ID Cards: Useful, or the beginning of a 1984 state?
- Thread starter Ellie
- Start date
Incognitus
Member
Captain Murphy":1rndd02f said:
There are three leading methods of identity theft:
1.) Taking someone's details during internet transactions.
2.) The misplacement or theft of cards or letters with a person's details upon them.
3.) Cracking a database and leeching the information from it.
So the government is going to solve this problem by consolidating everything into a single file, require you to use it constantly in every civil transaction including those taking place online in their new "egov" schemes.
So it won't be secure at all. Far from it, it will actually be a boon to criminals.
Australia and America both have greater problems with identity theft than the UK precisely because they are over reliant on single reference sources. The Dutch have had a similar problem, especially seeing as the cards they use have been shown to be easily readable by third-parties at a distance, and they are using the same technology as the proposed UK database.
And of course, once parties unknown have *everything* on you including things such as biometrics, you're pretty screwed.
...which is contingent on my deciding to use the internet - and I can still decide not to use the internet. Still the comparison doesn't stand. Are you suggesting that the 1 in 5 people who oppose the ID card on principle should leave the country Wyatt?
That's not what I said, Wyatt: It's a waste of money. We're paying an absurd amount for unproven, insecure database which currently has no ceiling. The money can be better spent, or (astonishingly) there's always the option to give it back to the people who earned it.
Under the scheme the Home Office takes a large swathe of executive powers, especially seeing as the extension or revision of the database, once in action, is an extra-parliamentary decision.
The database has limited oversight, with little to stop the information being abused: the state have not made it clear what measures are in place to deal with the inevitably large numbers of identifications, or deliberate attacks or corruption of what is going to be a vital piece of national software. How much does this cost?
And worst of all, it makes an individual's inalienable right to civic life entirely dependent upon the state - even if I don't have a car, I must contact the state and inform them occasionally that I do not have a car.
Considering the dependency we would have on this database
You've never heard of third party abuse?
There are hundreds of people across the country who have ever reason not to disclose things such as their ethnicity, whereabouts, car registration numbers etc into an unsecure database. Those fleeing foreign governments for instance. The example has already been brought up of Google parting with the names of Chinese dissidents to the Chinese state. Or how about something more local and domestic, spousal abuse for instance?
You know, some people might not want their medical or psychiatric records (or any other "notes" which the state feels it has the right to make a note of on your file) being as accessible to the DVLA - such as religious or sexual issues.
CrapFactory
Member
The only issue is security and cost. Other then that I don't care. We obviously cannot afford it right now though.
rey meustrus
Sponsor
I wish that government officials could get some technology experts on these things. It feels like whenever there's some big plan to rely more on technology, they're basically relying on some Microsoft spokesperson saying "Sure it won't crash or get viruses." Anybody that knows better should disbelieve. Hell, I wouldn't trust any electronic system to be 100% infallible to store information.
I would like to see laws protecting privacy, whether they happen before or after an ID system is put in place. I guess I'm speaking internationally here. It's definitely wrong that internet companies like Google or Myspace have ultimate authority to remember, store, and copy information that you give them. It's even more wrong that they can, if they say so, obtain copyright to your works if you post them on their website, including the right to maintain the information even beyond your desire to bring it offline, or even sell it without reimbursement. For all of the concern the American government seems to have about individuals exercising their ability to digitally copy material which doesn't belong to them (because that wasn't possible before, so it has to be illegal now), I'm appalled that no government has imposed restrictions on companies collecting information (often in insecure databases where it can be stolen) and selling it (this wasn't possible before, so it has to be LEGAL now!).
Any plan to make a centralized database containing this information must have:
1) Tremendous oversight, conducted similar to scientific research; i.e. double blind (regulators don't know whom they are seeing in the database, legislators don't know when it's being regulated...).
2) Database must be secure, so that ONLY authorized access will be allowed.
3) Necessarily, database must be accessed sparingly, and with good reason. Buying a toothbrush isn't good reason. Even buying a car and applying for credit shouldn't be good enough. It should be limited to law enforcement, and the law enforcement must be limited in the ways it can acquire and use the information, subject to a warrant.
4) Database must be unique, so that other entities cannot maintain their own databases containing the same information. This includes Google logging your search habits, your phone company logging the calls you make, your grocer logging the groceries you buy...there are legitimate uses for this information, such as improving product quality and availability, but the illegitimate uses are impossible to prevent if such information is allowed to be maintain.
5) Database must be above politics. A separate administration must be formed to query the database (or allow other administrations access). This administration must be free of all repercussion from any agencies of power (like executive or legislative authority), but vulnerable to regulatory agencies (so that they don't themselves use the database for immediate political purposes).
6) Database must be regulated by a third party that is disinterested in the use of the database, and whose only purpose is maintaining that it be used lawfully.
Of course, all of this is bollocks if the government just WANTS to have a massive spy database, in which case they will never impose these requirements, or if they do, they will be ignored/abolished as soon as they want to use it. That, however, is what journalism is for: to expose unlawful or immoral uses of political power. Unfortunate that journalists are falling asleep all over the world.
I would like to see laws protecting privacy, whether they happen before or after an ID system is put in place. I guess I'm speaking internationally here. It's definitely wrong that internet companies like Google or Myspace have ultimate authority to remember, store, and copy information that you give them. It's even more wrong that they can, if they say so, obtain copyright to your works if you post them on their website, including the right to maintain the information even beyond your desire to bring it offline, or even sell it without reimbursement. For all of the concern the American government seems to have about individuals exercising their ability to digitally copy material which doesn't belong to them (because that wasn't possible before, so it has to be illegal now), I'm appalled that no government has imposed restrictions on companies collecting information (often in insecure databases where it can be stolen) and selling it (this wasn't possible before, so it has to be LEGAL now!).
Any plan to make a centralized database containing this information must have:
1) Tremendous oversight, conducted similar to scientific research; i.e. double blind (regulators don't know whom they are seeing in the database, legislators don't know when it's being regulated...).
2) Database must be secure, so that ONLY authorized access will be allowed.
3) Necessarily, database must be accessed sparingly, and with good reason. Buying a toothbrush isn't good reason. Even buying a car and applying for credit shouldn't be good enough. It should be limited to law enforcement, and the law enforcement must be limited in the ways it can acquire and use the information, subject to a warrant.
4) Database must be unique, so that other entities cannot maintain their own databases containing the same information. This includes Google logging your search habits, your phone company logging the calls you make, your grocer logging the groceries you buy...there are legitimate uses for this information, such as improving product quality and availability, but the illegitimate uses are impossible to prevent if such information is allowed to be maintain.
5) Database must be above politics. A separate administration must be formed to query the database (or allow other administrations access). This administration must be free of all repercussion from any agencies of power (like executive or legislative authority), but vulnerable to regulatory agencies (so that they don't themselves use the database for immediate political purposes).
6) Database must be regulated by a third party that is disinterested in the use of the database, and whose only purpose is maintaining that it be used lawfully.
Of course, all of this is bollocks if the government just WANTS to have a massive spy database, in which case they will never impose these requirements, or if they do, they will be ignored/abolished as soon as they want to use it. That, however, is what journalism is for: to expose unlawful or immoral uses of political power. Unfortunate that journalists are falling asleep all over the world.
Incognitus
Member
http://www.computerweekly.com/Articles/ ... inutes.htm
Changing the data from "Not entitled to benefits" to "Entitled to Benefits" is a very Daily Maily thing to do, eh?!
rey meustrus
Sponsor
I'm more intrigued by the decision to add "I am a terrorist - shoot on sight" to the card.
This proves (in the most common way, through journalism) that my 2nd point has not been fulfilled. A security flaw like that is very common with government-run technology, and I think that needs to be fixed. What's the point of making a super-special ID card to prove identity if it can be easily hacked?
This proves (in the most common way, through journalism) that my 2nd point has not been fulfilled. A security flaw like that is very common with government-run technology, and I think that needs to be fixed. What's the point of making a super-special ID card to prove identity if it can be easily hacked?
Incognitus
Member
rey meustrus":2qwtf99i said:
You know, I completely missed that!
I suppose they're both a bit of hyperbole... I mean, it's not like the government has a database with our names in it with a note about whether we should be shot on sight... Is it?
So the problem here (and the debate between Wyatt and Incognitus) is that like... security and convenience are most often polar opposites. You can't really have both (at least in this kind of situation).
Before I scrolled to read Incognitus's post about it being cracked, I was going to say something similar. My university uses card swipe to get into locked doors and stuff, and a small group of computer science students were able to crack that in their free time (luckily the students were doing it to prove the point of its lack of security and not to cause trouble). I'm sure a whole nation would put more into an ID card than my school, but I'm also sure real criminals would put more into cracking it.
At the end of the day, electronics are all just logic and code, and both of those can be reverse-engineered (at least in this kind of situation). I don't think it's very secure.
This is the kind of thing that I think is great in an ideal world, but that's not the world we live in.
HOWEVER, having said that, I do approve of having SOME information on a generic ID card of sorts. Driver's licenses (at least in the US) are getting there. For things that aren't REALLY important, it's a great, convenient form of ID. I can (and have) walk into an airport with my stuff and just swipe my license in a machine to print my ticket. Convenient! (followed by 30 minutes waiting at security...)
It's a great idea, I think it's just before its time. If it could be pulled off right, it would work well. Especially if there are different tiers and/or groups for accessing information (e.g. most people have access to your name, but only hospitals may have access to your medical records).
AFTERTHOUGHT: Maybe they should just make a card form of your Google account... they already probably have most of your information anyway...
Before I scrolled to read Incognitus's post about it being cracked, I was going to say something similar. My university uses card swipe to get into locked doors and stuff, and a small group of computer science students were able to crack that in their free time (luckily the students were doing it to prove the point of its lack of security and not to cause trouble). I'm sure a whole nation would put more into an ID card than my school, but I'm also sure real criminals would put more into cracking it.
At the end of the day, electronics are all just logic and code, and both of those can be reverse-engineered (at least in this kind of situation). I don't think it's very secure.
This is the kind of thing that I think is great in an ideal world, but that's not the world we live in.
HOWEVER, having said that, I do approve of having SOME information on a generic ID card of sorts. Driver's licenses (at least in the US) are getting there. For things that aren't REALLY important, it's a great, convenient form of ID. I can (and have) walk into an airport with my stuff and just swipe my license in a machine to print my ticket. Convenient! (followed by 30 minutes waiting at security...)
It's a great idea, I think it's just before its time. If it could be pulled off right, it would work well. Especially if there are different tiers and/or groups for accessing information (e.g. most people have access to your name, but only hospitals may have access to your medical records).
AFTERTHOUGHT: Maybe they should just make a card form of your Google account... they already probably have most of your information anyway...
rey meustrus
Sponsor
An IP address can be located down to a neighborhood, if not directly to your house. Also, the ISP has your information associated with your account (which they need to get payment for their services). So while it only points to a computer, that computer is directly associated with you (via your ISP) and your house (via your IP, unless you're using a proxy).j4kl1ng3r":3vwm45q4 said:
japantimes.org":3vwm45q4 said:
http://search.japantimes.co.jp/cgi-bin/nc20090819a1.html