UK.gov drives ever further into Nocluesville, crowdsources how to solve digital identity Fresh out of ideas on how to crack the problem of digital identity, the UK government has put out a consultation asking what the hell it should do next. The Cabinet Office and Department for Digital, Culture, Media and Sport's Call for Evidence paper [PDF] follows the revelation by the Infrastructure and Projects Authority …
If only the UK had a national organisation which was capable of issuing photo cards and maintaining a database of people?
Oh wait! it does! The DVLA (or whatever it is called this week).
Just issue everyone with a photo card 'driving licence' with the appropriate licenses to drive. (or not drive)
The DVLA database is a database of people with driving licences. That's it. Nothing else. And if they want people to keep providing accurate info then it will only ever be used for that purpose.
Ditto passports. They have one purpose - to enable the holder to freely pass to and from overseas countries. They are not a form of ID for any other purpose.
Passport, Photocard driving licence and military ID card are currently the 3 best (and most widely accepted) proofs of ID in the UK.
Passport and military ID are only held by a subset of the population, most people over the age of 17 have or had a driving licence and as a simple proof of this person is who they say they are AND nothing else it is the simplest solution.
Or we reintroduce compulsory national service at 18 for everyone and use the military ID.........
Or at birth everyone is RFID tagged......
This post has been deleted by its author
Just issue everyone with a photo card 'driving licence'
Not everyone has one of those. And some people (like me) still have the old paper-based licence - why pay to change it and then have to pay every 10 years to renew it? Especially as the process of converting from the old licence certainly isn't foolproof - I know quite a few people that have lost categories from their licences at changeover - including someone who lost the motorbike category - which was a pain since the only form of transport he had was a motorbike..
What you are suggesting is that the DVLA act as a universal identity provider - something that they are neither competent at nor equipped to do.
1. Put a certificate on the passport chip that uses the passport office as the authority.
2. Put a certificate on the driving licence chip that uses DVLA as the authority.
3. Let the DWP verify people's ID and issue browser certificates that use the DWP as an authority for people without a passport or driving licence (or people who want to use a browser certificate instead of a passport/driving licence and NFC reader).
4. Set up a uk.gov government certificate authority and get it in browsers, or, more probably, farm out an important piece of national infrastructure to a US company. Underneath the uk.gov certificate authority put the passport office, DVLA, and DWP as subordinate authorities.
Job's a goodun.
Where's my 100 million or whatever it'll cost Crapita?
This is the obvious one to buy a license for - provided that it scales well (Estonia's population is only 1.3 million) - because its up and running. The NZ one is worth a look too, for the same reason and with the same caveat (4.8M population).
The problem, though, is how to get either system installed and running in the UK without letting the Home Office, GDS, Crapita etc. terminally fuck it up.
Or the Norwegian system (bankID). This is often / usually linked to (and issued) by a bank. Since the tax office knows everything anyway there is no problem...
And instead of an ID card they often have a photography on their bank card (they wanted to stop that, not sure if they still issue these...)
You are quite right. KYC and TCF are to valuable weapons to bring to bear if your bank or insurance ccompany are being a pain. I beat Virgin Money recently on a billing issue by quoting both KYC and TCF guidance to them.
They were surprised I'd even heard of it and caved very quickly when they were posed with how they could state publicly that they supported the framework, but were quite obviously not doing so in private.
they often have a photography on their bank card
Many, many years ago the Nationwide Building Society issued debit cards with your photograph on as a trial to see if it would reduce fraud.
It didn't, and was expensive to do (and the resultant photo on the back of the card was pretty poor quality - or at least mine was[1]) so they dropped it pretty quickly.
One of the major problems that they had was identity verification.
[1] Nearest and Dearest muttered something about GIGO.. I knew I should have expected it from a semi-techie..
Might be a slight scaling issue, but mostly due to the extreme ineptitude of Home Office, GDS, Crapita etc. in planning and project management.
The broken part is not the previous attempts, which as usual were corruption built in, and not designed with the convenience of the general public built in but the convenience of the state and any corporate groups contracted to run it badly/cheaply.
The broken parts are Home Office, GDS, Crapita etc.
The problem in that is (again) IDs and/or a form of DB with PID.
Italy, deemed to have the most insecure and counterfaited IDs in EU, started a few years ago with EIDs with chip and certificates. Now you'll be able to open bank accounts online, sign contracts etc because the service can verify the certificate validity against CA authority (Ministry of Interior, public run).
Even more, there's also a basic service that uses post offices to verify physically your identity and activates a pair of user ID/pass with MFA that you can use to prove your identity online in reading mode.
"Italy, deemed to have the most insecure and counterfaited IDs in EU"
As opposed to Ireland - whose documents are neither insecure, nor counterfeited much, but where identity documents are based on baptismal records and "certain groups" have form for getting babies baptised in a bunch of different churches to take advantage of that in later life.
Meantime in the UK it's STILL possible to copy the plot device acted out in 1960s classic "Day of the Jackal" and take over the identity of a dead baby.
"Let the DWP verify people's ID"
DWP? ROFL
Seriously, how do you bootstrap these "IDs"? What does identity mean?
AFAICS it's all relative - this passport holder might be the same as this driving licence holder. But what TPTB might want to know is whether they're the same as the owner of this business which they suspect of being a front for organised crime or the same as this person on a facial recognition system. If, somewhere along the line, those IDs get lined up wrongly (and good luck to that not happening with the reported "success" of the latter) then it might take years for some poor schmuck to get out from under.
Seriously, how do you bootstrap these "IDs"?
For a passport, your birth certificate plus one or both of your parents' birth certificates an maybe a their marriage certificates plus someone who knows you.
For the DVLA, your passport or a bunch of stuff plus someone who knows you.
Yes, I know it's all a house of cards built in the shape of an impossible triangle but in theory the DWP can verify your ID even if you don't have a passport or driving licence.
Putting the certificate on the passport/driving licence chip or allowing you to download it to your browser in the case of the DWP would bring that same proof of ID online. If someone's happy to accept a passport, they can accept passport certificate online. If someone's happy to accept a driving licence, they're can accept the driving licence certificate online. If someone will believe the DWP offline, then they can accept the DWP certificate online.
birth certificates which the law explicitly states that is NOT an identity document
And which isn't guarenteed to be available - especially for someone born abroad.
The problem is (as with most things) that ~80% of cases will be fairly easy and straightforward but that the other 20% of cases will take up as much (or more effort) and require people who know what they are doing to manage.
Which means that the DWP/DVLA/Crapita trifecta of fail can't be involved.
For a passport, your somebody's birth certificate plus one or both of your somebody's and preferably same person's parents' birth certificates and maybe their marriage certificates plus someone who knows claims to know you.
The requisite certificates can be ordered here: https://www.gro.gov.uk/gro/content/certificates/Login.asp quite legitimately. https://www.freebmd.org.uk/cgi/search.pl will help you in your research and there's a worked example in The day of the Jackal.
Identity is a slippery concept. The administrative mind assumes everyone follows the rules. The people whom ID systems most want to defend against are those who often don't.
Generate a database of people, entities or companies that can have many identifiers. Identifiers can be validated by their providers, so for example if a telecom company wants to sell by phone calls but outsouces to other company, the numbers used to call should only be used to make that telecom contractor calls. Then the phone number validated by the number provider with contracts and signed digitally.
If want to identify by car plate number, government verifies it.
Then the user can select which identifiers wants to share, which of its personal data, who to share, and for how long. It generates a secure verification code that can be used to identify.
Spanish interoperability platform works some likely to this.
This:-
Then the user can select which identifiers wants to share, which of its personal data, who to share, and for how long. It generates a secure verification code that can be used to identify.
Is going to be a HUGE problem.
Lets be realistic here.
- This system will run (badly) by the likes of Crapita
- It will all be stored in the cloud
- Which is run by our (sic) good friends the Americans
- Who have to give it all up to Uncle Sam should the be asked
- It will take 10 years to develope even something as simple as this due to deature creep
- It will be horribly over its £1B budget.
And finally,
- It will never work due to the Feature Creep (trying to be all things to all men).
As it is Friday, time for a wet one.
Quote: "Jeremy Wright said: "These new proposals could make it easier for people to prove their identity without compromising their personal information..."
*
Oh...another Jeremy...the Fleming variety is notably absent from this debate -- he's probably counting the billion pounds he got from Philip Hammond to "keep us safe"!
*
But back to Jeremy Wright....the REAL PROBLEM which "these new proposals" need to address has nothing to do with an individual ability "to prove their identity".
*
Yes...it's a nice idea if a person can prove their legitimate identity. BUT THE REAL PROBLEM is hackers and other bad guys HIJACKING THE IDENTITY OF OTHERS in pursuit of fraud, theft, character assassination and so on. And after that, there's the problem that the person who's identity has been hijacked is often victimised twice -- once by THE HACK, and afterwards by being asked TO PROVE THEY DIDN'T DO IT THEMSELVES!!!
*
Dear Jeremy Wright (and also Jeremy Fleming) --- MUST DO BETTER!! Signed: Anonymous Coward.
I peaked at 5,000 guests in a park. Most likely others have exceed that so 13k subsets should cover the UK population.
Added bonus data : Select a citizen and click.
Oooooh look, this person is carrying a) a knife, b) a stash of spice and c) has recently bought a Lamborghini with his benefit payments.
Seriously, it's either a Government ID scheme to deal with Government business alone or not. Stop all of this "Your data will be shared with a select cohort (ie the betterpayers/lobbyists/bribers) of private companies.
*May need adapting a bit for relevant scenarios.
My idea by me:
Do nothing.
Maybe it just makes sense for it to be "difficult, time-consuming and repetitive" to demonstrate to someone that we are who we say we are? Perhaps that's how it should be.
Sure, making it easier for people to prove their identity sounds like a good idea in the same way that making it easier for people to vote with phones or online sounds like a good idea.
You have to consider the failure modes though, and how bad it is if those failures happen.
With voting I'm pretty sure using pencils and bits of paper with humans in big open sports-halls doing all the counting is definitely a good compromise between robustness and efficiency – sure it's not efficient – and sure there is some friction involved in people having to go to a polling station – but it is *very* robust – everything is visible – everything is understandable – lots of people are visibly involved and everyone can police everyone else.
The problem with a one-ring-to-rule-them-all identity system is that it presents a single point of failure. Once someone works out how to hack whatever un-corruptible-un-hackable-magic-bullshit it is supposedly based on then they can masquerade as you and have nice-n-ezzzzey instant access to *everything* you do – and the stronger the belief that the system is secure and un-hackable the more difficult it will be to recover the situation and prove you are you rather than the scummy hacker.
So, perhaps it makes sense to just leave things more or less as they are, to have a whole load of disparate application specific ID systems – some partially even paper based or paper backed – all run by a variety of organisations on a variety of different systems with a variety of different levels of security and corruptibility, but none needing to claim total infallibility (because, as we all know, total infallibility isn't actually a real thing and also tends to age badly).
What we have now is inefficient and often cumbersome yes – but it is much more *robust* than a centralised single-point-of-failure system – and there is no possibility for one all-powerful organisation to simply shut my entire life down by pressing a button saying 'citizen account suspended'.
One of the advantages of the current "system" is the latency within it. If anyone wanted to steal someone's identity they would need to be patient and systematic to achieve that result. The postal system is a fairly good way to slug an identity process for a few days until say, a new identifier is issued and typed in, always assuming that your address is correct in the first place and you trust everyone who has keys to the property.
Not foolproof by any means, but the issuance of identity should always include the postal system in the chain of confirmation anyway. All of the possible problems need to be tackled at the outset, it not being a good idea to tack them on to the "rulebook" later on. I already mentioned keys (as in someone who has keys could pick up your post in order to forge identity), another example: If one is of "No Fixed Abode" then any Post Restante that is used should have some responsibility for confirming identity.
All of which reminds me of a client who wanted me to troubleshoot their broadband. Turned out the router was faulty and the ISP agreed to send out another one free of charge. When the client bought the property some years prior, they never bothered to change the name on the broadband account. When the router arrived nobody was in to accept it, so the postman left a note saying it could be collected at the sorting office. However, this could not be done as the client didn't have identity that matched the name on the account.
To prove my identity without compromising my personal information?
I suppose I could generate a public-private key pair, and, then, showing identification, register my public key with the government. Then I could prove who I am by signing things with my private key.
The thing is that computers get hacked and information stolen. So let's issue everyone an electronic ID card with a little computer in it that is capable of generating a public-private key pair.
There you go; the technical problem is solved. However, generating a public-private key pair with long enough keys to resist being cracked takes a big computer, and if you're giving ID cards with chips in them out free to everyone that won't be used for anything else, you can only really afford to put little computers in them. So now one has to figure out a shortcut.
Well, here's one way to do it:
Take a "big" computer, the size of a desktop PC, or thereabouts, that's powerful enough to generate a secure public-private key pair in a reasonable amount of time like one minute. Set it up so that it's not connected to the Internet. All it has is a connection to the mains, and a slot to plug one's chip ID card into.
And its software is robustly protected against someone putting in a chip ID card with a different chip in it that tries to do a buffer overflow or something to take over the key-generating computer.
So when people take their paper ID down to register their public key to the government office, they first stick their fancy new chip ID card into this computer to get their random public and private key pair. If the government is honest, and hasn't rigged the computer to give them everybody's private key to forge thier signatures, this might even work.
That's fine but how do you prove that the public key belongs to the John smith who owns this bank account or the John smith that we want for murder?
Obvious solution is to only ever identify people from birth by their public key. It is going to make children's birthday cakes a little larger to contain their 'names' and doing the register in school is going to take a while longer.
Hi I'm b8284650440a8e32b5189e1bcb3e94d8 but you can call me d8 ....
I realized that I had only solved half the problem. Everyone now has their shiny new digital ID. Now what do they do with it?
If they stick it into their computers, well, computers can be hacked!
So, in order to use the ID card with one's private key in it (and public key) one has to buy this box, for, say, about 10 quid - $20 - that plugs into a computer. The box has a display of its own. Web browsers will need to be modified to know how to talk to the box. The box has a CPU, and its program is entirely in ROM so nobody can change it.
So you go to a web site. You want to identify yourself to its owner, but you don't want to sign your life away if the site was hacked. No problem. After you click on a button on the web site, your Internet Identification Box with your Digital ID Card plugged into it lights up, and you read on the display:
|| AUTHORIZE: SITE 25695 (BARCLAY'S BANK) * MY_DATA: NAME, DATE_OF_BIRTH * >
and you know exactly what you're signing by encrypting it with your private key, and then joining that result to your key ID number, and the web site then can send the encrypted data off to Her Majesty's Government, which will gladly provide them with your name and date of birth, as you have authorized.
The program in the ROM of that box will not allow sneaky things like authorization strings that are malformed or too long to fit on the display; they will not be signed, or offered to be signed.
I just realized there is one possible flaw in this idea. Obviously, for this to have a chance of being secure, these boxes can't be made in China. They would have to be made entirely in the UK, from microelectronic chips made in the UK, probably from the same suppliers among defence contractors that make the military's cipher machines for the GCHQ. This would mean that instead of costing ten quid, they'd be likely to cost five hundred quid or more. That would pretty much make this scheme impractical.
Everyone now has their shiny new digital ID..
And what happens if it gets lost/corrupted/damaged/stolen[1]? How do they prove who they are in order to get another one?
You can't secure it with easily-known fixed data (DOB, marriage date, first pet etc) since those are fairly easy to obtain via data searches or social engineering attacks.. And you can't use complex passwords becuase people are notoriously bad at remembering those - so they write them down. Which makes them vulnerable to theft..
It's a very big and complex problem - something politicians and public bodies are notoriously bad at solving. Just look at the fiasco of NPfIT for an example - and that was just covering NHS staff.
[1] The XKCD solution to getting the password springs to mind - one rubber cosh coming up.
"generating a public-private key pair with long enough keys to resist being cracked takes a big computer"
You can trade size computational power of the computer against time so this aspect of the scheme isn't a problem. But how do you generate the required entropy to generate a secure key pair?
That is a good point. Obviously the time of day when you stick the card into the key generator will only generate a few bits of entropy, and you want thousands of bits of entropy, as many as there are bits inthe key, for it to be as secure as it looks.
However, besides putting a physical random number generator in the key generator machine, even, say, a microphone listening to the noise of people shuffling along in the line up, people in the office talking, and so on could generate lots of entropy.
You don't issue "identities." You issue certification of the perks that come with these identities.
It's not that difficult. Alice wants to attend a centenary event that is only open to citizens, so she goes to the government offices at (Stoke on) Trent, proves that she qualifies and gets Trent to put a stamp on the back of her hand.
Alice goes to the festival and they scan the stamp and conclude that she has the right to get in.
Alice doesn't have to present papers to the security guard.
She doesn't even have to present an ID card to Trent.
Look up zero knowledge proofs of identity.
As I said, it's not that difficult.
save he had that mark, or the name of the beast
Leave exposition of Revelations to those who know what they are talking about..
(666 isn't some sort of mythical devil - 6 is the number of man[1] and repeating it three times is emphasis. So 666 is man's overwhelming pride in himself and his own power (in this case, worship of things and money. Hands are a pretty universal symbol for "what you do" == 'works'. Foreheads == 'thoughts'. Revelations is overwhelmingly a book of symbology so can't be understood literally. Much like parts of Ezekiel). Some have thought that the mark corresponds to capitalism and the whole "love of money leads to all kinds of evil" that dominates the world now.
Yes, I've spent a lot of time studying theology.
[1] According to Biblical Hebrew numerology. 7 is the number of perfection (7 days[2] of creation et. al.)
[2] Not literal days - the word "day" is also translated as "starting" and "night" as "ending". Some have speculated that the 6 nights of creation correspond to extinction-level events - and we are currently living in the 6th of those.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
