OK we get it....
Covid scams are so last year, so your Eton chums need a new shit load of cash for doing fuck all.
The UK government is launching proposals to boost the legal status of digital identities, something it claims will ensure they are trusted as much as physical documents such as passports. The blueprint suggests the technology could take a number of forms such as a phone app or a web-based service. The government today argued …
You just had to mention Fujitsu.
Just as a paper exercise(after reading another load of posties were cleared of theft) I considered howto make a transaction client/server system that could do what horizons did.
The short answer : I could'nt.
the longer answer : the only way I could finally do it was to get the transaction log from the client, and send it unverified onto further processing. any transmission errors went too
And these are the sorts of people the government want handling "One ID to rule them all "
Oh dearie dearie me
Of course the contract will go to a foreign firm - no civil servant would miss on the business trips abroad clearly required to negotiate the billions of contract that leads to the nice little earner for family/friends/themselves.
The foreign firm will charge per engineer per day what they are paying in bangalore per month.
The contract will of course indemnify the company if through their failure to deliver the contract is cancelled.
Then of course we have the 'what the hell is this' which will come out of it.
After all the only real way to have a meaningful digital identity is some sort of key based setup. But where are people going to store the keys? On their phones or laptops - places where the key is going to end up being stolen. Or, the phone is lost/breaks and suddenly you cant do anything (even get in touch with the government scheme) to get a new set of private keys to go on your new device and cancel the keys on the old one.
There is really no obvious and good way to mak such a scheme actually work
Then there is the worst of all, its a snoopers charter, as soon as gvmt has conned (sorry persuaded the gullible) into having a digital identity they will force every website to make you enter it so they can track everything you do, every page you view, every post you make - all in the name of protecting kids and avoiding terrorism
I have a snappy name for it, we could call it STASI: Secure Technology Authenticating Subjects Identity.
It makes so much sense to put all of you identity including qualifications etc into one govermment data base, after all, who could the British people trust more with all of their life's details?
Now, where did I put that sarcasm icon?
This is indeed the point. I feel no need whatsoever to be able to prove who I am. I already know very well who I am, and it's me that defines it, not government.
If there is any practical application of this kind of technology (which I doubt) then it should address a different question, viz am I authorised/qualified/entitled to (do) the thing at hand. This depends in no way at all on my identity.
-A.
Instead of the gvvnt picking and choosing and thrusting something upon providers, why don't providers work out for themselves what they need. The government didn't invent ATM machines, standing orders or direct debits, banks did. The government didn't invent the clinical software systems almost all GP practices use, SystmOn, EMIS and Vision did*.
*Other clinical systems may be available, those are the ones I have experience with.
I don't see how 100 flowers could bloom when it's the government that has the monopoly on identity. Most problems stem from the government being unable to lay out a spec and roping the private sector in to fill in the blanks. E.g. why on earth would the government need Experian to verify who you are since between the Passport Office, the DVLA, and the DWP they should know already.
Also bank security is handwavy nonsense (banking apps, SMS 2FA, credit card number algorithm, online payment gateways, 3D secure...).
Oh really ?
Show me one bank account that has been hacked.
I'm not talking about credit cards, I'm talking about the account itself.
Go on, show me one case where a bank account was hacked and money transferred without the authorization of its actual owner.
Pascal Monett: "Go on, show me one case where a bank account was hacked and money transferred without the authorization of its actual owner."
Three of mine.
For two of them which both required a paper signature to remove money , the hackers set up an online account in my name, used the numbers of my genuine accounts to access my cash, transferred it all to their online account and thence to their account outside the bank.
The other one was when they set up direct debits to an account and waltzed off with over £12k.
The fraudsters had stolen some of my post, including bank statements, pension statements etc. soda all the account numbers, my name, postal address etc. (for some reason you cannot stop a bank putting your actual National Insurance number on the letters they post to you).
Fortunately in both cases I was able to get my funds back, but it was stressful. I had already alerted the bank to the possibility of fraud, and the Direct Debit guarantee made getting my money back from that fraud easy.
Whilst I cannot advise a life of crime, if you really want to get rich try online fraud because nobody is actually looking for you. So called 'ActionFraud' merely allows people to record frauds, and does not actually investigate anything as far as I can make out. The Uk Police won't investigate because 'that is the responsibility of ActionFraud'. This has been remarked upon in several articles in the Wednesday 'Money' section of the I newspaper.
Well that comes as news to me and I'm very sorry to hear that you've had such a string of bad luck.
I would like to think that my bank would be a bit more attentive. Once I set up a transfer of over €3000 to plumber for the work he did, and the next day I got a call from the bank inquiring if the transfer was legitimate. Of course, I told them that it was and they definitely needed to make the transfer because my plumber needed to get paid for his work.
But they called.
Clarkson stung by fraud stunt | Scams | The Guardian
The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham.
He also gave instructions on how to find his address on the electoral roll and details about the car he drives.
However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association.
@Pascal Monett
"Show me one bank account that has been hacked."
[Edit: I see Dan 55 and others have beaten me to it. Apologies, but the comment stands]
Well how about a publicly-documented one then..?
Back in 2008, Jezzer Clarkson said that it was impossible, and then some wag set up a Direct Debit for £500 from his bank account to the charity Diabetes UK on his behalf, after he published his details in his newspaper column.
BBC News: Clarkson stung after bank prank
Yes, he was dumb to publish details of his account, but how much of our info is already out there. It only takes the right bits to come together in the hands of a scumbag and nasty stuff happens.
Is this really you? You don't usually say things like this.
@AC
Cynicism implies that there is doubt about thr outcome, whereas the attitude here is fueled by history, experience and certainty. If the British government is going for any all embracing system involving technology, any successes will be in spite of government involvment not because of it.
@Chris G
"...any successes will be in spite of government involvment not because of it."
Like screwing-up the Covid numbers because they were using an older version of MSExcel that could not contain the full number of entries in the column - this is "Basic Stuff™️" people! Just use the right tool for the job, and at least be cognisant of the limitations of the tool! FFS.
With humble apologies to Megadeth:
"Government Information Technology Projects are two FOUR words combined that can't make sense..."
Personal Anecdotes (and rant) based on 22yrs of Civil Service and 3 yrs in the British Army:
It always seems to be the case. In my old MOD research days, I lost count of the times we were "reorganised" by a new Defence Minister to suit their political ambitions. Each time it set back projects, caused cost-overruns, and EVERY TIME us Civil Servants got the blame. The reason the Civil Service is so shit is **persistent government interference!**
The same goes for Education, Local Services, Energy, Transport, ad infinitum. Just add more managers and reduce the funds available where it's needed by the amount required to pay these millstones on Society.
Do you remember us soldiers not having body armour while in theatre?! Not having the correct filters on the vehicle engines (especially the MBTs!) for 'fine sand deployment?!" Or how about the time my vehicle was told that we were out of RARDEN Cannon rounds because UKGov had "messed-up" the supply contract and thought we could go to war without the continuous need to supply munitions??!!! Julian H Christophulous!!
Any UKGov involvement in Service Provision is always ALWAYS ALWAYS a guaranteed clusterfuck!
The biggest shit-storm ever introduced into the MOD was "Package Management" whereby EVERY 6 MINUTES had to be accounted for on an FMA Form (Financial Management Accounting, AKA: Fraudulently Manufactured Account) of what project was to be billed. Oh, and we had to "show a profit" on that project, which was often either mission-critical work or - Blue Sky research. (WTAF?!!) As result we wasted a LOT of time filling out those timesheets and billing that time to projects instead of actually doing the sodding work!
What made it all the more galling was that the inventor of the Package Management system eventually declared that "The Package Management System of financial accounting does not work."
So what did UKGov PLC do once hearing this mea culpa from the inventor?
Yup. You guessed it. They doubled-down. Not only adding more layers of manglement in the MOD/Civil Service, they pulled the same shit with the NHS and fscked that up too!
Icon is gubmint-appointed contractors cronies emptying the Public Purse while pretending to produce something useful. Again.
I know what would reduce fraud:
Agencies that actually do their job. If you ever had a pleasure of reporting fraud, you would notice that you will be tossed from one place to another and some bodies like Trading Standards would sound like being on the side of fraudsters and would do their best to discourage you from any action.
The government, the current one especially so, has a solid track record of incompetence and waste regarding contracting for software development.
Perhaps a phone 'app' shall appear. One way or another it will be hackable or circumventable.
The NHS 'app' relating to 'track and trace' is a risible failure at three levels.
First, its conception in context of a moderately severe 'flu-like epidemic.
Second in its construction and use; notable at present is endangerment to the economy via "pingdemic".
Third, it, as is or modified to be an 'internal passport'', is impracticable as a 'real time' identity and immunisation status checker. A robust and rapidly responding online database capable of coping with immense numbers of peak time requests is pie in the sky. Reality would be delayed responses and frequent crashes. If the 'app' is intended to allow entry to restricted premises it will end up with extremely angry users and similarly cross owners of premises. It stands to fail spectacularly.
If points raised for the third level hold then the 'app' must be designed to cope with being unable always to phone home. That entails the device running the 'app' holding an updatable version of the central record. That easily can be altered and the device when interrogated could falsely indicate connection to the central database. Doorkeepers lack forensic computing skills.
That said, such an 'app', should point four be acknowledged, could be a success in terms of widespread uptake by a suitably gulled populace. Having a small self-directed percentage of the population play ducks and drakes with it must be regarded inevitable and not stoppable.
I shall play with my feathered friends.
I understand that the interview of a certain Dominic Cummings will be on BBC 2 at 7:00 tonight. A longer version will be available to us rightpondians on line too. (Not sure about USAfolk or Canadians - other leftpondians are available.)
He seems to be fairly certain that the current UK government is not entirely fit for purpose, for some reason.
Of course he is. He helped get them elected, after all.
Cummings, Johnson, the whole disgusting shower should be tossed in the sea at Blackpool beach, with all the other raw sewage, and then laughed at as they flail around like the useless pratts they are. Starmer and co can join them, too.
It's the 'One Ring To Rule Them All' approach to 'Identity authentication' that really fucks everything up - it's like trying to reach the last Prime Number: you know there's almost certainly another one out there somewhere.
Likewise with an all embracing 'Identity' scheme - there's always going to be another almighty, hair tearing, life destroying, freedom stifling, corrupt as hell fuck-up out there somewhere, that will demonstrated conclusively that the concept of of a 'One Ring To Rule Them All' identity scheme is a crushing monument to political hubris and stupidity, not to mention greed (that always fits in somewhere).
Can someone explain to me how this would be used.
1) I understand having a smart card which I can use/wave around - like like a contactless credit card ( can we use the same technology?)
2) How would we do online stuff. Do I need a Hardware key I plug into the side of my computer so it can use my private key.
3) How do I validate someone who has sent me a data file/contract/money
4) My bank gives me a card reader, I enter my card, type my pin, and enter the encrypted value in an online session.
In simple terms what's the difference between a credit card and a private identity. The infrastructure is there. The banks validate "certificates" and I could get a "bank statement" with the name of the person who owns the identity.
Just asking....
I think the problem, as the government sees it, is that they don't get to track everyone with the current situation.
For us, this is a Good Thing.
We currently have multiple "identities", each one suited pretty well for the task we use it for. This works well and has each identity quite nicely separated, so if one is breached the others aren't affected.
Trying to have one "identity" that works as a bank card, passport, COVID-19 vaccination record, Windrush immigration record, password for all those websites, Tax Account Number, age verification, NHS number, Amazon account, Company Director registration, milk round number, etc. is (a) impossible and (b) a disaster waiting to happen when something goes wrong.
I think the problem, as the government sees it, is that they don't get to track everyone with the current situation.
THIS!!!
I have multiple identities, day-to-day. I always have had (my family have always called me by a different name from my school or work colleagues). I have always had multiple email addresses since I started using email (about 1978) and for many years have made sure every service I use has a different email address (yes, I use software to track these). I have multiple mobile phones (now only 2).
I am not a criminal and am not trying to hide anything. I compartmentalise. I see no reason why one entity I do business with needs to know about my relationship with any other. I see no reason why a financial company needs to know my age or marital status. Etc.
The government must restrict its concept of identity to the minimum they need to be able to run the government. They need to provide a consistent identity for international activities and for things like tax. They should not be providing identity services for use by any commercial entities.
https://e-estonia.com/eid-in-estonia/ no central db of data, and smart card, SIM based, or mobile software that's initially configured using the smart card for authentication. Digital ID and signing, it's considered secure enough for property purchase. [don't mention voting!]
I guess when there's 65M people using it instead of 1.2M we'll really see how secure it is
I have one and it does. Not that I can use it for much in the UK, but like all EU ID cards it's part of the eiDAS scheme, so has legal weight not just in Estonia but across the EU, as do the ID cards of some half a billion other Europeans.
One of many reasons why I predict our government will attempt to do something different, then fail.
" the government also said it thinks digital identities were an easy way to help individuals prove age or qualifications without requiring physical documents." ... and ... "help people who do not have traditional forms of ID to prove who they are."
How does one get this digital ID in the first place? Could my partner who knows all my personal details just enter those details into a web form and then use that ID to sell my house?
To my mind, the only way to get a digital ID must be to first get a non-digital ID, or at least have sufficient documentation to satisfy the requirements of a non-digital ID, *and be physically present* at issue, otherwise it's ludicrous to say it's equally valid. And after you solve that problem, then there are still all the phishing and tracking and digital forgeries problems to solve.
But of course nobody of any importance cares what engineers think.
Whatever "they" come up with I'd insist (ahahahaaa!) that there be a pilot scheme, running for five years minimum.
The participants will be: all incumbent politicians (local councillors & MPs); all Lords/Ladies; all civil servants; all outsourced staff filling the rolls of civil servants (eg. DWP Job Centre Staff and HMRC); all staff involved with governmental outsourcing ventures (over, say £1M contract price national gov; £100K local gov); all law enforcement (excluding military police and Civil Nuclear).
Also, anyone seeking one of the positions above (eg. running for MP).
Leaving a post does not cancel participation, only death does that.
We'll talk again after 60 months. Thank you for participating.
[Icon - watching the watchers.]
Dick will be the project director. He is a close friend of Matt Handcock.
When completed and delivered late and over budget, by the same Fujitsu team that built Horizon, it will be implemented under the leadership of Dildo Fondling. This will not interfere with her running the NHS.
Matt himself will be given the newly created Ministry of Truth.
Mine is the one with nothing of value in the pocket.
While not explicitly stated, age verification is likely to play an important part in the government's Online Safety Bill. Vendors are pushing the technology hard to receptive polticians. It seems likely the government will want widespread age verification deployed all across the internet, not just porn.
Here I sit in The Netherlands, we have a system called, er..., DigiID.
It works fine, going to a government website, use an app on your phone and jump through minimal hoops, and you are logged in.
You need that particular phone where the application is registered (something you have) and a pin code (something you know) and hey presto 2FA.
Really don't understand the difficulty, it's relatively straightforward to operate. There are probably some edge case - so someone in your household could request a digi id for you if they know enough details, but it's been in place for years and no-one is screaming.
My wife needed to log in to the HMRC portal, and this has changed.
In the previous tax year, she'd set up an Experian identity for it.
Experian is now no longer an option, but a Post Office ID is ... (what the....?)
Half the time Experian never worked, had some issue or other....
But.....don't they realise that now we have the vaccine, we can simply present our vax spot on the arm to prove who we are, while simultaneously downloading 8K movies into our heads?
Not very forward thinking are they
I've got a catalan digital ID. It's kept on a memory stick and you just stick it in a USB port when you need to login to a gov website. In fact Spain and the EU have many diferent ones and all are accepted at a gov site. Obviously they're not blue which may be the problem.
The government today argued digital identities could help reduce cases of online fraud
Keyword in that is "could". Since it's a Government project all that is guaranteed is that it will be 5 years behind schedule, £££m over budget and the usual "suppliers" will be lining their pockets before finally being scrapped.
The government today argued digital identities could help reduce cases of online fraud because they are much harder for criminals to access and replicate than other types of online personal data such as dates of birth.
Hackers: challenge accepted.
That said, I have a sneaking suspicion that the Home Secretary will insist they not be encrypted securely, so that the security services can see what's going on, in order to demonstrate that following the government's encryption rules means only the good guys can read things. Which will mean that all the identities in the scheme will be available for purchase on the Russian dark web a week after the scheme launches...