Monday, October 13, 2008

Monday 13 October 2008

Latest from NO2ID

Despite the current economic turmoil, the government is still pressing ahead with the Communications Data Bill which will be referred to in next month’s Queen’s speech. Allowing the government to monitor our every phone call, email, text and every bit of surfing we engage in, the data will be stored and analysed, perhaps kept for decades. Short of government sponsored CCTV in our homes, we will be surveilled 24/7. If one links to that RFID plans on tagging all of our purchases including clothing, the gates are open to usher in the total Big Brother state with privacy a thing of the past. We will all be regarded as potential threats to the state built on the back of the ruse that the measures are being introduced to combat crime and terrorism, both of which have been overblown, particularly the latter which is largely fantasy. Any misdemeanor, either intentional or not will allow close scrutiny by officialdom of the finer points of our lives, our activities, persuations and much else. Personal profiles will be assembled based on our web surfing preferences and blogs - such as this one - be taken into account and used as evidence of my disagreement or construed as potential non-compliance with these draconian elements of government policy. As a Guardian article last week pointed out “Would a protester at the Kingsnorth power station feel quite so confident in facing the police if she knew that the minute she was arrested, the police could find out that she'd just spent a week looking at abortion on the web? Would a rebel politician stand up against the prime minister if he knew security services had access to the 100 text messages a week he exchanged with a woman who wasn't his wife? It isn't just the certainty that such data would be used against people that is a deterrent, it's the fear. As the realisation of this power grew, we would gradually start living in the prison of our minds”.

The Tories have announced that once elected they would replace the government's current ContactPoint scheme, a system that holds data on all children in England, with a cut down version which would only concentrate on children seen as ‘vulnerable’, ie. those in care, on the child protection register or with backgrounds of domestic violence. This less invasive approach may be seen as a potential vote-winner, but once in power I would expect a ‘U’-turn as an empowered Tory party is brought into line with Big Brother policies.

Instructions of how to hack into Oyster cards has been published on the web. This follows news in an earlier ‘Latest from NO2ID’ that Dutch academics had highlighted the weaknesses and vulnerabilies of Oyster cards. Now details of those weaknesses have been published online. This not only involves the Oyster card but also other smart cards based on Mifare Classic technology. The manufacturer of Mifare, NXP and the Dutch government have tried to prevent disclosure of the academics’ findings, but a Dutch judge rejected their opposition and allowed it to be published. At the same time Henryk Plötz, a PhD student at Humboldt University in Berlin published a master thesis of how to employ the algorithm used in the Mifare cards. Armed with this now commonly available knowledge, anyone with time and the will can hack into these cards, making them a risky proposition for their holders, but necessarily highlighting the vulnerability of these hi-tech devices, now widely in use, and their potential for mass fraud.

In a similar vain the techies have been busy informing us how to create a back up copy of our own ID chip or use a modified chip to create a fake passport that will not be detected by some passport reading devices.

Other hi-tech ID technology is also proving inefficient. Facial scanning currently being trialled at Manchester airport, is causing a number of headaches with the technology breaking down on a daily basis and failing to detect incidents of ‘tailgating’, where two people go though on one passport. The technology had also been rejecting 30 per cent of travellers, but after making adjustments to try and eliminate the problem, the false acceptance rate rose!

All of this goes to prove that assurances that ID cards, both national and of local nature, do little, if anything, to add security to our identities, in fact quite the reverse and in pursuing and implementing these technologies, government policy is opening up a whole can of worms and endangering each and everyone of us both to the ravages of being tracked and traced and also in having our identities either misinterpreted or stolen.