the Labour Party - an unthinking, bigoted, dogmatic automaton who tries to belittle anyone who disagrees. I truly pity you paucity of imagination.

    ReplyDelete
  36. Mark, Sweden. Urko, we disagree and that is fine but you tell me you would oppose ID cards whatever the evidence, I say it depends on the evidence. Who exactly is being dogmatic here?

    ReplyDelete
  37. Scunnered, O'Aberdein12/12/07 1:18 am

    Please read

    http://www.guardian.co.uk/commentisfree/2007/nov/24/idcards.homeaffairs

    http://www.guardian.co.uk/technology/2006/nov/17/news.homeaffairs

    The last paragraph of the Goldacre article is of particular relevance on the fingerprint issue

    'Gordon Brown (and Steve McClaren) have got to start showing some courage and allowing people to take risks. This means that mistakes will happen and although we have to minimalise these - we shouldn't react hysterically to every mistake. Making mistakes is sometimes how we make the quickest progress.'

    Why do you want to let these people spend billions more on this farrago of unproven technologies when what they've done so far seems to be as leaky as a sieve and the geeks can show that the rest is now well within the capability of the techno-criminal with his toys from Maplins? And don't think that's a fiction. Some of today's kids could make your eyes water.

    Your concept of progressive courage has the feel of 'let's be gung-ho' about it, rather than having the feel of anyone being asked to take a measured risk on the evidence for and against the technology, especially when those who are the real experts are lined up against it and can show its deficiences. I'm curious. Have you done any proper risk-manangement training, or is that limited to guessing what you can and can't get away with politically?

    You say 'We shouldn't react hysterically to every mistake'. Wouldn't it be downright irresponsible if people didn't scream and shout a bit to point out that this has the hallmarks of being potentially one the biggest ever? I don't think that the lookout on the Titanic merely whispered 'Look at that Iceberg, isn't it big?' People are right to be a bit excited about this.

    So just carrying on in fond hope would be either stupid or there's an agenda that says that, for someone somewhere, the 'gain' is worth the probable pain.

    I'm not going to ask you who, or what, that might be as, looking at what you've written, and being at my most charitable, you seem to be just another unwitting footsoldier.

    FWIW, I had experience of 'biometric ID' in the States recently, and believe me, it doesn't work 100% right first time, every time. I got to the point where I was never sure what it was going to do.

    I also have problems with the use of biometrics for the elderly and disabled. I resent the notion of the limbless having to bow down every time they have to leave, say, their biometric noseprints someplace (in the absence of anything better? - you may tell me retinal scans, but they'll be a fat lot of good for those with cataracts and macular degeneration), and older and blind people having to have their hands held to scanners to prove that they are who they are. They don't deserve that sort of nonsense.

    Lastly, this is one instance where the phrase, 'it's not what you do, it's the way that you do it' doesn't apply.

    No matter to what extent the way that it is proposed to do this may be shown to be crap or otherwise, it doesn't get away from the point that it's what's being done that is wrong. This isn't some ideological objection. It's just that it is stupid to assume that any collection of personal data will not be mishandled. I work in the public sector and, so help me, some of the things I have seen would make your hair curl. I have no wish for my personal information to be available to all and sundry other than with MY specific consent, at the time of use, for the sole purpose for which it is supposed to be being requested. Until that could be absolutely assured, I'm against this tooth and nail. And you can't assure me that that will happen, can you?

    ReplyDelete
  38. scunnered, urko - You keep saying 'Neil is an idiot' who 'doesn't understand the science'.

    How can I argue against your vast knowledge - I am a mere simpleton who will instantly shut up. Look, I reckon I know enough about logic, maths and science to get by(ok string theory gets me)and more importantly I recognise my limits. I read your points and the articles you link to as carefully as my patience will allow, I am not ignoring them or being obviously 'thick'. Your argument seems to resolve around several points that hardly require scientific genius to see the flaws.

    1. 'biometrics are not perfect - therefore they are useless'. Well the lock on my front door is far from perfect security - though that hardly means it is useless.

    2. 'biometrics will make it harder to prove your innocence as they are viewed as foolproof'. You all claim that duplicate readings and false readings will be common and that many thousands of people will not be believed when their biometrics are not read properly. Do you really think there is no way around this problem? A biometric pin even with a massive false positive rate would still be fantastically more safe than an ordinary pin.

    3. 'fingers will be chopped off' - If there is one case in a million, I would be very surprised.

    Finally if biometrics don't work, how are there millions of people right now using it for shopping in the US and Germany? By all accounts it seems to be working well, with both customers and retailers happy and fraud greatly diminished.

    ReplyDelete
  39. Neil,

    There is one advantage with a PIN vs Biometric - once someone "has" your biometric, you CANNOT change it. If someone is able to spoof my iris, I cannot change my eyes like I can change a PIN.

    What concerns me is that you support a monopolistic, coerced solution - i.e. State commissioned private monopoly. It has no serious risk from failure - I do not mean it will not fail, but if it did the entity will not suddenly find itself without a business, which would happen if it were competing in a market for secure ID provision.

    ReplyDelete
  40. Neil,

    I was going to type out a long comment explaining exactly how easily one could get hold of a person's thumbprint, or at least the computer code that represents their thumbprint, today. I was then going to describe how one could use this bunch of ones and zeroes to access any system using biometrics. All using current technology.

    But then I realised it would take a long time and wouldn't change your mind anyway. So I didn't bother.

    Suffice to say that if I were asked to wager whether any IT based ID system concocted by the government was secure or not, I'd bet the house on it being breached within months of commissioning.

    And while you are correct in saying that no system is 100% secure, perhaps you should bear this in mind: At the moment no single system effectively contains every peiceof data about everybody. The losses that occur are limited and localised. This is painful to the individuals concerned, to be sure, but not national crises. The Great HMRC Data Giveaway has shown that only government is capable of exposing millions of people to fraud and hardship in one fell swoop.

    ReplyDelete
  41. Scunnered, O'Aberdein12/12/07 2:32 pm

    'scunnered, urko - You keep saying 'Neil is an idiot' who 'doesn't understand the science'.'

    I never said you were an idiot. It's for you to judge your capabilities.

    'How can I argue against your vast knowledge - I am a mere simpleton who will instantly shut up. Look, I reckon I know enough about logic, maths and science to get by(ok string theory gets me)and more importantly I recognise my limits. I read your points and the articles you link to as carefully as my patience will allow, I am not ignoring them or being obviously 'thick'. Your argument seems to resolve around several points that hardly require scientific genius to see the flaws.

    1. 'biometrics are not perfect - therefore they are useless'. Well the lock on my front door is far from perfect security - though that hardly means it is useless.'

    Didn't say that either. Just asked why do you want to let a lot of people who seem to be ignorant of the limitations of the technology spend billions for something that will be no better and possibly significantly worse, in that it will consolidate people's personal data with the potential for it then to be spread around like confetti?

    '2. 'biometrics will make it harder to prove your innocence as they are viewed as foolproof'. You all claim that duplicate readings and false readings will be common and that many thousands of people will not be believed when their biometrics are not read properly. Do you really think there is no way around this problem? A biometric pin even with a massive false positive rate would still be fantastically more safe than an ordinary pin.'

    You might think I said that but I didn't. And why, if the risks can be shown to be similar for both biometric and other forms of ID protection, is the biometric pin 'fantastically more safe'? I just don't follow the logic of that

    '3. 'fingers will be chopped off' - If there is one case in a million, I would be very surprised.'

    If there is just one case, won't it be 1 in 60m, and 1 in 1m and 1 in 1 all at the same time? Maybe someone who understands these things can correct me if I have that wrong. Anyway, are you trying to say that it just won't happen? If you are, I don't share your faith in human nature. If people cut off ears now, http://www.forbes.com/2003/04/17/cz_rl_0417getty.html
    fingers should come easy

    'Finally if biometrics don't work, how are there millions of people right now using it for shopping in the US and Germany? By all accounts it seems to be working well, with both customers and retailers happy and fraud greatly diminished.'

    Didn't say there weren't people using it for whom it had made some improvement. But as they don't use 'chip and pin' in the States, the biometrics would improve matters by reducing fraud. If they had used chip and pin, they'd probably get a drop off in fraud too. What it doesn't prove is that it's better, safer or worthwhile doing as an alternative

    You haven't addressed the main point. You can't assure me that that the use of an ID card, linked to the NIR, will absolutely secure and protect my personal data, and consequently 'me', from others, can you?

    ReplyDelete
  42. scunnered, urko - You keep saying 'Neil is an idiot'

    I haven't called you an idiot. Unlike you, I don't just chant insults at people who disagree with me and then make up lies about what was said later.

    ReplyDelete
  43. Finally if biometrics don't work, how are there millions of people right now using it for shopping in the US and Germany? By all accounts it seems to be working well, with both customers and retailers happy and fraud greatly diminished.

    Just how many million is that, then Neil ? - the more there are in one system, the more it proves the effectiveness of biometrics, but as I'm sure you are aware, the smaller the system, the smaller the problems with false positives/negatives. Also - what biometrics are they using exactly? Your claim would be more interesting if you had a bit of research (I'm not saying you haven't - let's see it).

    ReplyDelete
  44. Roger, you can change a biometric pin just as easy as a numeric pin. Even if someone got hold of all ten fingerprints - this is only like knowing that ten digits 0-9 are being used in the pin - you simply just change the order you place your fingers on the reader. Like a numeric pin - they have to know this order, unlike a numeric pin, they also have to capture the biometrics to even know what digits are being used. What is wrong with this system? nobody has offered any proper critique as yet.

    ReplyDelete
  45. RM - "The Great HMRC Data Giveaway has shown that only government is capable of exposing millions of people to fraud and hardship in one fell swoop".

    Just because they don't make the headlines - don't assume that millions of people's data is not also lost by the private sector every year - because it is.

    Someone asked me the other day - everytime you pay by cheque for something - doesn't the payee know all these details - bank account, name, address etc. Isn't it the same for any purchase you make by debit or credit card or direct debit. I don't believe a single person will suffer financially as a result of this HRMC loss.

    ReplyDelete
  46. scunnered - "You can't assure me that the use of an ID card, linked to the NIR, will absolutely secure and protect my personal data, and consequently 'me', from others, can you?"

    No.

    ReplyDelete
  47. Urko, revenues from biometrics in the ATM and retail sector will increase from $33.8 million in 2004 to $243.5 million in 2008

    As for calling me an idiot, you haven't used those exact words but I was paraphrasing. I think just looking back at your comments on this thread (let alone all the other comments left) it is clear what you are suggesting. You are not the only one, but don't worry, it doesn't bother me in the slightest. All bloggers get abuse, it is no big deal.

    ReplyDelete
  48. Mark, Sweden has an excellent ID system that has brought many efficiencies and benefits.

    ReplyDelete
  49. Scunnered, O'Aberdein13/12/07 9:32 pm

    One in 2250m legs? :)

    http://news.bbc.co.uk/1/hi/world/south_asia/7142920.stm

    ReplyDelete
  50. Urko, revenues from biometrics in the ATM and retail sector will increase from $33.8 million in 2004 to $243.5 million in 2008

    So, as usual no answer to the question I actually asked; and no reference to the significant point about the size of databases.

    As for calling me an idiot, you haven't used those exact words but I was paraphrasing. I think just looking back at your comments on this thread (let alone all the other comments left) it is clear what you are suggesting. You are not the only one, but don't worry, it doesn't bother me in the slightest. All bloggers get abuse, it is no big deal.

    Not event the grace to admit you were lying, much less apologise. As for playing the martyr after all the jibes about "irrational fears" and "luddites" heaped on anyone who disagrees with you - what a joke!

    ReplyDelete