OT: He's gone.

Epetruk

Chris Malcolm wrote:
> "Epetruk" <nobody@blackhole.com> writes:
>
>> Simon Brooke wrote:
>>> in message <32dgacF3itl49U1@individual.net>, Epetruk
>>> ('nobody@blackhole.com') wrote:
>
>>>> I don't see the value of ID cards as a terrorist prevention
>>>> measure - quite frankly, I can't understand that argument. To me,
>>>> they are more valuable in preventing identity theft (which I
>>>> believe is going to be a big issue in the future) and benefit
>>>> fraud.
>
>>> Surely they _enable_ identity theft? If I steal your ID card, how
>>> are you going to prove you're you and I'm not?
>
>> If someone steals my biometric ID card and put their biometrics on
>> the card, this may not be enough. For example, the issuer of the
>> card could encrypt the biometric information on the card using two
>> different private keys
>> that are available only to the issuing organisation, and the card
>> readers would use the public key of the issuer to decrypt the
>> information before
>> it could be verified against the biometrics of the card holder. The
>> challenge
>> for the forger is now to get hold of these private keys - not
>> impossible, but very difficult.
>
> The trouble with arguments which go "This is virtually impossible to
> crack" is that they depend on lots of assumptions.

And I keep on repeating that I don't think 100% impossibility is
attainable - what is required is a level good enough to ensure that for the
vast majority of purposes, the technology does what it is supposed to do
(i.e. in this case prevent the vast majority of people from easily forging
ID cards).

Yes, determined criminals might want to forge these cards, but what would
the point be? As I have said elsewhere, I *don't* see the ID card as being
used as the *only* required form of ID for *all* transactions. The more
important the transaction, the more forms of evidence of ID should be
required (as obtains today). What I *am* saying is that including a
biometric ID card as one of the forms of this evidence would reduce the
occurrences of ID theft.

--
Akin

aknak at aksoto dot idps dot co dot uk

Richard

Epetruk wrote:

> Yes, determined criminals might want to forge these cards, but what would
> the point be?

To use it to get hold of other forms of identification. Utility bills
are easily forged by anyone with a decent printer. So now you have
your fake/stolen ID and a utility bill, you can get practically anything
else...etc, etc.

R.

Carol Hague

Arthur Clune <ajc22@york.ac.uk> wrote:

> Simon Brooke <simon@jasmine.org.uk> wrote:
>
> : There's no doubt in my mind that Blunkett should have gone, but I'm not
> : at all convinced that the reason he went is the reason he should have
> : gone.
>
> Yes. This is my position. Helen seemed to be saying that he should go
> *because* he had an affair (I'm sure she'll correct me if I mis-understood).
> IMO this a) is none of our business and b) not enough to resign for.
>
> The visa issues maybe were, but that wasn't by understanding of what Helen
> said.

I think perhaps you mean me, actually, Arthur.

I perhaps didn't state my position clearly enough. I think it was wrong
of Blunkett to have an affair, yes. I don't necessarily think that's
sufficient to make it necessary for him to resign, BUT, if he hadn't
done this, none of the other stuff about the visa would have happened
either, so he'd presumably still have his job.

Thus, the affair is ultimately the source of his problems and since
presumably nobody forced him into it, it's his own fault he had to
resign.

I'm not suggesting that the woman in the case is blameless BTW - she was
wrong to have the affair too, perhaps more so, since she's married and
Blunkett isn't. And I see in the headlines this morning that she's been
saying how pleased she is at the resignation which strikes me as nasty
and vindictive.

Going back to your earlier point that politicians shouldn't have to be
holier than thou - perhaps not, but any politician with any nous at all
will *know* there'll be a media feeding frenzy if he's found to be
having an affair or doing anything else vaguely dodgy, so the best way
to avoid such is to be squeaky clean, no?


--
Carol
"Mmmmooooowooooff!" - the Moobark, "The Treacle People"

Arthur Clune

Carol Hague <carol@wrhpv.com> wrote:

: I think perhaps you mean me, actually, Arthur.

You are of course right. That'll teach me to comment on one post while
replying to another.

--
Arthur Clune PGP/GPG Key: http://www.clune.org/pubkey.txt
It is better to light a candle than to curse the darkness

Epetruk

Richard wrote:
> Epetruk wrote:
>
>> Yes, determined criminals might want to forge these cards, but what
>> would the point be?
>
> To use it to get hold of other forms of identification. Utility bills
> are easily forged by anyone with a decent printer. So now you have
> your fake/stolen ID and a utility bill, you can get practically
> anything else...etc, etc.

Yes, but criminals are using fake forms of ID to get other forms of ID
right now. Doesn't it make sense to make it more difficult for this
to happen? Or is identity theft just one of those things we will
have to live with for the rest of our lives?

Richard

Epetruk wrote:

>>>Yes, determined criminals might want to forge these cards, but what
>>>would the point be?
>>
>>To use it to get hold of other forms of identification. Utility bills
>>are easily forged by anyone with a decent printer. So now you have
>>your fake/stolen ID and a utility bill, you can get practically
>>anything else...etc, etc.
>
>
> Yes, but criminals are using fake forms of ID to get other forms of ID
> right now. Doesn't it make sense to make it more difficult for this
> to happen? Or is identity theft just one of those things we will
> have to live with for the rest of our lives?

Indeed, but the "ID card" is being presented as the silver bullet to end
identity theft. This is one of its many dangers, as gullible members of
the public in positions of semi-authority will think that an ID card is
a cast iron guarantee that the person is who they claim to be, simply on
the basis of holding an ID card.

R.

Carol Hague

Arthur Clune <ajc22@york.ac.uk> wrote:

> Carol Hague <carol@wrhpv.com> wrote:
>
> : I think perhaps you mean me, actually, Arthur.
>
> You are of course right. That'll teach me to comment on one post while
> replying to another.

Well *I* don't mind being mistaken for Helen. If *she* objects, I expect
you'll find out just before the paving slab hits you :-)

--
Carol
"Mmmmooooowooooff!" - the Moobark, "The Treacle People"

Tony W

"Richard" <richard@nomail.nospam.thanks> wrote in message
news:cpv12j$9g6$2@hermes.shef.ac.uk...
>
> Indeed, but the "ID card" is being presented as the silver bullet to end
> identity theft. This is one of its many dangers, as gullible members of
> the public in positions of semi-authority will think that an ID card is
> a cast iron guarantee that the person is who they claim to be, simply on
> the basis of holding an ID card.

The government must be drawing on the experience of countries with ID cards
such as Spain and Germany where crime, terrorism, fraud etc. are all
non-existent.



T

Simon Brooke

in message <1goxvzt.1ledx131u33kb0N%carol@wrhpv.com>, Carol Hague
('carol@wrhpv.com') wrote:

> Going back to your earlier point that politicians shouldn't have to be
> holier than thou - perhaps not, but any politician with any nous at
> all will *know* there'll be a media feeding frenzy if he's found to be
> having an affair or doing anything else vaguely dodgy, so the best way
> to avoid such is to be squeaky clean, no?

Life is complicated, messy and often painful. I've never had an
'affair', but I don't feel particularly holier than thou about it. With
Hamlet, '...I count myself indifferent honest; but yet I could accuse
me of such things that it were better my mother had not borne me.' If
you've got to middle life without having done things of which you are
heartily ashamed, then you are very lucky.

We live in an incredibly hypocritical society. Journalists whose own
private lives would not bear great scrutiny heap scorn on people in
public life. This isn't good. Politicians are human; they have
emotions, needs, desires. It's not reasonable to expect them to live
like monks. What we need is that they should be honest, competent and
straightforward. If we make the job of politics so unpleasant that only
seriously dodgy people are prepared to do it, we will get seriously
dodgy people. Politicians, too, have a right to a private life.

--
simon@jasmine.org.uk (Simon Brooke) http://www.jasmine.org.uk/~simon/

Morning had broken. I found a rather battered tube of Araldite
resin in the bottom of the toolbag.

Epetruk

Trevor Barton wrote:
> Epetruk wrote:
>> Chris Malcolm wrote:
>>
>>> "Epetruk" <nobody@blackhole.com> writes:
>>>
>>>
>>>> Simon Brooke wrote:
>>>>
>>>>> in message <32dgacF3itl49U1@individual.net>, Epetruk
>>>>> ('nobody@blackhole.com') wrote:
>>>
>>>>>> I don't see the value of ID cards as a terrorist prevention
>>>>>> measure - quite frankly, I can't understand that argument. To me,
>>>>>> they are more valuable in preventing identity theft (which I
>>>>>> believe is going to be a big issue in the future) and benefit
>>>>>> fraud.
>>>
>>>>> Surely they _enable_ identity theft? If I steal your ID card, how
>>>>> are you going to prove you're you and I'm not?
>>>
>>>> If someone steals my biometric ID card and put their biometrics on
>>>> the card, this may not be enough. For example, the issuer of the
>>>> card could encrypt the biometric information on the card using two
>>>> different private keys
>>>> that are available only to the issuing organisation, and the card
>>>> readers would use the public key of the issuer to decrypt the
>>>> information before
>>>> it could be verified against the biometrics of the card holder. The
>>>> challenge
>>>> for the forger is now to get hold of these private keys - not
>>>> impossible, but very difficult.
>>>
>>> The trouble with arguments which go "This is virtually impossible to
>>> crack" is that they depend on lots of assumptions.
>>
>>
>> And I keep on repeating that I don't think 100% impossibility is
>> attainable - what is required is a level good enough to ensure that
>> for the vast majority of purposes, the technology does what it is
>> supposed to do (i.e. in this case prevent the vast majority of
>> people from easily forging ID cards).
>>
>> Yes, determined criminals might want to forge these cards, but what
>> would the point be? As I have said elsewhere, I *don't* see the ID
>> card as being used as the *only* required form of ID for *all*
>> transactions. The more important the transaction, the more forms of
>> evidence of ID should be required (as obtains today). What I *am*
>> saying is that including a biometric ID card as one of the forms of
>> this evidence would reduce the occurrences of ID theft.
>
> And I'm saying it would make bugger all difference :-)
>
> You are looking at it (if I can be blunt to save typing) from the
> point of view of a person who knows nothing about it in a technical
> sense. However, there are a lot of people out there who do know about
> things like that, and only one of them has to be (a) bad and (b) able
> to crack, forge, break, whatever, the system. Once it has been
> broken, it's broken for good.

Do you know for *sure* that biometric technology is as insecure as this, or
are you making an assumption based on related forms of technology? It seems
you are assuming that the means of 'breaking the system' will be as
cheaply/widely available as programs for hacking computers - this may well
not be the case.

Like I said, the technology is still in its infancy. We're some way away
from it being deployed for commercial use - in fact, the fact that
businesses are wary of using it right now indicates that its adoption by the
government is premature. But unless you are an expert in that field of
security yourself (and even if you are), I don't think you can confidently
make the assertion that biometric technology will *always* suffer from the
once-broken-always-broken problem.

But if you want to believe that ID cards won't solve the problem of ID
theft, that's fine. As I've said, I'm agnostic about these things - if
someone were to propose an alternative, I'd willingly listen. Do you have
any ideas, or do you believe that ID theft is something we will just have to
get used to?

--
Akin

aknak at aksoto dot idps dot co dot uk

dirtylitterboxofferingstospammers

>Well *I* don't mind being mistaken for Helen. If *she* objects, I expect
>you'll find out just before the paving slab hits you :-)
>
>--
>Carol

I don't mind at all. If you are younger, slimmer and prettier than me (entirely
likely) I wouldn't mind being mistaken for you ;-)

Cheers, helen s


--This is an invalid email address to avoid spam--
to get correct one remove fame & fortune
h*$el*$$e*nd**$o$ts**i*$*$m*m$o*n*s@$*a$o*l.c**$om$

--Due to financial crisis the light at the end of the tunnel is switched off--

Tim Woodall

On Fri, 17 Dec 2004 19:05:33 -0000,
Epetruk <nobody@blackhole.com> wrote:
>
> But if you want to believe that ID cards won't solve the problem of ID
> theft, that's fine. As I've said, I'm agnostic about these things - if
> someone were to propose an alternative, I'd willingly listen. Do you have
> any ideas, or do you believe that ID theft is something we will just have to
> get used to?
>
I believe that ID cards will make ID theft EASIER. Most people will just
accept them as proof. Want to buy alcohol underage - just borrow
someones card that looks a bit like you (or print one/get one printed on
one of the websites that will inevitably grow up) OK so it won't have
the chip, a good (say 2-3GBP to produce forgery) will have the contacts
though. And I thought underage drinking was a problem.

Have a car crash - exchange details. Show a forged ID card.

Epetruk: "Your Honour, I don't drive a BMW and I have never been to
Crashville"

Prosecution: "So Mr Epetruk, how do you explain your showing my client
your unforgable ID card?"


Try googling for "John Munden" if you want a scare about what can happen
when "infallible" systems go wrong.

Tim.



--
God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
and there was light.

http://tjw.hn.org/ http://www.locofungus.btinternet.co.uk/

Epetruk

Tim Woodall wrote:
> On Fri, 17 Dec 2004 19:05:33 -0000,
> Epetruk <nobody@blackhole.com> wrote:
>>
>> But if you want to believe that ID cards won't solve the problem of
>> ID theft, that's fine. As I've said, I'm agnostic about these things
>> - if someone were to propose an alternative, I'd willingly listen.
>> Do you have any ideas, or do you believe that ID theft is something
>> we will just have to get used to?
>>
> I believe that ID cards will make ID theft EASIER. Most people will
> just accept them as proof. Want to buy alcohol underage - just borrow
> someones card that looks a bit like you (or print one/get one printed
> on one of the websites that will inevitably grow up) OK so it won't
> have the chip, a good (say 2-3GBP to produce forgery) will have the
> contacts though. And I thought underage drinking was a problem.

First of all, I notice that in your reply, you've made the assumption that
the technology to forge cards *will* be widely and cheaply available,
without attempting to substantiate this.

But I'll repeat what I've said elsewhere already:

Generally, people will ask for proof of evidence in proportion to the
seriousness or importance of the issue concerned. So for a pint down at the
pub, yes - a biometric ID card should be enough. I would wonder though
whether someone would go to the trouble of forging a biometric ID card
solely for this purpose.

For more serious issues (like opening an account), the biometric ID card and
some other forms of ID would be required - just like what happens today. And
for court-related issues, I don't expect that an ID card by itself should be
enough to convict you of a crime (even though it might be contributory
evidence).

But the usage of the ID card anyway would depend very much on how reliable
it was. If it was demonstrated to the public that a biometric ID card could
easily be forged and was an unreliable form of identification, then of
course it wouldn't even be accepted down the pub. On the other hand, if the
hype about its forgeability proved to be just that - hype - then people
would rely on it more.

I honestly don't know how things will pan out. What I *do* care about (and
sadly what you failed to answer) is how to deal with the problem of ID
theft. If it turns out that biometric ID cards are not the answer to this,
fine. But I prefer to wait and see what happens rather than making
predictions about the future of a technology that is still in its infancy.

Jon Senior

Epetruk wrote:
> Why are they worthless if they don't conclusively identify you?
> Like I've said throughout this thread, it is *impossible* to achieve
> 100% conclusive identification - the advantage I see in ID cards is
> that they offer a stronger proof that you are who you say you are
> (in addition to existing evidence).

But the more conclusively that they can ID you, the greater acceptance
of them as evidence there will be and the greater the problem will be if
they can be falsified. NB: This is a problem with the overall concept of
ID cards, not the technology.

> Well, I've also said elsewhere that this shouldn't be the case.

If they don't remove the requirement for additional proof of ID then
they have gained you (the user) nothing at additional cost to both your
wallet and your liberty. If they do... then the problem detailed above
exists. In essence they are either a threat due to abuse, or worthless.
I have watched this field for many years and have to find a middle
ground between these two positions.

> Well, a well designed system shouldn't give too much power to a single
> individual to make these decisions - the system could be such that
> two different people make a check on the documents sent in to prove
> your identity. As to how easy it will be to get the technology to
> produce fake ID cards, I'm agnostic on this - I won't make assumptions
> as to what future technology is and isn't capable of.

First and foremost. If the technology is available... it is available to
all. This may not negate the security, but it negates the first few
hurdles for those who wish to circumnavigate it in some way.

> But your position looks less like "ID cards are good, but these are the
> problems - I wish we could solve them" and more like "ID cards are bad,
> and we shouldn't waste our time having them because these are the
> problems". If your opposition to ID cards is deeper than the
> logistics, then there may not be much point in carrying on this discussion,
> as I have often found
> that where issues raise deep feelings in people, it may not be a good
> idea to argue to much about them.

My opposition to ID cards is detailed above. The main issue is (AFAICT)
unsurmountable. My reasons for disliking them are based on the strange
concept of liberty which you are right, it is not a good idea to argue
over. ;-) If OTOH you can provide a credible situation where an ID card
fits into neither of the categories that I've described, I'd be
interested to hear it.

Jon