Feeds

back to article Will Darling's data giveaway kill off ID cards?

Anti-ID card campaigners believe that yesterday's admission by Chancellor Alistair Darling that the government has lost records and private information relating to 25 million people could be the nail in the coffin for the ID card project. A spokesman for campaign group NO2ID said: "It's inevitably good news for our campaign …

COMMENTS

This topic is closed for new posts.

Page:

Gold badge

To answer the question, No.

In the paper:

"Alistair Darling said that the biometric identifiers that would be entered on to the ID database would make such blunders less likely."

So they're trying to spin this as a *positive* thing for the ID card database. Yet again the Government proves that between Them and the Real World there's a yawning chasm filled with bullshit.

Can we have an icon of Gordon Brown nailed to the cross with his bollocks on fire and being pelted with rotten fruit please? To save effort, just set it up and I'll come and take the picture for you.

0
0
Unhappy

But they're secure....

... because they contain biometric data (according to Mr. Darling on the BBC news this morning). But even that looked like a fudge.....

I'm not sure why he believes that biometric data would make an ID card database more secure. Do politicians live in a parallel universe where technical reality rarely intrudes?

Hopefully this whole issue will focus on the entire spectrum of security of personal data held in any large database, anywhere by anyone.

I don't trust any organisation to be able to make personal data secure. I now expect that my data WILL be lost, leaked, stolen at some point.

Sigh ! !

0
0
Silver badge

it's all available anyway

Given that the banks, utilities and other companies all have offshore call centres and outsourced data centres our personal data is readily available to the staff who work in these places. I'd be surprised if NO call centre staff, on a few dollars a day, don't make extra cash by jotting down customer details when they take calls.

Likewise datacentres in low-wage countries will have all this stuff in their databases and on backup tapes. This is all in places where UK data protection laws don't apply.

At least with ID card data, there's no financial records or bank account info present.

0
0
Anonymous Coward

government spin

we need to have databases with more information stored on us to protect against the leaks of databases of government information ... oh look, I've gone cross-eyed

0
0
Silver badge
Black Helicopters

ID chopping block

Perhaps if Government ministers (including, and particularly, the PM) and their 'usual suspect' IT contractors offered up their necks as surety for the ID card database a few more of us might believe their hype about its security and infallibility.

So how about it, Gordo? How about you, and your entire cabinet offer to resign and call a General Election if a single, solitary, ID / biometric passport database record gets 'lost' and/or ends up in the wrong hands?

How about if the clowns who will actually build this database offer to compensate the taxpayer to the tune of, I don't know, say, £1M per lost record.

I mean, its going to be totally secure, isn't it. So there would be no risk of Gordo making a trip to Buckingham Palace if he made such a pledge, is there? Totally risk-free, then. And a sure fire way to boost the public's confidence in ID cards.

Not going to happen though, is it.

Wonder why?

0
0

Hang on a second...

Didn't they already do this with pensions data not long ago?

Well hey, look at that, it's even in the related stories! (Thankyou Reg)

They didn't think to maybe... 'be careful' with those CDs to avoid any

more embarasment?

Who are these 1 in 4 who trust the gov and are they retarded?

I was shocked, despite being a cynic anyway, to hear that they actually shuttle our personal info about on CDs.. with private couriers? Imagine if at the end of the day, a bank manager left the vault open, walked out, didn't set the alarm, left the front door open.. you expect some money to get nicked right?

0
0

Re: But They're secure...

[quote]I'm not sure why he believes that biometric data would make an ID card database more secure. Do politicians live in a parallel universe where technical reality rarely intrudes?[/quote]The answer is, of course, that he doesn't believe that -- but his marketing department told him that a large proportion of the voting morons ^H^H^H^H^H^H public will.

It is the job of our governments to become elected, and stay elected until it's not longer profitable, or their arrangement with the other party means they have to hand the country over to them. These people couldn't care less about anything but their off-shore bank accounts.

0
0
Anonymous Coward

Biometrics...

...aren't stored in a binary form in a database then Mr Darling? They are magically immune from theft in some as yet unspecified way that the 25 million records weren't?

Is it that he's as thick as a plank or does he think the rest of us are?

No2ID chaps - get yourselves over there and register eh?

0
0

biometics

Some people will never learn. Using biometrics for identification is a fatally flawed concept. A compromised password or bank account details is hassle but they can be replaced at the drop of a hat and normal life resumes. If the biometric hashes for your id are stolen what do you do? Get a new id? New fingerprints? Iris? Humm. Thought so. And it only has to be compromised once by some minimum-wage flunky...

This compromise demonstrates that no government department is fit to hold this data regardless of how much they promise to look after it.

Go and read Bruce Schneier's books (and others) for the grisly details.

I can only think that some chums of the current and previous Junta are setting up a big fat IT gravy train and they've seduced enough ministers into the ridiculous notion that it will somehow make the world a safe and happy place.

0
0

The Solution

"...national database can be made rock solid." hmmm..let me think...

Yes! That's it!! Make it so rock solid - that absolutely no one can access the data!

That would cost a lot more though, extra development, testing etc. but it would certainly be worth every penny.

0
0

Gave mine

Glad the No2ID campaign called the pledge in. Also a godsend taking paypal :o)

http://www.no2id.net/

Maybe they will help look after/limit our data.

0
0

rock solid -- yes, @The Solution

I agree that 'rock solid' means 'encased in rock. Or concrete. Just like radioactive waste! Safe as safe can be...

0
0
Silver badge
Black Helicopters

@At least with ID card data, there's no financial records or bank account info present.

Ahh, but you neglect that an ID card scheme would inevitably become *the* single means of identification for all financial transactions of any kind. It already is in countries with ID cards; open a bank account? Need your ID card. Make a large money transfer that needs a special permission? ID please... setting up a new credit card? Can we see your ID please? Claiming your pension... got your ID card with you sir?

You get the idea.

If someone breaches the ID system once it's in place they will not simply have your bank details, they'll have your entire life. You will be screwed in ways that are not imaginable to even the continental systems, because those at least have the virtue of admitting that the card only identifies the holder as the one holding the card, and they don't keep all your identifying details in a single, easily manipulated central location.

0
0
Silver badge
Dead Vulture

Only one solution

There is only one solution to this problem, and it will involve spending a lot of money.

We need a Ministry of Information Technology, with the power to demand Source Code on pain of banning sales of product. We need to move the entire public sector to an Open Source-based infrastructure, so that government IT projects will be much less likely ever again to go over-budget or behind schedule -- Open Source means no lock-in to a single vendor and therefore no single-point failure. If too many deadlines are missed, the whole project team can simply be replaced. We need to set up a secure alternative TCP/IP network (I'd love to say make it IPv6, but I'm realistic) isolated from the public Internet, just for government use. We need more local offices (so in the worst case, numbers of records going missing will be counted in thousands or hundreds, not millions) -- and we need to limit the total amount of data stored.

0
0
Thumb Down

NHS Database

That'll be next.

0
0
Flame

Did anyone watch Newsnight?

This fiasco *SHOULD* kill off the ID cards project once and for all (and the NHS Spine and the Children's database), but it won't.

Why?

Because ministers are too stupid and too pig-headed to listen to experts.

Watch the Newsnight interview at:

http://news.bbc.co.uk/1/hi/programmes/newsnight/video/default.stm

(Choose Latest programme, it starts about 15 minutes in)

One one side Ross Anderson from Cambridge University, probably Britain's leading expert on the subject of computer security, on the other, Jane Kennedy, junior minister at the Treasury.

She is clearly told there is no way to follow government proposals to routinely allow access to millions of personal records by tens of thousands of people and guarantee security. No ifs, no buts, it can't be done. She disagrees.

Professor Anderson gives a list of expert reports on the subject of security that the government has ignored. Kennedy just blithely carries on as if he wasn't there.

The real problem is that we have a government that believes when ideology hits reality, reality has to be rebranded.

0
0
Stop

don't trust em.

All your data in the governments (safe) hands? i don't think so.

they'll either use it to f#@k you over, or loose it so someone else can.

0
0
Stop

Who wants a national ID database, anyway?

I suspect that politicians want answers, and administrators keep saying it isn't easy, we have no accurate data for comparison, so please give me a better database.

I am not yet convinced that politicians really want one, except for the department head who gets the spend for a sexy project.

Once their staff get one, they will want it optimised for ease of use and applicability, not security. They'll still be unable to answer many tricky questions - like when will they lose their first files - but will take any reasonable m.t.b.f. approach to get it.

0
0
Black Helicopters

Just the opposite

If anyone needed to push for ID and national database that would have been the means. I will not be surprised if the disks were assisted to be lost

1. If there is national biometric ID you cannot get any service just by stealing data. You have to get an ID first which may end up being difficult because your new identity details will not match the old ones in the database.

2. If there is a national database there is no need for such transfers

So frankly, if I wanted both of these to happen in a hurry I would have organised this data loss at first opportunity.

0
0
Tom
Silver badge

What I'd like to know

Ignoring the impossibility of making the ID system useable and secure what I'd like to know is just what they think the moneys going on cos it certainly isnt software and computers. Or if it is the suppliers should be shot for incompetence/theft.

0
0
Flame

If you've nothing to hide, you've nothing to fear

The government is doing its level best to ensure that [Amount to Hide] tends towards zero.

0
0
Coat

Help Me To Help You

Hi, my name is Ngiveme Nmoney, I have recently come into possession of some information that could make us both very wealthy.

However I need to cover the costs in setting this up, please send $5000 ( £5000 ) to pobox13 Nigeria and I will get back to you when I'm ready to move on this.

Please avoid using the words "child" "benefit" or "cds" in any correspondence on this matter.

0
0
Bronze badge
Alert

Inaccurate

Since when does 2000 people surveyed out of a population of around 65,000,000 equal two thirds of that population. Even extrapolating this number out makes this survey another crock of rubbish from CA.

0
0

Use Facebook

I think the UK government would save a lot of cash and embarrassment by using Facebook for personal information about everyone in the UK. It's far more useful than any database I have seen created by government and it is 'public' thereby saving the embarrassment of loosing it all.

0
0
Unhappy

All your data

is belong to us.

0
0
Anonymous Coward

Title

I think No2ID should find the official who sent the CDs out, and offer him or her a big fat reward from all the £10s they are collecting :-D

(Wasn't someone they managed to infiltrate into the system was it ?)

0
0
Anonymous Coward

Re: Inaccurate

No offence, but I don't think you get statistics. 2000 is easily enough for a statistically significant result; my only concern would be how the samples were chosen, which we aren't told (it should be a random sample of the population, but surveys are rarely anything much like that because of the inconvenience of getting a truly random collection of respondents). Mind you, 75% of the British population distrusting the government with their personal data, particularly after the recent leaks, is not a surprising number in my opinion. Are you suggesting that it's implausible?

In my opinion, the ID database wouldn't have to be compromised for my data to get into the wrong hands. I'd be required to hand my personal data over to thieves and criminals in order to get the card issued in the first place...

0
0

@Aristotles slow and dimwitted horse

Do you not understand how statistical sampling works? Once you've got a statistically significant sample set (and I understand 2000 is on the correct side of that line) you can indeed extrapolate that up to the full population, with a good degree of accuracy.

0
0
Black Helicopters

RE: But they're secure....

You ask: Do politicians live in a parallel universe where technical reality rarely intrudes?

Well, duh: of COURSE they do. These are the people who believed in "liquid explosives" and Iraq having WMD which could be deployed against the UK in a matter or minutes remember.

0
0
Black Helicopters

Idiots

I have people at my work now saying if they had an ID card it's stop anyone fradulently using the stolen information if they did get it. People are idiots.

0
0
Dead Vulture

@ Anton

"If anyone needed to push for ID and national database that would have been the means. I will not be surprised if the disks were assisted to be lost"

You may be right, but *if* the Government tried this and were actually amenable to logical argument, you could counter each of your points:

"1. If there is national biometric ID you cannot get any service just by stealing data. You have to get an ID first which may end up being difficult because your new identity details will not match the old ones in the database."

This will only be true where the ID check actually goes to the centralised database to check what the card carries against the central record. Most of the transactions that this system is proposed to support will not do so, so the advantage of having a central store is slender to vanishing. Defeating millions of pounds of benefit fraud at the cost of billions of pounds is not a clever plan, no matter the mustelid disguise measures the Government might try and palm us off with.

"2. If there is a national database there is no need for such transfers"

1) As it stands there is no permission for such transfers to take place, yet such transfers occurred.

2) In an ideal world, yes, each department will have secure access to the sections of data it needs from a centralised repository. The Government have already backpedalled from centralising the data, choosing to allow various bits of access to existing databases. It is a certainty that there will be occasions where people can't get at the data they need held somewhere else and a helpful junior will do something outside regs.

3) The Government does not only transfer data between its departments. Recently, data was lost en route to Standard Life. Are you imagining that *third parties* will have access to the Government's Whole Life Dossier? Cos that's even scarier.

All this presumes that a Government might actually listen to reason rather than being driven by blind ideology.

0
0
Thumb Down

So Secure *rofl*

Makes me smile this. I moved from a major high street bank to a more ethical one. Before I even received my 'plastic' the account had been screwed for £250 - inside jobby I thought, the bank declined to comment. Maybe data integrity is easier to achieve than human?

0
0

Re: Use Facebook

I've said it before and I'll say it again: there is all ready one database whose card is carried by or is accessed by a large proportion of the population. It keeps of track of your buying habits which it shares with its clients in return for low value credits. Step forward the Nectar card. Make it compulsory and most of the issues will be dealt with. By Sainsbury's.

0
0
Silver badge
Black Helicopters

Re:Just the opposite

####################################

"1. If there is national biometric ID you cannot get any service just by stealing data. You have to get an ID first which may end up being difficult because your new identity details will not match the old ones in the database."

####################################

And what are IDs if not data? Just because a record represents a fingerprint, iris scan or other biometric data doesn't preclude it from being 'lost' or misappropriated.

####################################

"2. If there is a national database there is no need for such transfers"

####################################

You don't work in IT, do you? Are you, perhaps a politician or senior management who thinks data moves around by magic? Just because there is a national database doesn't mean all of the data is in one place. Databases can (should) be distributed, you know. And how is a Government minion in Edinburgh going to access the data if the database is in London without data transfer?

Yes, I know we are talking about electronic transfer, here. But because of the way this system will be used there will be, literally, thousands of terminals to read and verify ID cards and handle your personal data. Each and every one a target for organised crime.

Data sat in a database is useless. For data to be useful it has to be transferred. When data is transferred it is vulnerable.

And, of course, the ID database(s) will need to be backed up. The backup media, even if not physically transported can still be copied and/or stolen.

And no matter how secure you make the technology, the weak link will always be the humans using it. Compromised UK ID cards would be of *enormous* value to both organised crime and terrorist groups, so you can be absolutely sure they will throw their, not insignificant, resources at the task. Anyone can be 'bought' if the price is high enough. Would a system administrator being paid £30K-£40K would turn down an offer of a few £100K, or more, to make a copy of a backup? Most might, but it only takes one with a large mortgage arrears.........

0
0

Who?

Will Darling? Doesn't he play rugby or something?

0
0
Boffin

@ AndyB

You don't work in IT either do you? With the lack of knowledge you exhibit, please tell me you don't, or at least not in a secure environment.

1) Why should databases be distributed? Should just be 2 data centres, a live one and one replicated for Business Continuity.

2) A terminal verifying an ID card wouldn't need to receive ID record details, just a verification YES or NO from a service interfaced to the database. In fact, the biometrics will also be stored on a chip on the card, so in most ID verification use-cases the data never leaves the terminal, the card software just returns a YES or NO - a bit like how chip-and-pin works, the pin is on the card, the terminal only calls the database to verify the amount of the transaction and not the pin, the pin doesn't get transmitted anywhere.

3) Database backups can be automatically encrypted to prevent them being of use if they are lost or stolen. Indeed, individual columns in tables in databases can be specified to be encrypted so that they're meaningless without properly authorised access.

4) You're right about financial incentives being the most common way to enlist inside help with fraud. That's why any security clearance for government data centres includes a financial background check. Those with "large mortgage arrears" need not apply.

You don't work for HMRC by any chance do you? :o)

0
0

NOW THE DATABASE STATE CLAIMS 25,000,000 BRITISH VICTIMS

It's hard to know whether to laugh or cry. The cabinet insists we should trust them to manage everyone's life through a National Identity Register. Meanwhile HMRC has mislaid discs containing the names, dates of birth, national insurance numbers and bank details of 25 million British people — more than seven million families.

The package was sent in the state's internal post — and was neither recorded nor registered. The value to organised crime of the information on the two "lost" discs is incalculable — but certainly runs into hundreds of millions of pounds. The government, of course, blames junior officials for a failure to follow protocols.

But it simply should not be possible for junior staff — or the chancellor himself — to collect or copy such details in one place. That it is, is a direct result of the government's obsession with centralised databases and its contempt for citizens' privacy.

Something positive may come of it, though. With your help, NO2ID can use this a clear illustration of the real danger in state control of personal identity to defeat the ID scheme quickly.

The news comes just as NO2ID is raising desperately needed funds for a legal challenge to the database state. We have contacted all 11,000+ citizens who pledged to contribute £10 to a legal defence fund. If you didn't join that pledge, it's not too late to help.

If you're one of the 25,000,000 people who have already been exposed by the government, please help us make sure that this never happens again. If you're one of those lucky ones whose private information hasn't been lost in the internal post, please help us keep you safe.

To win the fight we don't just need funds for legal action. To keep up the pressure and battle the government's publicity machine costs money. If you haven't joined NO2ID already, or if you haven't given to our general funds recently, please do so now. Thank you for your support.

http://www.no2id.net/

0
0
Silver badge

@Simon Greenwood

The trick is to have several Nectar cards, held in a variety of names, and always pay in cash (there's a HITW machine in or near almost every Sainsbury's). One card can be used only for buying booze, another only for buying tampons and cat food, and so on. You get the discount, but they don't get any meaningful "personal details"!

The data will be skewed even more if you share the cards among a group of people, passing one on every time it attains a £2.50 voucher.

0
0

Rubbish government IT record

The government`s record in IT has always been rubbish - probably due to the idiots who don`t understand the first thing about it. Ministers and MP`s don`t live in the real world anyway and this latest breach only confirms my opinion that their ID card scheme is totally flawed and I shall be resisting as much as I can to avoid having one.

0
0
IT Angle

Too much power

It's wrong to blame a junior clerk. The problem is that organisations have stumbled into a situation where too much computing ability is placed on every desk. Someone handling tax returns doesn't need a CD/DVD writer on his/her desktop - nor a USB connection that allows data transfer to flash memory to take away. Even in an organisation as big as HMRC the number of people (other than the tecchies who can't access live data (can they?)) with this sort of capability should be in single figures.

Maybe a FOI request asking how much of this sort of kit is in HMRC??

0
0
Happy

When will people realise...

... that their purpose in life can be summed up as follows:

1) Work to contribute to the country's GDP.

2) Work to pay Taxes.

3) Consume goods and services in order to contribute to the GDP, pay taxes and provide work for other people to enable them to do 1, 2 & 3.

4) Procreate in order to provide the country with more people to do 1, 2, 3 & 4.

You're a Waged Slave with little more freedom than a Broadmoor inmate.

You're locked in a futile cycle of wasting the best part of your life working to earn money to spend on mortgages, cars, gadgets and other rubbish that, thanks to advertising and our wonderful capitalist society, you'll never be satisfied with.

Having an ID card or not won't change any of the above.

The sooner you accept this and get back in line, the happier you will be.

0
0
Stop

I want to know what happened...

...to all the previous disks, since this appears to have been a common practice.

Probably just thrown in the skip or sitting in someone's unlocked desk drawer.

There must be hundreds of them by now!

0
0

Ok...

@Anonymous John - It's "all your data ARE belong to us", pffft. ;)

Other than that: I heard some bloke on Radio 4's PM program today saying that this means that we _need_ ID cards, because it's not possible to chop off your fingers and replace them with ones that have the potential victim's - totally missing the point that anyone with a Digital camera, PCB kit, some superglue and gelatin can make a fake fingerprint.

0
0

@Mr Chris

On a sample of 2000, you would get accuracy for the entire population (given that it is a random sample, though we already know it excludes children...) of 100/sqrt(2000) percent. Or about 2%-3% your 99% confidence limit would be 3x that (6-10%).

So a 58% response of number 2 could be anywhere from about 50% to about 65%.

Oh, and if the idea was infallible and government recognised identity, then have the ID card as a PGP signed digital representation of the picture on that card:

1) Have the piccy encoded and signed with the public key at the government end.

2) The picture is stored along with the digital number resulting from #1

3) Scanner reads the picture and digitises it.

4) Signs it with the key on the card and gets a number

5) Does the figure match the one on the card?

a) Yes: Kosher.

b) No: Illicit.

6) Level 2, send the picture's key from #4 to the central authority

7) Does the government machine agree with the key and name pair?

a) Yes: Still valid

b) No: Invalid (maybe reported stolen or rescinded)

No need for any biometrics, the only one being a picture that can be recognised by the unaided human if there are problems in the network, and no need to contact the government machines unless there's a need to do a better check.

'course that is less costly, so less money available for those companies who may want to hire ex-ministers.

0
0
Stop

ok, ok...

... Can we stop the no2id wank-fest right now please? All those tossers should piss off to new zealand or wherever it is they keep threatening to go. But i bet they're all too fat and / or stupid to get in. I don't need my "freedom" protecting by self-important pricks like you lot.

0
0
Boffin

Yes Minister .....

"if you put data into a database, you're going to want to take it out". (Hopefully not by putting it on a cd and leaving /selling it in the local).

Yes Minister, Series 1, Big Brother. (except for the bracketed bit obviously).

Another thing I remember from my fave analysis of UK government, which sadly is becoming more and more true each week goes by, its something that I really wish our current politicians had the self-respect to honour:

"it happened in your department, you are deemed therefore to have been responsible. The only honourable course therefore is for you to resign".

0
0
Black Helicopters

IT people out there?

presumably most readers are :-)

Most - well, many - of you must have worked in reasonably secure or sensitive environments. One of the commercially sensitive places I worked - private sector - took the view that customer data was stored on PCs accessible from _trusted_ IT desktops (not end user, they were rightly also worrried about bofh sysadmins). So: all CD writers etc were disabled, floppy drives (ok, it was 8 yrs ago) were physically removed, and all USB ports were blocked. Surely that should just be normal for any organisation that handles personally sensitive data, especially when people are compelled to provide that data to a non-answerable entity? (If it is answerable, we will see criminal charges under Computer Misuse or Data Protection brought against the responsible supervisor and disclosure of the identity of all responsible for making sure that supervisor carried out their obligations; if no such actions that is proof the govt feels it does not have to answer to same standards it expects of others).

next we'll be hearing that the security services have lost laptops ... oops.

or that departments supervised by HM Treasury have lost data .. oops.

or that the Treasury have been underwriting loans to the tune of £b but won't underwite losses that may directly be incurred because of government faults ....

0
0
Lee

Why..

..didn't they use P2P to transfer the data - it's much more secure than the post.

0
0
Anonymous Coward

Government grifters

Everybody has missed the point here.........

If we didn't give them the money in the first place, they would not be able to make a f**k-up of giving a very small proportion of it back!

Honestly, we all give them around 75% (conservative estimate) of our money and it gives us back a subsistence level pittance (benefit?), and spends the rest on their fact-finding missions (Ken’s gone to Delhi!), banquets and useless civil servants.

After 60 odd years of this crap, the gap between rich and poor, by their own admission, is still growing, excuse me, but wasn’t the purpose of the "farewell state", to narrow this gap.

0
0

@ Government grifters

What a moronic comment. Every assertion false, and every conclusion wrong. I think you meant to visit the Daily Mail website. You're welcome.

0
0

Page:

This topic is closed for new posts.