10 August, 2010
Reporting that thirty- and fortysomethings are occasionally asked for photo ID featuring proof of age when purchasing alcohol, the BBC quotes (paraphrases?) a bar manager (not 'barmaid'!) as saying that:
Sometimes customers lose their temper, but overall attitudes have improved.
People have become more meekly compliant, you mean?
There's no reason to be rude to the bar staff, of course, but nor is there any reason to meekly accept arbitrary 'policies'.
Caroline Nodder, of 'The Publican':
"Is it that much of an inconvenience to carry ID? If as a society we want to stop access to alcohol then we have to put up with this."
Yes it is, and NO WE DON'T.
18 May, 2010
Oh, it's you
For a few months, the Electronic Frontier Foundation has been conducting more slightly alarming research into the private information revealed by web browsers, even when obvious tracking by cookies is disabled.
The specific information is itself relatively innocuous – browser configuration, OS and system fonts installed – but the combination of parameters can give each installation an uncommon or unique profile, which could be used to track users.
In my case, the copy of Firefox on my work PC has a browser fingerprint entirely unique among the 864,366 tested so far by the EFF's 'Panopticlick' tool; If I use my copy of IE (yeah, as if...) one other installation amongst 864,395 browsers has the same fingerprint. And my work PC & browser are less customised than my home machine, which I'd be more likely to use for activities I wouldn't want tracked (not that I do; I'm just making the general point that a private PC would see more varied activity than one owned by one's employer).
There are some solutions, but I'm not sure how practical they'd be, as they diminish the browsing experience; they maybe worth considering if you do want to hide specific activities, though.
14 May, 2010
Brave new world
This is the sole reason I'd have considered voting Tory (I didn't), and why I didn't even seriously consider voting Labour.
Then again, let's wait to see what actually happens....
29 April, 2010
I don't want to comment on the specific event (beyond saying that I'd have come to the same conclusion as the PM about the the questioner's seemingly bigoted subtext), but it is mildly amusing that the leader of the Party Of Mass Surveillance was caught-out by an unnoticed microphone.
3 March, 2010
Apparently, a certain UK high-street-but-catalogue-based retailer excludes digital cameras and mp3 players from its 30-day replacement/refund policy, "to protect your personal safety".
I can think of several reasons why a retailer might wish to limit the extent of such an offer, but that's certainly not one of them; it's merely an excuse, exploiting and perpetuating the frustrating culture of fear. This is the sort of thing, individually trivial, which softens-up the public to accept ID cards and other genuine risks to privacy, anonymity and yes, personal safety.
[Rant over. This time...]
12 October, 2009
Why watch Big Brother when you can be him?
One tiny compensation from the overwhelming CCTV coverage of urban Britain is that it's not necessarily surveillance – there are far more cameras than operators and a minority of the footage is ever likely to be seen before being overwritten.
A 'solution' is to make the footage available to interested members of the public – i.e. self-appointed moral guardians and underemployed busybodies – allowing the unqualified to act as unpaid security guards reporting anything suspicious at their own expense: the intention is to turn curtain-twitching into a game, with prizes.
I'm certainly not going to publicise the organising company with a link but, to their credit, they stress that they're working with private-sector cameras, with no intention to expand into the public sector (street surveillance via council/police apparatus).
Do I believe them? Probably, but that's a key point: how do I know that I'm not being watched, and never will be watched, by unaccountable amateurs?
[Update 28/01/10: The 'service' is yet to be launched since, at the time of writing, the Information Commissioner's Office is investigating its legality.]
13 July, 2009
Number not available
Heh. According to the BBC, a directory of mobile phone numbers – populated without the express consent of phone owners – has been temporarily withdrawn because the provider can't handle the volume of people demanding 'ex-directory' status.
8 April, 2009
We were in London this past weekend, under the gaze of the notoriously ridiculous number of CCTV cameras* . And felt safe.
We had the confidence to walk down dark alleys I would normally avoid, occasionally dressed in ways that rather marked us as non-locals, with a perhaps-very-misplaced feeling that no-one would try anything whilst the cameras were watching.
This seems analogous to the common argument against bicycle helmets: that they instill a false sense of security and a dangerous recklessness; without the illusion of invulnerability, non-wearers (should) feel a need to take extra care.
Yet... I wouldn't want to be without my cycle helmet.
*: Yes, I looked for, and at, the cameras. So report me.
27 March, 2009
Fear everything. Then tell us about it.
Earlier in the week, the Police released more of their fear-mongering posters, this time encouraging Londoners to examine their neighbours' rubbish and to report anyone looking at CCTV cameras.
As Cory Doctorow said at BoingBoing:
Essentially, this redefines 'suspicious' as anything outside of the direct experience of the most frightened, ignorant and foolish people in any neighborhood.
Even worse, though, is the idea that you should report your neighbors to the police for looking at the creepy surveillance technology around them. This is the first step in making it illegal to debate whether the surveillance state is a good or bad thing.
BoingBoing readers characteristically responded by remixing
The scary thing is that none of the parodies are as paranoid as the genuine ones.
19 March, 2009
Cleared - maybe
Whatever one might feel about comedian/activist Mark Thomas (personally, I commend his ingenuity and most tactics, but not his causes), he's to be credited with a significant achievement: having had his DNA data, collected after he was arrested and subsequently acquitted, deleted* from police databases.
As reported months ago, the UK government is obliged to discard the genetic information of anyone not found guilty of a crime: a 'just in case' DNA database of the innocent is expressly forbidden by the European Court of Human Rights. However, as expected, the UK government has failed to act on the ruling, and demands for the police to delete information about less well-known individuals have been rejected. Let's hope that this instance has an effect.
*: Understandably, commenters on the article question whether anything has really been deleted, and whether all forms of Thomas' DNA data have been destroyed.
11 March, 2009
Google has announced that it is to introduce behavioural-targeted advertising, adopting the same tactic as Phorm.
It's not quite as bad as Phorm (what isn't?), as it's easy to opt out and stay opted out, and Google's a relatively reputable company: I'm fairly confident the opt-out will be respected.
Two criticisms, though:
- This should be implemented on an opt-in basis, never as an opt-out. Google may choose to believe that a majority of people won't object to their online activities being profiled in order to assist targeted advertising – they may even be right – but that presumption should be implemented as a button in a prominent location on the Google website which, presumably, most people would happily click. Not the alternative: profiling everyone unless they visit an obscure page deep within the Google site, seemingly only mentioned in a blog posting.
- The opt-out is straightforward and seemingly comprehensive but, as mentioned above, it's not as readily available as it could be. To save you a search: the initial opt-out is here, and a browser plugin (for Firefox & IE) which prevents the opt-out cookie being deleted is available here.
As a bonus, a way to opt-out of other US advertisers' targeted advertising is available from the Network Advertising Initiative.
19 January, 2009
Study the small print
How much is your privacy worth?
If you're an undergraduate student, would £1,000 p.a. be enough?
I've discovered that students don't need to directly apply for bursaries at a certain higher education institution: so long as each student has already applied for government funding too, and hasn't opted out of information from that application being shared, the university will automatically receive household income data and process the bursary.
However, the other side of "don't need to directly apply" is that students can't apply directly, so those who have opted out of data sharing are disqualified from receiving £1,000 p.a..
I'm very glad I'm over a decade past being an undergrad, as I don't consider this acceptable. Well, if I understand it correctly, anyway. If the question on the government form is "do you authorise us to pass on these details to the university?" i.e. specific information to a specific organisation for a specific purpose, that's entirely fine, but I strongly suspect it's an open-ended "do you agree to your data being shared with other organisations?" – such as other government departments, the police, debt collectors, future employers, etc.
Private data is personal property, and I demand control of it. That doesn't mean I'd be willfully obstructive, of course: anyone requesting access to my data, who explains why it's required (that's 'required', not merely 'wanted'), will almost always receive it, for that specific instance (no data retention without explicit consent).
But I need to be asked.
Actually, the system is getting worse. In previous years and for Entry 2009, prospective students have to opt into data sharing, but for Entry 2010 consent is presumed unless an applicant specifically opts out. That's back-to-front, and is extremely poor practice.
15 January, 2009
For a moment, I was encouraged by the Foreign Secretary's belated public acknowledgement, in the Guardian, that the War On Nouns was a mistake: terrorism is a tactic rather than itself a cause, and military action isn't 'the answer'. For a moment, I wondered whether Miliband had defected from his Party.
But then I read the substance of his article, and found little more than platitudes timed to coincide with next Tuesday's US regime change. It's particularly offensive for one of the most senior members of the current UK Government to say:
We must respond to terrorism by championing the rule of law, not subordinating it, for it is the cornerstone of the democratic society. We must uphold our commitments to human rights and civil liberties at home and abroad.
So that'll mean a rapid withdrawal of state intervention into individuals' privacy, right? No more talk of ID cards and the associated database(s)? Mass deletion of DNA records? Decommission of CCTV networks? No? Oh, we've all got to make compromises
. Of course.
Keep talking, David. You might accidentally say something real.
9 January, 2009
As the BBC reports, 'rules forcing internet companies to keep details of every e-mail sent in the UK are a waste of money and an attack on civil liberties'. The article goes on to mention something I hadn't appreciated, which hopefully could defeat the whole scheme.
From March all Internet Service Providers (ISPs) will by law have to keep information about every e-mail sent or received in the UK for a year.
Every e-mail. Including spam. That'll nicely bury one's genuine communications amongst mountains of rubbish: security though obscurity?
3 January, 2009
Don't let the 'hellhouse' open
NØ2IDIf one was seeking a good day to release contentious news without people noticing, 31 December would have to be an obvious choice. And the UK Government had a really good one saved up:
The private sector will be asked to manage and run a communications database that will keep track of everyone's calls, emails, texts and internet use under a key option contained in a consultation paper to be published next month by Jacqui Smith, the home secretary.
In his strongest criticism yet of the superdatabase, Sir Ken Macdonald, the former director of public prosecutions, who has firsthand experience of working with intelligence and law enforcement agencies, told the Guardian assurances [of safeguards] would prove worthless in the long run and warned it would prove a "hellhouse" of personal private information.
And remember, that's from the former DPP, not exactly someone the Government could dismiss as a libertarian activist. He goes on:
"The tendency of the state to seek ever more powers of surveillance over its citizens may be driven by protective zeal. But the notion of total security is a paranoid fantasy which would destroy everything that makes living worthwhile. We must avoid surrendering our freedom as autonomous human beings to such an ugly future. We should make judgments that are compatible with our status as free people."
Bizarrely, whilst loathing the idea that the state could know anything about me and condemning the very concept of a unified 'superdatabase' in the strongest terms, I'd be infinitesimally happier if it was directly held and operated by publicly-accountable state agencies, rather than delegated to private firms as a cost-cutting measure.
One might as well devolve responsibility for heart surgery to plumbers in order to save a bit of money: security of personal information, about every aspect of people's lives, really is that
I'd love to know how the Home Secretary reconciles her rhetoric on this issue with a recent statement by her own boss, the Prime Minister, that "it's important to recognise that we can't promise that every single item of information will always be safe, because mistakes are made by human beings."
Then don't hold the data in the first place.
4 December, 2008
Anonymous until proven guilty
Yay! In a ruling described by the Director of Liberty as "one of the most strongly worded judgements that Liberty has ever seen from the Court of Human Rights", the UK* government and police forces have been told that that they cannot retain DNA or fingerprints from anyone who has not been charged with a crime.
If – if – the government complies with its obligation, this mean the profiles of ~850,000 innocent people must be deleted from the National DNA Database.
Needless to say, the Home Secretary has already announced that the government will not comply with the ruling "while ministers consider the judgement" i.e. introduce a legislative workaround, but it'll be hard for them to ignore it outright.
*: In England, Wales & N.Ireland – in Scotland, DNA samples from those not charged or those later acquitted of alleged offences are already destroyed.
3 November, 2008
NØ2IDThe Prime Minister has said, quite correctly, that no government could ever guarantee the security of personal information, as it's impossible to totally eliminate human error.
Fine, but the only rational response is to minimise the risks and consequences, by avoiding data collection unless absolutely necessary for clear, non-extendable reasons, and prevent the sharing of data beyond the immediate recipient.
By the PM's own argument, the National Identity Register (and associated ID cards) cannot proceed.
5 October, 2008
Say 'no' to Phorm: update
As Phorm's traffic-analysis-for-targetted-advertising software returns to BT, allegedly legally this time, the issue of consent has also returned.
The opt-in/out for users is awkward: BT customers are required to accept responsibility on a per PC, per user, per browser basis. If the server-side opt-out isn't available yet, BT, don't launch until it is.
As I mentioned in March, before Phorm can intercept traffic from individual websites, the law requires there to be permission from each website's owner too. As The Register reports, "in its advice to Phorm and ISPs, the Home Office said it believed that publishing a website gave implicit consent". A bizarre claim, but at least requiring BT to offer an opportunity to explicitly withhold permission.
It should really be an opt-in, of course, but I'm not going to boycott the opt-out whilst waiting for others to force BT to do the right thing.
One could block all search engine bots, or publish under https, or password-protect all content, but that's dodging the issue: I'm denying permission to Phorm, not whole categories of traffic. Hence, the only genuine option offered is send an e-mail to firstname.lastname@example.org.
Actually, don't. As a commenter on the El Reg article notes, the Home Office's opinion (not legal advice, just opinion) is more accurately stated as "there MIGHT be a case of implied consent ONLY IF there are not explicit terms denying consent".
Hence, it may be worth adding a notice to one's website, perhaps on a 'terms & conditions' page. Nicholas Bohm of Fipr has drafted the following recommended text:
The contents of this site, and communications between this site and its users, are protected by database right, copyright, confidentiality and the right not to be intercepted conferred by section 1(3) of the Regulation of Investigatory Powers Act 2000. The use of those contents and communications by Internet Service Providers or others to profile or classify users of this site for advertising or other purposes is strictly forbidden.
3 October, 2008
In a meta-article about the Daily Hate's discovery that Google Street View "WILL PHOTOGRAPH EVERY DOOR IN BRITAIN", the Guardian's Bobbie Johnson makes a very dangerous statement:
Personally, I'm torn. I use the US version of Street View a lot, but don't like the idea of a surveillance society. However, given the number of CCTV cameras which spy on me every day, I'm not sure that a Google car counts as the biggest infringement of my liberties right now.
No. Wrong. It's not about identifying the single greatest surveillant, it's about combating them all. Every single one
, gross or insidious: the entire culture of surveillance.
Though personally, I'm happy with Street View, so long as its cars are observing from public roads.
25 September, 2008
Phorm win this round
The City of London Police have decided not to proceed in prosecuting BT for their covert trial of the privacy-invading Phorm traffic-tracking software.
Fair enough; the relevant authorities carefully studied the evidence then concluded that there was no case to answer.
Well, no; their reasoning is appalling.
Firstly, they say that the trial was legal because "there was no criminal intent on behalf of BT". Intent isn't a definitive test of legality. Drunk drivers don't actively intend to cause injury or death, but their knowing irresponsibility is more than enough for prosecution.
Secondly, the trial was legal because, they allege using very flawed logic, there was implied consent, "because the service was going to benefit customers". That's a very dangerous argument – it's bad enough when state agencies make impositions 'for your own good', but private companies simply cannot assume consent. It's for the individual customer to decide whether there's a potential benefit, and to decide whether that 'benefit' is worth the cost. Consent has to be explicit, not implied.
A judicial review of the police investigation is being sought. This isn't 'sour grapes', a refusal to accept the unwelcome outcome of a valid inquiry: the investigation itself plainly relied on flawed premises.
The EU's investigation of Phorm and the entire class of tracking/ad-targeting software is also proceeding; let's hope Europe-wide legislation overrides the City of London Police's inadequacy.
17 September, 2008
I hadn't realised that the official position of the BMA (the professional body governing UK doctors (but not surgeons)) is that a national 'integrated centralised health record system' should be strictly opt-in: that "patients should give explicit consent before any healthcare data is uploaded onto the spine". Not compulsory, and not defaulting to 'in unless specifically opted-out'.
Excellent; they got it right, though as Tom Reynolds observes, it presumes that patients are equipped to make educated decisions about privacy/security issues.
All proposed national databases should be that way, and also require further explicit consent before information can be shared with other databases so, for example, the national census, DWP or police cannot freely access one's health records.
A slightly negative point is the rumour, also reported by Reynolds, that those electing to opt out of the NHS Database (or rather, declining to opt in) will be added to another database, a handy register of 'difficult' people.
30 July, 2008
New genetics code?
I'll believe it when it happens, but a 'citizen's inquiry' into the UK's National DNA Database, overseen by the Human Genetics Commission and reported by the Guardian has proposed my ideal amendments.
Firstly, the DNA profile of anyone tested but not convicted of any crime should be deleted; likewise, the profile of anyone with an expired conviction should be deleted. The proposal to add everyone to the Database at birth should be abandoned. It's wrong to presume the potential criminality of the innocent and to continue to criminalise those who have 'repaid their debt to society'.
Additionally, the inquiry recommends handing control of the Database to an independent body, not the police and the Home Office, who have an obvious vested interest and, as the inquiry further notes, "cannot be trusted".
These measures begin to address my principled objection to state agencies compiling personal records at all (beyond the investigation of specific cases, for the duration of those investigations, anyway – I'm an individualist, not an anarchist). A permanent database is simply the wrong basis for a relationship between a state and its citizens: a government should never have ready access to such fundamental power over individuals.
These measures would also have the practical benefit of preventing police 'fishing expeditions': purely speculative attempts to match individuals to evidence from past crime scenes.
I obviously don't have a problem with DNA evidence being used to confirm or eliminate suspects in specific cases, but the suspicion has to come first (and be compelling enough to convince a judge that a DNA sample needs to be taken, 'cos I'm damned if I'd volunteer one), but trawling through the entire Database 'just in case' is unreasonable, not to mention less definitive than is generally perceived.
14 July, 2008
Scene needn't be heard
Brilliant comment on the BBC's 'expose' of BDSM in the UK, by Zax:
Frankly, it scares me to know what people will do in the name of recreation. How can physical aggression, bleeding wounds, broken bones, dirt, humiliation, orchestrated and ritualised violence and even deaths have any place in the psyche of any rational adult? Anyway, so much for rugby. And boxing, wrestling, judo and any other competitive contact sport you care to name, all of which are essentially substitutes for sex anyway. BDSM sounds much safer, plus there's at least a chance you'll find your fellow participants sexually attractive, unlike rugby. Er, presumably.
Incidentally, discussion of the nature of the activities in which Max Mosley participated misses the far more important point: as Megan says in another comment on the BBC article:
it is not what Mr Mosely chooses to do with consenting partners that matters, it is his right to do so in privacy that is at issue.
11 July, 2008
Chink of light?
Ostensibly for voter registration but primarily for taxation, all (adult) residents of the UK are obliged to submit personal details to the Council-administered Electoral Roll.
The result is an annually-updated database for government purposes and a slightly-abridged database which is sold on to private companies for commercial purposes. One can opt out of the edited register, and of course I do, but these things should always be opt-in, never opt-out, and the whole idea of the state obliging citizens to populate a spammers' address database is deeply distasteful.
The BBC reports that a 'government-commissioned review' doesn't like it either:
"We feel that selling the edited register is an unsatisfactory way for local authorities to treat personal information," [Richard Thomas, Information Commissioner] said. "It sends a particularly poor message to the public that personal information collected for something as vital as participation in the democratic process can be sold to anyone for any purpose."
This mightn't be a particularly strong precedent to use against data-sharing between branches of government, but it's a start: an acknowledgement that private information isn't something to treat frivolously.
For more mundane reasons the Local Government Association concurs, since the hassle of having to administer two registers in return for a paltry £5 per thousand names doesn't even make financial sense. They squarely blame central government, with the implication that the 'for advertisers' database could be abolished.
So. A potential boost to the principle of privacy and a potential blow to direct marketers. A good day.
2 July, 2008
NØ2IDAccording to the Guardian, the chief executives of leading UK-based airlines have publicly made the, frankly rather obvious, observation that the compulsory introduction of national ID cards for 'airside' airport staff is the result of a programme desperately looking for an application rather than meeting a genuine need.
The government's central argument is that identification parameters offered by the ID cards scheme would be useful to aviation security. Fine, but two points:
- Useful, not essential. I'll accept essential measures, involving the barest minimum of personal data, but nothing that merely makes security easier to administer.
- If there is some essential functionality, why not incorporate it into the existing airport security system? The system already uses identity cards for staff, which presumably wouldn't be totally abandoned in favour of national ID cards, so why bother with two schemes at all? Other than as a spurious justification for the very existence of one scheme, of course.
Hmm. I'm repeating
myself, but perhaps it's worth reminding people now that the issue's back in the news.
27 June, 2008
As BoingBoing observed, yesterday's Guardian (website) included a report entitled "Airport-style security for UK rail stations blocked".
As that suggests, the ridiculous plans to "install airport-style x-ray machines in every London underground and mainline rail stations across the UK were ruled out today amid fears of a passenger rebellion against journey delays.", though it was mentioned that "a handful of bag screening machines and bomb detection dogs will be placed at tube and mainline stations in London and other cities instead." These will be portable and be moved around the network.
Personally, I object to them at all, as their primary purpose seems to be to do something – anything – visible, irrespective of whether it's meaningful, whilst simultaneously normalising the idea that the state can examine private property 'for the greater good'. Existing police powers of stop & search should be adequate without this sort of invasive security theatre.
Anyway, that was yesterday. Curiously, the same Guardian journalist paraphrased precisely the same story under a different headline today, "Stations to get x-ray security", which suggests a rather different interpretation of the issue. Yesterday the message was 'unworkable security withdrawn, mostly', whereas today's has reversed emphasis: 'new security introduced, with caveats'.
So what changed overnight?
21 June, 2008
My Freeview set-top box died on Thursday night, so I've bought a replacement.
Argos offered the best price, but since I was buying TV receiving equipment, the cashier demanded my name and address on behalf of the TVLA.
I was tempted to go elsewhere – no retailer complying with spurious governmental requests deserves my custom – but the alternative was far simpler: I paid cash and gave fake details. Unless John Coulston (manager of the Lancaster Banking Company, 1826-1866) really does enjoy EastEnders from his old office at 68 Church Street.
The UK has operated TV licensing since 1946, and the enforcement regime seems to have worked – so don't change it. No doubt it's easier for the TVLA if people meekly add themselves to the database, but as I say (too often...) the responsibility of the state is to serve its citizens, never the reverse. When that arm of the state happens to be a private-sector contractor, the demands are even less acceptable.
I comply with the law, and it's for the TVLA to prove otherwise. I'm damned if I'll do their job for them, merely for their convenience.
20 May, 2008
Phone bill a bit steep
If every person in the UK was required to occupy a hermetically-sealed cubicle at all times, solely interacting with the world via fully-monitored phone and internet connections, the task of "protecting national security and preventing crime" would be vastly simplified.
That's obvious, but rather extreme: it's equally obvious that there has to be a balance between law enforcement and individual liberty. As I've said too many times to hotlink (just read the blog's 'Privacy' archive), society shouldn't be organised for the convenience of government agencies. People are messy, complicated creatures whose existence is inhibited by being bubble-wrapped against every potential threat: law enforcement shouldn't be easy.
The cubicles idea is mere hyberbole, of course. I wish I could say the same about the proposal to monitor all telephone and e-mail traffic, but that's a genuine suggestion; no, more than a suggestion: according to the BBC, the Home Office has confirmed a wish to incorporate it into the draft Communications Bill later this year.
I can't help wondering whether this is a distraction, a deliberately over-the-top proposal in comparison to which another, as yet unannounced, intrusive policy will look relatively reasonable.
I'd object to this sort of action anyway, but the practicalities are truly scary: Britons and visitors will be compelled to trust government agencies and their allegedly 'rigorous' safeguards, despite a steady stream of examples proving fundamental incompetence in government data security.
Remember the 'Judge Death' storyline from 2000 AD's 'Judge Dredd' comic strip, in which a regime had decided that since all crime is committed by the living, everyone had to die? That'd work too.
17 May, 2008
I don't want the Phorm spyware to become a recurring topic here, but this technique for defeating traffic-analysing trackers is too good to avoid mentioning.
AntiPhormLite is a secondary browser which continuously, automatically yet plausibly browses the web as a background process or whilst one is genuinely accessing the web, thereby generating masses of utterly spurious data. No attempt is made to block the tracker, but all it'll get is junk.
29 April, 2008
The other boot has a 6" heel
First 'authorities' obtain the technical ability and right to identify and track individuals.
For our own good, of course.
Then 'authorities', now able to enforce the consensus morality, decide what we can look at.
For our own good, of course.
For the record, if the ban does specifically apply to the four categories of extreme p*orn noted in the BBC article's sidebar, and no others, I wouldn't mind. Much like ID cards, the problem is in 'function creep' and interpretation – what will be covered by the new law, say, five years from now? How about the image accompanying the article? A pierced tongue is dangerously close to certain peoples' definition of 'mutilation'.
There are certain activities I consider repulsive, and I've never quite understood the attraction of p*rn, but my morality shouldn't restrict the right of others to engage in them (or view the results), only objective issues of participants' safety, and when that comes to consensual s&m, for example, that's difficult to regulate.
I suppose that's my key point: there may need to be some way of ensuring participants' safety in the production of p*rn, but it's absolutely no business of society if I (hypothetically) wish to view it and hence be "depraved and corrupted", as the 1959 Obscene Publications Act phrases it.
25 April, 2008
Give it some welly
BoingBoing summarises a HOWTO article from Instructables, which concludes that precision techniques for (permanently) disabling a RFID chip in, for example, a passport are still less
effective obtrusive than the simplest: just hit it with a hammer.
5 April, 2008
Guardian now Phorm-free
A major resource for the exchange of information to combat Phorm web traffic tracking and analysis has been the Guardian's comments pages, so it's somewhat... odd that the newspaper itself used Phorm's services. No longer. As The Register reports, the Grauniad has become the first 'commercial partner' to dump Phorm.
With opposition from such web dignitaries as Sir Tim Berners-Lee, a legal challenge by Fipr and revelations that Phorm has already been covertly tracking BT customers, let's hope the message gets through that this form of ad-targetting is simply, beyond negotiation, unacceptable, especially from a (ex?)spyware company.
Consent for Phorm (or similar trackers) to track the Ministry's visitors is explicitly withheld.
A simple technique for client-side blocking of Phorm's tracking is described here.
25 March, 2008
It's mine, you can't have it
I forgot this was coming out: the Guardian has published an article on online privacy/anonymity by Zoe Margolis (aka Abby Lee), someone who's had a specific interest in the issue.
The wide-ranging comments thread is particularly interesting too.
There's a fine example of how 'innocuous' traffic analysis for ad-targeting could be hijacked by those with skewed morals – imagine if your access to the internet was regulated by someone who considers that "p*rn is inherently harmful" and masturbation (in private) is, by definition, shameful.
Those are the genuine opinions of a presumably well-intentioned person, not a conspiracy-theorist's nightmare of a repressive government or a shadowy corporation; they're not fictional sci-fi, but the moral grounding of someone who could stand for government or become employed by an ISP today.
19 March, 2008
The eternal value of privacy
This 2006 opinion piece by Bruce Schneier for Wired makes an important point: privacy isn't about hiding 'wrongdoing' (irrespective of whose definition of 'wrong' is used).
Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
Here's another Wired article by Schneier, similarly debunking a too-often-accepted fallacy: that security and privacy are mutually-exclusive opposites.
10 March, 2008
Damn. The last place I could readily exchange pounds for Euros anonymously has been dragged into line. Now I'm obliged to show a driving licence or passport whenever I want to swap my money for a slightly different format of my money.
The official excuse is that it's to combat money laundering, but I have three major objections:
- Presumption of guilt. Prove I'm a money-launderer, then refuse to serve me. No proof? Then give me my Euros. As is supposed to be standard in UK law, the accuser bears the burden of proving guilt – it's not for the defendant to prove innocence.
- Who serves who? It's far easier for the government to take preemptive action against everyone than to identify criminals first, but that gets the relationship between the state and the individual back-to-front. The state exists to serve the individual; the individual's actions shouldn't be restricted for mere administrative convenience.
- Wouldn't work. If there's a serious money-laundering problem, wouldn't that involve fake identity documents as a matter of routine? Would counter staff recognise a forged driving licence?
I'm no conspiracy theorist (honest), but I genuinely believe the 'money laundering' excuse is tangential at most, and the identity check is a symptom of social control – once people accept this and several other, individually trivial, impositions as routine they will more readily accept further intrusions into privacy.
I mentioned this issue to my colleagues a moment ago, and heard of another example. In order to become a member of Lancaster Public Library, one has to show two forms of identity – not passport or driving licence, but both – and a recent letter from one's bank. Dangerous stuff, access to information; we wouldn't want just anyone to have it.
6 March, 2008
NØ2IDSo the Government is changing its plans for the introduction of ID cards (details here), and it's possible that EU citizens will never need to obtain cards (apart from those in jobs with security implications), instead being able to use biometric passports as proof of identity.
It's not about having to obtain cards, and never was. It's about the underlying National Identity Register (NIR) – who cares about pieces of plastic if the data are readily available by computer?
Let's consider the need for those in jobs with security implications to carry National ID cards.
Firstly, 'security implications' is open to interpretation. At present it's 'air-side' airport staff and airline crew, but it wouldn't take a conceptual leap to extend that to, say, childminders.
Secondly, there may well be an argument for airport staff to undergo rigorous security checks and have to carry ID cards – so implement a standalone scheme for airport security, entirely unrelated to the National ID cards and NIR. There's absolutely no reason to link them, other than as a spurious attempt to justify the Government's plans.
The one good point is these revisions push the implementation date further and further away – hopefully we'll have a different Government by the time anything actually happens.
Incidentally, a related BBC article, published two months ago and perhaps superceded, repeats two more irrelevances:
Are the details stored centrally too?
No. Plans for a single database holding the personal information of all those issued with a card have been scrapped. Instead, information will be held on three existing, separate government databases.
It's a trivial matter to interlink databases – separate storage is no practical obstruction to abuse. Anyone reassured by the idea that there won't be one 'Big Brother' database is fooling him/herself. I'd want assurances, backed by legal penalties, that users of one database cannot
, under any circumstances, access either of the others.
What won't be stored?
The government has sought to allay some fears about ID cards by saying they will not store details about someone's race, religion, sexuality, health, criminal record or political beliefs.
Again, that's meaningless. Is anyone seriously suggesting that someone able to access a NIR entry will be unable to access the same individual's criminal record, irrespective of whether it's in a different database? That the two databases will be (deliberately) incompatible?
The state should not have these data arrays. Period. Whether they're on a card, in a database or in a network of databases is utterly irrelevant.
22 February, 2008
Not normal, children
The really scary aspect of invasion of individuals' privacy/anonymity by the state isn't so much that it's invasive but that it's becoming routine, and routinely accepted.
Counterintuitively, I regard media exposure of extreme/blatent capture of private data as harmful to privacy advocates: even as the public react against the extremes, they (we) become inured to lesser, everyday intrusions, accepting them as 'not as bad as it could be'. No. The little invasions matter too, and we mustn't be dazzled by the sensational examples.
Equally, every additional news report embeds the issue a little deeper into everyday culture, rendering it a little more accepted and no longer evincing the same level of outrage: "Identity cards? That was last year's news". It's a dilemma: am I contributing to it even as I type this text?
Perhaps an even greater problem than adult complacency is that children are growing up believing that lack of privacy is the norm – it's all they've ever known so is simply the way they presume the world is.
I can't decide whether this new toy, discovered via BoingBoing, is a symptom or a further tool of erosion.
It's a toy airport-style security scanner, allowing children to role-play 'security officers and suspected terrorists', or to practice their social compliance. It's a lot like the toy stoves and ironing boards traditionally given to young girls to impose perceptions of their social roles. That mightn't be the manufacturers' conscious intent, of course, but the result is no less insidious.
To be clear: I certainly don't object on principle to hand luggage being scanned for genuinely dangerous objects, but it's something to be merely tolerated as reluctantly necessary in specific and uncommon circumstances. If people become accustomed to bags being searched elsewhere and children think security scanners are part of the furniture of adult life, it's a tiny step to acceptance of ID cards and wider powers for state agencies to monitor individuals. And as existing instances of incompetence (repeated mass data losses by state agencies) and pointless interventionism (the war on moisture) demonstrate, that isn't acceptable.
25 January, 2008
What's that got to do with it?
I see from the local paper that Morecambe is to host this year's UKIP party conference, the UK Independence Party being an anti-European, 'England-first' ¹ offshoot of the Conservative Party. It's traditional for political parties to meet at the seaside², so if the major parties have conferences in Blackpool or Bournemouth, it's unsurprising that a minority-interest party would choose a second-rate resort.
The slightly disturbing part is that Phil Booth of NO2ID, an organisation I promote each time I write about my opposition to ID cards, is prominently listed amongst the speakers. If he's to attend in a personal capacity, that's fine with me – his own political affiliations are his own business – but I really hope it's not as an official representative of NO2ID.
I can understand a wish to band supporters together for a better chance at gaining representatives into positions of influence, but there has to be a close connection, absent in this instance. There's no causal link between the issues, nor even an especial likelihood that a supporter of one will regard the other favourably.
Opposition to interference into individuals' private lives by national government isn't remotely the same issue as opposition to European central government, so the campaigns should not be actively affiliated. I'm sure many UKIP members welcome ID cards as a means of excluding foreigners, so dislike Booth's organisation, whereas people like me object to the cards³ whilst actively seeking the break-up of the UK into autonomous elements within the EU so disdain UKIP.
For much the same reason, it's important that the public don't naturally associate one with the other. "Fighting ID cards? That's a UKIP issue, isn't it? I don't like UKIP."
It reminds me of the 1991 General Election, in which, at least in my constituency, Plaid Cymru (my party of choice) affiliated itself with the Green Party, in an attempt to get a Plaid MP into Westminster who'd then have to vote according to Green policies. Hence, though I've always wanted Wales to separate from England, Plaid lost my vote – I'd never vote Green. Conversely, one of my English housemates, an environmentalist who considered Welsh nationalism irrelevant, doubted a Plaid MP really would promote Green issues, so the Greens lost his vote too.
1: And yes, I do mean England, whatever UKIP might claim.
2: The Green Party (hardly a major party) seems to have settled on Lancaster for annual conferences. I can't decide whether they're breaking with the 'seaside towns' tradition merely to be characteristically perverse, or whether they're the only party to acknowledge the need to seek higher ground (certainly not moral – I mean above rising sea levels).
3: The National Identity Register, really – never forget it's about the data, not the pieces of plastic.
18 January, 2008
Strictly need to know
Characteristically, Cory Doctorow has produced a concise, easily-digested illustration of the the problems inherent in organisations' compulsive acquisition of personal data.
One doesn't need to be a conspiracy theorist to appreciate the potential for personal harm or, at the very least, embarrassment:
For example, you now must
buy an Oyster Card
if you wish to buy a monthly travelcard for London Underground, and you are required to complete a form giving your name, home address, phone number, email and so on in order to do so. This means that Transport for London is amassing a radioactive mountain of data plutonium, personal information whose limited value is far outstripped by the potential risks from retaining it.
Hidden in that toxic pile are a million seams waiting to burst: a woman secretly visits a fertility clinic, a man secretly visits an HIV support group, a boy passes through the turnstiles every day at the same time as a girl whom his parents have forbidden him to see; all that and more.
All these people could potentially be identified, located and contacted through the LU data. We may say we've nothing to hide, but all of us have private details we'd prefer not to see on the cover of tomorrow's paper.
Doctorow states the obvious: that data security needs to be taken far, far more seriously; it is indeed analogous to storing hazardous nuclear waste.
I'll state the even more obvious: don't collect the data in the first place
27 December, 2007
Final push (please)
Wahey! One of the first acts of the new Australian government has been to finally scrap the de facto 'national ID card' programme.
And that's even without state-sector agencies having proved themselves incapable of securing citizens' personal data, so the case for abandonment has to be even clearer here in the UK....
20 December, 2007
Terrorists use computers
If you're reading this on a monitor, just wait quietly whilst the officers come to collect you. That could take a couple of moments, so you might like to read the Metropolitan Police's poster.
As it happens, I travel quite a lot without fully accounting for my movements. Because that is my right, and I am perfectly entitled to be vague about where I'm going – no-one, least of all a police officer, gets to question that.
18 December, 2007
Why was it there anyway?
I have to admit to mixed feelings about the latest huge loss of personal data by a company operating under contract to the UK Government, as each breach reduces the chance of ID cards or a National Identity Register being successfully forced through the legislative procedure.
The particularly alarming aspect of this loss was that it was from a facility in Iowa.
What was private data on British citizens doing in a foreign country without the individuals' knowledge and express consent? Any foreign country, though without wishing to seem anti-American, I'm especially uncomfortable that it was the USA, whose government has a history of contriving reasons to appropriate personal data for 'security' purposes and permitting foreign nationals no legal recourse if it's misused* .
I can understand and even support a nation's right of access to data held within its sovereign boundaries (under specific and independently-regulated circumstances) – so don't put British data within the USA's jurisdiction.
I was also amused to notice that civil servants have been promoting my own argument for me:
Whitehall officials argued that most of the data is available in telephone directories.
Precisely. And I have the right, which I definitely exercise, to opt-out
of telephone directories.
*: I'm not saying the US Government, nor the UK's would misuse personal data, either deliberately or ineptly, but they could. I prefer not to take the risk, and after all, the data are the property of the individuals, not the state.
24 November, 2007
Bringing out the big guns
After last week's massive loss of personal data, ministers were repeatedly asked whether they agreed this was the end of the ID cards scheme.
"Oh, no, that's totally different. That uses biometrics."
As if they're foolproof, and impossible to corrupt. The biometric details, I mean, not the ministers. Ahem.
For some reason, I hadn't expected to be linking to Ben Goldacre commenting on ID cards, though there's no question this application of biometrics security is bad science.
Just read the article (which even cites 'Mythbusters'), especially if you believe "if-you-haven’t-done-anything-illegal-you-have-nothing-to-worry-about".
21 November, 2007
Not all bad
Mainstream coverage of the HMRC data loss scandal has been widespread, so I'll simply make one observation.
If we now know that relatively junior staff working with confidential data apparently have access to removable storage media (how basic a security flaw is that?) and entire national datasets, and can readily get CD-Rs out of their buildings, wavering public acceptance of ID cards must have just evaporated.
12 November, 2007
Allegedly, modern society has reached a turning point. The Guardian quotes Donald Kerr, the principal deputy director of US national intelligence as saying that our concept of 'privacy' needs to be explicitly revised.
Privacy no longer can mean anonymity. Instead, it should mean that government and businesses properly safeguard people's private communications and financial information.
So, as Cory Doctorow
that for BoingBoing:
Human beings can no longer expect governments and companies not to spy on them; instead 'privacy' will now mean having the right to expect that governments and companies won't tell other people what they learn when they spy on you.
No. Just no. Not acceptable.
Kerr repeats a routine non-sequitur:
Millions of people in this country - particularly young people - already have surrendered anonymity to social networking sites such as MySpace and Facebook, and to Internet commerce.
So it's not so big a deal if governments appropriate the information too, right? Wrong. The essential distinction, which Kurt Opsahl of the EFF does
grasp, is personal choice: there is no contradiction between my voluntarily disclosing (or, quite openly, faking) certain
information in exchange for private-sector services and my refusing to share that information with the state.
6 November, 2007
NØ2IDObviously, I didn't post about the Sunday Mirror's 'report' that the Prime Minister is planning to scrap ID cards outright (because it's the Mirror), but the Guardian may have discovered a shred of truth in the tabloid's fantasy. It seems that the PM is at least implementing a review of the system's flawed implementation, which could cause a major delay or possibly a move towards full abandonment.
I could go on to explain, again, why the security minister's quoted flat assertion that:
"National identity cards will play an important part, a very important part in countering terrorism, there's no doubt about that. I mean, one can think of all sorts of reasons one might not like them, but actually, in terms of counter-terrorism, they will be extremely useful."
Is entirely specious, but I really can't be bothered. Don't take my word for it that it's been comprehensively dismissed already – read my past posts
on the subject, and the linked articles.
Whatever you do, though: do not
accept the minister's statement as self-evident or accepted knowledge.
5 October, 2007
Pressing too hard
A misaddressed copy of today's Press Gazette ("for all journalists") arrived on my desk this morning. Before passing it on to the Press Office, I read the front cover through the cellophane, with mounting annoyance.
According to a report which doesn't seem to be on the website yet, new UK legislation allows a number of state organisations to gain full access to journalists' contacts (I think that's phone records in particular):
- Any police force
- The National Criminal Intelligence Service
- The National Crime Squad
- The Serious Fraud Office
- Any of the intelligence services
- Any of Her Majesty's forces
- The Commissioner of Customs and Excise
- The Ministry of Defence
- The Home Office
- The Commissioners of Inland Revenue
I'm not pleased
about these organisations having access, particularly if they no longer need a specific warrant for each individual instance, but at least one could make a compelling argument (not that I would) for their needing access, for reasons of national security and detection of crime. But the list goes on:
- The Ministry of Agriculture, Fisheries and Food
- The Department of the Environment, Transport and the Regions
- The Department of Health
- The Department of Trade and Industry
- The National Assembly for Wales
- Any local authority
- The Environment Agency
- The Financial Services Authority
- The Food Standards Agency
- The Intervention Board for Agricultural Produce
- Health Authorities
- National Health Service Trusts
- The Home Office (er, again?)
- The Department of Social Security
- The Personal Investment Authority
- The Royal Pharmaceutical Society of Great Britain
Let's think about that again. The Intervention Board for Agricultural Produce, amongst numerous other non-police agencies, is now able to requisition any journalist's phone records – not the phone records of a suspect under specific investigation, but of an interested third-party. How can that not
be excessive state invasion of privacy?
Doesn't this instill a wonderfully cuddly sense of security about how an ID cards database would be used?
5 September, 2007
Well, he can't have it
Judge wants everyone in UK on DNA database.
I know narrative imperative demands that judges are out-of-touch with the modern world, but the complacent assertion that 'putting everybody's DNA on file should be "for the absolutely rigorously restricted purpose of crime detection and prevention"' betrays startling trust in state benevolence, even naïvity.
Last night, I watched 'Touch of Evil', the 1958 film about a well-regarded but corrupt police officer responsible for framing murder suspects, leading to numerous wrongful executions. One line jumped out at me:
A policeman's job is only easy in a police state.
21 June, 2007
Just as one person's 'terrorist' or 'insurrectionist' is another's 'freedom fighter', part of what the UK government chooses to call 'identity theft' might be called 'credit card fraud' by those with less of an ideological agenda¹ .
Which makes it somewhat... paradoxical? hypocritical? that the Home Office seems to be obstructing individuals' ability to report incidents directly to the police.
D'you know, this could almost make one wonder whether the supposed justification for ID cards as a means of combating 'identity theft' is a mere smoke-screen, and that there's some other, unstated reason².
¹ : Okay, or maybe just a different agenda....
² : Don't worry, I'm no conspiracy theorist. I'm talking about mundane administrative convenience, not sinister plots. Them too, of course....
19 June, 2007
Should be institutionalised
NØ2IDAs the BBC reports:
The identity card scheme will become a 'great British institution' on a par with the railways in the 19th Century, Home Office minister Liam Byrne says.
R-i-g-h-t. That's beyond satire, really, but I might as well make a half-hearted effort: the slave trade was a 'great British institution' once. Aspirational stuff, eh?
The BBC goes on to inadvertently highlight one of the key issues:
plans to "multiply the uses" of the ID scheme, would mean there should be stronger accountability to Parliament.
No, the important part is accountability OF
I can't stress this enough: never mind bogus claims about terrorists and criminals, the groups from which I wish to withhold personal information are, quite specifically, government agencies.
11 May, 2007
Price still wrong
NØ2IDIn the finest traditions of the Blair (mal)administration, one branch of government tried to mask an embarrassing admission by issuing it on the same day as a prominent announcement by another branch.
I don't think so. Spread the word: UK ID card costs climb £600m in six months.
18 April, 2007
Here's an interesting little detail in a background article about the Virginia Tech student who killed 32 people and himself on Monday:
Some news accounts have suggested that Cho had a history of antidepressant use, but senior federal officials tell ABC News that they can find no record of such medication in the government's files. This does not completely rule out prescription drug use, including samples from a physician, drugs obtained through illegal Internet sources, or a gap in the federal database, but the sources say theirs is a reasonably complete search.
So US federal agents have legal access to individuals' medical prescription records do they? According to BoingBoing's research
, no, they don't.
This is precisely the sort of government access abuse to which I object. The state has no right to this private, personal information, under any circumstances; mass-murder is no exception.
8 March, 2007
NØ2IDIt seems the US Department of Xenophobic Paranoia Homeland Security, feeling left out by their British equivalent, the Identity and Passport Service (I love the fact it's called a 'service' – that's a nice touch of humour), wishes to impose ID cards on US citizens too.
[Via BoingBoing, where commenters suggest it'd be an unconstitutional invasion of privacy. No; really?]
9 February, 2007
Last month, I reported Wired's advice about disabling the RFID chips in new US passports. It seems a similar situation applies to new UK 'ePassports' which contain biometric data stored on a smartcard chip. Though I obviously wouldn't recommend deliberately breaking one, the National Audit Office has confirmed that a passport containing a non-functioning chip is still entirely valid as a travel document.
One is supposed to have a 'defective' passport replaced.
According to the NAO: "If failure is detected at border control, the holder will be issued with a letter advising them to contact the issuing authority. The Identity and Passport Service (IPS) will examine any faulty ePassports returned to it and, where it concludes the chip unit contains a manufacturing fault, the ePassport will be replaced free of charge."
Yet, as The Register observes
, there's no incentive for an individual to comply, and a significant disincentive.
Which is where we came in. Suckers who've acted on the letter by allowing IPS to take their passport hostage will be forced to cough up for a new one, except in the unlikely event that Philips [the chip manufacturer] screwed up. So if you're handed that letter, don't act on it. And if thousands, or tens of thousands of people are handed that letter, IPS will have a problem that it's not going to be able to park with Philips.
That's the main point of this entry, but another detail approaches 'stranger than fiction' status. Though, by definition, a UK passport lasts ten years, the IPS only negotiated a two-year manufacturer's warranty from Philips. This rather implies that the chips are only expected to last that long. What happens after that? Either the cost of replacement falls on the bearer, which hardly seems reasonable, or the state (i.e. taxpayers i.e. me) can expect to cover considerable, initially unstated, additional costs.
20 January, 2007
Open your eyes
I suppose I shouldn't accept it without some scepticism, but this is purported to be genuine, rather than merely an unused prop from 'Brazil'.
How can people look at a 1940s-style poster depicting disembodied eyes over London icons, under the slogan 'Secure Beneath The Watchful Eyes', and not rage against excessive state/corporate invasion of privacy?
7 January, 2007
Since 1 January, all new US passports have incorporated RFID chips which could reveal personal information to criminals and, worse, government officials. However, a passport with a broken chip is still perfectly valid as a passport, so Wired offers excellent advice: take a hammer to it. Really.
7 November, 2006
NØ2IDBlair's half-truths and warped logic are bad enough, but I sometimes suspect the real threat is the complacency of the self-righteous.
Consider this naïve little diatribe from Polly (that has to be short for Pollyanna) Toynbee, who plainly occupies a fantasy world where technology and administrative organisations function flawlessly, government is invariably benevolent (and always will be) and anyone who thinks otherwise is a delusional conspiracy freak. Scary stuff.
Whatever you do, read the comments, not just the article.
7 November, 2006
Don't patronise me, Blair
Tony Blair insisted yesterday that the national identity card scheme should go ahead as a question of "modernity", not civil liberties.
That's from the Guardian. If it's an accurate quote, the Prime Minister seems to be saying privacy and individual rights are inherently outmoded, and that they are to be overtly denied. Utter rubbish, of course.
Mr Blair also stressed the personal benefit of having a national ID card, saying it would do away with the need to produce other documents for the purpose of proving one's identity.
to be able to produce multiple forms of identity for specific purposes; an NHS card for health care, for example, and a National Insurance number for employment purposes, without one organisation having access to information about the other. Blair won't sell ID cards to me on the basis of empty 'convenience'.
He also conveniently
ignores the huge issue of eggs and baskets: that making a single identifier usable for all purposes means criminals only have to falsify or compromise the security of one document/database to gain access to everything.
He claimed that because most citizens provided personal information to private companies on a daily basis he did not think "the civil liberties argument carries much weight".
That is totally false logic. Because I might choose to provide a minimum of contact information to, say, my electricity supplier, it doesn't remotely follow that any other organisation can take information without my permission – it's not 'all or nothing'.
I demand the right to decide who has access to my private details, on not only an organisation-by-organisation basis, nor even department-by-department, but instance-by-instance. I am not remotely willing to make information available to all 'designated users' unless I'm the one doing the designating.
20 September, 2006
Make do with what you have
Terrorism and organised crime should not be used as excuses for passing laws which undermine people's privacy and data protection rights, according to the European Data Protection Supervisor.
As El Reg reports, Mr Hustinx went on to say that pre-existing laws are already adequate: "Current legislation does allow, for instance, law enforcement to check suspicious phone numbers found in a computer."
I agree. Maybe governments are under pressure to be seen to be 'doing something'. Maybe they're maliciously exploiting a political climate to impose a police state. Personally, I think that's over-dramatic and the truth is more mundane: governments wish to extend and integrate data on individuals for mere bureaucratic convenience, though I resist anything which could conceivably be used by the collective against individuals in future, unforeseen circumstances.
Whatever; I don't regard additional invasion of privacy to be acceptable, nor even necessary, irrespective of provocation.
A key test of any new measures must be this: is current legislation truly inadequate? If the proposed legislation was not enacted, would that prevent essential actions being fulfilled?
That's 'prevent', not 'hinder' – 'hinder' is good. Government powers shouldn't be too easy to apply, to discourage all but the most essential uses.
3 August, 2006
It's a good idea, okay?
Tony Blair has insisted that ID cards will be a core element of the Labour Party's manifesto for the next General Election – even though he'll no longer be Prime Minister by then, and in no position to dictate manifesto pledges for his successor's campaign. That typifies his attitude, really.
12 July, 2006
Take the opportunity
The Guardian reports that the plan to merge UK regional police forces from 43 to about 28 has been 'definitively' scrapped.
That was an initiative championed by the disgraced former Home Secretary, Charles Clarke. If, as it seems, the Government is prepared to (justifiably) treat him as a scapegoat and excuse to abandon unpopular legislation, how about his apparently unworkable ID cards scheme?
8 June, 2006
Those holes again
Last month, the Government's own Information Commissioner's Office reported that individuals' private, personal data held by state agencies are routinely leaked to private investigators and hence such groups as insurers, creditors, journalists and criminals seeking to influence jurors, witnesses or legal personnel. I mentioned it when the report was first released, but the Guardian, a little belatedly, provides more information.
Scarily, though unsurprisingly, ministers are beginning to reveal the expected hidden agenda: that all information will be interlinked for the state's mere convenience, and presence on the National Identity Register (with or without ID cards; they're of limited relevance) will be compulsory for access to public services.
Phil Booth, national coordinator of No2ID compares personal identity to the Titanic:
"They are talking about linking all the watertight compartments, so if one is holed, you go to the bottom of the sea."
A YouGov survey of 2,000 people in April found that just 23% of respondents trust the government to deal with their data online, compared with 70% who trust their bank. If a bank fails to protect its customers' data, or links it in ways that customers don't want, it risks losing their business. Often, there is no alternative to the government.
19 May, 2006
With rather more eloquence than I could achieve, AC Grayling explains my objections to the entire governmental attitude behind the introduction of ID cards and the National Identity Register, which fundamentally changes the relationship between individual citizens and the state.
So many sections are quotable that I'll just let you read the article yourself.
12 May, 2006
On one side, the Government is forcing through legislation on the National Identity Register, demanding private information from individuals and making it freely available to government – and other – agencies. They insist that it's all confidential and that data will only be available to those with legitimate access requirements (as defined by the state, not the individual...). Trust the government, sheep. They know best.
Yet on the other side, the Government's own Information Commissioner is horrified by the commercial trade in private data. In one instance, a researcher was being paid £120,000 per month to trace people for finance companies and local councils. If anyone took legal action, the statutory fine in a magistrates' court would be up to £5,000. Still think the state will adequately protect your personal details?
Okay, the ID Cards Bill contains stronger penalties for improper access, but still, the best defence is to abandon the idea of a centralised database altogether.
[Update 11:20: The Guardian reports that animal rights terrorists, sentenced yesterday (12 years each – it's a start) for crimes culminating the 'kidnapping' of a corpse, obtained key information on their victims from a member of staff at the DVLA.]
1 May, 2006
Visiting the Cancer Research UK website a few minutes ago to unsubscribe from an unsolicited e-mail newsletter (I'm a supporter, so they had my details, but I definitely opted-out of being contacted by e-mail. Cheeky ****ers.), I discovered a startling press release they made available last Friday.
I'll let you read it yourself, but they claim the British people are happy to surrender privacy if it might help research into cancer. The accompanying evidence fails to prove that interpretation, and I oppose the assertion.
More than 80 per cent think there should be a law making cancer registration compulsory.
If there was some guarantee that this was subject to medical confidentiality, the idea might have some merit.
**** it; no it wouldn't; I presume most individuals would choose to assist research by volunteering information, but it should still be voluntary.
That's on principle, but more practically I'm concerned that compulsory registration might be fed through to insurers, which would transform the scheme into compulsory incrimination.
The results dispel the belief that people are always more concerned about their right to privacy than public health.
Absolutely untrue! As I said, most people might be expected to opt in (I would), but it must be optional. Individual rights, including privacy, come first. The only exception would be if non-disclosure would actively harm others; if someone had a communicable disease, for example. That doesn't apply to cancer.
And it shows there is strong support for identifiable medical details to be given without consent,...
Nothing in the press release justifies that statement.
... provided they are only used in confidence for public health research by recognised research organisations.
Nothing in the press release offers that guarantee
, only a vague intent. An absolute, unambiguous and unmodifiable guarantee would be the minimum requirement for acceptability.
“This survey shows categorically that the vast majority of people do want their personal health information to be shared for the collective good, if it could lead to improvements in the diagnosis and treatment of cancer.”
Then a voluntary scheme would be more than adequate; researchers would have more data and experimental subjects than they could ever use. However, the rights of the 'tiny minority' to withhold their private data must be protected.
The National Cancer Registry monitors trends in the incidence of cancer and survival from the disease. Cancer survival comparisons based on National Cancer Registry data are the only way to compare the overall effectiveness of cancer diagnosis and treatment between different regions of the UK, between rich and poor patients, or between the UK and other countries.
Though I'm fundamentally opposed to compulsory provision of individuals' private details, I'd fully support registration, including compulsory, of anonymised
data for epidemiology and medical geography. I have absolutely no problem with that, and agree that it would be immensely valuable for 'the communal good'. That doesn't conflict with my heart-felt belief that submission of identifiable personal information must remain voluntary – one doesn't imply the other, nor preclude it.
"The results of this survey show that absolute privacy is not the priority of ordinary members of the public. The vast majority of people are happy for information about them to be used for the wider public good, provided the information is kept confidential and secure. Government policies should recognise this support for public health research."
Paraphrasing and restating earlier paragraphs, which I've already addressed, doesn't make them any more compelling. Cheap tactic.
21 April, 2006
'Renew for freedom'
NØ2IDBrits who feel especially strongly about avoiding the National Identity Register (aka ID cards, though the cards themselves are secondary) as long as possible are recommended to renew their passports before October, when new regulations are due to take effect, preferably beforehand, as it's possible the Government may attempt to prevent large numbers of people avoiding 'the draft'.
The NO2ID campaign group are asking that those considering early renewal do so during May, specifically to coordinate the impact on Passport Offices and make some sort of collective statement. I don't do collectivism (and my current passport has another 8½ years to run), but others might wish to participate.
Remember, once you're on the Register, you're on for life, and are liable to keep the Government's records about you up-to-date. That includes being liable for their errors.
30 March, 2006
Failure is not an option
NØ2IDIn related news: the government has already spent £32m on preparing for the ID card scheme before it has been approved by Parliament.
That gives some idea of the government's willingness to negotiate, and indeed their respect for the democratic process. They're committing the nation to having a National ID Register, irrespective of whether anyone actually votes for it.
Alistair Carmichael [Liberal Democrats home affairs spokesman] said the government had "no right" to spend the money before the ID cards enter into law.
"It is completely unacceptable to forge ahead on a scheme which will radically alter British society without the approval of MPs," he said.
"The government persistently and wrongly claims that a majority of people want ID cards when it is quite clear that there is major disquiet in the country on this issue."
30 March, 2006
Not so big a deal
NØ2IDAfter the latest version of the ID cards legislation had been rejected by the House of Lords five times, the government has had a 'compromise' accepted.
The Lords' main objection was that cards were being linked to passport applications/renewals, and hence made compulsory in all but Charles Clarke's dream world. The apparent concession is that compulsory possession of a card has now been postponed from 2008 to 2010*. That's after the next General Election, and if elected the Conservatives are likely to repeal the legislation outright.
Who'd have thought I'd be hoping for a Tory government?
However, as with many aspects of this scheme, the headline statement is of limited relevance beyond being a misleading sales slogan. The cards themselves won't be compulsory until 2010, but anyone renewing a passport before then will be added to the national ID database, which is the real issue. The cards don't matter if the information is available by other means.
I suppose those for whom this really matters could renew their passports immediately, and hence avoid ID registration until 2016 (standard UK passports are valid for a decade). I wonder how the government plans to capture their data.
Two quick points from the BBC article:
Lord Armstrong [a 'cross-bencher' i.e. not formally affiliated with the Government or Opposition parties] said most of the information required for the database would have had to be disclosed as part of the passport application anyway.
"They are not actually seriously increasing the amount of information that is held about them deep inside government," he told BBC News.
Possibly true (define "seriously increasing"
, though – I object to any
increase), but the National ID Register facilitates and legitimises access to that information by a far wider range of agencies, and changes the overt relationship between the state and the individual.
There was also "very restricted access" to the database, Lord Armstrong added.
Will the police have routine access to the Register? Yes? Then it's not restricted enough.
*: Technically, making ID cards compulsory would require further legislation, but 2010 is the most likely date for that, and I'm convinced the government will attempt to slide that one through Parliament as a fait accompli.
14 March, 2006
Prisoners of conscience
NØ2IDHaving failed to win the argument by persuasion in straightforward debate, proponents of ID cards are calling for the House of Lords to stop rejecting/amending government bills on the topic.
Tradition dictates that Peers aren't supposed to block legislation specified in the governing party's election manifesto, supposedly because the nation voted for the government on the basis of that proposed legislation, so the nation has already approved it. That's flawed majoritarian logic, of course, and even if it was accurate in principle, the specific details need to be scrutinised and debated.
Accepting (for a moment) the legitimacy of the government's claim, opponents of the ID cards database point out that it wasn't a manifesto pledge – the election promise was that ID cards would be voluntary, whereas the aspect the Lords are rejecting is that anyone applying for a passport will have to obtain an ID card too, and be entered on the national register (which is far more important than the bits of plastic). It's compulsion by stealth.
The Home Secretary has a simple response, which is so jaw-droppingly disingenuous that I can no longer take him seriously. Reported in the Guardian, Charles Clarke said:
"Passports are voluntary documents," he insisted. "No one is forced to renew a passport if they choose not to do so."
No, only if they assert their freedom to travel internationally.
In modern society, a passport is a standard aspect of life; declining something so ubiquitous isn't a reasonable expectation. By the same logic, a bank account isn't compulsory
, but few would seriously expect people to store bags of cash in the mattress.
Linking ID cards to passports is in effect
compulsion. To claim otherwise is to resort to the sort of hair-splitting semantics which might score points in a schoolboy debating competition but which have no justifiable place in running a country. For ****'s sake, Clarke; this isn't a game
Voluntary means that one can opt-in to gain an alleged benefit, but that there's no material negative impact ('cost') of remaining outside the scheme. In other words, if the pre-existing situation is the baseline, opting-in could raise quality of life, but opting-out wouldn't put quality of life below the current baseline.
When one is obliged to opt-in or accept a major curtailment of one's lifestyle, that's compulsion.
1 March, 2006
I don't like p2p. I've never used BitTorrent or similar, and don't download music.
That said, BBC Newsnight have identified an unexpected benefit (though they suggest it's a disadvantage):
If torrent traffic is 30% and more of the internet, and it's going encrypted at a rate of knots, then where does that leave the spooks, spies and other law enforcement professionals who sit around monitoring the internet all day?
Sure, the RC4 encryption in question isn't so very powerful, but the sheer quantity of it we're envisaging will make decrypting it all an impossibility.
At the moment, there's little enough encrypted data flying around that using encryption for villainous purposes would just attract attention to yourself. But in the swamp of encryption that's in prospect, that will no longer be the case.
Hence, BitTorrent impedes monitoring of public internet traffic (by which I mean private communications and personal data) by government 'security' agencies. They won't be able to routinely check everything, though if they have reason to focus on something in particular, they're at no greater disadvantage than now.
Sounds excellent to me.
21 February, 2006
Foreshadowing the cards
Almost two years ago, I mentioned that Transport for London's 'Oyster' travelcard (aka 'ID card lite') scheme keeps a record of where each bearer has been, when, alongside personal identity and financial data. The Register now reports that the information is being used, both by the police and illicitly (not that I think the police should have access either).
A vulnerability is that anyone can view his/her own travel history via a ticket machine or web browser; anyone logging into the system as the cardholder (such as a spouse, never mind hackers) will therefore have access too. El Reg makes a good point about this facility:
Giving individuals access to their own journey data seems of doubtful utility, considering most of them will have a fair idea of where they've been, and you can probably view this feature as a marketing tool intended (as will be the case with respect to allowing individuals access to their National Identity Register entry) to give the user the erroneous impression that they are the ones controlling their own data.
17 February, 2006
The other ID database?
NØ2IDWe already knew that the cards themselves aren't the real issue, but it seems the high-profile ID cards database is only part of the problem, too. The Guardian reports on another, less well-known attempt by the government to collate information on individuals for its own administrative convenience, which could, in theory, be used against individuals – "For the good of society", of course (sorry to sound paranoid, but I feel the possibility of abuse should be prevented).
'Government Connect' is a scheme to link computer systems in local and central government, with the stated intention of faciliating 'citizen-centric e-government' (whatever that really means: probably more like 'government-centric e-citizens'). The plan is for councils to write to citizens already on existing local systems, offering them the opportunity of creating a 'single sign-on to government', i.e. one could "go online to do official chores without needing to know which arm of the state carries them out". No thanks.
This first phase will be voluntary, and will only involve the same level of ID verification as one would need to obtain a library card. However, there's a stated intention to bring medical records and similar truly private information into the system in a later phase, which would involve – surprise, surprise – the Home Office ID cards database.
I can't avoid a suspicion that if the 'overt' ID cards register becomes crippled by public opposition and Parliamentary amendments, that scheme's proponents will try to sneak in the functionality they really want under the cover of seemingly tangential schemes.
This whole programme raises a fascinating question. If a primary selling-point of the ID cards database is that it would be a single sign-on for government systems, why have local authorities decided to also develop Government Connect?
Or rather, if people are given the opportunity to sign up to GC (or not, if they choose), what's the point of ID cards?
[Update 23/02/06: Interesting. The final three paragraphs of this entry have appeared on today's Guardian 'Technology' letters page.]
2 February, 2006
NØ2IDI've been expecting the following non sequitur, though I was starting to hope that no-one would bother to pursue it.
Identity fraud is costing the UK an estimated £1.7bn every year, Home Office Minister Andy Burnham has said.
At £35 per person, the estimated annual cost was greater than that of planned compulsory national identity cards, he told BBC Radio 4's Today programme.
Two paragraphs, two statements. Two separate and unrelated
Obviously, the reader is intended to unquestioningly absorb the implication that ID cards would eliminate identity fraud and hence save the nation money. Yet there's no evidence that ID cards will tackle ID fraud in a way that better use of existing, less intrusive measures wouldn't – the reverse, in fact.
By precisely the same logical approach:
Statement 1: Violent crime is increasing in the UK.
Statement 2: An automatic rifle costs less than a police officer's annual salary.
Implication: The general public should be armed.
Statement 1: People get sore feet.
Statement 2: Kittens are fluffy.
Implication: Shoe manufacturers need to contact illicit furriers.
22 December, 2005
This is WRONG
The Independent reports a story so bad I found it literally nauseating. However, it's a little odd that neither the BBC nor the Guardian, news sources I tend to trust (in as much as I trust any mass-medium), mention it at all.
The article claims that from next year every single journey by every single car in the UK will be monitored by the state.
Britain is to become the first country in the world where the movements of all vehicles on the roads are recorded. A new national surveillance system will hold the records for at least two years.
Using a network of cameras that can automatically read every passing number plate, the plan is to build a huge database of vehicle movements so that the police and security services can analyse any journey a driver has made over several years.
The network will incorporate thousands of existing CCTV cameras which are being converted to read number plates automatically night and day to provide 24/7 coverage of all motorways and main roads, as well as towns, cities, ports and petrol-station forecourts.
By next March a central database installed alongside the Police National Computer in Hendon, north London, will store the details of 35 million number-plate 'reads' per day. These will include time, date and precise location, with camera sites monitored by global positioning satellites.
Already there are plans to extend the database by increasing the storage period to five years and by linking thousands of additional cameras so that details of up to 100 million number plates can be fed each day into the central databank.
Does anyone even care
about individual liberty?
Senior police officers have described the surveillance network as possibly the biggest advance in the technology of crime detection and prevention since the introduction of DNA fingerprinting. [It is said that] this development forms the basis of a 24/7 vehicle movement database that will revolutionise arrest, intelligence and crime investigation opportunities on a national basis.
**** the convenience for the police – this is wrong. I can appreciate that detection of crime is difficult. Tough. Freedom is always more important, even if that makes life difficult for the police. I believe that apart from in political contexts, the UK police generally do well already, and consequently their powers and resources should not be extended.
The state exists to serve the people, never the reverse. It is my fundamental belief that the state should not have detailed knowledge of individual citizens. To say this is going too far is like saying the Atlantic Ocean is a bit damp. I was going to make a flippant comment such as "what's next? Subcutaneous GPS implants?", but suddenly that's not so inconceivable a leap.
Let's be clear: this isn't surveillance of convicted criminals, nor even of previously-identified criminal suspects (and whose standards define 'suspicious'?), but everyone. Millions of people, law-abiding or otherwise, will soon be routinely monitored, with logs of our movements stored in a central database for years.
The article focuses on reduction of car crime, but it would be all too easy to target legal but 'inconvenient' dissenters. What are the chances of a car logged as having been in the vicinity of one protest event being turned away by police on the way to another protest? The Independent happens to mention, without elaboration or comment, the fascinating claim that MI5 (the UK's domestic intelligence service – some might over-dramatically call MI5 'the secret police') will also use the database for purposes that even a Chief Constable (regional police chief) doesn't know about.
22 November, 2005
Different data sharing - to stop
A second posting about privacy today. Don't worry, it's not something I do regularly!
For once, it's good news. Since last year, the air passenger data agreement has involved EU nations providing the US Department of Homeland Security with details of all passengers flying between the EU and the US.
The European Parliament challenged the legimacy of giving data on EU citizens to a foreign government, and in his advice to the European Court of Justice, Philippe Leger, the advocate-general (whose legal opinions are accepted in 80% of instances), has agreed. His recommendation is that the agreement be annulled immediately.
22 November, 2005
Data sharing? Maybe
From the BBC:
Sharing government-held personal information could bring huge medical and social benefits, a government group has said.
First reaction: no, no, NO!
I strongly object to disparate personal records being combined. The Passport Agency shouldn't have access to my medical records. The Police shouldn't have access to my tax record. Each branch of government should only have access to the minimum of personal information, strictly limited to its own, quite distinct, subject area.
This is quite apart from what I consider to be abuses of the system:
Information is frequently shared between medical researchers and the private sector.
However, if the data are properly anonymised, I think increased integration would be a great idea, which could indeed target public services better and improve policy-making. Planners need information, and the better the information, the better the plans.
For me, the absolutely critical point is the anonymising – if there'd be any way to backtrack data to an individual (not 'only with a court order'; that's not good enough: I want it to be impossible), I'm totally opposed to the proposal.
18 October, 2005
Reverse function creep
NØ2IDPerhaps surprisingly, the Home Secretary seems to have responded favourably to many of the concerns associated with national ID cards. I suppose it can be seen as compromise to get the troubled Bill though it's third (and final) reading in Parliament, but still, it's to his credit.
The key points are:
- The ID card database will contain no more personal information than is already held on passports: name, date & place of birth, gender, address, nationality and immigration status.
- Additional personal details, such as health or criminal records cannot be added at a later date without fresh primary legislation.
That doesn't eliminate function creep (primary legislation might be slipped through fairly easily), but it prevents it happening 'casually', or by default.
- Furthermore, the register cannot include identifying numbers linking cards to different databases of personal details. For example, the card cannot include a personal code for the police national computer or an NHS number which might enable a cross-check to be made with medical records.
Intuitively, that seems to be of limited relevance – there doesn't seem to be any mechanism to prevent passport/ID card numbers themselves being linked to police or health records.
- Individuals will have access to their entries in the ID database and the record of which organisations have used them.
That sounds like standard Data Protection practice, not a new selling point.
In addition to these confirmed items, ministers plan to explicitly separate the ID cards register and police national computer, so that those accessing the former cannot
determine whether an individual has a criminal record logged on the latter.
Of course, the extremely obvious question is that if the ID card database will hold no more information that already on a passport, why not abandon ID cards altogether and stick with passports alone? What's the point of the ID card register?
So far as I can see, either too much political capital has been invested, and the government can't face the embarrassment of abandoning the scheme (please do – I'd have more respect for a climbdown than stubbornness), or there's more to the register than the public is being told.
5 October, 2005
Where can I buy a hoodie?
In an otherwise unremarkable article for the Guardian about 'hoodies' (stereotypically violent teenagers who habitually wear hooded jackets to evade identification), Piers Morgan quotes the startling statistic that Britain has 20 per cent of the world's CCTV cameras. Think about that for a moment. One in five of all CCTV cameras on the entire planet is in use in the UK.
The average (presumably urban) Briton will be detected by 300 cameras each day, 'creating a pervading sense of paranoia', as Morgan over-emotes.
Traveling back from the airport a couple of days ago, an announcement reminded me that all passengers of a train are under constant survellance from the moment they enter a station until the moment they leave the station at their destination; indeed, before and after those points too, as police cameras also monitor the roads leading to the stations.
The US Department of Homeland Security is often criticised for putting collective 'safety' ahead of personal liberty, but the UK's intensity of surveillance wouldn't be legal in the USA.
22 September, 2005
Just in case
On 28 July, the London Underground station at Southwark was closed by a security alert, during which a man with a rucksack was arrested. In an article for the Guardian (an edited version of the one at his own site), that man, David Mery, explains why he was considered a suspect, and the events of that night (detained at 19:25, he was released on bail at 04:30).
I'm not saying that the police acted inappropriately; mistakes happen, and as traumatic as it must have been, at least Mr. Mery wasn't shot.... The point of this entry is to highlight the long-term effect of this incident: for no justifiable reason, the police now have a permanent file on an innocent man.
In a democratic country such as the UK, one would be forgiven for naively thinking that this is the end of the matter. Under the current laws the Police are not only entitled to keep my fingerprints and DNA samples, but apparently, according to my solicitor, they are also entitled to hold on to what they gathered during their investigation: notepads of the arresting officers, photographs, interviewing tapes and any other documents they collected and entered in the Police National Computer (PNC). (Also, at the time of this writing, I still have no letter stating that I'm effectively off the hook and I still haven't been given any of my possessions back.)
Aren't the Police supposed to keep tabs only on convicted criminals and individuals under investigation? So even though the Police consider me innocent, otherwise they would have had a duty to prosecute me, there will remain some mention (what exactly?) in the PNC and, if they fully share their information with Interpol, in other Police databases around the world as well. Isn't a state that keeps files on innocent persons a police state?
This gradual erosion of our fundamental liberties should be of concern to us all.
All men are suspect, but some men are more suspect than others (with apologies to George Orwell).
15 September, 2005
Won't work anyway
NØ2IDThe Guardian reports an admission by the director of the UK ID cards programme and the government's chief information officer that biometric matching using the parameters stored on the cards won't be infallible. That's beside any logistical considerations of staff training, hardware implementation and database management; the data on the card just won't be able to identify an individual with the necessary level of certainty. Utterly pointless – for the stated purpose.
Interesting tidbit casually mentioned in the story: it will be necessary to undergo biometric identification when applying for a job.
The closing paragraph:
Opponents will say that conceding the fallibility of biometrics in day-to-day life removes the card's big selling point, so the whole programme should be scrapped. The question to throw back at them is, if the card could be shown to work perfectly, would they accept it?
No, of course not. The invalidity of the concept has always outweighed the impracticality of the application. This removes a selling point, but I wasn't buying anyway.
8 July, 2005
Credit where it's due
NØ2IDI have to confess that I'd expected the government to use yesterday's bombs in London as a justification for ID cards (and I suppose they might yet, in some way). However, it's to the Home Secretary's credit that he has admitted that ID cards wouldn't have prevented these attacks.
My one criticism of his statement is that he said:
The question on ID cards is, on the balance of the ability to deal with particular threats and civil liberties, does a particular measure help or hinder it? I actually think ID cards do help rather than hinder.
I'd argue that it's disingenuously simplistic to consider it as 'either/or'. Really, it's help, hinder or have no effect
. ID cards just aren't relevant
to such a terrorist incident.
7 July, 2005
PIN to burst government bubble
NØ2IDAnother odd, contrived government proposal mentioned in the same, rather wide-ranging El Reg article is to 'enable' people to access their medical records online, using their ID cards. Biometrics via a domestic PC and web connection would be clever, or perhaps it just involves a PIN, the very level of security the biometric card was supposed to supercede.
If that's the intended route, why not give everyone a NHS PIN, entirely independent of the National Identity Register? Going through the NIR doesn't seem to add anything to this specific type of transaction, other than manufacture an excuse to have a NIR.
7 July, 2005
NØ2IDOhhh... so that's how the government plans to hide the true cost of ID cards: by making people pay via other, seemingly separate services.
The Register explains that companies may be charged for Criminal Records Bureau (and hence National Identity Register) checks on prospective employees, providing a fairly small but consistent revenue stream contributing to the costs of the national ID database. One could make the obvious observation that the income could be increased by expanding the range of employers required to make criminal record checks, but that's speculative.
Likewise with driving licences: it's suggested that use of ID card details may streamline applications – but there'd be a NIR transaction charge for doing so.
That's the underlying point: the database may partly fund itself through transaction charges each time an organisation needs to access someone's details, thereby reducing the up-front cost of each card – the 'soundbite' figure which the government needs to massage.
Yet that transaction charge will either be passed on to individuals directly, or borne by agencies such as the DVLA, themselves funded by public money i.e. taxpayers will be paying anyway.
Consider that carefully: the DVLA, a government agency funded from taxes and licence application fees, would be paying the NIR, another government agency; effectively, an inter-departmental budget transfer. In real terms, how does that differ from the public paying the NIR directly, through taxes and application fees, and how does paying at the point of applying for a driving licence differ from paying at the point of applying for an ID card?
Apart from 'coincidentally' making the ID card look cheaper initially, of course.
30 June, 2005
NØ2IDThe Department of Social Scrutiny has announced that the national Id card scheme is to be abolished and replaced by Ego cards.
Dr C Jung, the Minister for the Collective Unconscious, attempted to reassure crowds trying to brainstorm his house, by explaining how the Id and the Ego were completely different concepts and anyone who thought otherwise was merely accepting the consensual hallucination that the individual is a construct of the mind.
28 June, 2005
NØ2IDCoinciding with the return of the ID Cards Bill to Parliament, and condemnation from LSE researchers that the scheme is likely to cost three times the amount estimated by the government, the Guardian's lead story (online) is that:
The information commissioner, Richard Thomas, yesterday issued his most detailed and hard-hitting attack so far on the government's plans for identity cards.
Mr Thomas was appointed by the government
to examine privacy issues for Parliament, so this isn't partisan sniping – the Government would struggle to dismiss his words.
Read the article; there's no point in my merely paraphrasing it. I'll just say that he identifies my main concerns: not cost, but invasion of citizens' right of privacy from government, function creep (and increase in the number of parameters recorded) and availability of information to unaccountable organisations (other than the government itself, I mean).
Mr. Thomas's final point is fundamental, and worth repeating. If we were to accept there is any justifiable purpose to ID Cards (I don't, but just for the sake of argument):
The aim should be for people "to reliably identify themselves rather than one which enhances its ability to identify and record what its citizens do in their lives".
6 June, 2005
The government proposal to replace road tax (i.e. licence for a vehicle to be used on a public highway, even just parked – a 'per vehicle, per year' tax) and fuel tax ('per litre/gallon') with a pay-as-you-go tax on actual usage is an interesting one, but there are a few points which concern me.
It looks hideously complicated to implement and administer, even if no-one attempted to evade it (improbable!). I'd anticipate major teething problems, massive overspend, and then potential abandonment of the whole scheme. Cynical, or merely accustomed to government practice?
The fee would vary according to congestion, so that rural driving could cost as little as £0.02 per mile, rising to £1.43 per mile on the busiest roads (e.g. the M25 around London). Hence, it wouldn't be possible to merely measure the number of times a vehicle's wheels rotate (i.e. absolute distance), it would be necessary to also know where the vehicle has been.
If this could be stored within the vehicle itself and only transmitted to another body (e.g. the tax authority) with the knowledge and express permission of the driver, perhaps in tax bill disputes, I wouldn't particularly object, but if any external body (such as the police) could gain access to these records without the consent of the driver, and records were kept for more than a couple of weeks, I'd regard that as invasion of privacy, public surveillance, and unacceptable. It'd also be far too easy, and tempting, for a person's travel history to be linked to his/her entry on the national ID database.
The aspect that particularly confuses me is that we already have a usage-based, indirectly 'per mile' tax system, which also takes into account the relative fuel efficiency of vehicles. It's called fuel tax. I don't think it's broken, so why replace it?
31 May, 2005
Don't even consider it
NØ2IDFrom The Register:
The UK government plans to issue its ID card as a passport with biometric identifiers stored in a chip – and the US wants those chips to be compatible with its own scanners, raising the possibility that US agencies could have access to the ID Card database.
I seriously hope this is a baseless scare-story, but it's all too credible.
El Reg proceeds to 'quote' the UKPS:
As part of this process, the UKPS "will progress its major anti-fraud and secure identity initiatives including the addition of a biometric to the British passport. So if a biometric passport is linked to the ID Card in a common format which is compatible with the USA's travel requirement, then direct USA access to the ID Card/Passport database becomes an option in relation to travel to the USA."
In the interests of fairness, I'll point out that that is punctuated wrongly, and the UKPS statement
actually ends at "... biometric to the British passport."
The sentence beginning "So if a..."
is the El Reg author's own, not an official quote. It's still thought-provoking, though.
I'm extremely unhappy about the UK government having access to my personal details, but that some foreign regime might gain access too is far beyond unacceptable.
30 May, 2005
A symbol of individual rights
The alert may have noticed an amendment to the main page of the blog: there's a new button on the right of the page.
One of the most fundamental aspects of my world view is that the purpose of the state is to facilitate the lives of individual citizens, but never vice versa. Citizens do not exist to serve the state, and our rights should not be constrained for the convenience of the state. I'm sure it would be useful for government agencies (and private companies) to know who I am, where I live, who I know, where I go, how I travel, what I buy, etc. but that doesn't mean they should. So, no identity cards, no sharing of data between government departments, no national fingerprint or DNA database.
This philosophy is now expressed by the 'Individual-I', a public-domain icon which stands for:
- Freedom from surveillance
- Personal privacy
- Equal protection
- Due process
- Freedom to read, write, think, speak, associate, and travel
- The right to make one's own choices about sex, reproduction, marriage, and death
- The right to dissent
Today, the rights of individuals are being eroded: by government, by corporations, by society itself. This icon – the Individual-i – represents the rights of the individual.
It represents the right to privacy and anonymity in the information age. It represents the rights to an open government, due process, and equal protection under the law. It represents the right to live surveillance free, and not to be marked as 'suspicious' for wanting these other rights.
It recognizes that a free society is a safe society, and that freedom is founded upon individual rights.
We hope to see this symbol displayed proudly wherever individual rights are valued.
26 May, 2005
Do you know what you're accepting?
NØ2IDSorry to be ranting on about ID cards, but since the Bill is currently in the process of going through Parliament, there's more than usual to comment upon.
In a generally one-sided (pro-card) article, the Guardian mentions that the existing network of 'chip-and-PIN' credit/debit card readers could be upgraded to become ID card readers in future. Why? If I want to buy a bag of potatoes, the shopkeeper shouldn't even have the opportunity to access my personal details. Even if that isn't the intent, it's an opportunity for the unscrupulous and tech-literate to increase ID theft.
Secondly, the same article grossly understates the nature of the data to be stored:
The ID card scheme is more than about just issuing a piece of plastic. The key element is the central database holding basic personal information on every citizen over 16, including name, date of birth and address. This data is linked to biometric information such as facial image, iris scan and electronic fingerprint to ensure security.
I've covered this before
. It's not
just 'basic' information – the legislation allows for over fifty categories of parameters (that's categories; each can contain multiple parameters), many arguably intrusive, even serial numbers of documents issued by foreign nations (no business of the UK authorities), in addition to open-ended categories which amount to 'whatever the authorities want to know'. The precise details aren't in the legislation – that's left to the discretion of the Home Office.
The lack of public understanding of this point is worrying. It seems a proportion of the population would be happy to hold an ID card which merely proves their identities (perhaps name, address, and some means of proving that the holder is who he/she claims to be). I'd object to that too, but just for the sake of argument, I'll acknowledge that an ID card of that type would be acceptable to a majority. However, whatever Government soundbites and partial mass-media 'news' reports say, that's not what's on offer. Please don't be deceived!
Oh, and the article repeats that fallacy about ID theft costing the UK £1.3 billion p.a., not quite juxtaposed with an estimate that card implementation will cost up to £3.1bn over 10 years plus £584 million every year in running costs.
25 May, 2005
ID fraud doesn't cost that much
NØ2IDEach time you read/hear a government representative repeat the claim that "identity fraud costs the UK an estimated £1.3 billion each year", you might like to remember that the figure is based on mere guesses made in a 2002 Cabinet Office report (three years old, and not updated to include other measures already implemented) which itself did not recommend that ID Cards were a solution to fraud.
Spy Blog offers more arguments about why the figure is invalid.
And anyway, what about online, phone or postal identity fraud?
24 May, 2005
By the back door, or: we've been ****ed
NØ2IDI'm not sure how I missed this last month, but it seems one of my major objections to the ID Cards bill has already been sneaked through without Parliamentary authority having even been sought.
From 2006, new adult applicants for UK passports will no longer be able to apply by post. Instead, each will have to attend a personal interview at a passport office (the current network of seven is being expanded by an order of magnitude) where he/she will also be fingerprinted. This will affect 600,000 people per year initially, but will soon be extended to those renewing passports; that's 5 million p.a.
Hence, a national fingerprints database will rapidly accumulate, to which it has been confirmed the police (and who else?) will have routine access, comparing fingerprints found at the scene of a crime against the new database without further, specific authority.
£415m is being invested in the passport service to introduce these new 'biometric passports' – which (coincidentally, of course) will make the implementation of ID cards themselves look cheaper.
[Update 25/06/05: Yep. The Prime Minister has said that "70% of the cost (of card implementation) would be spent on new biometric passports whether or not ID cards were introduced." Translation: 'we're spending the money anyway, so we might as well slip the cards in too'. That's not a reason for cards, it's an argument against including fingerprinting in the passport application process at all i.e. don't spend the money!]
This is all merely proposed, right? Objections can be raised before implementation, right?
Wrong. It has already happened. It seems that due to the intricacies of the UK system, passports are issued under the royal prerogative rather than legislation. Proper debate and Parliamentary assent are not required.
16 May, 2005
The illusion of democracy
NØ2IDIf the Government are so convinced that Identity Cards are 'a good thing', why are they resorting to sneaky tactics of rushing the legislation through Parliament before a meaningful opposition can be mustered?
A few months ago, I prematurely gloated that the ID Cards Bill seemed to have been quietly abandoned. Unfortunately not.
The 'revalidated' (yeah, right) Government has restored the Bill to the Parliamentary schedule, with the intention of getting it through a second reading within the next fortnight. Quite apart from probably leaving insufficient time for a protest campaign, it takes advantage of post-election instability in the Opposition parties. In short: it's to be forced through before there can be proper debate.
Let's hope the Government's reduced majority makes a difference, at least in forcing some concessions aimed at convincing waivering MPs, but I'm not optimistic.
Several earlier postings on this issue.
28 March, 2005
Just park it
A couple of hundred years ago, they might have been an appropriate means by which a populace could convey public opinion to their slightly remote lords & masters, but nowadays, with saturation media coverage of even local issues and public policy influenced by polls and focus groups, I don't see the point. I've always thought them an anachronism, but a specific example has arisen.
Recently, Lancashire County Council decided to close Greaves Park nursery school (kindergarten) in Lancaster, but protests from parents obliged the Council to think again. Having taken those views into account alongside other considerations, such as cost and the absolute necessity of there being a nursery school in that location (perfectly adequate coverage apparently exists elsewhere), the Council confirmed the existing decision.
Last week the local paper, The Citizen, reported that parents had launched a petition against the decision, and already had 350 signatures. And? The parents had been heard, and their objections deemed insufficient to counterbalance the other factors. So far as I see, the matter's closed. The Council had to listen, and did, but it didn't have to agree. The Council already knew the decision would be unpopular with some in the local area, so why does the precise number of objectors matter? A vocal minority (and let's face it, 350 from the area's entire population is a pitiful number) can't just keep making further representations until they 'win' an outcome they like; that's collective petulance, or genteel mob rule.
Incidentally, please don't mistake this as support for the Council's decision. I'm commenting on the decision-making process, not the issue itself.
Even if the very concept wasn't outdated, I distrust the accuracy of petitions anyway.
- Firstly, they can be faked (padded with false identities) too easily.
- Secondly, assuming all names are genuine, petitions can be padded with irrelevant contributions. I wonder how many of those 350 actually live in the affected area, or even have children.
- Thirdly, peer pressure could add the signatures of several people who mightn't otherwise choose to contribute. Had this been a secret ballot, I don't believe all 350 would have voted.
It's probably better as the subject of a different posting, which I don't have time to write right now, but I simply don't believe in collective action. I'm not a member of any political party, pressure group or trade union. I feel no urge to add my voice to anyone else's. Irrespective of whether I agree with a petition's objective, I wouldn't sign. I'm vehemently opposed to the introduction of identity cards, and have used
of the negative aspects
, but I won't sign the No2ID
I wonder whether public bodies are obliged to observe any specific protocol about petitions, such a logging their receipt or formally adding them to the documentation of a decision-making process. Personally, If I was a civil servant receiving a petition, I'd politely thank the person making the submission, then dispose of it unopened.
15 March, 2005
Wonderful news - maybe
NØ2IDIf the Guardian is to be believed, the fact that there's limited Parliamentary time remaining before a General Election could mean that the Government will dump the 'widely-loathed' ID cards bill, in favour of other outstanding business.
11 March, 2005
'Nothing to hide, nothing to fear'
NØ2IDThis MSNBC report provides examples of the nature and standard of information collated about private individuals by a major US database agency and sold to companies and government agencies. Supporters of identity cards should read the article and consider it carefully.
Would you want potential employers to read a purely speculative suggestion that you might have a criminal record, or to be recorded as resident of a house an ex-partner purchased well after the relationship ended? Would you like to be identified on the records of neighbours, and hence be potenially associated with their activities, whatever they might be?
Would you appreciate having no right of reply and no opportunity to correct errors?
5 March, 2005
Remember this entry, reporting that Oyster cards, prepaid tickets for travel in the London area, stored a complete record of where the owner had been, when?
It seems it'll soon be possible to use the Oyster card for small-scale purchases, such as a pint of milk.
Purchasing history, anyone?
4 January, 2005
Wrong then, wrong now
NØ2IDIn the UK, confidential government documents have always been kept out of the public archive for a period of thirty years (the 'Thirty Year Rule'), or 50, even 100 years for particularly sensitive papers. This was changed on Saturday, when the Freedom of Information Act 2000 came into force. Now, government documents still aren't actively put into the public archive for thirty years, but they must be made available on request (some categories are exempt).
One item which has therefore emerged is that a Labour government has considered introducing identity cards before, following terrorist incidents in 1974 - and rejected the plans as 'extremely expensive and largely ineffective'. In a confidential cabinet memo, then- Home Secretary Roy Jenkins said:
"It goes almost without saying that we must guard against the danger of being driven to more and more extreme measures involving unwarranted infringement of personal liberty."
27 December, 2004
Speculate to accumulate
NØ2IDAnother titbit about UK identity cards:
Supporters of the cards, including the new Home Secretary, Charles Clarke, frequently allege that:
Some £50 million a year is claimed illegally from the benefits systems using false identities.
Yet Peter Lilly MP, quoted in El Reg
has calculated that in order to defeat £50 million of fraud, the Department of Work and Pensions would need to install terminals costing at least £1 billion i.e. they'd break even in a mere twenty years.
21 December, 2004
It's not about the cards
NØ2IDThe UK Identity Cards Bill passed another stage of Parliament last night.
Still, several MPs, both from the Government (pro-cards) and from the Opposition (er, pro-cards), voted against their party instructions or abstained, so the Government isn't automatically getting its way.
There's a common fallacy about the ID cards, which was repeated in a TV news report: the cards will contain much less information, in a less accessible form, than existing loyalty cards, with which millions of people seem perfectly happy. That may be true, but is deceptive, confusing data on the physical card itself with those stored in the national database.
The Bill doesn't even specify the parameters to be available on each card's chip, but does itemise over fifty categories (not items - each category could contain multiple parameters) of information required for the register.
These obviously include name, address, photo, National Insurance number, and similar identifying characteristics, but also factors the Government has no obvious right to know (e.g. the serial numbers of identifying documents issued by other nations) and wildly open-ended categories which could be interpreted far too loosely: "Information recorded in the Register on request" and " The number of any designated document which is held by the applicant that is a document the number of which does not fall within any of the preceding sub-paragraphs" - of course, any document could be 'designated' at a later date.
There's a full list at NO2ID.
I'd urge all visitors from the UK to read through that website - whatever you do, don't rely on the mass-media for a full account of the issues.
One other point: in April, then Education Secretary Charles Clarke, rejecting the idea that ID cards could be used to deny free education to the children of illegal immigrants, said outright that:
"This is not an entitlement card. It is an identity card."
Now he's Home Secretary, in charge of implementing the ID Cards scheme, let's see how long he holds to that assertion, which self-evidently precludes linkage between the ID card and access to state services. To quote the NO2ID FAQ
again, under the terms of the current
You will not be required to use a card unless you wish to work, use the banking or health system, travel or receive benefits.
Oh, that's alright, then.
30 November, 2004
ID cards coming - why?
NØ2IDThe BBC reports on the launch of the Identity Cards Bill by the Home Secretary. Read the article for an... interesting representation of the pros and cons, but there are a few aspects I'd like to highlight.
ID cards will mean people have to give the state less information about themselves, Home Secretary David Blunkett has said.
That's the subtitle of the article, and something of a challenge to the concerns of many. Later in the piece, it's repeated in some sort of context:
Rather than requiring more information from people, he said the cards would ensure a 'less intrusive' way of collecting details than the national census.
Eh? That's appalling government double talk - 'supporting' an emotive statement by citing an entirely different issue.
I don't even agree with his assertion. Census data are collected by the completion of one form per household, once per decade; a snapshot of the population. Identity card data would be collected for each individual, who would need to keep the government informed of any changes (or face a £1,000 fine).
It's also worrying that the Home Secretary is conceptually linking these issues. The census collects a lot more, varied information, about many aspects of one's life, than the barest minimum required to prove one's identity - what exactly will be stored in the ID database?
The Prime Minister is quoted twice:
Tony Blair said ID cards would 'protect rather than erode civil liberties'.
Nice statement, but vacuous.
Mr Blair said the cards were not a 'silver bullet' to prevent terrorist attacks but nor did they produce 'Big Brother' government.
"They will help protect civil liberties, not erode them, because people will be able to produce their own identification," he said.
"I simply point out that without proper security then there can be no opportunity."
Another fine sounding yet ultimately meaningless phrase. This is the sort of thing with scares me about Blair: that he makes such empty pronouncements without offering any form of corroboration or testable criteria on which his claims can be assessed. The subtext is that the only reasonable action is to simply trust
his words and intentions. I don't.
The Home Secretary makes that same point about the ID card enabling people to produce their own identification:
"Strengthening our identity is one way or reinforcing people's confidence and sense of citizenship and well-being," he told MPs.
"Know your true identity and being able to demonstrate it is a positive plus and is a basic human right which all of us should treasure."
As is the ability and right to withhold
one's true identity. As I've said before, I don't
want the government to know more than an absolute minimum about me, and demand the right to refuse access to data I
don't think they need to have. I also demand the right to decide which agencies, governmental or non-governmental, obtain information about me, on a case-by-case basis.
The first cards would be issued in 2008 and Mr Blunkett has suggested Parliament could decide in 2011 or 2012 whether to make it compulsory for everybody to own the cards, although not to carry them.
I'm sure the government will milk it as a major concession, but as established earlier
, that's a side-issue. Presence in the ID database is all that matters; for most purposes, the physical card itself is irrelevant.
So it's not going to be compulsory to carry the card, but:
The bill would ensure that access to 'specified public services' would be linked to production of a valid ID card.
Sounds pretty compulsory to me.
30 September, 2004
UK tourists to be photographed and fingerprinted as American authorities extend new airport arrivals procedures to all foreigners.Needless to say
, I'm totally opposed to this. When I read it this morning, my gut desire was to cancel my trip to New York next month, but a) that's an overreaction, owing more to petulance than principle, and b) it's already paid for.
I'd object to the government of my own country recording my image and fingerprints - indeed, I do object to ID Cards - so I find it doubly galling to submit to the whims of some foreign regime to which I owe absolutely no allegiance.
I won't rant, honest. However, one rhetorical question: how does US law even permit this? The principle of 'innocent until proven guilty' is fundamental. If law enforcement agencies have a concrete, provable reason to track a specific individual, that's one thing, but contemptuously treating every visitor as a potential criminal, systematically recording personal details 'just in case', can only be adopting the diametrically opposite principle: 'presumed guilty until proven innocent'.
Speaking of presumption, I presume US visitors to the UK will be treated identically. No? Why not?
And no, this posting is not anti-American. I'd object to any regime attempting to make foreigners jump through hoops and show undeserved deference, as if it's a privilege to visit rather than a commercial benefit to the host nation.
29 August, 2004
National ID cards again
NØ2IDI'm not going to rant about my opposition to these things (this time...), as this article in the Guardian includes a more positive proposition.
Dave Birch's central point is that national ID cards will really be national ID computers; the physical form will be less relevant than the information it stores, since the instances of it being used to confirm 'real', physical identity (e.g. a police officer visually matching a photo on a card to the face of the bearer) will be insignificant compared to the number of times it will be used electronically to confirm 'virtual' identity i.e. provide non-physical information such as account numbers.
If this is to be the case, we need to ensure that the way these virtual identities are created and used is what we, as a society, really want from the future. There is one particular thing I really do want from them: anonymity. Why should the virtual identity stored on my national ID card be limited to Dave Birch? Why can't I have a couple? Why can't my card tell the pub that I'm virtually King Arthur when I'm proving that I'm over 18? It's none of their business who I really am.
It seems to me that this could be one of the most interesting features of identity computers: their ability to reveal relevant facts about a person (this person is allowed to enter this leisure centre, for example) while simultaneously keeping the person's identity private.
13 May, 2004
Call me Mr. Mouse
NØ2IDThe Guardian describes a hypothetical situation:
Two police officers arrive to arrest a man involved in a fight. He identifies himself as Mickey Mouse.
Once, Mr Mouse would have spent a night in a police cell until his identity was established. But once the compulsory phase of Home Secretary David Blunkett's biometric identity card scheme is underway, the scenario could be quite different.
If the arrested man is not carrying his ID card - there will be no legal requirement to do so - the magic of biometrics will take over. A policeman could point a mobile scanner at the man's iris and, within seconds, the government's National Identity Register (NIR) would provide his name and address.
It seems I, and others opposed to ID cards, have possibly been missing the point: it's not having to carry the card that's the problem, but being on the database in the first place. There will be no legal requirement (initially) to carry an ID card. Any claim that that's some sort of concession or compromise is evidently bogus, as the card itself isn't needed.
The full article considers other aspects of the scheme, even if it does portray some of them as beneficial.
Bottom line: I want the state to know the absolute minimum about me, and I don't want branches of government to correlate their knowledge with that of other branches. If 'the authorities' wish to know something about me, they should have to ask, on each individual occasion, and I should be able to withhold the information.
Real bottom line: the state should exist to serve the individual, not the reverse.
11 May, 2004
Reminder for UK readers
NØ2IDTime is running out for you to complete your ID Card application form. Whilst Part 1 has been downloadable from the Department of Social Scrutiny's official website for a couple of weeks, Part 2 has now been made available.
[Update 14/5/04: Part 3 is now out.]
7 April, 2004
We know where you've been
Transport for London operates the Oyster card, a prepayment system for travel on the London Underground ('tube'), buses, trams and 'surface' rail within London. Not a bad idea, but....
In recharging his Oyster card, Tintil discovered that the card contains a complete record of every bus and tube trip he's made, including the time and date of the journey. Oyster cards are registered to the individual, so this travel log can be readily linked to his name, address, even his bank details.
So if it's on the card, where else might it be recorded? Who has access to this information? Why?
Needless to say, if I was in London, I'd still be buying individual tickets, anonymously, with cash.