David Hansen | 1 Mar 09:52 2006
Picon

Re: ID smears legal warning

On 28 Feb 2006 at 20:44, Brian Gladman wrote:

> Moreover electricity was not the output that the government was after
> when it first invested our money in this programme.

Indeed, the Magnox "power stations" must be one of the more elaborate 
cover stories government has ever come up with. However, I do think it 
instructive because it shows the mushroom managemrnt approach of 
government when it wants something but is not prepared to be honest 
about why. It is clear that government is being at least as dishonet 
about "identity" cards, which is one of the reasons the "justification" 
given for them has varied almost from week to week.

Another instructive example is the Chancellor Support Agency. Listen to 
government and one might believe that it was set up to help children, 
but nothing could be further from the truth. Despite causing untold 
misery for just about everyone caugth in theor pincers, including some 
suicides, party politicians have so far shown themselves unable to even 
understand the basics of why it was set up, let alone what it is doing 
to people or sort out the mess.

The latter is why the Home Office can't just be left to cock "identity" 
cards up. They are so arrogant they will blunder along, even when the 
clever ones (and there are some in the Home Office, despite my views 
about the whole organisation) have realised that they have made a 
monumental mistake and are looking for a way out. Institutional 
arrogance is a big problem, possibly a growing problem.

--

-- 
  David Hansen, Edinburgh 
(Continue reading)

Owen Lewis | 1 Mar 12:27 2006

RE: ID smears legal warning


> -----Original Message-----
> From: ukcrypto-admin@...
> [mailto:ukcrypto-admin@...]On Behalf Of
Nicholas Bohm
> Sent: 23 February 2006 11:45
> To: ukcrypto@...
> Subject: Re: ID smears legal warning
>
>
> > Peter Tomlinson wrote:
>
> >>Trust levels for a transaction are graded 0 to 3 in the civil area,
> >>related to the registration levels found in the "HMG's Minimum
> >>requirements..." docs.

> This idea of classifying trust levels for transactions is very crude,
> especially if the people doing it don't know what the implications may be.
>
> For example, it is easy to say that transactions involving health and
> medical issues should be very secure.

Exactly so but no one experienced in the classification would ever do so
unless so ordered for political rather than practical considerations. Such
transactions should, with few exceptions be treated as confidential. This it
the way they have been treated in the past and it is appropriate that they
continue to be so treated. It therefore follows that they will not be
accorded 'very secure' treatment. Medical records are not Top Secrets, let
alone of other and even more mysterious compartmentalisation of access.

(Continue reading)

Peter Tomlinson | 1 Mar 12:56 2006
Picon

ID and authorisation: the time domain

Rather than inject this into several threads, please note: When checking 
ID and authorisation off-line you must consider the time domain: has the 
ID been blacked or the authorisation revoked since the relevant 
information was loaded into the card? The classic way of doing this is 
by way of distributing a hotlist to all the terminals, but, as the USA 
military have apparently discovered, this can become extremely large. 
Another method, with some risk that must be quantified, is to load only 
short term authorisation into the card, terminated by time or by the end 
of some programme (e.g. a programme of health treatment). Then the card 
has to go on-line for a refresh. (Of course you can combine the methods: 
short term authorisation loaded into the card, plus a small hotlist of 
high priority items.)

Peter

Charles Lindsey | 1 Mar 15:48 2006
Picon
Picon

Re: ID smears legal warning

On Mon, 20 Feb 2006 19:25:51 -0000, Brian Gladman <brg@...>  
wrote:

> The only reason I am not accepting this is I don't know what the real
> false positive rate is for the banking system and I don't know what the
> causes are.  So I am not able to make the jump that you have made when
> you claim that this rate would be unacceptable in the public sector.

We know that the Bad Guys regularly manage to obtain money from other  
people's bank accounts by assorted means (online or offline or bogus ATMs  
or whatever else). Every time that happens, they have stolen someone's  
identity (which is a false positive from the POV of whatever checks are  
applied). Granted C&P will have improved the situation (and I expect Chip  
& Sig cards will in future be especially desirable things to nick).

--

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl@...      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

Brian Gladman | 1 Mar 19:04 2006

Re: ID smears legal warning

Charles Lindsey wrote:
> On Mon, 20 Feb 2006 19:25:51 -0000, Brian Gladman <brg@...>
> wrote:
> 
>> The only reason I am not accepting this is I don't know what the real
>> false positive rate is for the banking system and I don't know what the
>> causes are.  So I am not able to make the jump that you have made when
>> you claim that this rate would be unacceptable in the public sector.
> 
> We know that the Bad Guys regularly manage to obtain money from other
> people's bank accounts by assorted means (online or offline or bogus
> ATMs or whatever else). Every time that happens, they have stolen
> someone's identity (which is a false positive from the POV of whatever
> checks are applied). Granted C&P will have improved the situation (and I
> expect Chip & Sig cards will in future be especially desirable things to
> nick).

When I suggest importing banking technology for public sector use, I am,
of course, referring to C&P (smart cards), not magnetic stripe.

But considering magnetic stripe cards, are there any good (UK)
statistics on things like:

 (a) the percentage of the total number of cards issued which
     have been fraud free during their lifetime;
 (b) the percentage of transactions that involve card fraud;
 (c) the percentage of the total monetary throughput lost by
     card related fraud.

over the last year or two.
(Continue reading)

Owen Lewis | 1 Mar 19:09 2006

RE: ID smears legal warning


> -----Original Message-----
> From: ukcrypto-admin@...
> [mailto:ukcrypto-admin@...]On Behalf Of Ian Johnson
> Sent: 28 February 2006 14:53
> To: ukcrypto@...
> Subject: RE: ID smears legal warning
>
>
> On Tue, 2006-02-28 at 14:36 +0000, David Hansen wrote:
> > On 28 Feb 2006 at 11:24, Ian Johnson wrote:
>
> > Someone else sounding like me:-)
> >
> > > Useful means cheap, removing the need for a passport for EU travel,
> >
> > I would have nothing against that, if people wanted to get one. I might
> > even get one myself...
>
> The point I was trying to get across was that in principle I would have
> no objection to the sort of scheme Owen keeps proposing, but I don't
> believe for a second we would ever get such a scheme.

I think we will. The question is how much pain and waste must first come to
pass before we arrive at where an increasing number of us are sure we need
to be.

At the moment informed opinion remains too fragmented  to make an immediate
impact.

(Continue reading)

Pete Mitchell | 1 Mar 23:28 2006
Picon
Picon

Re: ID smears legal warning

Charles Lindsey wrote:

> We know that the Bad Guys regularly manage to obtain money from other  
> people's bank accounts by assorted means (online or offline or bogus 
> ATMs  or whatever else). Every time that happens, they have stolen 
> someone's  identity (which is a false positive from the POV of whatever 
> checks are  applied). 

Calling card fraud "stealing someone's identity" is IMO unhelpful and 
playing the HO's game.

I've had someone nick my credit card and use it to buy a couple of 
bottles of White Lightning at Waterloo. (Who hasn't?) But I still had my 
identity. No-one took it away, either with or without intent to deprive 
me of it permanently.

It's simply an impersonation fraud. TPTB have decided to call it by the 
much more sinister name "identity theft", in order to frighten us into 
wanting what they want us to want. Phooey.

--

-- 
Pete Mitchell

Peter Fairbrother | 2 Mar 11:29 2006
Picon

Re: Chip & PIN revisited

Rodney Tillotson wrote:

> Pete Mitchell wrote:
> 
>> I just called [Alliance & Leicester] to ask for a chip and sig
>> card instead. They admitted such things do exist, but they are
>> only for people whose medical practitioners will assert they have
>> a Medical Disability. It would, they said, be against the law to
>> issue a chip and sig card to anyone else.
> 
> LTSB must in that case be the Bandits' Bank. A friend said
> persistently and often that they didn't want a CaP, and was duly
> issued with a CaS. It certainly took "reasonable persistence", but
> not really a "plausible account of relevant circumstances".

LTSB-credit-cards gave me a bit of a hard time, but did give me C+S credit
cards without _too_ much hassle - LTSB-the-bank however gave me a C+S debit
card without even asking for a reason, one phone call and it arrived the
next day!

> And many local retailers had by 14 Feb trained their staff to know
> the difference and deal with it properly.

Same here with the retailers, haven't had a problem since the 14th -

> Of course, this is rural Oxfordshire, where we still leave the
> keys in our cars ...

 - and this is in urban Wilts, where only someone who wanted to claim on his
TPFT insurance after a prang (or who wanted to avoid paying to scrap a car)
(Continue reading)

Peter Fairbrother | 2 Mar 11:29 2006
Picon

Re: ID Cards. Independent Poll

Brian Gladman wrote:

> Meanwhile I will continue to advocate the introduction of banking
> technology to mediate access to public services as a 'solution' that we
> can deploy NOW.

Why? Is there a huge problem with mediating access to public services?

Benefit fraud is overwhelmingly not identity-based, and any form of ID cards
would be of little use to combat it - it's mostly people not reporting
disqualifying circumstances, not pretending to be someone they are not.

"Health tourism" is a possibility, but it only costs £200 million per year
(DoH estimate), and it may be a better idea just to let it continue - it's
better that someone in the community with an infectious disease is treated,
whether or not they are entitled to treatment. It makes us all healthier. I
don't mind paying £4 per year for that. Any idea of lots of people coming
from abroad for expensive operations is nonsense.

Offhand I can't think of any more public services where might be useful to
mediate access. 

--

-- 
Peter Fairbrother

Owen Lewis | 2 Mar 10:59 2006

RE: ID smears legal warning


> -----Original Message-----
> From: ukcrypto-admin@...
> [mailto:ukcrypto-admin@...]On Behalf Of Dave Howe
> Sent: 28 February 2006 17:39
> To: ukcrypto@...
> Subject: Re: ID smears legal warning
>
>
> Owen Lewis wrote:
> >> Unfortunately, we all know it won't be used like that - even
> if such a card
> >> were made (and its database locked forever out of the reach of
> government
> >> officials) they would just use some unique value read from the card as
> >> their primary key into their own database(s).
> > Explain? Surely one of the primary functions of the system is
> to provide a
> > well assured ID check for many govt dealings (central and local) with
> > individuals. Or do I misunderstand your drift?
> I mean even if we *could* enforce the NatID database being a pure identity
> database, with no extra data at all - they would just go ahead and build a
> second database, with all the information in it we are objecting
> to (and still
> no adaquate security) and use the card to index it. Effectively,
> we would still
> end up with whatever database the rogues want, regardless of any
> "Restrictions"
> on the official database that are made. Compare and contrast with
> "we don't
(Continue reading)


Gmane