Digital belles, but no beaux

While browsing through the wonderful Beyond Words bookshop on Cockburn Street yesterday, I spotted an interesting Taschen title, Digital Beauties (a slimmed-down version of a much larger edition) – a book showcasing computer-rendered virtual models. While flicking through the books, as well as being slightly disturbed by their appearance (I think I have uncanny valley in spades) it also struck me how they were all “women”.

Now, it would be quite easy to say that this is a simple consequence of male geeks, unable to interact with real women, are instead making them of their own (and given that some of the ladies depicted have unfeasibly large norks, this theory has some credence). But there are female geeks out there, and gay geeks, so you’d think there’d be some people out there making male versions. But there aren’t many, and not in the – there’s some stuff out there for anatomical models, but not for facial closeups – is there just no demand for it, or are male faces (stubble etc.) intrinsically harder to model?

Bad design and other misconceptions

The other day I linklogged to the so-called worst web interface design ever. In actual fact, shoddy as it was, it did actually make sense from one respect; it was designed to be a straight port of the old-school terminal applications that had been used until recently for accessing the same database, so as to avoid retraining costs.

This is perhaps the most over-zealous interpretation of a rule of software design that is often ignored – namely respect local working practices. Technologies are not simple black boxes that can be dropped in and expected to work straight off; often there will need to be adaptation and customisation, either during its design or after implementation and during use. Too often this is ignored, and we attempt to make every technological implementation revolutionary and groundbreaking, rather than flexible and sensitive, belying the fact that most successful innovation is small and piecemeal. Instead of trumpeting the big we should celebrate the art of subtle refinement and improvement.

Aside – governments, the British one in particular, happily ignore this fact when it comes to IT projects, with the result that, as Chicken Yoghurt reflects, the complexities involved end up creating a really terrible product.

Anyway, gradual improvement is still more than no improvement at all, though. In the case of the web app above, the general layout and work processes could have been retained with a little refinement, along with a total redesign of the controls that would have looked half-decent in a web browser. That would have probably required little retraining – after all, people accessing the site would already be used to using a web browser form design paradigm in other applications. A successful redesign would combine the two skillsets together in an intuitive way. But there’s an art to these things, one that too many in the software trade haven’t picked up on, sadly.

Identity cards…

I know, let’s talk about ID cards. I’ve been itching to for ages.

Identity cards, as they are being proposed, aren’t actually identity cards. In fact they have very little to do with identity. This may seem a little strange, but let me explain: there is a difference between identitfication – i.e. who we are and where we have come from, and verification – i.e. whether we actually are who we claim to be. Identity is a highly complex concept which is innately interwoven with our own sense of self; it varies depending on which context you are in – when writing a blog entry, I assert my identity in very different ways from when I am at passport control, for example.

In this case, the government is trying to introduce a verification mechanism aimed at linking our identity, as it is regarded as within the context of transactions with the state – claiming benefits, crossing borders, being stopped and searched. These data are quite dry and factual, and only form a minor subsection of our whole identity. In fact the old “entitlement cards” name was a far better and more apt name for what is at the end of the day a verification mechanism.

In fact, the “cards” bit isn’t very accurate either; since the most important factors in the system aren’t the cards, but the biometric scanners and the data about you that are being held on the national identity register.

Anyway, when providing your identity within a context, you often have to supply verification. Computer networks often use usernames and passwords; cash machines use cards (which store your account number) and PIN numbers. In both cases, we have two separate devices; the identification device that is unique but not very private; and the verification device, which is secret but probably not unique. Together, they work to say “I am X and I can prove it by showing you Y”.

The problem with identity cards is that confuse these two concepts; thanks in no small part to the “wonders” of biometrics. A biometric is a digital representation, based on the unique patterns of our irises or fingerprints. But this suffers from a horrible confusion – just because your fingerprint is unique, it does not entail that your biometric is. The representation is only an approximation; as a result it would be entirely possible for a scanner to say you’re not who you are (a false negative), or for two people with similar patterns to share the same biometric data (a false positive). Given that fingerprints and irises are both analogue and highly similar, there is no way a system of digital biometric representation can ever be proven to be unique for every person. This is not to say biometrics are useless (although even iris scans only have a 96% success rate) but just as it is stupid if we only had to type a 4-digit PIN to access our cash, it is stupid to rely just on biometrics to 100% guarantee our identity. A system that assumes verification = identification (and the Home Office far prefers to use the latter over the former in its papers and bills) runs the risk of blind faith in something which is in actual fact quite fallible.

Now, up till now I’ve said biometrics are the same as PIN numbers. But they’re not; there’s a big big difference, and it makes biometrics far worse. If we think someone else might know our PIN and we want to stop them, we can change it to something else. But we can’t do that with the biometric – we can’t change our irises or fingerprints, so we can’t change the verifier either. Biometrics truly are the worst of both worlds – more than one person can have the same one, and we can’t change it if we find out.

Bad so far? I haven’t even considered what happens when there are deliberate attacks on the system, rather than accidental errors. And believe me, it is a certainty the register will be successfully broken into and subverted: the sheer size of the national ID register, and the number of people who will have to be able to access it in order for it to run, means that it won’t be too hard to find someone with insider access who can be bribed or threatened into fiddling it on someone’s behest. As well as the means, there is the will – for a government that continually warns us of this alleged multi-billion identity theft industry, it hasn’t stopped for one second to realise that fraudsters are going to try their damnedest to get their hands on fake cards, which being “unfakeable” and “unique”, will be worth their weight in gold.

So we have non-unique verifiers that are being touted as unique identifiers, a system that will be far less secure than touted, and they are unchangable and unrevokable. So there will be duplicates and mistakes, there will be fraudulent entries. Some people will be denied services they are perfectly entitled to, others will slip through the net totally unseen. And it will be very difficult to fix these problemss. Fine. One or two people dying of cancer because they’re not given the treatment they are entitled to, or a known terrorist gaining access to an airliner, would be an acceptable risk if, overall, the benefits outweighed the costs.

Except that the benefits are not clear. There has been no analysis on how ID cards will cut terrorism, or crime that is not identity-related. As for the menace of identity fraud purportedly costs the UK ?1.3bn a year (in what is not much more than a bad guesstimate). As identity fraud is just a catch-all for a highly varied set of crimes, many of which borne by the private sector and do not involve personal transactions – such as Internet fraud or false postal applications for credit cards. There are no figures on how much the specific crimes that ID cards could stop actually do cost the economy every year, but it is bound to be only a proportion of this figure.

Still, this figure is in the hundreds of millions, possible. But given that the system could cost as much as ?18bn – which is three times the government’s estimate, but this is more or less the going rate for government IT projects. That’s a lot of money for saving a few hundred million a year.

Oh yeah, the loss of civil liberties. Forgot that (Just like Charles Clarke in fact…). Anyway, the most nauseating statement that can be said on the matter, and one that instantly marks the speaker as being fundamentally mentally defective, is “If you’re innocent you have nothing to worry about”. This is bullshit. It is precisely because we are innocent that we should worry. There is a fundamental principle that we should be presumed innocent rather than guilty; that suspicion should not fall on us as a blanket measure. The ID cards bill compels compulsory ownership and thus compulsory use; the police will be given powers to make you present yourself with ID if they don’t like the look of you – this will inevitably be misused against the poor, and the marginalised just as stop and search and other measures have been in the past, regardless of actual guilt.

Right – that’s all I’m going to say for now on why ID cards are rubbish – if you want more, there’s plenty of other literature out there from respected writers and academics like Bruce Schneier and David Lyon who write a fair bit on the subject, and better than I can.

A final question – despite little supporting evidence for the benefits, overwhelming and rapidly rising costs and significant public opposition, still the government pushes a national identity scheme forward as an essential measure. I mean, ?6bn is a lot of money; ?18bn even more so. Which really demands the question – why? Why risk fucking up so much? I’ve thought of several reasons but none of them are that satisfactory:

  • The government are a bunch of technology fetishists: Plausible, but why not just pick yet another NHS or social security IT project instead of something so tricky?
  • They’re being heavily pressured by IT providers to come up with another reason to line their pockets in exchange for an inferior product: I like this less than the first one; also again why pick such a difficult project?
  • They’re this is part of the masterplan along with imprisonment without trial, implementation of postal voting, etc. to slowly turn the UK into a dictatorship: I really don’t like this option one bit.
  • They want a prestigious project to show competence and effectiveness: Maybe… but why not spend that money on something obvious and simple that no-one will object to like more policemen or hospitals, rather than a controversial and difficult project?
  • They’re just plain stupid: Depressingly enough, this is the most plausible and the least worst option of the lot.

Dunno about you, but I’m now scared.

Rearranging deckchairs

A 16 year-old from Manchester, amongst other things, attempted to cut down a CCTV lamppost with a chainsaw, threw fireworks at cyclists, pulled a person from a bicycle and threatened him with an axe, and drove a car on a pavement and down steps close to a pub. And what do the magistrates do when he’s hauled up? Ban him from wearing a hoodie.

Yet another stunningly stupid decision, and proof that it’s not just politicians these days that are having trouble telling the difference between effect and cause, between symptom and disease, between the profound and the petty.


Apologies for not blogging of late, I have been inundated with an unexpectedly heavy workload; the course I did at the start of the month demanded far more essay work than I expected. Added to that, I had to prepare a presentation (PowerPoint, alas) about the dissertation I am writing to members of my department.

Aside – one of my fellow students is studying the phenomenon of blogging, with reference to his native Chile and how blogs ‘swarm’ around particular memes, which looks a really interesting dissertation. Feeling I was too much of an insider, I am not writing my dissertation on blogging – instead I’m looking at Open Source and the socioeconomic structures within the development community. Hence the number of OS-related books in the sidebar at the moment.

Anyway, I handed in my final essay on Wednesday and presented on Thursday, and am suitably shattered. I have not had a chance to read other websites this past week, let alone write about them, so a decent blog post may still take a couple of days to follow. In the meantime… Kitten War! (via everywhere)