ID Cards Compulsory in UK by 2010 - Official

I have started my little essay, should i post it here or on a seperate thread as it is going to be quite long lol.

Talking about government systems being insecure, where i am there are several government departments. They are council offices in various places and virtually all of them have open router access! The routers are on the wireless setting and are either using the default password set by the manufacturer or they are blank passwords.

If that is the idea of government security then i do worry. Obviously it's a lower end system than the ID card database will be, but as someone on this thread said, no system is 100% secure.

Now if someone gains access to such a system then what could they do? It's a very worrying idea if you ask me.

Originally posted by ImaginaryReality1984
if someone gains access to such a system then what could they do?

- That would depend entirely upon the type of 'access' they got, as I'm sure you know.

An ability to access a look at small parts of the 'front end' of the 'system' is a world away from full access to look at and alter data.

It's a very worrying idea if you ask me.

- Anybody can imagine anything and all sorts, no matter how remote and highly unlikely the possibility and play a little game frightening themselves if they like, I suppose.

[edit on 11-4-2006 by sminkeypinkey]

Originally posted by ImaginaryReality1984
I have started my little essay, should i post it here or on a seperate thread as it is going to be quite long lol.

Talking about government systems being insecure, where i am there are several government departments. They are council offices in various places and virtually all of them have open router access! The routers are on the wireless setting and are either using the default password set by the manufacturer or they are blank passwords.

If that is the idea of government security then i do worry. Obviously it's a lower end system than the ID card database will be, but as someone on this thread said, no system is 100% secure.

Now if someone gains access to such a system then what could they do? It's a very worrying idea if you ask me.

The Anthrax scare in 2001 in the united states demonstrated after an investigation that even world class bio-labs maunfacturing weaponised viruses are not secure in the slightest.
I would have low expectations even if the government was better at pretending it would be secure. As it is they are stuggling to even pretend it will.

[edit on 11-4-2006 by AdamJ]

Originally posted by AdamJ
The Anthrax scare in 2001 in the united states demonstrated after an investigation that even world class bio-labs maunfacturing weaponised viruses are not secure in the slightest.

- Er, no it didn't.

It revealed just how 'non-world class', lax and dangerous the security element of that 'bio-lab' had become (over a period of several years), actually.

People and *ahem* 'items' were coming and going and there was various, er, 'work' going on, unsupervised, with members of staff left to get on with their own little pet projects (some 'home projects' the management knew nothing of, even!) and a whole under-current of petty rivalries and in-fighting going on.

I would have low expectations even if the government was better at pretending it would be secure. As it is they are stuggling to even pretend it will.

- Quite how this is supposed to relate to a British high security central computer system (the details of which have not even been set yet) is a new one on me.

Even if you'd been able to show situation analogous to the US's anthrax fiasco at Britain's Porton Down or Aldermaston it would have been the most tenuous 'illustration' but your 'example' doesn't even provide anything like that.

If you could show me just how lax the, say, British Police central computer is now after decades of operation I might take notice but you haven't and you can't.

I'm not trying to 'flame' anyone over this stuff but like I said there is a large part of this 'debate' that is so obviously just a little game, trying to frighten oneself, using an 'all or nothing' standard and any old tale, no matter how unconnected or inappropriate that tale is.
That just doesn't strike me as particularly good debate or very useful to anyone.


[edit on 11-4-2006 by sminkeypinkey]

No game.

I think its a good example. All labs working on viruses should be secure. People assume they are. But clearly thats not true and there are not checks in place.

The police computer is a good example. Maybe that works well.
I dont trust the government data to be secure and actualy its a bit of a pointless argument as they are prepared to sell the information to companies who pay. (and charge to make the security checks)
So its fairly obvious that the national register wont be safe/secure whatever.

I dont know how the biometrics data will be connected to the NIR.

Originally posted by AdamJ
I think its a good example. All labs working on viruses should be secure. People assume they are. But clearly thats not true and there are not checks in place.

- I disagree; I think it is a poor example given that several years after the end of the 'cold war' those places had become little worlds unto themselves and all sorts of outrageous practices were going on because no-one was keeping a close eye on things.

Had your example been Porton Down or Aldermaston it would at least have been a British example and closer to home.

The police computer is a good example. Maybe that works well.

- Indeed; I thought it a fair counter-point; a state run and secure database.
I am unaware of it being compromised, ever.

I dont trust the government data to be secure and actualy its a bit of a pointless argument as they are prepared to sell the information to companies who pay. (and charge to make the security checks)

- .....and so what?

Just because access to read small parts of the database will be permitted that is hardly especially unusual nor a sign of no security.

To claim "the information" is to be sold is also a total exaggeration of what is planned (for them even to access all of "the information" it would involve a huge dose of criminal activity.....if it even were possible for those, properly licenced, companies to do).

The truth is that this is the same idea as happens with the banks etc and the credit checking system.
Other financial institutions can access a small part of the banking database to verify certain information.
But that is neither a 'complete access' nor an insecurity of the entire system.

So its fairly obvious that the national register wont be safe/secure whatever.

- No it isn't.
IMO this is just back to the little game.
You are preferring to imagine and guess at all sorts of horrors with no actual substantive base to do so.

I dont know how the biometrics data will be connected to the NIR.

Like I have said, people are making all sorts of assumptions as if procedures and methodology has been determined and set out when it has not.

This makes comment beyond the general extremely difficult and comparison with other systems hard.

......and if you or anyone wants to produce a credible scary tale of government incompetence in this kind of thing then something along the lines of the German, French, Spanish, Greek etc etc ID card database being stolen or altered on the kind of scale some seem determined to imagine 'easily' happening here (despite the British system necessarily being more modern and up to date and informed by previous 'designs') would be more like it.

I shall not hold my breath.

It wont be secure because its not a single database, the information is linked and open to thousands of busnesses and government departments.

here is an example of the DVLA being caught selling data.


[edit on 11-4-2006 by AdamJ]

This is the thing though, why should my information be kept?
If I am willing to run the risk as the majority of the population [based on polls] are, why isn't it my choice?
I do not need them to protect my from fraud nor do I need to be criminalised, because the police no longer desire to do real investigative work. If I and the Public desire not, why do we get forced to do it?

That's not a democracy, that is the Government deciding our fate.

Originally posted by Odium
That's not a democracy, that is the Government deciding our fate.

Exactly. As sminkey stated, conjecture on the how the system will work is just that - conjecture.

However, one thing is certain - it is not happening democractically, it is has been forced through against common sense, financial sense and the will of the people

Poll Tax and the EuroDollar spring to mind and thankfully they were eventually defeated. Hopefully ID cards will go the same way

Exactly. As sminkey stated, conjecture on the how the system will work is just that - conjecture.

I agree and disagree here, in the end it can only work a few ways. Biometrics on a chip or biometrics on a chip that get checked against a database or maybe biometric database, you get scanned and you just carry the card as a backup.

The systems involved won't be standalone because they want them to be accesible to various organisations, that makes them vunerable.

That isn't conjecture it's a fact to do with computers. Again if the pentagon can be hacked, along with nasa and a lot of military computers, then anything can. People have done and do that still, although i am willing to bet the pentagon keeps everything sensitive on standalone machines, but that's the difference with this scheme.

Anyway.

However, one thing is certain - it is not happening democractically, it is has been forced through against common sense, financial sense and the will of the people

If people don't care enough to do something then maybe that could be agrued to be democracy. I mean loads of laws are passed without anyone caring but no one complains because they aren't important enough.

Poll Tax and the EuroDollar spring to mind and thankfully they were eventually defeated. Hopefully ID cards will go the same way

Hopefully yes but i doubt they will unless someone gets people moving on it. The poll tax was defeated because fo what it did to people, that's why the riots went on. I can't see that happening with ID cards, even if it slows daily life. The government is putting as such an attractive option, a cure to all problems with our society, threats of terror etc that people cannot turn it down. People are sick of crime and scared of terrorists, ID cards are like hanging a bottle of water in front of a man who has spent 3 days walking across a desert. Or maybe holding some savlon up to a scotsman who has walked through a field of thistles whilst wearing his extra short summer kilt.

Anyway it's being shown in such a light that people don't want to refuse them, they either don't care or like the idea. The polls you see about people not wanting them are i think mainly getting people who don't want them voting. I don't know if it's a true representation or not.

Originally posted by AdamJ
It wont be secure because its not a single database, the information is linked and open to thousands of busnesses and government departments.

- Why are you continuing with this claim about "the information" as if to imply all data held on the database will be open and available?

Quite clearly it will not.

.....and if access to read small parts of the database is limited and licenced how does that compromise the databases' security as a whole?

The British banking system has one of the world's most secure databases yet they allow access to read small parts of it and their 'system' remains secure and has done for decades now, ditto that Police computer mentioned earlier.

I'd also be more than a little reluctant to accept the Daily Mail as my (single) source on any of this, talk about an outlet with an agenda!

(and even then the example they talk of was a case of licenced access to a small part of the details held, not access to everything and certainly not access to remove, alter or input data.
You may question who got the licences and why but it hardly represents a compromising of the 'system'.

BTW, you do realise that were they inclined - but obviously the Mail wouldn't if they couldn't get at least a semi-coherent Labour-bash into it - they could do a similar story with a company run by or containing questionable characters doing a credit check with your banking information or the banks 'selling' data on to whatever marketing companies they have contracted to.......remember the little tick box on the various forms we are deluged with these days about 'sharing information' with other companies, hmmmm?)

==============================================================

Originally posted by Odium
If I am willing to run the risk as the majority of the population [based on polls] are, why isn't it my choice?

- It has to be said that those opinion polls have been all over the place on this. Sometimes showing large support sometimes not.
(and as I referred to earlier some of the polls themselves are being done with such small samples or such narrow selections as to be grossly questionable and unreliable - one I saw talked about a poll of students and another a poll of 600 web-site members.
Not exactly asking 'the man in the street', is it?)

But the only poll that counts was to be found during the general election in May 2005.

If the British public found this well known and much talked about major part of the Labour program so abhorrent they would have chosen some other party to govern.
That is, in part, how our system works.

But ultimately AlienAnderson and ImaginaryReality1984
are quite right.
If this idea is so counter to the public mood (as you claim Odium) it will not survive that.
If it is so evident that the public do not want this (as happened with poll tax) it is perfectly possible that the party bringing in the ID card may well be the one to remove them.
The next poll that will have any serious weight on this will be 2009/10 (and on such a matter of enormous national importance and interest that IMO is exactly how it should be).

Ok sminkey let's take a look at cyber crime.


Ok first off, having access to even low level systems means you can work your way up through them. It's remarably easy if you know what you are doing.

An attempted hack on a bank in this country was foiled but only because the hackers were far to stupid when transferring the money. They didn't think it through, which is weird for hackers but anyway they didn't. They gained access to the system, now with ID cards gaining access would be far worse than the bank. Transferring money out of the bank in the sums they were trying has procedures that have to go via a human being, this stopped them. Wth ID cards gaining access is enough, human verification won't and can't be used for that system.

A story about the bank hack, please note how they gained access to low level systems in order to use keyloggers to get accounts/passwords.

news.bbc.co.uk...


This story was hyped up a bit but if you know about computers you will see that it isn't all rubbish.

How do you know the police system hasn't been accessed? You think someone would tell you? I think our security services would want to keep that quite, just as the US government kept various other hacks quite that have come out later on. Just as the Russians kept thing's quiteThe hacks come out when the hackers promote them, if i had access to the police system i wouldn't promote it because it's a useful little service.

The banks have been accessed, the US military systems have been accessed, Nasa has been accessed, the pentagon has been accessed. Are you still saying that the system will be bullet proof? As i stated if the database was on a stand alone system then no hacker could access it because it wouldn't have an incoming or outgoing line. But it will have those lines, it will be reachable and that is enough.

Please do not state thing's like.

The British banking system has one of the world's most secure databases yet they allow access to read small parts of it and their 'system' remains secure and has done for decades now, ditto that Police computer mentioned earlier.

Yes the bank hack i mentioned didn't result in damage, but to recap my points.

Banks have human gateways for large amounts of money, that is why the hack was foiled.

The ID card system would merely have to be accessed and you would have plenty of information to use for various crimes, especially ID theft.

You can work your way up through low level systems, every system has them bar none.

The US military, NASA, the pentagon have all been hacked over the years.


Finally, a recent virus and DoS attack on the Russian stock exchange just further shows problems with secure systems. You see if a system is secure then it motivates hackers to break it, the russian exchange was shut down while checks were done. See the articles.

www.newscientist.com...

www.sophos.com...

A quote from Graham Cluley, senior consultant, sophos.

"While all the world was in a frenzy over the damp squib that was Nyxem, this attack infiltrated the RTS and could have potentially given hackers access to their systems," adds Graham Cluley, senior technology consultant for computer-security firm Sophos. "A virus which can disrupt a stock exchange can have obvious financial consequences, as well as harm the important credibility of an institution in the public's eye."

Regarding americans, i just found out your US supreme court ruled that you must show your ID card on demand to law enforcement officals.
So it looks like you will be put to the test over whether you stand up or not.

...the Supreme Court ruled last year that police can demand to see ID from law-abiding U.S. citizens.

its a pdf file -- here

quote from Cnet -- here

[edit on 12-4-2006 by AdamJ]

Originally posted by sminkeypinkey
I'd also be more than a little reluctant to accept the Daily Mail as my (single) source on any of this, talk about an outlet with an agenda!

(and even then the example they talk of was a case of licenced access to a small part of the details held, not access to everything and certainly not access to remove, alter or input data.
You may question who got the licences and why but it hardly represents a compromising of the 'system'.

BTW, you do realise that were they inclined - but obviously the Mail wouldn't if they couldn't get at least a semi-coherent Labour-bash into it - they could do a similar story with a company run by or containing questionable characters doing a credit check with your banking information or the banks 'selling' data on to whatever marketing companies they have contracted to.......remember the little tick box on the various forms we are deluged with these days about 'sharing information' with other companies, hmmmm?)

Its no good just raving off about the daily mail. im sorry its not good enough for you but i dont think you are really interested in considering the potential for abuse for the databse.
It was to highlight the possibilty of data being sold for profit, something you dismissed out of hand. Not security.
I take your points about police and banking databses. I dont know alot about them.
Im still concerned about an ID database, why they want/need one. They havent up until now.

Actualy its not my main problem anyway, im annoyed at the hidden hand behind all of this, so ill oppose it all the way with whatever i can get.
Its being forced on us from somewhere else.

[edit on 12-4-2006 by AdamJ]

Originally posted by ImaginaryReality1984
Ok first off, having access to even low level systems means you can work your way up through them. It's remarably easy if you know what you are doing.

- That may be the case sometimes but you are still speculating - it is not exactly a 'law' now is it?

Wth ID cards gaining access is enough, human verification won't and can't be used for that system.

- You cannot possible make such a sweeping statement with any certainty, particularly as the procedures (and even the actual 'system' itself) have yet to be designed fully, never mind tested and implemented.

This story was hyped up a bit but if you know about computers you will see that it isn't all rubbish.

- Well sorry but this is back to the 'all or nothing' standard again.

No-one I know of is saying security can always and forever be 100% but so what?
That is a 'standard' no human endeavour could meet.

There will always be a an unrepresentative 'extreme margin' one might look at but it is still no reason to condemn the whole when irrespective of those very marginal failings the whole acts to do what it is supposed to day in day out very reliably.

OK the banks have from time to time suffered 'attack' - usually unsuccessfully but on rare occasions sometimes not - that still does not make the entire banking system worthless or utterly insecure, right?

How do you know the police system hasn't been accessed? You think someone would tell you? I think our security services would want to keep that quite, just as the US government kept various other hacks quite that have come out later on. Just as the Russians kept thing's quiteThe hacks come out when the hackers promote them, if i had access to the police system i wouldn't promote it because it's a useful little service.

- Are we back to the guessing game?
OK.
Good game, let's really try and scare ourselves, huh?

Hey, maybe the Trident systems have been 'hacked', prove they haven't or that the world doesn't end in 5 minutes........and while you're at it see if you can bend over far enough to kiss your own ass goodbye!

Sorry but that just isn't good rational debate in my book.

it will have those lines, it will be reachable and that is enough.

- Enough what?
Enough to say it will never be 'perfection'?
Well duuuh.

That is, as said before, pure speculation heaped upon an absurd 'standard'.

The ID card system would merely have to be accessed and you would have plenty of information to use for various crimes, especially ID theft.

- This is just pure imaginative invention and speculation on your part.

You can work your way up through low level systems, every system has them bar none.

The US military, NASA, the pentagon have all been hacked over the years.

- Well that's all rather dramatic and all but I'd say it is more accurate to say that parts of the US military, NASA and the Pentagon have been hacked over time.

Usually with little lasting or serious effect and one might also point out that those designing these systems have been learning and adapting too.

As for the Russian stock market?
Well, I'd say that holding up periodic failures in parts of the world renowned for corruption, poor infrastructure or years of an appalling lack of investment is not much of a fair comparison in my book either.


=============================================================

Originally posted by AdamJ
Its no good just raving off about the daily mail.

- "Raving"?!

Are you really trying to say the Mail doesn't have an anti-Labour agenda constantly at work?

Come on, you're just kidding, right?

You'll be trying to tell me the Telegraph is a pro-Labour outlet next!

im sorry its not good enough for you

- Well no, I'm sorry that I usually find single source material from such obviously slanted and biased outlets rarely is particularly reliable.

It was to highlight the possibility of data being sold for profit, something you dismissed out of hand. Not security.

- Well that simply isn't so.
I am well aware that the government had sold data to some companies - quite deliberately and it wasn't a matter of "profit" but a deliberate action designed as a matter of policy to recoup costs and cut the overall costs of running the system.

.....and it might even be that elements of the proposed new ID system are open 'at a price' to certain licenced firms too (to recoup costs and lower the overall bill to the taxpayer).

I'm sorry but selling licenced firms a name and address at £2.50 a pop isn't the equivalent of access to view, enter or alter the biometric ID data and 'the security' of the entire database itself.

Im still concerned about an ID database, why they want/need one. They havent up until now.

- Well the short answer is, I suppose, that things change.
There's lots we now do that we didn't used to.
Not being able to claim state benefits, access the NHS or even open a bank account without sufficient umteen forms of ID are just some of them.

But it remains undeniable that there is a serious body of opinion (which is, like all opinion, contested) that says these cards will be a useful additional assistance in the fight against crime (from fraud to terrorism).
This may be properly disputed but it is a point of view with some merit and IMO it should not just be written off as of no consequence, or necessarily stupid, fascistic or mad.

Originally posted by sminkeypinkey

Originally posted by AdamJ
Its no good just raving off about the daily mail.

- "Raving"?!

Are you really trying to say the Mail doesn't have an anti-Labour agenda constantly at work?

Come on, you're just kidding, right?

You'll be trying to tell me the Telegraph is a pro-Labour outlet next!

No, im well aware of the angle the paper comes from.
But the political angle of the paper just isnt important.

Originally posted by ImaginaryReality1984
Ok first off, having access to even low level systems means you can work your way up through them. It's remarably easy if you know what you are doing.

Originally posted by sminkeypinkey
- That may be the case sometimes but you are still speculating - it is not exactly a 'law' now is it?

Acutally yes it is a law, every hacker i have ever spoken to says the same thing. “Why bother attacking the gates when you can use the tunnel”, they mean there is always a lower end system you can exploit.

Originally posted by ImaginaryReality1984
Wth ID cards gaining access is enough, human verification won't and can't be used for that system.

Originally posted by sminkeypinkey
- You cannot possible make such a sweeping statement with any certainty, particularly as the procedures (and even the actual 'system' itself) have yet to be designed fully, never mind tested and implemented.

Actually i can because i understand computer sytems. The cards are being promoted for being used to claim benefit etc. Now there are a lot of people claiming benefit and pensions. If a human being has to verify each and every transaction at your local post office then you will need an enormous amount of humans to verify it. Do you really think that humans could verify every one of these transactions?

It would need to be automated by machine, it's the only way sorry that is simply how it will work. It is the only way it can work because of the sheer number of transactions going through. Stop saying i can't know because i don't know the systems! It will be based on current computer logic so i can say that this small point is damn well true.

The only way to fix that would be having the data on the cards themselves and it not being checked against a database, but if that is done then there is no point as you could fake a card. All you would do is record your biometrics, stick them on a chip and you now have access to anything you want as your biometrics match the card.

As I said though that would defeat the purpose of the cards so database checking seems like the only way to go.

Originally posted by Sminkeypinkey
- Well sorry but this is back to the 'all or nothing' standard again.

No-one I know of is saying security can always and forever be 100% but so what?
That is a 'standard' no human endeavour could meet.

There will always be a an unrepresentative 'extreme margin' one might look at but it is still no reason to condemn the whole when irrespective of those very marginal failings the whole acts to do what it is supposed to day in day out very reliably.

OK the banks have from time to time suffered 'attack' - usually unsuccessfully but on rare occasions sometimes not - that still does not make the entire banking system worthless or utterly insecure, right?

Err i have once again stated that i know that no system can be completely secure. You seem to be missing my point on that. I don't want my information to be unsecure if it involves my biometrics and all the other stuff. Yes you can find my address somewhere else on some computer but people rarely bother. The ID database will be attacked over and over just because it's meant to be secure. You really don't get the hacker mentality; it's the challenge of it.

The reason we use the bank system is because there isn't much else to use and as i stated the banks systems have humans in place to check large transactions. That is why it is more secure but as stated you cannot do that for these cards. I gave you the reasons why above.

The closest we have to a commercial checked small scale system is credit cards. Some companies will phone you if they see suspicious activity on your card. But this is flagged by computer and sent to a person, it is only a small portion of the people using the card. If they had to vet everyone for every transaction then they couldn’t do it, that’s a very good example.

Hey, maybe the Trident systems have been 'hacked', prove they haven't or that the world doesn't end in 5 minutes........and while you're at it see if you can bend over far enough to kiss your own ass goodbye!

Sorry but that just isn't good rational debate in my book.

I can prove they havn’t, we aren’t dead, it’s a good clue . I was making a point and you mocked it. The trident systems although i don't have the details i am willing to bet are not connected to anything for the reasons i have described. They should be stand alone systems and i am willing to be they are hardwired to need the codes and don't rely on software. The ID card system can't rely on this and that is fact, go and read about computer systems if you don't believe me.

Yes yes I was speculating on the tridents, but if you know anything about computers it is not simply speculation, it is the logical way of defending those systems.

Originally posted by ImaginaryReality1984

it will have those lines, it will be reachable and that is enough.

Originally posted by Sminkeypinkey

- Enough what?
Enough to say it will never be 'perfection'?
Well duuuh.

That is, as said before, pure speculation heaped upon an absurd 'standard'.

Well as my old gran says "standards are important"

Seriously though. What i meant (and i thought it was clear from my rant) was that it will be reachable. I don't need to know the exact operating system they will use or the hardware and software firewalls they will throw up. They all run along the same security lines, albeit some are more secure and complex. They will be accessed and to use a phrase i dislike "mark my words". Oh god i am commited to my idea . I doubt anyone could do damage because of the way systems like that work, but they could steal information as it were. Look up the name Kevin Mitnick, ok his crimes were based more on conning people than technical genius but others are geniuses.

Originally posted by ImaginaryReality1984
You can work your way up through low level systems, every system has them bar none.

The US military, NASA, the pentagon have all been hacked over the years.

Originally posted by SminkeyPinkey
- Well that's all rather dramatic and all but I'd say it is more accurate to say that parts of the US military, NASA and the Pentagon have been hacked over time.

Oh i fully agree but only because the systems are so large it would take ages to go through them. Also the military and NASA do now use stand alone systems for sensitive informaiton, hell an estate agent i know keeps it's files on a seperate computer, it's just common sense and is unhacable simply because there is nothing to connect to. Again the ID card database won't be stand alone.

Originally posted by SminkeyPinkey
As for the Russian stock market?
Well, I'd say that holding up periodic failures in parts of the world renowned for corruption, poor infrastructure or years of an appalling lack of investment is not much of a fair comparison in my book either.

The software was defeated not the hardware, and the software was up to date. The hardware I have no idea about actually, bloody Russians using there commodore 64’s probably. Wonder if I can get one for extra cheap now?

If there are anyone quote mistakes in this then sorry, it was rather long and i may have missed something.

Does the ID cards scheme have a 'self-destruct' button?

What happens if we get invaded?

Interesting point raised by MP:

A Conservative MP has asked the government to reveal whether the planned ID card database will have a 'self-destruct' system which could be used in case of foreign invasion.

Anne Main MP asked the Home Office what contingency plans are being prepared for the "rapid wholesale deletion of data held on the National Identity Register in the event of invasion by a foreign power".

She also asked what plans are being prepared for the deletion of the National Identity Register in the event of a coup d'état.

source

Very good.

Now there's an angle I hadn't thought of.

Interesting question.

what?
what a weird question?

who is going to invade us and why should we self destruct the NIR?