That should make it easier...
...for those who will be in the business of manufacturing and selling fakes.
Identity checks will normally rely on the biometric data held on cards and passports rather than the National Identity Register "Verification checks of biometrics identifiers will be made against the card in most cases using the biometrics stored in the chip, for example if the facial image or fingerprint biometrics are verified …
...for those who will be in the business of manufacturing and selling fakes.
So, steal Jaqui Smith's ID details, make up a fake with her ID but, say, Brian Blessed's biometrics and voila, Jaqui Smith can continue to rant insanely BUT EVEN LOUDER!!
So, the ID cards won't actually be any use in checking ID.
At best all they will do is confirm that the person and the card agree.
Ignoring the arguments that an ID card is useless for its claimed purposes, and that biometrics are horribly inaccurate.
This is the right way to do it, and the way that the 'biometric' passports work. You check the person against the data on the card, and you check the card is authentic using run of the mill PKI. All the data on the card would be signed which can be checked against the published public key. no online database accessing required.
as long as someone doesnt break the crypto used for the signatures (e.g. find collisions for the hashes), or somehow obtain the private key, then you cant fake the data on the card as the signatures then wont match.
the problem the passport system seems to be facing at the moment is that the public keys for each country havent been suitably published, so in many cases other countries cant check the validity of the data.
Because they will use Government patented technology to be completely un-forgeable. Just like Oyster Cards and Chip'n'PIN.
This means that no one can ever pretend to be you with sufficient "authority" that the authorites won't let you deny it.
/sarcasm <= tag for the hard of thinking.
"Most biometric checks will bypass ID database."
The only real value would have been checking for lost / stolen cards and the additional services the government could have charged for like checking ID's, can the holder work in the U.K.
Currently I do not have a valid Passport has I do not need to travel and I have never passed my driving test, if I was not married and my wife did not have a driving license I would not have been able to do the following:
Open a new business bank account.
Change mobile networks.
Rent a house.
We already require photo ID cards, but they are all two expensive (why should I pay for driving lessons and driving test fro the Driving ID card or the £90 for a passport) all we need a simple Photo ID card and a MMS service that can be used to check it is valid (I.E you take a picture of the user and type in the photo ID card number and for £2 or £3 the lost/stolen DB is checked and a simple Biometric check is performed) the card should cost no more than £10.
Why do labor make things complex, costly, useless, unusable etc....
I'm sure I can't be the only one who misread 'Hillier' as 'Schickelgruber' - am I?
IIRC, the data on passports (and presumably ID cards) will be digitally signed by the issuing authority. The reader should check that the data on the card matches that which was digitally signed, and that the digital signature is valid. So it's not quite so straightforward to fake.
There are about 200 member states in the UN - granted, not all of them will be issuing biometric passports for a while yet. Passports last up to 10 years. Any issuing authority will want to change to a new private signing key quite regularly, to minimise the chances of compromise.
So a proper biometric passport reader will have to recognise the passport's issuing authority, obtain the correct key from its 10-year history database (it either has to store this or query a remote database), and then check the data against the digital signature - all without causing the queues at the immigration desk to lengthen even more.
What could possibly go wrong?
Bingo. But as the article points out, without creating millions of database transactions daily across a still mostly non-existent network, there isn't really an alternative. It means that the data on the card has got to be inviolable - that it can't be altered by a third party, it can't be copied and it can't be stored in any other way than on the card. The contract to collect the data and issue the cards will be given to one of a small number of approved contractors and of those, quite possibly the lowest bidder. Excuse me while I pick myself up off the ground and dust myself off.
So the ID card is shown to be useless at proving your ID. A fake card with a hash of my biometrics on it could happily 'prove' I'm Elvis, Mickey Mouse *or* Jacqui Smith.
Obviously this means that the UK ID card will not be able to live up to *any* of the claims that El Wacqui and her predecessors claimed (stopping terrorism, ID theft and illegal immigrants).
So why bother with them at all? Could it be that the ID card is just a hook to get people onto the Big Brother NIR database? It certainly looks like it from here. The aim appears to be to create a "Minority Report" - like justice system, where biometric info from any crime scene can be fed into the NIR to produce a list of suspects for PC Plod to arrest.
I reckon its all a big joke that got out of hand. Someone thought it would be *really* funny to replace the cover of a copy of Orwell's '1984' with one that read "Government for Dummies", and leave it on the coffee table at No 10.
Wasn't the whole point of this that you would check with the central database. Now all I need to do to get my fake ID is clone someone else's with an RFID reader and map their details onto a bare card containing my biometric details.
Mines the one with the I'm Sparticus ID card in the Pocket.
Surely the purpose of a seperate database is that authentication must be made against a record that is held securely by a third party. Now checks will be made against a record which is controlled by the potential ID thief.
Meg (yes I read it as Hitler as well) prattled: 'The Identity and Passport Service is still in the process of procurement of specific biometric systems,'
Ummm, according to Wacky Jacqui, 2009 will see the glorious issuing of the first ID cards to foreign residents and the great unwashed gagging for a Blunkettcard.
By the sounds of it they still haven't decided what system to buy, let alone install it, test it and enroll people. How the hell can the Home Office claim to be in a position to roll out the cards and infrastructure when the basics haven't been established?
So the only thing between criminals/terrorists/underage-drinkers and perfect fake identities are now crypto and fabrication difficulties.
Considering the biometric passport crypto got broken much earlier than expected, and that fabrication is merely a monetary issue, how can the government still hold out any hope whatsoever for this system? Sometimes I wonder if they have any IT specialists in their IT departments.
The fucking point then?
Without an online check element this will be broken in weeks.
Especially seeing as most of these things work by asking the card to verify a hash of the biometric data read by the machine.
Just build a smartcard that responds "yes" to every question and you're away.
(It could be made more complicated, sure, by asking the card to do a cryptographic operation on the date and a couple of other changeable pieces of info, with an inbuilt key. But it'll still be cracked.)
you couldn't make this up!
I may have misunderstood something. The ID card that we will be required to carry won't, when used, trigger a check by the enquirer against nationally held data vs the card but will check the card presenter against the card data only. So, if I have access to the card data encoding process I can write data to a new card blank (never normally available!) and create a new card with data that corresponds to me. Providing the card ID itself is valid then the enquirer would only be able to tell it was a fake card when, on those special and rare occassions, the card was compared against National ID database holdings - It would come up as a false card (but were would the error be suspected to be????)
Is it to be the case that normally, as with photo driving licenses, only the ID Card production will be required to get access to many, non critical, services?
All we need now is the mad hatter! Jacqui is definitely Alice.
"as no specific recommendation was made regarding exception handling or the collection of fingerprint biometrics for the elderly, no comment was made"
Which says it all. In the face of the greying of society as the Baby Boomers get officially old this is incompetence of the highest order.
Not to mention the problems with young children...
As if the database wasn't bad enough with all the potential risks of centralised data being lost and abused, by bypassing it then even the basic promise of security is gone as we can be absolutely guaranteed that cloned ID cards will appear within a few years.
Just scrap the whole thing now before any more tax payers money is wasted on this.
(and before the "nothing to hide" bunch kick off, if you want ID, get a passport. Does the same job, only better and cheaper).
All you need for decent identification is
a) Something you can visually check
b) Something that says the card was issued by a trusted authority
So, have a digital picture.
Digitally encrypt it by the unique PKI private key issued by the trusted authority (i.e. not Nu Lab) and have that machine readable. Put the fingerprint of the digital picture on the card.
Punter looks at card: is it you? Yes? Move to verify authenticity. No? Deny.
Verify authenticity: use the public key (from the trusted authority) to decrypt the digital picture and find its fingerprint (MD5 hash or whatever). Does that match the printed fingerprint on the card? Yes? Then it is issued by the trusted authority. No? Then it is invalid.
NO BIOMETRICS NEEDED.
And, if your card is cloned, lost or stolen, you inform the trusted authority who use the revocation key for your ID to revoke the public key and issue with a new one. Because the authenticity is "can you decrypt with the public issued key for this user" and not the biometrics (picture), you don't need to have plastic surgery to get a new ID.
But you can now canonically prove you are who you say you are (unless the one asking doesn't trust the trusted authority). No NIR, no biometrics stored, and a provably ID.
And, since this is nothing more expensive or difficult than the issuance of a chip and pin, this should be cheap to make.
If you're worried about multiple IDs for the same person, you PAY all who you deem to be identical and invalidate any that don't turn up.
Jaqui Smith can continue to rant insanely BUT EVEN LOUDER!!!
You confuse cause and effect. The bint rants insanely regardless.
@John Imrie - No, I am Sparticus.
@Eponymous Cowherd - re: el wacqui - thanks for the spelling correction. ^__^
They don't know failure rates as they haven't decided on a system yet - I'd have thought that the project spec would at least contain a level for acceptable failure rates.
So either the spec is very open ended (quite possible for UKGOV) or they have already had feedback from suppliers that acceptable failure rates spec is an issue.
I kept reading Hillier as Hitler. Hmm.
First, some background on where I'm coming from:
I was an IT contractor working for the local Police (state police). I have since left and moved on to other projects, but *one* of the many projects I did for them had to do with fingerprinting. At its basic level, the system simply kept track of whose fingerprints were taken, where the piece of paper with said fingerprints currently was held, and the status of the Fingerprint check. It also issued Destruction orders for fingerprints for which the paperwork (actual fingerprints) had to be destroyed. (same concept for the DNA system I produced for them later on).
Here's the thing: Fingerprints get scanned on a high-precision, high-definition scanner, sent down to the NAFIS (National Automated Fingerprint Information Database) where they are compared to several databases of fingerprint images (known, unknown, etc...) a *list* of fingerprints with "confidence ratings" gets sent back to the local fingerprint lab where a *trained technician* compares the images (generally only the first one or two) to see if a match is deemed acceptable. NOTE: A *human* makes the final decision.
A few years later, I was part of a Tender evaluation to purchase a series of automated fingerprint scanners (project was so successful, the government order more machines almost as soon as the first of the original 15 was in place. We got an industry award for this). One thing some of the, er... more politically minded (read have-no-idea) people don't understand is that it's the *taking* of the fingerprints which is automated - the checking of these prints was still as above, with a human making the final decision on matches. Admittedly, automating the scanning of the prints, etc, etc meant we could get a result back to the stations/watch-houses in under 15 minutes most of the time.
So when I hear some politician talk about how their system will *automatically* scan and compare prints, I have the heeby-jeebies. Either they have no idea of what they are talking about, or they figure that the number of false positives/negatives won't apply to them anyway "so who cares".
I keep misreading that name too, but the difference was that the leader of the 3rd Reich and his henchmen had a very organised plans of how to destroy the liberty of millions of people. This government is rushing headlong in to a fascist nightmare handing out billions to commission systems which they don't have the first clue about. They've got no idea if it will work well enough for the majority of the population, and no idea on what to do about people it definitely wont work for.