Identity, Privacy and Trust

July 1, 2010  10:11 AM

Sensible guidance for school sports days

tobystevens tobystevens Profile: tobystevens
.ico, Data protection, privacy

In a world where it’s quite possible for minors to be arrested for taking pictures of parades on Armed Forces Day, parents go crying to the press when their children are accidentally phtographed playing naked in a public place, and sooner or later we’ll all get nicked for looking at a policeman in a funny way, it’s good to see the Information Commissioner’s Office providing some timely and useful guidance on the acceptability of taking pictures of your child’s school sports day.

For the avoidance of doubt: if you are taking photos for your personal use (as opposed to commercial/official photos) then the Data Protection Act does not apply. If a jobsworth tells you that you cannot do so because of the DP Act, then they are wrong. Carry a copy of the guidance note and stick it under the nose of anyone who says otherwise. It would be a great shame if all our schoolday memories looked like this…


The 100 yard dashing around like a headless chicken race…

June 30, 2010  6:01 PM

There, but for the grace of Dave and Nick…

tobystevens tobystevens Profile: tobystevens
identity cards, politics

Do you remember the UK ID Cards scheme? You know, the government’s promised ‘gold standard’ of identity? The unforgeable, unbeatable, genius of authentication that was promised to do anything you want (so long as all you wanted to do was submit to an identity check by a public official)? The one that eventually cost us £450,000 per card? Ah, now you remember it.

Back in the heady days of 2005, a number of us warned that the idea of a ‘gold standard’ of identity was preposterous, and that the UK abandoned the concept of a gold standard in its fiscal policy for a number of reasons, one of the most important of which was the fact that underpinning your entire economy on a single asset is a ridiculous and unnecessary risk. Would you want to discover that the UK economy has collapsed because investors have intentionally pulled the rug out from under the gold market (as opposed just good old-fashioned fiscal mismanagement)? No. Would you want to discover that the country’s entire system of authentication and verification has to be abandoned because some idiot left a copy of the database on a memory stick in a pub car park? No. But we came very close to building that ID system, and in Puerto Rico they’ve just discovered what happens when your primary credential is no longer trustworthy.

Apparently in Puerto Rico, a birth certificate is the de facto ID document. It’s been normal practice for many years for public authorities and private organisations to take a copy of that simple, forgeable piece of paper when they transact with individuals, and to keep it on record for indefinite periods. Unfortunately, the Puerto Rican birth certificate is an immensely valuable document, since it can also be the gateway to US citizenship, and that makes it an attractively nickable credential that can be sold across Latin America.

Organised criminals soon cottoned on to this, and started raiding organisations – in particular schools – to steal copies of certificates, and selling them on. US authorities are quoted as saying that up to 40% of fraudulent applications for US passports use Puerto Rican birth certificates, and 12,000 individuals are known to be victims of this type of credential fraud. The Puerto Rican birth certificate has been rendered untrustable, and has had to be abandoned as their ‘gold standard’ of ID.

In response, and under pressure from the US, the Puerto Rican government has demanded that over 5 million individuals re-register for a new birth certificate that will be printed on a different document standard, and will not be collected by other organisations for ID purposes. It seems a little odd that they’ve replaced a stealable, replicable, forgeable, fundamentally weak credential with another stealable, replicable, forgeable, fundamentally weak credential, when they could have used electronic credentials to leapfrog underdeveloped nations such as the UK by creating a really useful ID infrastructure, but then I doubt they’ll be paying £450,000 per certificate either.

The sooner that we get away from this outmoded concept that the only way to prove our entitlements is a bit of paper – or a smartcard – issued by the State, and start adopting global, interoperable standard for open identity rights, the better. The Coalition government saved us from a move back to the gold standard in ID, and the ultimate inevitable collapse of a fundamentally flawed ID infrastructure. Sadly, they’ve yet to propose alternatives, and we’re floating around in an identity vacuum that needs leadership, standards and purpose. Where’s the government’s ID Tsar? Where’s our commitment to an Open ID initiative such as that created by Obama? I know it will be many years before it happens, but I can dream, can’t I?

In the meantime, I’m off San Juan to register for a birth certificate under my Latin alter ego, ‘Spanky Fernandez’*. Should be worth a few bob once the ID thieves figure out how to copy them over the next few weeks.

* – I once knew a chap by that name. If you’re reading this Spanky, sorry for stealing it.

June 30, 2010  3:13 PM

Backfiring biometrics

tobystevens tobystevens Profile: tobystevens
Biometrics, crime, Data protection

I’ve written on a number of occasions about the fallibility of biometrics as a trusted means to find or identify an individual. Setting aside problems with the mathematics of biometrics and associated false accept / false reject issues, my biggest concern is the human factor: once the authorities have it into their heads that biometrics never lie, common sense and good judgement go out the window. This is particularly important where biometric evidence is used in a police investigation, since it becomes impossible for defendants to challenge either the accuracy of the original evidence, or of the procedures used to process it within the investigation. High-profile false convictions become inevitable, and it would only take a few such cases to completely undermine the evidential value of biometrics even in apparently ‘open and shut’ cases.

Perhaps the most important example of this in the UK is that of Shirley McKie, a police officer whose fingerprint was allegedly discovered at the scene of a murder in 1997. Despite the absence of motive or any other evidence, she was brought to trial and eventually cleared of perjury when she defended her innocence of involvement in the crime. Four supposed experts asserted that the print had to be hers, and in the wake of her trial three accepted redundancy and one was sacked. Mrs McKie, having left the police service, was subsequently awarded £750,000 in compensation, and one of the experts was eventually reinstated having successfully challenged her dismissal at an employment tribunal. HM Chief Inspector of Constabulary demanded an overhaul of procedures, and a public inquiry is now under way.

Aside from the ridiculous waste of public funds in pursuing a patently unsafe conviction, the most disturbing aspect of the case is the way in which police and justice authorities closed ranks to protect their own staff and their unswerving faith in biometric evidence. The Scottish Information Commissioner Kevin Dunion has ordered that 131 previously unreleased documents about the case be provided to Mrs McKie. Whilst only a fraction of the 630 documents yet to be disclosed (and likely to remain secret because of other legal exemptions), this demonstrates just how hard it is for an individual to fight a case once there is a claim of infallible biometric evidence against them.

I very much hope that Mrs McKie is successful in exposing every flaw that lead to this ridiculous situation, and that authorities across the UK – not just in Scotland – take heed of the lessons learned and modify their attitudes towards biometric evidence accordingly.

June 9, 2010  5:58 PM

An experiment in location transparency

tobystevens tobystevens Profile: tobystevens

Please excuse the lack of posts recently – I’ve been preparing for an experiment in locational privacy. On 12th June I will set off from John O’Groats to cycle 1,000 miles to Land’s End in aid of Help for Heroes. Every moment that could have been used for blogging has instead been taken up with cycle training. I’ll be wearing a satellite tag so that you can follow my progress at If you can sponsor me then I’d be extremely grateful!

As for privacy, it’ll be interesting to see what it’s like to have my movements tracked for 10 days. For anyone following Please Rob Me, don’t get your hopes up, the house will be full of people whilst I’m away…

May 12, 2010  3:18 PM

The end is the beginning

tobystevens tobystevens Profile: tobystevens
identity cards, politics, privacy

The Conservatives and Liberal Democrats have published their coalition agreement. This includes the following key lines:

10. Civil liberties

The parties agree to implement a full programme of measures to reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion.

This will include:

– A Freedom or Great Repeal Bill.

– The scrapping of ID card scheme, the National Identity register, the next generation of biometric passports and the Contact Point Database

So that’s it – the battle is over. We’ve put an end to the daftest databases invented under Labour. But it’s far from the end of the work. Whatever happens, the UK needs a trusted population-scale authentication scheme to support online transactions and interaction. It needs to be a scheme that is open, trustworthy, flexible, respectful of privacy and civil liberties, and most importantly, not owned by the government. Over the coming months we will see a host of new identity and authentication mechanisms proposed to support industry, in much the same way as was originally proposed by Sir James Crosby’s prescient report. Hopefully this government will have the good sense to actually listen to those who properly understand the issues and technology, and will embrace whatever solutions the people – and not the Home Office – select as their preferred tools.

May 12, 2010  8:02 AM

The First 100 Days?

tobystevens tobystevens Profile: tobystevens
identity cards, legislation, politics

It’s a bright, sunny morning. Finally, we have a new government. I’m excited. I’ve a strong sense that a Conservative-Liberal coalition could be the best possible election outcome for the UK: a strong economy coupled with a commitment to overturn the inefficiencies and centralisation of 13 years of Labour, but tempered by the humility and introspection that will be forced upon the government by the Liberal Democrat influence. This could work really well if they commit to collaborating. But what should they now do about privacy, identity and consent?

Fortunately, this is one of the areas in which the two parties find common ground, and in fact it may be one of the first policy actions taken by the coalition since they will want to be seen as decisive. The first announcements are likely to be the cancellation of the Identity Cards programme and the ContactPoint database; quick, easy decisions that will save money and tear down one of the pillars of Labour’s centralisation policies. Cynics say that the government will shy away from destroying the National Identity Register because of its complex linkages into other systems, and the supposedly watertight contracts that are in place with key vendors. I say watch this space, there’s a strategy prepared to deal with those issues.

Next, we will see the government order a detailed review of spending across public service. How many computers does the government own? You don’t know? Well, neither does the government. Nor how many systems it operates, contractors it employs, or contracts it has signed. It’s time to get a proper view of what’s in place. And then it’s time to publish that view, and details of all spending thereafter. Greater transparency is a cornerstone of both parties’ manifestos, so I can’t imagine the two parties disagreeing on that.

Then there will be a commitment to a much greater reform of government IT. We’re going to see the end of the current status quo, in which a handful of massive SIs control nearly all government IT spending, and instead the market will be opened up by demanding open source standards and technologies, capping contract values, and publishing values and details of all contracts. A few naysayers have suggested this would be a bad thing. Rubbish. It will spread public spending across a much broader range of SMEs rather than allowing a few companies to hog it for themselves.

The Digital Economy Act is unfortunately likely to end up on the back burner, at least for a few months. It’s an appalling bit of legislation, but the government will want to deal with issues of economy, education and defence before it starts tackling the mess that the major record companies talked us into.

And then we have the longer-term reform of the civil liberties agenda. Both parties are committed to a range of fundamental reforms to protect privacy, control libel laws, protect liberties and ensure a new vein of common sense runs through government. These changes won’t happen quickly, but they will be protect us all from a repeat of the ridiculous attitudes of recent years.

As I say, it’s a bright, sunny morning. Looking out the window, I see it’s rather nice out there too.

May 11, 2010  12:24 PM

A Coalition for Consent?

tobystevens tobystevens Profile: tobystevens
consent, Election, identity cards, privacy

At some point in the next few hours, we’re likely to find out the shape of the next government. I deliberately avoided commenting on my political preferences in the run-up to the election, preferring to remain neutral. However, now that the votes are in, from a privacy, identity and consent perspective I’m hoping hard to see a Con-Lib alliance.

Purely taking these issues into account, the Liberal Democrats have a very attractive manifesto indeed. Whilst similar to the Conservatives in these areas, they have promised to go so far as scrapping biometric passports, which is an area on which the Tories have been mute. The two parties can coalesce around many sensible policies that include scrapping the National Identity Register and Contactpoint, enhancing or replacing current privacy and libel laws, protecting freedom of speech, and putting an end to the past 13 years’ relentless and ruthless accumulation of personal information.

Not that ending these projects will be the end of the issues: anyone who thinks that the UK can live without some form of population-scale authentication system – ideally not one provided by the State – is ignoring the realities of the Internet age. I fervently hope that a Con-Lib government would bring common sense coupled with a degree of humility and introspection, qualities that can only help to enhance the government’s attitudes towards privacy and consent.

April 29, 2010  3:30 PM

Erasing David

tobystevens tobystevens Profile: tobystevens
privacy, Surveillance

Tonight is the premiere of David Bond’s new film ‘Erasing David,’ which will also be shown on More 4 at 10pm on 4th May. If you have any doubt in your mind about whether we have already sleepwalked into a surveillance state; about whether there is any truth in the phrase ‘nothing to hide, nothing to fear’; or the potential for your details to be stolen and misused by criminals; then this is a film you need to see.

Concerned by the implications of the government’s loss of Child Benefit data, David set out to remain hidden for a month whilst being tracked by two private investigators. This wasn’t about hiding in the woods for four weeks, but remaining part of society without leaving a trail of clues. He had the chance to ‘cleanse’ his online records as best he could, such as removing information from his Facebook profile, to receive briefings on the psychology of fear and practical ways to remain anonymous, and to plan his hiding strategy. The detectives simply have to meet up with him face to face in order to win the challenge, and are not allowed to break the law in doing so.

The result is a film that is almost comedic at first, as he comes to terms with privacy problems that those of us in the privacy mainstream have fretted about for a long time now, but then starts to become increasingly disturbing as he reacts to the assumption that all his movements, communications and transactions might be monitored. The private eyes don’t fit the stereotypical image portrayed in American movies, but whilst they come across as gentle and almost amusing, their (perfectly legal – possibly with the exception of the questions arising from dumpster diving) techniques are highly effective.

What surprised me was how quickly David Bond begins to experience the paranoia arising from being watched. Without giving away the plot, there is one point at which this seems rather extreme (bearing in mind that the worst consequence of his being tracked down would be to be able to go home!), but the wider theme of discomfort and behavioural change is food for thought for those that buy into the ‘nothing to hide argument’ when trying to justify surveillance regimes. David Bond starts this project with just a vague sense of unease about the concept of a database state. By the end, his radicalisation as a privacy activist is complete.

Tune in to watch Erasing David on More4 on 4th May at 10pm.

April 27, 2010  9:48 AM

Gissa proper National ID Card

tobystevens tobystevens Profile: tobystevens
identity, identity cards

One of the biggest flaws in the National ID Scheme’s architecture is its failure to support peer-to-peer authentication in any meaningful way. The government has promoted it as a way to interact with government, UK border controls, proof of age scenarios, and… that’s about it really. However, this is a classic case of designing a system around the needs of a minority user group: those who lack other trusted credentials, or often come into contact with the authorities. It’s an approach that disregards the needs of everyone else.

Like most people with a ‘conventional’ lifestyle (i.e. someone who is not regularly in contact with police, UKBA or social services) I rarely need to prove who I am. My wallet contains two credit cards and a debit card, a few bits of plastic for club memberships (IoD, British Cycling, Britannia Rescue etc) and that’s about it. On a couple of occasions each year I have to dig out my passport from its safe storage in order to a) travel or b) prove who I am for a new financial services product (e.g. moving mortgage provider or changing mobile phone company). Those occasions aren’t an inconvenience for me, since I know when they’re going to happen, and otherwise my passport lives safely locked away.

In this context, a National ID Card – as envisaged by the government – is a complete waste of money for me. It adds no value over a passport, which I’ll still have to own for travel purposes. Furthermore, because the Identity & Passport Service has designed the scheme entirely around government needs, it has been rendered useless for anyone else. Only an organisation with a card reader connected to the National Identity Register can obtain a ‘trusted’ authentication, and that authentication is a one-way process – there’s no mechanism for the card holder to confirm they’re really dealing with an authorised official. In fact the card can’t even support Chip and PIN functionality, so it’s less trustworthy than the average credit card.

And it’s the failure to provide mutual authentication that is the most disgraceful aspect of the scheme’s architecture. Here’s an example. Yesterday I received a knock on the door, and a young Liverpudlian waved a bit of card at me, politely introduced himself as a young offender working in a rehabilitation programme, and asked if I might be interested in buying some household items from him. Now I have no way whatsoever of knowing whether such a scheme is legitimate, or if he’s just casing the house for a later break-in; whether the card is real or if he is the authorised holder; and whether I can trust him in this context.


(Bernard Hill as Yosser Hughes)

Now if I had a useful peer-to-peer authentication mechanism, I could have verified the legitimacy of his claims about organisation and employment; checked he was the cardholder; and would happily have purchased something. As it was, I politely sent him packing.

If the government wants an identity scheme that will genuinely engage with marginalised or disadvantaged groups; prove meaningful and valuable across the entire population; and build trust rather than facilitating flash and dash fraud; then it’s time to scrap the current approach and start again with something that reflects the needs of everyone, not just the Identity & Passport Service. Build it as a Psychic ID Card that can be applied across a range of scenarios without accumulating personal data or compromising privacy, and encourage individuals to invent innovative applications. But don’t lumber us with a scheme that costs billions and fails to serve the needs of those who need it most.

Oh, and if that salesman is reading – come back with proper ID and I’ll happily buy something from you.

[And for the under 40s, if the word ‘Gissa’ means nothing to you then here’s Bernard Hill’s seminal character who coined the phrase ‘Gissa job’]

April 7, 2010  11:25 AM

Technology Strategy Board – Trusted Services Competition

tobystevens tobystevens Profile: tobystevens
politics, privacy, Projects, regulation

The Technology Strategy Board has allocated up to £8m to invest in highly innovative collaborative research and development projects in the area of trusted services.

The tools, techniques and services developed will accelerate the deployment of secure and trustworthy information systems, within Digital Britain and the wider global economy. The competition will focus on business-led collaborative projects to develop trusted services which rely on technologies and their associated supply chains that will deliver significant improvements over today’s service offerings.

Up to one quarter of the funding will be awarded to fast-track projects which last up to 12 months and have a total value of less than £150k. he remainder of the funding will be awarded to collaborative R&D projects lasting 12-36 months and with a total project value exceeding £150k.

For further information about the competition, please refer to the Technology Strategy Board website.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: