ID Cards and T****ing
April 19th, 2004The Register had a good, if slightly waffly article on ID cards and how they might fail, which was published a couple of weeks ago, but I’ve only just remembered to blog it. Also out is a bit on IDs this month’s Cryptogram by Bruce Schneier, which is even better - although US-based, it applies equally to us, and succinctly points out why they will not make us any more secure or safe. I recommend reading both if you’re interested in the topic.
Also the Reg today had a story on the t-word, which has (acording to my referer logs) prompted a flurry of people Googling for the term, and coming to this site looking for more information but just finding a comparatively dry blog entry. Sorry. Feel free to look around though, there’s other fun stuff here…
April 19th, 2004 at 22:38:31
I was talking to someone about ID cards the other day. The principle of them doesn’t offend me in any way - (a) as a Malaysian citizen I already carry a National ID card (with biometric data stored on it) and (b) if people really wanted to track me, they could do it by a plethora of other means: my credit card spending, for instance.
What I’ll be interested to see is whether SmartCard technology will integrate with Mobile technology; the ultimate convergence device, the device which more than 3 in 4 brits carry anyway, is the mobile phone. You could easily slap on a biometric reader and build decent security protocols onto a smartphone, they’re already virtually unstealable thanks to UK and soon pan-European IMEI blocking services.
April 19th, 2004 at 23:44:20
Why stop there? I was talking about this with Quentin Stafford-Fraser when I interviewed him some months ago.
As far as phones go, theres’s no need for fancy triangulation and surveillence systems; every time you move between cells, becasue of the need for your call to be switched from one frequency to another, your position is known very precisely. It would be possible to determince not only where you were, but, say, where you’d been, who you were calling when you were there, and if you were speeding. And, indeed, if you were speaking on the phone whilst driving.
And, while tracing credit cards is a piece of piss, he pointed out that image scanning technology is sufficiently advanced now that it would be neither (over) complex nor (over) expensive to scan the serial number of every banknote removed from an ATM. And if, for example, those two £20 notes you took out this morning are found in the pocket of a drug dealer that night…
The point about all this was not to indulge in paranoid fear of The Man (though I have just watched Enemy of the State again tonight), but to point out how it’s not the amount of information that can be gathered which is the problem, as some civil liberty campaigners sometime appear to think, but the protections that come with the information gathering ability. That rights should be legislated for in step with advancing technology; that the access to information should run both ways (bosses cannot spy on workers without workers being able to spy on bosses); that there should not be unequal social distribution of access to privacy, and nor should the sacrafices required for extra privacy be such as to effectively force compliance.
Or something like that. Wish I still had the transcript; wish I hadn’t been drinking, too…
April 19th, 2004 at 23:58:55
That was more coherent, and relevant, in my head than when I finished typing it.
April 20th, 2004 at 10:21:34
You’re absolutely right. The privacy issues are not about the information stored, per se, but rather about how that information is managed.
Therein lie the tricky issues, and this is precisely why Gmail should have caused no fuss at all (among other things).
April 20th, 2004 at 10:53:57
I would argue apart from the implementation issues (and I agree with Tom’s points as well), there are many other factors at stake. What about the principles of free will, and that citizens are free to go about their business without the state assuming they’re guilty. After all, I can opt out of a mobile phone and a credit card if I wanted to, I can make a trade-off between convenience and security (security is all about trade-offs, as Bruce Schneier is fond of saying). But there is no choice here - I cannot make that trade-off with an ID card - we will all be one day legally bound to own one. And why should the state be able to demand that I must prove to it who I am whenever it wants - at least with credit card & mobile phone records the police have to get warrants and satisfy other legal protections before doing so.
I am not demanding total privacy here, to use the trade-off principle again, we all have to trade some privacy for security. Here we are trading a good chunk of privacy (oh, and approx. £6bn of our money), with no evidence that this will increase our security at all.
April 20th, 2004 at 11:48:52
Valid points - but the reality is that they are generally used little more, in a substantially more corrupt and institutionally racist country with a smaller population (Malaysia), than for verifying you are who you say you are - in the UK, you need passports/driving licenses to do this at the moment. It reduces admin in a bunch of ways, which is helpful and ultimately cost-saving.
I guess a way of looking at it is as a kind of country-level CRM system designed to ultimately save the government money. £6bn now for larger savings later… but then, depending on how its implementation is managed, it could all go balls-up…
Also, the (potential) applications have yet to establish themselves as effective. My basic point was simply that I’m not worried about The Man invading my privacy.
But then, I have nothing to hide.