Researchers peer into crystal ball to see future where everyone's ID is tied to their smartphone New research suggests almost 40 per cent of people will have some sort of unique mobile identifier service by 2024. Juniper Research estimated that the market would be worth $7bn to mobile operators by 2024 compared to $859m in 2019. The outfit predicts mobile phones will become primary sources of identity for just short of …
I just love how something that doesn't exist today and hasn't been tried is already touted as being easy to implement and scale.
After all, it's trivial to create a National Identity database and let everyone and their dog consult it to verify a phone holder's identity, right ? Isn't there an app for that ? What could possibly go wrong ?
The only thing that surprises me in this report is that it's not from Gartner.
Anonymous? Probably not. See When the cookie meets the blockchain and, with the prevalence of trackers (see Third Party Tracking in the Mobile Ecosystem), not just when making payments.
The fantasy of the single secure handheld all purpose device is mere Star Trek. It can never become a reality, if for no other reason that multiple purposes are bound to conflict with each other.
Maybe it's time to set up my own forecasting company.
Some days it seems like the only investment required to do this would be a hundred quid to register with Companies House and about the same to be spent on the purchase of a crystal ball and some chicken entrails.
But I already have a crystal ball (found at a garage sale in Berkeley about 40 years ago; $5). And about every two weeks, during harvest, we have more than enough chicken entrails to go around. In fact, I'll ship some to you for free if you like! (Yes, it's legal, as long as they are well packaged (sealed) & packed in dry ice.)
Maybe it's time to set up my own forecasting company.
I may be able to help with that. I have a report that contains information that I forecast is worth alt least GBP3000 to everyone who reads it. For GPB50000 I will license it to you to resell. You should be able to resell it for at least GBP2000 per person given the value of the information it contains.
**Important** the information above is definitely not the information in the report.
something that doesn't exist today and hasn't been tried is already touted as being easy to implement and scale
Which is exactly why a succession of witless UK Governments will rush out and throw money at it. Y'know, just like Gormless Grayling did with those phantom ferries. Boris has a money tree, Priti Patel will use it to terrorise crims, so no problem.
I agree, Grayling is a bit of an idiot.
But with respect to, specifically and only, the fact that the ferry company had no ferries at the time of the contract, I still fail to understand why is that an issue? They were contracted to supply ferry services in the future, not right then and there.
Many airlines own no, or far fewer than they need, aircraft. There are several aircraft leasing companies out there that offer leases ranging from wet1, to dry2, and any combination3 in-between. I would have expected the same to be true for the shipping (including ferry) industry, where they could have had 3 or 4 fully crewed, operational ferries within a couple of weeks if they were willing to pay for full-on 'wet leasing'.
1 the leasing company provides everything necessary to run the plane, full flight crew (pilots) and cabin crew, and perform all aircraft maintenance. All you have to do, as the airline, is paint the aircraft in your livery, provide uniforms to the supplied crew, any consumables (food/drinks for passengers, fuel, although all that can be outsourced to other companies that specialise in those services) and provide the routes and the passengers to fly on said routes (and pay the leasing cost of course). With this sort of lease, you can have a fleet of crewed aircraft within days, or use it to provide extra aircraft for surge capacity purposes, such as summer holidays.
2the leasing company provides a working aeroplane, that's it. It's up to the airline to crew it, provide maintenance facilities, support services, everything except for the aeroplane itself.
3e.g. the leasing company provides the pilots and major maintenance requirements (e.g. engine overhaul), but the airline provides the cabin crew and minor maintenance services (e.g. oiling the door hinges, replacing a faulty passenger entertainment system LCD display).
@eldakka all good points and fair but I think part of the issue was the way the contract was awarded. There appears to have been no public tendering process and companies that actually had experience running ferry services, e.g. the tunnel company, weren't invited - leading to the big payoff after they sued the government for violating competition rules. And then other ferry companies sued the government as well because their competitors were effectively being subsidised.
I think the ferry company having no ferries (the point you were addressing) was just an easy flag to stick on the TL:DR version so that everyone knew who to snicker at.
@eldakka all good points and fair but I think part of the issue was the way the contract was awarded. There appears to have been no public tendering process and companies that actually had experience running ferry services, e.g. the tunnel company, weren't invited - leading to the big payoff after they sued the government for violating competition rules. And then other ferry companies sued the government as well because their competitors were effectively being subsidised.I think the ferry company having no ferries (the point you were addressing) was just an easy flag to stick on the TL:DR version so that everyone knew who to snicker at.
Fair enough. Most of the coverage I saw seemed to just harp on about the lack of ferries, and didn't seem to cover the rest of your points. I guess it made more 'clickbait' headlines to ridicule the fact it had no ferries, despite that fact actually being mostly irrelevant to the real issues you have pointed out.
In the glorious state of New South Wales, they are trialling our drivers licences to be replaced by mobile phones. 90% of the time my phone is either at home, at the office, or flat battery (and spends about 99% of the time in do not disturb) - Number of times I leave the house without my wallet (with drivers licence) maybe once a year
In the US, you are required by every state to have your driver's license with you when operating a vehicle on public roads. They'd also have to pass a law to require you to have your smart phone with you at all times if it were your ID.
I used to go to the bar with just my license and some cash. That's all I needed. This was long before the proliferation of mobiles. I left my wallet at home so it wouldn't get lifted. Good luck winkling my license out of my pocket. The cash was disposed of quick enough and many nights it was a good thing that limit was there.
"In the US, you are required by every state to have your driver's license with you when operating a vehicle on public roads."
Common misconception. Here in California, you must display it to a magistrate or judge upon request if you are brought before them for any traffic violation [CVC 12952]. A charge of failure to have your license in possession while driving is automatically dismissed if you produce it in court [CVC 12951(a)], as long as it was valid at the time of the infraction.
So, essentially, you don't actually have to carry it while driving.
As always, check the actual rules & regs in your jurisdiction before taking the advice of some anonymous nutter in an obscure Internet forum.
<sarc>
But everyone has a smartphone right?
</sarc>
The eternal thorn in the side of any "smart" solution.
Such concepts simply don't exist to any tech-obsessed crystal ball gazer. They have an angle to push, and willfully ignore anything that might interfere.
People like me who refuse to own one? Don't need it on the farm...really don't need the bill. Far better computers in the house. Just another delicate and expensive thing to lose/break with a monthly bill.
Sorry, I learned better as a youth than to get addicted to worthless bloodsucking crap.
What's funny is the number of outfits right now that just can't believe I don't have one, and think I'm being some sort of resistance or liar when I won't give them my nonexistent mobe number...
I can just imagine what will happen if I get pulled over and a cop demands my phone...
Because you know, even the starving children in ${Ridiculed country of choice} all have them - largely true. But we don't get whatever free they somehow get.
If done right nothing will go wrong. It is the "something you have" to go along with "something you know". So "done right" would mean not using finger/face ID as a password, but require typing in a password - at least for really important stuff like transferring money out of your investment account.
For less important stuff like posting on El Reg I'd be fine with a simple ID based on having my phone near me talking to my computer via Bluetooth to give it a challenge/response to login to El Reg without a password on my PC.
What I don't like about this article is saying it will be worth $7 billion to mobile operators by 2024. My carrier has no business being involved in this, and I would never use any service that tried to charge. Though I'd like to see them introduce a service that charges, then see Apple & Google steal their lunch money by building it into iOS/Android using the Secure Element / ARM equivalent of Secure Element on Androids. Any time the mobile carriers get a good comeuppance I'm favor of it!
"at least for really important stuff like transferring money out of your investment account."
You are much safer not being able to access your investment/retirement/savings account from your mobile. It's even wise to have a second "checking" account if you want to use phone based payment systems that you can put limited funds in as needed rather than having your whole direct deposit paycheck tied to a small bit of electronics that can turn up missing in a heartbeat.
If done right nothing will go wrong. It is the "something you have" to go along with "something you know". So "done right" would mean not using finger/face ID as a password, but require typing in a password - at least for really important stuff like transferring money out of your investment account.
You've only listed two of the 3 security factors:
1) something you have (e.g. RFID card, token generator, key)
2) something you know (password - not biometrics)
3) something you are (biometrics)
Therefore having to use biometrics1 to unlock the phone would cover that third factor, something you are. Note that something you are is not a password, it is more akin to a username.
So, assuming you have an accurate and reliable biometric system to unlock the phone, you could have a process as follows that covers all three security factors:
1) unlock phone with biometrics
2) retrieve TOTP token from phone app (not an SMS message2)
3) Enter the TOTP token plus your password.
Some of this can be sorta automated, in that rather than manually having to enter the TOTP token, it could be retrieved via NFC or similar technologies and automatically input, it becomes more like a RFID card in this case that is only activated once you have unlocked the phone (or other device) with your biometrics. But you still need to enter a password as the something you know.
Of course, will this ever work in practice in a secure, reliable, easy, cheap and convenient mass-market consumer-friendly fashion? Not in my lifetime I think.
-----------
1 fingerprint, facial recognition, iris scan, dna sample, etc.
2 SMS doesn't satisfy something you have, as you (or an attacker) doesn't need physical access to your phone to receive an SMS message, you just need the phone number, and that can be moved or cloned/duplicated between physical (or virtual) handsets without you knowing, thus defeating the something you have test.
Why? They are probably doing that because people like me have been taking a picture of their card on their phone for years, so you don't have to remember to bring your card with you to an appointment (to say nothing of what you do if you end up in the ER when you won't have your card on you)
I haven't carried a health insurance card for a decade now. I probably still have a picture of my insurance card from 2009 if I go back far enough in my iPhone's photo roll.
I think my insurance carrier has an app, but I haven't bothered to install it because the photo works just as well. If they didn't send me a physical card, I'd take a picture of the computer screen displaying the numbers. That's what the receptionist wants when you show up, I can read it off a photo just as easily as I can read it off a physical card.
There's a lot of ways to end up in ER that break smartphones quite effectively but wouldn't destroy a laminated piece of card.
Also quite difficult to unlock your phone and open the app if you're unconscious etc.
Equally, lots of ways to end up in ER in your PJs, where you wouldn't have either of them at all.
The US system is batshit. Sure, initial ER treatment is (usually) free but beyond that you're generally utterly screwed unless you can prove insurance.
"Who the hell carries their insurance card with them everywhere they go?"
I do. It's in my wallet. It's called my photo ID card (driver's license in my case, YMMV). It is considerably smaller, thinner, and lighter than your cell phone. It is far less likely to be lost, stolen, damaged or misplaced as well. The only "hackers" interested in them are under-age kids modifying them to purchase alcohol ... and they cost virtually nothing[0] to renew every five years.
Out of curiosity, what flavo(u)r was the Kool-Aid?
[0] Here in CA, $36 for the basic, another $36 for your motorcycle stamp. Mine is a trifle more because I have a commercial license.
If you wind up in ER, you will get treated regardless of whether you can show your insurance card right there or not. If you show up in an ambulance they won't even do as much paperwork before treatment is started. Obviously they want a name to put on you to coordinate things, but you might start as J. Doe if you can't say who you are and don't have an ID on you.
BTW, a paper/plastic ID gets your information to the emergency responders without your having to do anything. If you are banged up good and your phone is locked/missing/damaged, they won't have anyway to identify you which may mean they have no way to contact family or friends to let them know where you are and your condition.
It's like the contactless cards, first they published thousands of articles stating that people don't want to type a PIN which is false, then the banks changed all the debit cards of their customers without giving them any choice.
Now while I read these articles preparing us for the brave new world I still have to fight my bank which is now trying to force me to use a mobile app.
Making payments as simple as possible, as simple as cash, was the point of not needing the PIN.
In fairness, Contactless cards have spawned ApplePay and AndroidPay which ultimately have improved security as well as simplicity.
o The device offerings need to be activated, which typically is either biometric or pin/gesture, so they can't be scanned on the fly by rogue agents like a Contactless card; and
o The device offerings are tokenised, so you aren't transmitting the card details as part of the transaction, just a token which cannot be re-used.
There are always going to be luddites who bemoan advances, I have no issue with them as long as they are prepared to pay the on-going support and fraud costs of the less secure more manual services.
This post has been deleted by its author
"There are always going to be luddites who bemoan advances"
But in this case there is no 'advance' except in marketing opportunities.
Why should I replace a perfectly useful and reliable piece of ID that can fit in my wallet and costs me $40 every five years with a fragile, bulky, expensive, easily lost, easily stolen, easily compromised battery dependent money-sucker?
That's not just one step back, that's several.
Cash is actually really complicated.
There's the manufacture, which has to be extremely secure (see "Money Heist" on Netflix for a riff on that)
There's transport, again risky and requiring quite extreme security. G4S have decided that isn't profitable - one assumes because customers refuse to pay them when they don't bother to do it, unlike their other businesses.
At the other end, cashing up takes quite a lot of time, and there is the small risk* of theft of the till contents by employees or the public.
Consumers don't see any of that, and don't care.
Contactless is great because it removes all the above, putting almost all the risk on the consumer instead! Hurray!
* Much larger in some less civilised countries, eg the USA.
Cash is actually really complicated.There's the manufacture, which has to be extremely secure (see "Money Heist" on Netflix for a riff on that)...
You don't think CC infrastructure or 'xPay' on smartphones is simple do you?
For just CC's, you need the payment networks, the computers in datacentres around the world to process them. The millions of lines of code to run those networks? The payment devices that consumers need to use to make the payments? That's another computing device and its complex bug-ridden code, a source of hacking, i.e. stealing, as has happened with several major supermarket chains where entire chains of stores have had the devices compromised and identities stolen and money skimmed from the networks. The communications networks that need to be functioning for a payment to work?
Cash 'works' irrespective of the status of the communications networks, payment networks, whether you have power or not.
Smartphone apps, the apps themselves have to be written. Then there's the O/S they run on, more millions of lines of buggy code in Android, iOS, even Symbian (feature phone) OSes are millions of lines and full of bugs. Then you've got to have a phone, a generally delicate device, easily broken, easily stolen, that can be hacked to steal all your money, unlike cash which if you are mugged is limited to the amount you are carrying, and can't itself be used as a source of identity theft.
Yeah, cash is more complex than that...
"Contactless cards have spawned ApplePay and AndroidPay which ultimately have improved security as well as simplicity"
Tell that to the queue of people for the bus or at the station behind the idiot faffing with their phone because it has gone to sleep just as they reach the barrier/card-reader
yes, I very well remember the shameful, world-wide media campaign about the new, brave, banking world when the dear bank customers wouldn't need to waste their precious time and energy by visiting bank branches, because, lookie here, EVERYTHING ONLINE!!! Then, little by little, the fuckers closed 90% of their branches (aka streamlining / optimization of expenditure) and claim they did it because their customers prefer online banking, when in fact the customers go online because they have no branch to go to.
ANY claim that a business, or a government works to improve my life, because they love me so much and care for my comfort is a serious alarm bell.
The report, Digital Identity: Technology Evolution, Regulatory Analysis & Forecasts 2019-2024, predicts that millions of third-party app makers will make money from linking operator-provided ID information to requests from other apps and services.
I predict that loads of third-party app makers will make money linking that stuff up but lots of them will be a security and privacy nightmare.
I guess AI has gone singular already and cooked up this idea from the fact that his machinery always has a parasite attached to it. No doubt an anonymous e-mail with big boob attachment to it or something similar catered for the dimwitted recipient did the job. Assimilate!
This post has been deleted by its author
I was finally given a smartphone(?) by my sprog last xmas but it requires a password of some kind and not the gestures and finger i wave at it.
I looked at online banking a couple of years ago, but after checking the one place and their 80+ page notice, I clicked out, wiped my cache and told SWMBO that i'm never banking online. If you don't want my business just say so.
I rooted one of my Android phones and was able to modify the unique identifiers inside each factory installed application inside the shared preferences location of the apps in the /data/data directory.
I was able to modify each unique identifier on all the apps individually and they would stay modified as long as I did not allow the Play Store app to update the apps.
All except for one factory installed app of course.
This one factory installed app would always revert back to the original unique identifier by itself and seemed it could bypass the Google Play Store altogether.
I'll give you only one guess as to which factory installed app that was.
To me a smartphone is something that bursts into life halfway down the drive informing me I have 17 missed messages from people I dont know.
Same thing here, no signal at our house. And I'd be surprised if the actor living up the road from us (who has appeared in commercials for TWO different cell companies) has a signal at his house.
everyone's ID is tied to their smartphone
Intesting theory, but lacks security. Everyone knows that data is shared these days, so my identity could technically be on more than one cell phone. This is especially true since my cell phone is shared with other people, it could have more than one person's identity.
Now the real question. Who is going to stop someone else from using my digital identity? The answer to that might surprise you, because I am the person that is going to stop them from using my identity. The government or companies do not care if it matches the individual, just that it is valid.
When I last switched providers, I did not have to produce any ID. I questioned the sales person and it was confirmed that I could use any name I wanted on the service. Since I am paying in advance for the next month and can't bill anything to the line, they don't care who I am. I'll be adding another line to my phone next month (dual SIM) and I'm still contemplating what persona it will have. I typically pay cash at the store since it's two doors down from the corner shop I visit all of the time. Every once in a while I'll pay with a gift card online.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
