'No risk of discs flying around'
You mean they're not going to back it up? I approve but it seems a bit wasteful from a financial point of view.
The National Identity Register will have very limited access, stringent security and no risk of 'discs flying around', MPs have been told. Home Office minister Meg Hillier defended the government's plans for its controversial National Identity Scheme, as she faced questions about data security from a committee of MPs. Hillier …
I am sure that they will all be upstanding, honest and hardworking Accenture employees that would never do anything stupid or make any other "Human Error" in the future.
Crap, why do they roll out complete nonses to talk about technical stuff. What worries me, is not what you are safeguarding against, but what you have forgotten.
And you don't know what you have forgotten, because you have forgotten it. When a minister pipes up and says, "You know what, there won't be a breach and when there is you can mutilate my children." then I'll believe that my data is safer with the government than it is with me.
Yes, yes, mines the one with the fetching tinfoil hood on it.
Incompetence in a government project is not just possible, it is inevitable. Where there is no incentive to be competent, competence is a temporary aberration. Where you and I have the fear of being sacked, and a private corporation - even IBM - has the fear of bankruptcy, the government has tens of thousands of highly-trained men with guns.
When the government says "we'd like this new power", the correct response is not "only with safeguards", the correct response is "no". Effective safeguards cannot exist in an organisation with no reason to care whether its citizen's information is safe or not. Anything proposed as a safeguard is lipstick on a wild boar.
"Asked if the government gauged public opinion on identity cards, she said the latest official findings were that 60 per cent of citizens were in favour." So only 40% are violently opposed. Well that's alright then. We'd better press ahead with all speed before the 60% wake up.
It's quite hard to read or understand when they're talking about the ID Card and when the ID Register. Less than 100 people can access one, but organisations too numerous to mention can read the other. err what? And of course this is where the public's perception and those 60% figures become important. There's probably quite a lot of people who wouldn't really mind an ID card providing they didn't have to carry it at all times but are deeply suspicious of the database behind the card.
Mine's the one with your Oyster card in the left pocket.
Philippe Martin needs his head removing from his crack. It's ALWAYS been about the National Identity Register; the amount of data collected, the intrusion upon our privacy and the inherent risk of data loss or corruption.
"Hillier said that the number of institutions were too many to list..."
****ing WONDERFUL; so we're back to local authorities' parks and gardens departments having unfettered access, as well as anyone willing to pay an access fee, just like they do with the DVLA records and census data.
"...but any organisation requesting access would have to prove it needed the information as part of an ongoing investigation."
By saying "We really REALLY DO, honest, really..." just like DVLA and census data and anything else they bloody feel like.
Can we have some form of "Jacqui Smith is a ****wit" icon, please?
Like the DVLA? They have data, it's commercially useful to private parking companies, so they sell it. Even though it's a civil dispute and they've only heard one side of the story!
How will this be any different? Government dept has lots of identity data that's commercially useful to many companies.
Some company will come along, claiming to need the information for some reason, and they'll get it. Once the tap is open, it will never be closed again, because ministers can never be seen to be wrong and so never reverse a decision.
Well if *x* can have that data why can't *y*. So y gets it too and evertually we're in the stupid position where anyone can get their hands on private data simply by sending in a fiver and a request.
it makes me wonder why I vote. What is the point in collecting the data if it is not to be used? 100 people won't be sufficient to access 60+million records for user purposes, let alone input, the data maintain the system and backup/develop the system.
On the point of "user", it is normal(?) to consult and find out what the user groups want the system to do for them before building it. Is it reasonable to ask the questions - "who are to be the users?" and "what do they want the system to do?" Even if there were adequate answers then the debate on whether the objective was reasonable should still be had. If the answers are non-existent or woolly then were looking at another undefined state software project and even the good ones over-run.
The trouble is, even if we changed the Government the alternatives are still fishing in the same pond of polluted ideas so we'll just get a different toxic red herring to have taxes wasted upon.
I don't know how anyone, let alone the Government with their terrible record, still spouts the "this is secure" nonsense. All we can state with any certainty is that whatever humans can make, humans can break. And because the usefulness to organised crime of subverting or accessing such a database is high (in terms of things like monetary gain from identity theft) it will be targeted. Heavily.
Whatever security controls around such a database, they will be broken. End of story. Why not try focusing on limiting the impact of such a breach instead!
Joke alert - because the whole idea is laughable.
Posting anonymously - because I know too much
"Human error" as the excuse why things go wrong. Its never been human error, its the system and the way it works. People find ways to do what they want to do, going around whatever procedures you think you are going to enforce. This system, like the others, will never be secure.
You want an ID card? Fine
The terms are only 100 people can access it, they can't pass on the data, and if it ever leaks all 100 are put up against the wall and shot.
One of that 100 always has to be the Prime Minister.
Still want an ID card?
So, the government has moved from waffle to blatant lies in attempting to justify the ID database.
Any time a card must be validated there must be access to the database, so every card reader has access to at least part of the database. There will be tens of thousands of card readers.
While they are populating the database, hundreds of people all over the country will be involved with taking the biometric data and uploading it into the database. Will every single one of those people be security checked before employment, or will they just be the first people who apply in the job centre? How many of those temporary employees will keep a copy of the fingerprints of some famous person who randomly passes through their processing centre?
When the construction phase is complete, how many of the temporary access user names and passwords will be properly cancelled?
""From the point of view of the National Identity Register, there would not be discs flying around in that way. Anything that was ever downloaded would be encrypted. There would be severe access controls," said Hillier."
Hillier, I don't know why but when I first read that it came across as Hitler?! - maybe my subconscious is telling me something.
Just suppose the government manages to convince the public this is a good idea (or dupes us into thinking we had a choice) and sets up such a database.
Then just suppose there is a breach of security (unthinkable) and the whole population's details are in the hands of a ne'er-do-well. Then someone becomes a victim of fraud. Will the government be liable in the same way that banks are?
What if 60 million people lose their savings? Who is going to pay for it? The government (aka the taxpayer)? So even if the government accepts liability we have to pay anyway.
Five minutes of thought shows that lumping all our details together in one location is far too risky to even consider.
I'm not against an ID card (after all, I already have an NINO, a driving licence and a passport - not exactly anonymous am i?), but what's the point of the biometric stuff? Surely a recent photograph is enough.
If they ever get this up and running, I'm moving my bank account to Lichtenstein.
"Needed to buy a house ... " Do I detect another way to make them ID Cards compulsory (at least for the muddled mortgaged classes). Goodness me I bought and sold houses for nearly 40 years without the need to do more than to affix my signature to a contract and rather too many cheques.
Supporting criminal terrorism? Mine's the concrete overcoat ...
Spot on!
Security isn't the issue, here!
If the DVLA will sell your name and address to barely legal clamper-thugs it is safe to assume that HM Gov will cheerfully sell the even more sensitive data in the ID database to any lowlife willing to pay for it.
Nothing to hide, nothing to fear? Think again.
He misses the point. The issue isn't what the access controls are now, or at launch, the issue is what the access controls could be like 20 years from now when goodness knows what might have happened.
The only way to be sure data is secure in perpetuity is to not collect it in the first place. Any access controls can only ever be described as "for now". Indeed, the one thing Parliament cannot do is constrain its future actions.
"We're required under current EU law to have an ID cards"
No, we're not. And even if we *were* there's no requirement for them to be linked to your bank account, land title deads etc. etc.
From the article:
"National Identity Register will have very limited access, stringent security and no risk of 'discs flying around', MPs have been told."
Err, didn't they say that they sell access to anyone ?
"fewer than 100 people will have access to the National Identity Database"
That's a lie then, at a guess ?
"In rare cases the security services will be able to access the database, but not the NHS"
So the whole 'id cards help you get treated in hospital' spin is buggered then, as they'll now just look your name up on the NHS Spine from your credit card ?
What a even more expensive and silly exercise this is turning into.
Maybe it's time you all joined your local http://no2id.net group...
of course means 60% for...
but I was never asked,
I doubt that 99% or more of the population have been asked.
is this a case of we asked a ten people who we found in a meeting and only 4 objected.
that doesn't take into account those who didn't object but were actually not for ID cards.
or do they assume that ID cards were a govermnent proposal and 60% of people voted for a party with that on the agenda completly ignoring all other agendas,
can we use the same logic to say that 60% wanted to go to war?
I don't think you can.
deeply unhappy face: i feel misrepresented
What indeed is the point of voting? A politician's career can last 30-50 years. In our two-party musical chairs system, government and opposition generally rotate every 4-12 years. You don't need to be a professor of mathematics to divide B into A and figure out that if you're a politician, getting your stupid arse into power is not about pleasing the electorate. It's about patience.
I'm not saying voting is completely irrelevant, but it's much less important than good citizens are supposed to think it is. The main issue is not who's in the government, but how many people are in it.
"If you look at what has happened in the past we had a passport which was used for external verification of identity, national insurance number which was used internally, and now 80% of British citizens have a passport and we actually really should see an identity card like a passport "in-country" if you like that entitles people, well it doesn't, we're not using it as an entitlement card but it gives people easier access to certain services".
Meg Hillier MP
Careful Meg, you don't want to let the cat out of the bag.
http://www.parliamentlive.tv/Main/VideoPlayer.aspx?meetingId=1201
01:42:30 in
Just checking the internal passport's in the pocket - I'm off to the shops.
If you need your id card to hire a hooker , pay off your rent boy, make an offshore bank transaction, submit an expenses claim (etc, etc) . i'm sure it will become very secure.. Anyone want to develop this list a bit???? and who's up for setting up a cumulative bounty to find the first leak in the database SPECIFICALLY on a serving minister?
Mines the pvc one with the bunny ears...
They've stated that they have no intent to sell access.
However, they then say that they are extending access to other government organisations and selling access to defray the costs.
Now they say they won't sell access and the access to the database will be limited.
Is there any surprise we don't trust them as far as we can throw them up?
I'm sure El Reg can trawl the back catalogue and find the three statements above...
Maybe the problem is Hillier cannot count up to 100, so therefore she can't list the <=100 institutions that will access. Not a lie at all. Just a concrete example of inumeracy.
As to needing it to buy a house, well they need to know you really exist. I mean, without an ID card, you may not actually be there, making selling you a house very difficult.
And I would say that 102 people need to be shot if there's a single breech:
100 is all the people who have access
1 is the prime minister who was in charge when this went ahead
1 is the current prime minister
The original PM is needed because when the reluctant say "you'll abuse the information" they respond with "not us, we're nice" and assume that any future government would be nice. Well, how much do they believe that? With all their heart?
take an example of standard stats on an issue
20% in favor
40% nutral
20% opssed
so the side lobbying for it say 60% will suport us and the side opssed say 60% opssed and boith sides clame to be suporting the will of the pepol whail the majority of the pepol switch chanle and watch pop idol
......for the revolution people!
Its happened before, it can happen again, how many of the common man is appalled at the way the "government" supposedly support and represent the majority of the British people.
Its time for a major rethink in British politics and the way the fat cats are voted for.
The coat because i couldnt find the black helicopter after my *terrorist* like rant!
As regards the National Identity Register, which of these two statements do you feel is more likely?
a) There is some essential benefit to this country and it's citizens, but the politicians haven't got around to telling us what it is;
Or
b) Politicians want as much power over us as they can get because, broadly speaking, most of our thinking and behaviour is of necessity more practical than politically-correct, and so professional politicians see us as a threat to their privileged lifestyles.
And while thinking of a threat to their privileges, would the budgets for Government projects be more realistic and better managed if any financial over-run first had to be made up from the pension-funds and savings/property of those responsible, though only to a degree that would let them learrn rather than ruin them financially such as:
5% of the funds of MPs who held any Ministerial post relevant to the project;
1% of the funds of all other MPs;
3% of the funds of all involved senior civil-servants?
(And if you think this would stop government from doing anything that wasn't absolutely essential, well, that might be a significant improvement.)
Paris because, like politicians, the budget is irrelevant to the spend..
Ms Hillier, and I add my voice to those who read that as 'Hitler', clearly thinks that we're as stupid as she is. Quite apart from the excellent points made above, she seems to have stated, with concrete certainty, capabilities of a system that, AFAIK, hasn't even been /specified/ yet
She can give all the reassurances she likes, but until the system has actually been implemented (a spec is not sufficient, especially in a government IT project), they're all so much ill informed bullshit.
I particularly enjoyed her "two baskets" analogy, which demonstrates very clearly her ignorance of any technical detail whatsoever. Hint : Two databases, both of which must contain an identical unique identifier for each record (in order to JOIN them together, duh!), are effectively just one database you dumb bint.
And as for :
"How many organisations will have access to the database ?"
"Oh, to many to list" .
Oh well, that's just fucking peachy then. Thanks a bunch. Consider me properly reassured. And by the way, is the weather on your planet nice ?
Halo'd Bill, because this lot make even him and the Balmernator look like the diet pepsi of evil, and because we haven't got a suitable jackbooted facist icon yet, hint hint.
Can't these lying weasels even tell each other the truth?!!!!
"Less than 100 people will have access." I'm sure what she means is that less than 100 BOFHs will have access to the entire database at once on the server farm and could steal the whole thing in one go.
"there would actually be two 'baskets' " = The information will be in 2 places but each bit will only be stored in one basket.
"the number of institutions were too many to list" = Anyone with a council ID up or a wheel clamp will be able to access it but they can only download as many single records as they want, not have the whole set delivered in one go. So that's OK then.
"but any organisation requesting access would have to prove it needed the information as part of an ongoing investigation." = We won't give the whole thing away at once (anyway it would soon get out of date if we did) we'll hand over as many records in real time as anyone wants. If they weren't investigating something they wouldn't ask.
"there would not be discs flying around in that way" = No, the database will be terrabytes of data. We'll send it round on tapes or hard drives as the pile of discs would be too big. "Bob, have you got DVD-R number 623 from the ID database? Sorry mate, I've only got half the 500s. it's got to be here somewhere; Ask Tracy"
"the biometric data will be held at a higher level of security than the biographical information" = We'll keep all those shiny biometrics that we want so much safe but we don't care about the stuff that most criminals would actually use to commit identity theft against you. YOUR ID getting stolen doesn't cost US any money and we'll use it as an excuse to introduce more surveillance later.
"The passport database is certainly a very secure database. The average man and woman in the street are not worried about it." - Because very few organizations have access to it and nobody has been publicly exposed for fucking up YET.
"she said the latest official findings were that 60 per cent of citizens were in favour." = Only about 40% of the population know anything about it yet.
"Hiltler, who has responsibility for identity cards, said it was important to win public confidence in the scheme" - BEFORE people find out what it really entails. Show me your papers please.
EU Scheme aims for ID Card interopability:
"http://www.itweek.co.uk/itweek/news/2199858/eu-scheme-aims-id-card"
Here's the link showing that the UK's "Identity and Passport Service is leading the integration project":
http://www.epractice.eu/document/3983
Here's the formal agreement from Portugal in 2007:
http://www.eu2007.pt/NR/rdonlyres/FAA18F0D-1519-4F85-BF08-950238146875/0/Ministerial_Declaration_Final_Version_120907.pdf
This is clearly about identical standards and information sharing across EU nations. In my opinion the chance of a pan-EU identity card is 100%.
What I want to know is how they intend to stop governments, present & future, from getting to see it and misusing it.
The passport database may not have worried the average man and woman in the street in the past, but now they are going to want biometrics, I for one no longer trust it.
I am not a criminal. And would not become one, unless, in the future, parliament defines ridiculous crimes that would risk any decent citizen being labelled as a criminal. Therefore there should be no intimate record of me held by the State. We are free citizens, we must ensure we stay that way. The State is there for the benefit of the citizen, not vice versa.
Telling the truth is possible only if you know the truth. Ministers generally have to be briefed about issues. To come out with such palpable contradictions as Hillier did means either she was badly briefed or just didn't understand it. Unless senior civil servants are now far more negilgent than I realise, the latter is clearly the case. Perhaps McBroon is so insecure that he needs to surround himself with stupid people - unlike Stalin, he can't just have them shot.
I don't get it.
When I got my drivers licence, I was required to send a passport photo. The one I had done was clear and my face and features were clearly identifiable.
2 weeks later I got my licence. The image had been reduced to 1/4 the original size and a hologram printed over it.
What is that all about? How's anyone supposed to use that to verify that I'm the rightful card holder?
If the image was clearly visible then anyone wanting to verify my ID could use the card. The fact that they can't is a joke, what's the point of it? If they could, would we still need the biometrics etc..? How does having biometric data increase the security of the card? Are people going to be able to draw samples upon arrest, house purchasing, passing through customs, buying alcohol? Has anyone ever described how and where the verification process will take place?
Besides that; what of these discrepancies in Hillers responses that everyone has talked about here, "fewer than 100 people will have access", yet a list of institutions who'd have access was "too many to list", and doesn't include the NHS. So what about data entry, how's that going to be secured? My company can't seem to be able to unify the way postcodes are entered into the database's here let alone get them consistently right, and we only have about 13million accounts.
I foresee that data entry will be THE least secure and the most exploited in it's early life. False cards will be created through people infiltrating the system and also through playing the system. Proxy applications similar to proxy voting will, through the disabilities act allow this. As will acts protecting people on witness protection, people in secret service, SAS posts etc. There will be so many ways of NOT having to meet 100% of the criteria that there'll be dozens of ways of getting cards for any purpose.
The best way to secure the data, as has been said before, is to not collect it in the first place. There are a lot of things we can spend the same money on to improved and secure UK life, ID cards as they are presented to us currently, is not the answer to any question.
Perhaps the minister is telling the "truth" (*cough*) when he says that "fewer than 100 people will have access to the National Identity Database".
I guess it depends on your definition of the word "access". Think "physical access" and maybe he's not too wide of the mark. It's just your own silly fault you thought he meant something else.
Any assurances given by politicians today are invariably worthless tomorrow. Ditto so-called "safeguards".
Oh, and while mindful of the way they are selling our DVLA data, let's not forget the recent news that the US FBI are already requesting access to our data.
http://www.guardian.co.uk/uk/2008/jan/15/world.ukcrime
I feel reassured already...
As long as I get to be one of the less than 100 people. In fact as long as each and every MP is willing to give me all their personal information to store on my own computer - which I promise to patch bi-annually, then I don't even have to be one of the less than 100 people.
If they've got nothing to hide, then they'll have nothing to fear in giving me all their data.
It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl
to have lying around in his wallet, though it was perfectly
understandable. There were so many different ways in which you were
required to provide absolute proof of your identity these days that life
could easily become extremely tiresome just from that factor alone,
never mind the deeper existential problems of trying to function as a
coherent consciousness in an epistemologically ambiguous physical
universe. Just look at cash point machines, for instance. Queues of
people standing around waiting to have their fingerprints read, their
retinas scanned, bits of skin scraped from the nape of the neck and
undergoing instant (or nearly instant ? a good six or seven seconds in
tedious reality) genetic analysis, then having to answer trick questions
about members of their family they didn't even remember they had, and
about their recorded preferences for tablecloth colours. And that was
just to get a bit of spare cash for the weekend. If you were trying to
raise a loan for a jetcar, sign a missile treaty or pay an entire
restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information
about you, your body and your life into one all-purpose machine-readable
card that you could then carry around in your wallet, and therefore
represented technology's greatest triumph to date over both itself and
plain common sense.
For every breach the ministers responsible, (all of them from day 1 of the project), and top 3 tiers of management are fined 10% of their pension/superannuation and 10% of their gross income for the current financial year.
I am *certain* such an agreement would lead to
a) vastly better security than ever before
b) a cost blow-out when they start getting realistic about security and managing individual access.
If they're serious about this I could host it for them- abroad.
They'd need an agreement with the local government about complying with both privacy and banking law (and, unlike in the UK, the legal bypasses are (a) very tough and (b) also demand good carekeeping of data so obtained - you may want to check up RIPA on such requirements).
But that could inspire a level of confidence, I don't think nothing else will.
"This could indicate a postponement of ID cards for UK nationals, as the government changes the direction of the scheme away from providing a card to facilitate access to services and towards collecting information about citizens."
It was never the card that bothered me so much as the database behind it. I think most people are not confident in the "Passport database" because most people have simply never considered the existance of such a thing.
Ms. Hitllier said: "The passport database is certainly a very secure database. The average man and woman in the street are not worried about it."
We may not have been a year ago, toots, but we sure as hell are now. I'd like some kind of assurance along the lines of "If your personal details get out of this database, you are free to visit me at home and stab my spouse in the heart" please.
I remember, going back a few years, when all this NIR nonsense first kicked off and I started getting involved in no2id, I was lambasted and ridiculed for being so naive and idealistic as to feel we didn't need this thing for "obvious" security / immigration / terrorism / paedophile / [insert horseman of choice] reasons. I have had the stunningly ignorant "Nothing to hide, nothing to fear" mantra chucked at me more times than I care to mention. I was accused of being both anti-British and a Little Englander "Not allowing us to take our place on the world stage" in the same sentence even ... and I still have no idea about the logic for that one!
So, I read the article and, per habit, made notes on the ill informed, self serving waffle disgorged by the latest to hold this particular poison chalice, with a view to making a suitable comment.
Then I read the existing comments.
Fan-bl**dy-tastic folks ! You got the lot :)
I then read through the comments again. Not one was even slightly in favour of the scheme !
As an aside though .. does anyone know where she got the "60% in favour" stats. The last survey I saw suggested that it's more like 47% (and rapidly falling) for, 50% (and rising) against with up to 25% of the population in jail if they ever try and make them compulsory.
eg http://news.zdnet.co.uk/security/0,1000000189,39292691,00.htm
Smiley .. Cos it make me happeee :-)