ABOUT ID CARDS

Hello, it is not possible to debate the issue without some basic knowledge. Basic principles are provided by Stefan Brands at his Identity Corner blog. [1]

The following is a transcription from his open lectures.

From my lesser intellect, basically a few conclusions may be reached, summed up by others such us DEFY ID and top officials themselves. (!)

Please read on:

"A corner on IDs Postings on anything related to digital identity management. 2/24/2005 A primer on user identification - Part 1 of 4 Posted by Stefan Brands at 6:52 pm" [2]

In order to fully appreciate how digital identity management relates to privacy and security, especially in federated contexts, it is essential to analyze one of the core building blocks of any identity management architecture: user identifiers. Many misconceptions exist about what constitutes user identification; this confusion is probably the most underrated cause of many poorly constructed identity architectures. In an attempt to help create some order in the chaos, this blog posting is the first of a short series on the important topic of user identification.

An identifier is a piece of information that names or indicates a person, a device, a process, a resource, or any other type of entity. User identifiers are identifiers for use by individuals or groups of individuals. They may be presented verbally, on paper, on plastic cards, by user-held computerized devices, or in any other appropriate manner. Electronic user identifiers are electronically presented over data communication channels by user-held chip-based devices.

Within a designated context, identifiers enable relying parties to distinguish between the entities they interact with. This process is known as identification. A context can be a sphere of activity, a geographical region, a communication platform, an application, a logical or physical domain, or anything else. A universal identifier is unique in any context.

Within their designated context, user identifiers serve at least one of the following purposes:

Identifier as contact address: To enable relying parties to contact users, now or later, to deliver or retrieve services, goods, or information.
Identifier for security: To enable relying parties to deny future access to users who have engaged in unwanted behavior (blacklisting) and perhaps to trace users for accountability reasons.
Identifier as community membership proof: To enable relying parties to infer that users have been pre-approved in some sense.
Identifier as account index: To enable relying parties to build user accounts (also known as records or profiles) containing user-related information.
Identifier as account pointer: To enable relying parties to retrieve user-related information from indexed user accounts.

In each of the latter three cases, relying parties can use the additional user information they learn to offer better personalized services, to improve business aspects (e.g., better inventory management or direct marketing), or to make better access control decisions.

To appreciate the contextual nature of user identifiers, consider the designated contexts and purposes of the following popular user identification methods: registered birth names, social security numbers, health insurance numbers, passports, user accounts with service providers (e.g., ISPs, financial institutions, ISPs, phone companies, utility companies, online auctioneers, online job sites, and so on), credit cards, debit cards, calling cards, loyalty tokens, e-mail addresses, telephone numbers, mail addresses, URLs, Bluetooth identifiers, MAC addresses, fingerprint and retina scans, employee badges, sports club membership cards, usernames for online chat-rooms and instant messaging, and, X.509 identity certificates.

Traditionally, users are represented in their interactions with relying parties by a plurality of user identifiers with incompatible formats:

The symbols that make up an identifier must be “meaningful” to the relying party. Humans are not good at memorizing and recognizing binary strings, while computers are not designed to handle non-numerical data. Thus, traditionally the encoding of user identifiers depends on their context.

Lengthier identifiers are required for distinguishing between increasing numbers of users, but they are less desirable for human processing. Thus, traditionally the length of identifiers is related to their designated context.

Absent standards for encoding and generating identifiers, relying parties are likely to introduce incompatible formats for user identifiers. They may even deliberately avoid reusing identifier formats of other contexts for security reasons, to minimize the scope for impersonation attacks.

Thus, the heterogeneity of communication platforms and the lack of connectivity have historically created single-domain user identifiers that are designed to be relied on only by one or a few relying parties that mutually fully trust each other. Within a single trust domain, all relying parties trust each other to not violate their own individual security and privacy interests; the only security threats are considered to come from users and outsiders (such as wire-tappers). An example is a small company consisting of several departments that all rely on the same employee identifiers.

Users and relying parties each have their own security and privacy concerns at stake with respect to how single-domain user identifiers are generated. Traditionally, user identifiers are either self-generated by their users or certified by relying parties in the form of identity tokens with special security features. Both of these traditional identification methods have their own benefits and drawbacks with respect to privacy and security:

Self-generated identifiers provide privacy and security for users vis-à-vis relying parties, but offer no security for relying parties vis-à-vis users.

Certified identifiers provide security for relying parties vis-à-vis users and other relying parties, but offer no privacy and security for users vis-à-vis relying parties.

Thus, self-generated identifiers and certified identifiers are diametrically opposed with regard to the security and privacy benefits and drawbacks they bring to interacting parties. In addition, if a trusted certification authority issues certified identifiers on behalf of relying parties, both users and relying parties incur new security and privacy risks vis-à-vis the certification authority. These risks rapidly go up the more autonomous relying parties rely on the same user identifiers.

(Go on reading if you want at the Identity Corner

More information

You can read more detailed information about the introduction of ID cards on William Heath's blog on ideal e-government [3]

Defy-ID 3 March 2005 Friends’ Meeting House 7.30

Error creating thumbnail: Unable to save thumbnail to destination

Around 30 people attended.

In brief The government has put a lot of money and effort into ensuring that ID cards will become a reality very soon.

‘There should be limits to freedom’ (George Bush)

ID cards are only one part of a group of new measures which will considerably limit personal freedom in the UK and give the government power to monitor, arrest, fine and imprison us. If the Lords does not throw out ID legislation it will be law very soon. The penalties for refusing to comply will be severe, including huge fines and imprisonment. The meeting discussed possible measures we can take to resist ID and decided to meet again on Wed 16 March at the same place and time.

The end of democracy

The Terrorism Bill gives the government the power to imprison without trial (something even forbidden in the Magna Carta). This is one of many recent oppressive measures. Bush, Blair and neo-conservative theorists have said that democracy is no longer up to the job of maintaining freedom (i.e. we have to have less freedom so we can be free!). The government is putting in place a systematic set of measures designed specifically to control the population: imprisonment without trial (sometimes on the basis of evidence extracted under torture); ASBOs involving criminal charges for behaviour which is not currently seen as criminal by the law; threat to the right to protest or try to influence others by campaigning; privatisation of public spaces and buildings and control of them by private security firms; imprisonment and deportation of immigrants (returned to the hands of the regime they were trying to escape) and increased electronic surveillance. Significantly they are giving the Home Secretary the right to imprison or extradite, removing power from judges and juries in courts and short-circuiting the legal system.

Torture: the New Britain

There is now clear evidence that America and the UK are outsourcing torture to other countries such as Uzbekistan and Egypt and using confessions extracted under torture to imprison UK residents without trial. There is also evidence that CIA hit squads kidnap people from their homes in the UK and other countries in Europe, drug them and fly them to torturers in third party countries. The plane used has been ‘frequently’ spotted at British civil and military airports.

In this climate the ID Bill was passed in the Commons at the 3rd reading by 220-64 votes and now goes to the Lords. It could become law before the election.

This means that if the Lords do not throw this legislation out all protest about ID will necessarily involve breaking the law by failing to comply with requirements to register.

Very soon all residents of the UK could be ordered to turn up for fingerprinting, iris scans, photograph and disclosure of details required by the register. It will be illegal to refuse.

National Register

One of Labour’s election pledges was to protect the country’s borders. To do this they will force disclosure of information. The real purpose of ID is to create a National Register on which all available information on each individual will for the first time ever be put together in one place and be available to a very large number of organisations, including government, secret services, police, immigration, customs and excise, the health service, social services, other governmental and civil service organisations and private companies such as insurers and banks. The card itself is merely an inconvenient and expensive badge of slavery: the availability and cross-referencing of data will have an immediate, visible and expensive effect on every single person’s life.

Data entry

Data can be entered and altered without your knowledge. Organisations do not have to ask your permission to view the data on you. In theory you have a right to know what is held, but given the time and expense required most people will not be able to find out about or keep up with changes, so they will never know what is on their file.

After 2007 everyone will automatically be put on the register.

If you find out that an error has been made when entering data you may ask to have it corrected, but you have to pay for this service.

What’s on the card?

The card will definitely hold your name, address, date and place of birth, photo, nationality, immigration status, biometric details such as fingerprints and iris scans (and possible DNA) and all numbers held on you such as National Insurance number, National Health Service number etc. Other information will probably include all the addresses where you have ever lived and your criminal record, if any. It is very likely that your credit details, financial history and medical history could be part of the record. Your political affiliations and involvement with campaigning organisations could easily be added.

At any time the Home Secretary will, in the interests of ‘national security’ be able to order extra data to be added to the card. The Home Secretary will be able to change the data on your card without telling you. You may have your identity warped, stolen or confused by the government!

No card – no life

All services essential to normal life will be unavailable to people with no card, whether they have refused the card, lost it or merely damaged it. If you cannot present a valid, working card you will not be able to get medical treatment, open a bank account, buy a house, borrow money, get insurance, claim benefits or a pension, attend school, college or university or, possibly, get a job! People who need the card most will be first affected, but everyone will be affected very soon.

Punishment – you become a criminal

If the police stop you and you cannot provide the card you will be fined or maybe imprisoned. Loss or destruction of the card could also be punishable with fines of £2,500 or more or a term in prison. Failure to renew the card could bring a fine of £1,000. Unpaid fines will mount up, driving many to destitution. A great deal of police and court time will be taken up with ID card problems, at considerable expense to the taxpayer. A large number of otherwise innocent people will be instantly made into criminals by failure to comply with ID regulations. Life will be harder with the card, but impossible without it.

YOU ARE ALREADY TRACEABLE

The technology of surveillance is being introduced by stealth or as a novelty: there are trendy bars where it is cool to have an iris scan before you are let in. There are places where you pay for your drinks on a chip. Children are already using swipe cards to pay for their school meals. The card records what the child chose to eat. Loyalty cards record your shopping patterns so marketing companies can use your data to work out what they will most easily be able to sell you and how you are likely to spend your money. Fuel cards record how much fuel you bought and where. Credit cards show what you bought and when.

Money can now be made traceable too, so even notes can be easily traced around the country and across borders.

Young people are being encouraged to get ID cards so they can prove they are old enough to drink alcohol. Citizencard is one of these. The name gives the game away: if you have no card you are not a citizen and you do not have rights.

The plan is to gradually accustom us all, especially young people, to higher levels of ID and surveillance.

The overall effects of ID

To recap: ID will be an entitlement card. Without it you will not be able to have access to any services.

The police will have the power to stop and ask for ID. In the current government-induced climate of anti-terrorist hysteria Muslims and non-whites have been the main targets of police harassment. ID will intensify this and widen the circle, criminalising large numbers of people.

ID is about giving powerful state and private organisations the right to know anything they want about you and use this information in any way they please. You have no defence against any problems which may happen as a result.

You must comply with ID regulations and show ID when asked to do so. Failure to conform will immediately make you a criminal. You will be fined or go to prison.

A breakdown of trust

One of the major unforeseen effects of ID is that we will not trust people as much. Trust between the individual and organisations will break down. People will be much less inclined to trust the state and cooperate with the police. They will resent the police, as they already do in most other countries, and the people who suffer most discrimination will resent the police and authorities the most. This will make it much harder for the police to collect evidence and find witnesses so it will be harder to solve crimes. This will affect public perception of crime and may bring calls for even more restrictive measures.

The social contract between government and governed has already collapsed: ID cards are the official sign that the government does not trust the people.

The onus is on you to prove who you are merely to obtain the daily necessities of life.

The no-win no-fee legal culture of litigation has also come over here from the USA where it has led to a complete breakdown of trust between individuals to the point where before children can play together parents are asking other parents to sign a

disclaimer form saying they promise not to sue if their child has an accident! In Manchester the City Council is paying out record sums as pedestrians sue for having tripped on paving stones. The breakdown of trust means people can no longer cooperate effectively. People see other individuals and organisations as ways to get easy cash.

With ID organisations will view individuals not as people who have legitimate needs and demands, but as different categories of risk. Smokers, drinkers or anyone with a bad health record may be refused free treatment or have to pay much more insurance. People with genetic defects could be refused mortgages in case they get ill and default.

Employers could know much more about you and you may find it hard or impossible to get a job.

The lurch to the right

Most of Blair’s ideas come direct from extreme right-wingers in US think-tanks. The people around Bush consider Blair to be one of their own, in terms of his agreement with neo-conservative objectives, including, presumably, those of the Project for the New American Century group around Bush whose declared aim is the ‘complete military, economic, social and psychological domination of the planet’.

Seen it before!

It is important to remember that Hitler was elected. (.....)The unthinkable became normal.

“Of course the people don’t want war. But after all, it’s the leaders of the country who determine the policy, and it’s always a simple matter to drag the people along whether it’s a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be bought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger.”

Hermann Goering,

(one of Hitler’s chief Nazis) at the Nuremberg Trials after the end of the Second World War.

In Britain today we are fighting an illegal war in Iraq, supporting the US. We have fought and bombed in many countries. If we are frightened of the people taking revenge it would be cheaper and safer to stop fighting, make peace and offer to repair the damage. Instead our government keeps spending more money on scaring us and killing people abroad. The US government thrives on creating a climate of fear, using the media and we have copied this neo-conservative strategy. The hysteria against immigrants has been caused by the government, assisted by the tabloid press such as the Sun, Mail, Express, Star etc.

The aim: manipulate public fear of foreigners and Muslims in order to massively increase state power and substantially reduce personal freedom.

On the 2nd of March HomeOffice Minister, Hazel Blears (Salford) said that Muslims should accept that they are more likely to be stopped and searched by police under the government’s anti-terrorist measures; they will be targeted by police because the new laws were geared to dealing with Islamic extremists.

The Digital Ghetto

ID is the digital ghetto: the equivalent of the yellow star. ID will divide society as never before into haves and have-notes, innocent and guilty, desirables and undesirables, Menschen and Untermenschen. You will not know what the authorities have written about you because you will not be able to constantly access your data to see if it has changed. Your ability to enjoy your life, develop your career and move around will all depend on your ID status and if anything goes wrong you may never escape from your digital prison. Ever.

Totalitarianism means not being able to even imagine that things could be different

= Identification in interdepartmental relations = Source: Public-domain official documentation from French Department, as republished by quoted weblog (below):

The second question is how the user, whether an individual or an organisation, can be simply and reliably identified in exchanges of data.

(i) This point is resolved differently in the various European countries.

One of the questions which is causing the most serious doubts regarding the possible undermining of privacy relates to the uniqueness or multiplicity of means of identifying the citizens to the government authorities. Those who go for simplicity of use, and are pressing for the use of a universal identifier which will provide access to all the administrative services, are opposed by the defenders of segmentation of administrative sectors, each having its own identifier, thus ensuring that there is no connection between files. In its day, this discussion gave rise to the Law of 78 on computers, files and freedom, and the creation of the CNIL.

The European Commission data protection working party found that the majority of countries in the Union[1][1] were already using a single identifier for their citizens, while other countries (such as Germany) considered this to be anti-constitutional.

The move to computerisation thus means that the identification data concerned and their uses must be very clearly listed, and that the means of control permitting the State to guarantee operations and the users to master these uses must be defined.

Projects under way in the European Union give some indications on this point:

- in certain cases, the development of e-government is an opportunity to review the existing identifier system or extend the range of a sectoral identifier;

- the general tendency is to have recourse to existing identifiers (unique or per sector);

- in certain countries where there is no single identifier, it is felt that setting up a personalised gateway to the administration should not be an excuse for setting up an identifier of this nature;

- projects to extend sectoral identifiers for access to dematerialised services have been considered, or are under consideration, in several countries;

- the liberalisation of the use of the single identifier is effective in several countries, like Ireland, which has a personal public service number (PPSN), which was legally instituted for the purpose of access to public services.

In general, while the existence of a single identifier does not appear to be seen as a problem by the public at large, there is mistrust when this identifier is circulated undetectably in IT networks. This means that overrides should be set up to guarantee that certain data (which should be listed in detail) remain inviolate in specific conditions.

On the basis of these considerations, three configurations can be proposed:

The use of a single identifier

1 The use of a single identifier, which can be general (as in Belgium, Denmark, Spain, and Ireland) or sector-based (as in Italy, the Netherlands, and Portugal). There is no identifier of this type in France. It could be created by extending a sector identifier (the registration number - NIR - also known as "social security number"), but this option would seem to go against the grain of French tradition and could not be accepted by the Government. The CNIL has ruled against it ("to each sphere its identifier");

2 The creation of a non-significant single identifier, relating to sector identifiers (as in Austria, Estonia, and Finland). This solution is acceptable in principle. Then the problem arises of the existence of a look-up table (to match sector identifiers with the single identifier) and above all the storage of this table (see below);

3 The freedom of choice of several non-significant identifiers for accessing one or more online services. This does not resolve the problem of the look-up table or where it is stored, but it is the solution which provides the greatest protection for individual freedoms, in that it allows the user to decide and manage his own segmentation of the online services.

(ii)

Position of the French Government

It should be remembered that, with regard to e-government, the State must take a stance as guarantor (of individual freedoms, the authenticity and enforceability of dematerialised procedures and actions, the security of actions carried out by public servants, etc.) and the Government wishes to confirm this position clearly both in the formulation of the decisions taken and in their methods of application.

The Government therefore wishes to retain sectoral identifiers.

The solution envisaged involves setting up a correspondence between the non significant identifier or identifiers (i.e. the certificate number) and each sectoral identifier used by the different administrations. There are four options:

i) storage of sectoral identifiers on the identification card/s. This solution, which has been put to the test in Ireland, seems unwieldy, in particular in the case of early card renewal (anyone who loses a card has to resubmit all his or her sectoral identifiers in order to obtain a new one),

ii) centralised storage of the non significant single identifier and sectoral identifiers look-up table: the departments only continue to handle their own sectoral identifiers, but the existence of a centralised database of all sectoral identifiers would probably not go down too well in our country,

iii) to offset this failing, the correspondence between the non significant identifier and the sectoral identifier can be stored exclusively in each of the departments involved. The only drawback here is that this solution would theoretically enable the different databases to interconnect their files, each one having the "pivot" non-significant identifier.

iv) the most successful solution consists of creating an identity federator, enabling the user to use the single identifier to access each of the services of his or her choice without either the government databases or the identity federator itself being able to make the link between the different identifiers. This solution has been specified by a group of public and private parties in many countries, within the framework of a consortium called "Liberty Alliance".[2][2] The specifications were stabilised in October 2003 and, subject to certain conditions, seem to be the most suitable at present.

(...)

Summit ID cards for kids aged 8

ID cards very good

Extracted from a daily record at [4]

Dec 28 2004 'Over-the-top' security move for G8 meeting sparks anger

By Steven Ventura

CHILDREN living near Gleneagles will need ID cards to get into their homes during next year's G8 summit.

A total of 500 residents, including kids aged eight and above, will have their photos taken by police ahead of the July conference.

They will then be issued with ID cards which they will have to carry during the event at the hotel near Auchterarder, Perthshire.

One resident said: 'We have been told we must get a picture taken by police for an identity card.

'And without this we will not be allowed in and out of the area. Even our children must have them.'

The ID cards are part of a £150million security operation for the summit which will be attended by leaders from Britain America, Canada, Japan, Russia, France, Germany and Italy.

Troops and secret service agents from all eight countries will join thousands of police from Scotland to guard the 850-acre site around the hotel.

Prime Minister Tony Blair has apologised to locals for the inconvenience they will suffer during the three-day summit.

But yesterday, local MSP Roseanna Cunningham said the ID cards were a step too far.

The SNP member for Perth said: 'This is an absolute outrage and I cannot see how it can be unilaterally imposed on local people.

'What are the police going to do if someone goes out to do their shopping and forgets their card, or when kids are in and out of their homes?

'Are they going to be subjected to police checks at every turn?

'I suspect this will only be the tip of the iceberg when it comes to disruption to the everyday lives of the people.'

Barry Hugill, of human rights group Liberty, said: 'To demand identity cards is an abuse of power. And to suggest children must carry them is outrageous.'

(...) Police Chief Superintendent Brian Powrie said: 'It is standard procedure for such events to require those who live close to the venue to carry identification so they can go through any police checks with the minimum of inconvenience.'

resist g8 2005 – media coverage – [5]