Monday, April 28, 2008

Monday 28 April 2008

A postscript - at least for the time being - to my ongoing correspondence with Alex Demetris at the Department of Health over the fluoridation of our water supplies, his last brief letter appears to show that the government is treading a little more carefully in this matter, entertaining other research opinions in open forum debates on a local level where further fluoridation may be considered.

But we must never become complacent and watch the DoH like hawks.

Friday, April 25, 2008

Friday 25 April 2008

Latest from NO2ID

Last Tuesday the Information Commissioner, Richard Thomas addressed the Information Security Conference at Olympia on the poor record of data security in recent months, among which was the loss of 600,000 records from a Ministry of Defence laptop. The crucial question which was not addressed, of course, is the reason why there were details of 600,000 people, who had only been making casual enquiries about joining the forces, being held on the laptop in the first place, even though the data was 10 years old? It seems to be given as red that in the data collection community that records of as many people as possible should be garnered. These employees who mindlessly do what they’re told, and don’t question the why’s and wherefore’s of why they are doing it, only perpetuate the problem.

The trade in selling data is becoming a great worry. It is known that private investigators and others that have a market for such information including financial institutions, law firms, local authorities and the press, have been routinely involved in the theft of data. This has prompted the Information Commissioner’s Office to call on government to increase the penalties for such underhand activities, making the theft of data a prisonable offence. Unfortunately, with backlash from the media, who thrive on obtaining private information, the proposed measures are being watered down. The Daily Mail alone has been identified with being involved in 952 such transactions of sensitive information, information that could be used indiscriminately.

The Home Office says that it is determined to drive down the cost of ID Cards. Yes, abolish them altogether would be my solution!

The Border Agency is producing an Olympic ID card for the 2012 games in London. The announcement was made on Wednesday at the Secure Document World Conference by Lin Homer who wishes to see it being developed as a beta test for other such initiatives. Under a former programme called Project Semaphore, extensive data on all international passenger movements has led to 1,700 arrests according to Homer. Of course, we are never told how legitimate those arrests were, people like Homer just like to cite statistics to make it all sound worthwhile and justifiable. Although the use of biometric data is not being actively considered in the 2012 scheme, she hopes to expand the use of ‘voluntary’ biometrics with the use of Iris scanners, allowing people to be fast-tracked through passport control. Seeing this as ‘a fantastic opportunity’, Homer is making the violation of people's rights all sound like a brownie-points game. It probably is for her career!

The compulsory interviews for new passport applicants which are being conducted from interrogation centres being set up all around the country look like being another gross waste of public money. Of the 88,000 interviews so far, not one interviewee has been rejected. The scheme which has cost £50 million to set up with a further annual running budget of £30 million just seems to be more money down the drain in this ludricrous anti-terrorist confabulation.

More than 5,000 children a month are being added to the DNA database. According to a report in the Daily Telegraph “Between October and January, 25 per cent of those added were 18 or younger, compared with less than 11 per cent of those already listed on it. In total, 152,066 people were put on the database between October and January - 37,818 of whom were 18 or under”. It is expected that by next year 1 in every 10 children will be included on the database. Liberal Democrat Justice spokesman Jenny Willott said: “There is something horribly Big Brotherish about a society that is adding over 5,000 kids a month to a DNA database when they're not even old enough to get a National Insurance Number. These shocking figures demonstrate just how many children are being dragged into the criminal justice system by the Government." Over 1 million children in the UK now have their DNA permanently included on the database.

Thursday, April 17, 2008

Thursday 17 April 2008

Latest from NO2ID

The government is currently rolling out ‘invitation-only Ministerial consultation events’ to allow local businesses and civic leaders the opportunity to learn more about the proposals contained in the recently published National Identity Scheme Delivery Plan 2008 and also for the organisers to get feedback. The recent Cambridge event certainly provided plenty of negative feedback when the number of protesters to the ID scheme greatly outnumbered the invitees. The local Cambridge NO2ID group got local BBC radio to attend and pose direct questions to the ID minister, Meg Hillier. NO2ID is keen to find out when other ministerial consultations are due to take place in order to stage similar protests and confrontations.

The German government believes that adoption of the EUs directive on data retention would help improve up the crime clear-up rate. Despite the estimated cost of 332m euros to implement the scheme - which of course comes out of the German taxpayers pockets - it is only expected to increase the conviction rate by 0.006%. They can’t be serious!

Last February, the ID Minister, Meg Hillier told the Home Affairs Committee that "The National Identity Register, essentially, will be a secure database; ...hack-proof, not connected to the Internet... not be accessible online; any links with any other agency will be down encrypted links." But by the time the transcript of her presentation was published and duly posted on the web, the wording had changed to "The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will be down encrypted links." Some key assurances missing there. You’ve got to watch them, they’re up to every trick in the book to deceive.

E-passport security is not all it is made out to be. According to John Leyden reporting in The Register. "Most newly issued passports carry an embedded RFID containing digitally signed biometric information. Access to this chip is wireless, which introduces a security risk, the possibility that an attacker might be able to access data on a person’s passport without the owner knowing.
Security precautions ought to prevent unauthorised access to data held on a next-generation e-passport. But a trio of researchers from Lausitz University of Applied Sciences, Germany and Radboud University, in The Netherlands, have shown that its trivial to at least remotely detect the presence of a passport and determine its nationality. "Although all passports implement the same international standard, experiments with passports from ten different countries show that characteristics of each implementation provide a fingerprint that is unique to passports of a particular country," the researchers explain.
To frustrate wireless reading of passport content without an owner’s consent, e-passports use a mechanism called Basic Access Control (BAC). The approach means that in order to read data from the RFID chip you need to optically read a key, printed in passports. This key is based on a passport serial number. Subsequent communication between a passport and a reader is then encrypted to prevent eavesdropping. All EU passports implement BAC.
Weaknesses in the encryption mechanism used in BAC in withstanding brute force attacks have already been reported.
The latest research uncovers a different shortcoming - the possibility that thieves could use technology to detect the presence and nationality of passports in a crowd, the sort of information that might be useful for a hi-tech pickpocket.
"This turns out to be surprisingly easy to do," the researchers report. "Although passports implement the same standard, there are differences that can be detected, especially by sending ill-formed requests, before Basic Access Control takes places."

HSBC is the latest high-profile organisation to lose data. A computer disk containing the details of 370,000 of its customers, including names, dates of birth and their levels of insurance cover has disappeared.

A German court has ruled against a law that empowers German police to scan car licence plates. The use of ANPR scanners in trying to identify stolen cars has been declared a violation of human rights.

In a more light-hearted vain but with a serious message, senior politicians’ fingerprints are being sought. In the UK NO2ID is running a series of posters offering cash to anyone who can legally obtain the fingerprints of both Gordon Brown and/or Jacqui Smith. Meanwhile in Germany, a hacker club reckons it already has the fingerprints of the country’s Interior Minister, Wolfgang Schauble, who happens to be a staunch supporter of the collection of citizens’ unique physical characteristics as a means of combating terrorism.