tag:blogger.com,1999:blog-14115431.post113039862978978724..comments2023-10-16T15:59:02.445+01:00Comments on NEIL HARDING: ID card debate: Summary so far.Neil Hardinghttp://www.blogger.com/profile/01333739272733802133noreply@blogger.comBlogger39125tag:blogger.com,1999:blog-14115431.post-1131016942977499692005-11-03T11:22:00.000+00:002005-11-03T11:22:00.000+00:00A lot of these dodgy sites are run from dodgy coun...A lot of these dodgy sites are run from dodgy countries like Belarus, etc, where there are authrorities turning a blind eye. If they run them from the EU or US they would be caught quite easily. ID cards would be run for the UK, there would be no dodgy country to use to avoid prosecution.<BR/><BR/>This is a <A HREF="http://www.guardian.co.uk/frontpage/story/0,,1607470,00.html" REL="nofollow">good example</A> of how people who want to remain anononymous can be found using the technology and information already out there.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130959255370621632005-11-02T19:20:00.000+00:002005-11-02T19:20:00.000+00:00That German guy they caught was clever enough to w...That German guy they caught was clever enough to write the sasser worm, but not clever enough to avoid detection, suggests you have to be very clever to avoid detection.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130925874475099802005-11-02T10:04:00.000+00:002005-11-02T10:04:00.000+00:00Just to clear things up. I admit I was unwise to m...Just to clear things up. <BR/><BR/>I admit I was unwise to make the IP address claim. However I have heard it is possible. How do they find these guys who write internet viruses? The ISP must know our addresses, so it must be possible to hack into their database at the very least.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130924000631683092005-11-02T09:33:00.000+00:002005-11-02T09:33:00.000+00:00Cheers for clearing that up Chris, Ok I would stru...Cheers for clearing that up Chris, Ok I would struggle to find an address- teach me for being cocky in response, but it MUST be possible. How do they find out addresses of all these guys writing internet viruses?<BR/><BR/>Urko, yes I'd would say it was useful for criminal investigations.<BR/><BR/>Sorry it took me so long to come back, lots of comments to work through both here and on the NO2ID forum. I'm a bit knackered!Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130849934428933592005-11-01T12:58:00.000+00:002005-11-01T12:58:00.000+00:00Hi Neil - thanks for the answer at last - the firs...Hi Neil - thanks for the answer at last - the first part - demand, stats etc could be done with anonymised data - i.e. no-one would need to relate it back to me individually so there's no need to know who I am. The second bit's interesting though - <I> "Sometimes this might be useful to know on an individual basis. "</I> I'd like to know what times - are you talking about criminal investigations or something else?John Eckersleyhttps://www.blogger.com/profile/12874387296463362537noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130836627137032312005-11-01T09:17:00.000+00:002005-11-01T09:17:00.000+00:00Urko, by the way, here's how you get someone's nam...<I>Urko, by the way, here's how you get someone's name and address from their IP address.</I> <BR/><BR/>Wow - I never knew that - aren't computers great eh? and you are so clever. Now back to the originla point - tell me what my address is - I give you permission to publish it here for anyone to see.<BR/><BR/>Seriously though, you aren't making much of a case for ID cards by making claims like that on here. Most people on here probably know much more about IT and stuff like IP addresses than you do (I now know I do) - when you start making macho claims like that you're hurting your case because you can't back it up.John Eckersleyhttps://www.blogger.com/profile/12874387296463362537noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130818930411614862005-11-01T04:22:00.000+00:002005-11-01T04:22:00.000+00:00Urko, by the way, here's how you get someone's nam...Urko, by the way, here's how you get <A HREF="http://www.abika.com/help/IPaddressmap.htm" REL="nofollow">someone's name and address</A> from their IP address.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130792523230829402005-10-31T21:02:00.000+00:002005-10-31T21:02:00.000+00:00"So, where is the answer to my question? If they a..."So, where is the answer to my question? If they aren't going to do anything with the audit data about my visits to the doctor why do they need it?"<BR/><BR/>The govt already have this info. The NIR will just be a more efficient and secure place to keep it. <BR/><BR/>This information is obviously useful in all sorts of ways, such as determining what services are needed in an area, and how services are used. Sometimes this might be useful to know on an individual basis.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130792246169834062005-10-31T20:57:00.000+00:002005-10-31T20:57:00.000+00:00Chris, I was just trying to wind the guy up, for b...Chris, I was just trying to wind the guy up, for being so cocky.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130773324639127272005-10-31T15:42:00.000+00:002005-10-31T15:42:00.000+00:00"I don't see why the government needs to hold a ce...<I>"I don't see why the government needs to hold a central audit of my every visit to the docs. - can you please say why that is?"<BR/></I><BR/>"A lot is made of the govt having access to all this information about us. I don't think we should flatter ourselves. <BR/><BR/>There will be millions and millions of records pouring in every day on all sort of things, do you seriously think the govt or anyone else is going to be that interested to trawl through these records."<BR/><BR/>So, where is the answer to my question? If they aren't going to do anything with the audit data about my visits to the doctor <B> why do they need it?</B> - would you please answer the qusetion I asked? I have to say i find a faint whiff of the patronising in the "I don't think we should flatter ourselves" - I do flatter myself that I care about not disclosing stuff like this for no good reason - and until you answer the quesiton I'm not sure you know what good reason you think the government has for holding it either. I also can't wait to see your answer about the IP address :-)John Eckersleyhttps://www.blogger.com/profile/12874387296463362537noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130650124183195792005-10-30T05:28:00.000+00:002005-10-30T05:28:00.000+00:00"By the way, you won't find any information in my ..."By the way, you won't find any information in my dustbin as all my paper data gets either filed or securely shredded. My digital data is kept encrypted in case my computers get stolen. It's also backed up daily. Yes, I have a clue about data privacy and security and a large one at that as it is how I make my living. I suggest you get a similar clue too before spouting off any more about this subject."<BR/><BR/>Anon, I have your IP address, from this I can get a physical address. I'll sit outside your address one morning, wait for the post to arrive and fish out your utility and bank statements with a wire. (NOT REALLY!!)<BR/><BR/>This is just to show you how easy it would be to get someone's information if you really wanted it. (As it happens I don't!)Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130588388492222132005-10-29T13:19:00.000+01:002005-10-29T13:19:00.000+01:00Anon, I'm sure you write off to Experian and Equif...Anon, I'm sure you write off to Experian and Equifax every six months with your £2 cheques as well.<BR/><BR/>Like I've said before, cardholder-not-present fraud is easier to catch because crims need to arrange a collect address, which makes their activity more traceable. <BR/><BR/>When ID cards are introduced it can be tightened further. It is obviously easier to be able to use cards in person, ID cards will make this extremely difficult, if not impossible. <BR/><BR/>ID cards will make it far harder to have a false identity. Do you deny this?<BR/><BR/>"The UK has the worst record in Europe,” says Peter Hurst, chief executive of Cifas, the fraud prevention service funded by the financial services industry. “I was at a meeting recently and a European Commission official described Britain as the country of choice in Europe for organised crime.”"<BR/><BR/>"In the EU, by contrast, it is less of an issue. Besides the region’s long-standing tradition of identity cards, in much of Europe financial services transactions are more likely to be conducted face-to-face in branches, which deters criminals."<BR/><BR/>On the question of the govt having some secret fascist agenda, we just aren't going to agree are we?Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130582313255442522005-10-29T11:38:00.000+01:002005-10-29T11:38:00.000+01:00And how, exactly, will it make it harder to steal ...And how, exactly, will it make it harder to steal my identity? The only way it will protect my identity is during transactions that require it and plenty won't. The latter will still be as vulnerable as they are now.<BR/><BR/>There is no doubt much data about me and every facet of my life stored in many places. Any data thief that wants a full picture of me will have to steal it <B>all</B> from multiple locations. Once it's all stored in a central government location it will <B>all</B> be available to the first person that manages to break in. You think that this doesn't happen? Do some more research.<BR/><BR/>Even if it manages to stay safe from crooks, what guarantee is there that it won't get passed on to "friendly" governments in other countries under the pretext of helping out in the war on terror? None whatsoever.<BR/><BR/>By the way, you won't find any information in my dustbin as all my paper data gets either filed or securely shredded. My digital data is kept encrypted in case my computers get stolen. It's also backed up daily. Yes, I have a clue about data privacy and security and a large one at that as it is how I make my living. I suggest you get a similar clue too before spouting off any more about this subject.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130544757239740332005-10-29T01:12:00.000+01:002005-10-29T01:12:00.000+01:00But the information is already out there. ID cards...But the information is already out there. ID cards won't make it any worse but they will make it more difficult to have your identity stolen.<BR/><BR/>If by some reason, I got hold of your phone number. With a little search on the internet, I could soon get your name and address and all of your previous addresses. A little look in your bin, I could get statements, utility bills etc, take out a few loans, credit cards, bank accounts, claim benefits etc.<BR/><BR/>I could find a lowly paid someone who works at the clinic, bribe them to get your medical records, get some methodone prescribed.<BR/><BR/>ID cards will not make this any easier, but it will make it more difficult, because I will have to present an ID card and better still some biometrics that I can't fake. I wouldn't be able to put my finger on a scanner and give your fingerprint or fake my iris or facial measurements. Bingo, end of false identities.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130543439376580632005-10-29T00:50:00.000+01:002005-10-29T00:50:00.000+01:00Neil,When authorities gain extra powers they tend ...Neil,<BR/><BR/>When authorities gain extra powers they tend to use them whether they need to or not. I'm on holiday in Australia at the moment and there was a report on the telly about pepper spray. The police were issued with the stuff a while ago to help subdue people that were being aggressive during arrest. It appears that it is now becoming almost a routine procedure for anyone that questions why they are being pulled.<BR/><BR/>Another thing, I'd suggest you do some research on the phrase "fishing expeditions" with respect to data searches.<BR/><BR/>Sorry, but you are being incredibly naive about the use and abuse of power.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130530304127361892005-10-28T21:11:00.000+01:002005-10-28T21:11:00.000+01:00"I don't see why the government needs to hold a ce..."I don't see why the government needs to hold a central audit of my every visit to the docs. - can you please say why that is?"<BR/><BR/>A lot is made of the govt having access to all this information about us. I don't think we should flatter ourselves. <BR/><BR/>There will be millions and millions of records pouring in every day on all sort of things, do you seriously think the govt or anyone else is going to be that interested to trawl through these records. <BR/><BR/>ISPs have got millions of records of people looking at porn and other sensitive stuff, and only when it is really dodgy stuff would the authorities be notified, otherwise it is turned a blind eye to. <BR/><BR/>Nobody is bothered, and people trust these private companies with all this personal information. There are all sorts of personal information that are readily available today without ID cards. Nobody gives a toss. <BR/><BR/>We all trust doctors, clinic staff and pharmacy staff, (some of whom are on very low wages) with the most detailed personal information and it is extremely rarely divulged. It would be no more risky trusting govt staff with NIR information, probably in fact much less risky.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130529616007908432005-10-28T21:00:00.000+01:002005-10-28T21:00:00.000+01:00Sorry for the delay. Ive been having problems with...Sorry for the delay. Ive been having problems with the server, it has meant a few comments I've tried to post have disappeared. Hope this hasn't affected anyone else?<BR/><BR/>Anon, I can assure you I've not had anyone from the party telling me not to respond. <BR/><BR/>I am a member of the party, but I argue for what I believe, whether its Labour policy or not. I have criticised govt policy on here a few times and I advocate policies that are not Labour policy many times. Labour are the closest to my views, doesn't mean I agree with everything they do.<BR/><BR/>Just check this is posted then I'll answer questions one by one.Neil Hardinghttps://www.blogger.com/profile/01333739272733802133noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130523847990457032005-10-28T19:24:00.000+01:002005-10-28T19:24:00.000+01:00Oh dear, it looks like the Party has told Neil to ...Oh dear, it looks like the Party has told Neil to stop responding. Well, it was a good debate while it lasted.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130513674211111792005-10-28T16:34:00.000+01:002005-10-28T16:34:00.000+01:00There's another reason beyond technical and financ...There's another reason beyond technical and financial matters. Some of us simply don't want government invading our life at every level and then selling access to that data to "trustworthy" organisations in both public and private sectors.<BR/><BR/>I'm afraid the potential for abuse, leaks and other information disasters seems to be beyond Neil's comprehension. Two words, Neil; Pandora's Box.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130496775086193242005-10-28T11:52:00.000+01:002005-10-28T11:52:00.000+01:0011. The private databases are much less intrusive ...11. The private databases are much less intrusive than the NIR would be: for instance, your credit reference file doesn't record when you go to the doctor, as the NIR would.<BR/><BR/>The NIR would be much more secure than private databases and it doesn't have to record medical information<BR/><BR/>You missed the point, Neil. The point was that the NIR audit will record each time your identity is verified. If you wish to prevent health tourism, you will have to present (and have verified) your card at each visit to a medic. The audit records that your ID was verified by the NHS - hence a trail of your visits to a medic (although with no medical data). I don't see why the government needs to hlod a central audit of my every visit to the docs. - can you please say why that is?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130450770543653542005-10-27T23:06:00.000+01:002005-10-27T23:06:00.000+01:00Neil, I am puzzled - if as you claim, there is suc...Neil, I am puzzled - if as you claim, there is such widespread support for the Government's ID Card database plans, where are all your New Labour friends and supporters leaping to the defence of the Identity Cards Bill scheme ?<BR/><BR/>The sad thing is, that by actually having read and written as little about ID Cards as you have, you are now, by the standards of New Labour politicians, an "expert" .<BR/><BR/>You are still harbouring some misconceptions:<BR/><BR/>Biometric hashes are not as secure as you appear to think. There has already been academic research demonstrating<BR/>how fingerprint hashes can be reveresed back, not to the original fingerprint image, but to a synthetic image which is sufficiently similar to the original to be within the tolerance limits which would allow them to be used to fool the system.<BR/><BR/>Why is it that the Government's own Biometric Security experts from GCHQ and the CESG etc. have consistently refused to certify any biometric technology as being sufficiently robust or secure enough for use by Government Departments, i.e. on a much smaller scale than the National Identity Register ? <BR/><BR/>By the way, your suggestion that the tolerance settings on a biometric system can be changed for individual , is of course true, and this is done in several commercial systems for small scale use such as door entry systems.<BR/><BR/>However to permit this to happen for a national scheme would be tantamount to <B>institutionalised racial discrimination </B>, which is both morally wrong and illegal.<BR/><BR/>The mechanism for allowing such settings to be altered on a biometric scanner, would also potentially allow the thresholds to be set so low, that any biometrics presented would be acceptable, thereby effectively nullifying this form of "security".<BR/><BR/>You still have not addressed the "35%" or "over one third" of terrorists/criminals etc. use false <B>British</B> identities nonsense.<BR/><BR/>Others have already pointed out your selective misreading of the debunking of the Labour politicians' often repeated lies about "£1.3 billion of identity theft" a year.<BR/><BR/>There is no way that the extra security of biometrics can be taken advantage of in online web or phone transactions , since there is no way to <BR/>authenticate that your Windows internet connected PC and USB biometric scanner has not been compromised by a computer virus or trojan horse software, or by other man-in-the-middle replay attacks.<BR/>This affects both credit card Customer Not Present fraud, and , increasingly access to e-Government services.<BR/><BR/>You are still confusing Sweden's "birth to death" population register with their ID Card scheme. They are not the same, and certainly not the same as what the Identity Cards Bill is proposing.<BR/><BR/>It is not necessary to have the bloated Identity Cards Bill scheme in order to have more efficient "joined up e-government", as Gordon Brown's Treasury acknowledges with its "Plan B" <A HREF="http://www.spy.org.uk/spyblog/archives/2004/10/citizen_informa_1.html" REL="nofollow">Citizien Information Project</A><BR/>which may eventually get around to biting the bullet and standardising things like the myriad of different Name and Address field formats used by different Government computer systems which have been implented in isolation over the years, and sorting out the scandal of the National Insurance Number (there are about 85 million "legal" NINOs on the system for a working population of less than 40 million people in the UK).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130431964716067132005-10-27T17:52:00.000+01:002005-10-27T17:52:00.000+01:00There's no need to be offensive. Moreover, whateve...There's no need to be offensive. Moreover, whatever the matter of principle, there are tactical reasons not to be: such behaviour serves as an excuse for the pro-ID side to shut down debate.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130430555543947762005-10-27T17:29:00.000+01:002005-10-27T17:29:00.000+01:00Agreed.Why are we arguing with this moron? It does...Agreed.<BR/><BR/>Why are we arguing with this moron? It doesn't do any good: ID Cards are a dogma for him, and the Labour government are his Gods.<BR/><BR/>DKDevil's Kitchenhttps://www.blogger.com/profile/13832949569501846730noreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130422939071569622005-10-27T15:22:00.000+01:002005-10-27T15:22:00.000+01:00On civil Liberties - Freedom not to have my most p...On civil Liberties - Freedom not to have my most personal details recorded on a Governemtn database is NOT the same as me asking for a licence to commit fraud and pretend to be someone else. I knwo who I am and I'l happily tell anyone who I THINK needs to know. This scheme changes that into "you're a liar and a cheat if you don't get one" and I object to that profoundly.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14115431.post-1130420643990198902005-10-27T14:44:00.000+01:002005-10-27T14:44:00.000+01:00Neil, please don't tell me you've come all this wa...Neil, please don't tell me you've come all this way on the assumption that you can't get an iris scan off a photo. They're both just what happens when you bounce light off someone's eye and record the patterns permanently.<BR/><BR/>An iris scan is very much like a photo, when you think about it.<BR/><BR/><A HREF="http://www.findbiometrics.com/Pages/feature%20articles/afghangirl.html" REL="nofollow">here go you</A>; this is from the main man behind iris biometrics, who gave the world the technology to do this stuff cheaply.Anonymousnoreply@blogger.com