Monday, December 15, 2003

Satellite tracking of cars -- "when, not if"

The BBC reports that a govt appointed committee is considering fitting a tracker to every car in order to introduce congestion charging on all roads. Professor David Begg, leading the committee, is quoted as saying:

It is now a matter of when, not if. Six months ago it was on the shelf, but Mr Darling is now very serious about it.

It seems the day when everyone is under constant surveillance 24 hours a day no matter where they are or what they're doing is getting closer. Satellite tracking of cars, plus ever increasing usage of CCTV (still largely unregulated), plus agencies from MI5 to the Charities Commission able to monitor internet and phone activities, plus govt powers to spy on bank accounts, plus an ID card system tracking our usage of govt services and quite probably our purchases or movements, gets us pretty close to that day already.

Sunday, December 14, 2003

Yippeeee!

Great news! And congrats to the coalition forces. Now the Iraqis need not fear Saddam ever regaining influence, which may make it easier for the remaining Ba'athists to be hunted down and captured. In the meantime let's hope Saddam is made to answer for his crimes.

Now where's Osama got to?

Wednesday, December 03, 2003

Electronic voting: A threat to democracy?

With low turnouts in many elections in Britain, some people have suggested that electronic voting could be allowed in order to make things easier and hopefully raise voter turnouts, e.g. see this BBC report about e-voting trials in Swindon in recent local elections.

In America there has been a big push towards introducing electronic voting systems after the Florida vote counts in the 2000 presidential election where the voting machines' performance may have influenced the end result in a tight election.

However the move towards electronic voting is by no means straightforward. With a paper ballot, with the vote manually registered by the voter as occurs in British elections at the moment, you have a high degree of checkability. People know what they write on the ballot before it's put in the box. Vote counting can be done under the eyes of the candidates, their representatives and independent observers. We can therefore create reliable voting procedures and vote counting procedures quite easily.

With electronic voting, things are not so straightforward. Without knowing what code is running on the computer recording your vote, you cannot be sure whether the vote is correctly registered by the computer. The vote counting is done by the computer essentially out of sight. The possibility of incorrect counting due to software bugs, the software being hacked or plain skullduggery on the part of the software writers has to be taken into account.

America's recent experiences with voting machines provided by a company called Diebold provide worrying reading:

Under the Help America Vote Act (HAVA), the Election Assistance Commission is charged with establishing voluntary standards for voting machine software and creating an independent testing process for the software. However, this process is far behind schedule. Under HAVA, the Election Assistance Commission members should have been nominated by the President in February 2003. Unfortunately, these nominees have only recently been sent to the Senate for confirmation.

Without this federal review and testing of software, deeply flawed software has been marketed by companies and bought by states. An Analysis of an Electronic Voting System was recently authored by Tadayoshi Kohno, Adam Stubblefield, Aviel Rubin, and Dan Wallach. This voting software, produced by Diebold, has already been purchased by two states. According to this study, some of the most serious of numerous flaws permit a person to:

-vote multiple times,
-view ballots already cast on a machine,
-modify party affiliation on ballots,
-cause votes to be miscounted,
-create, delete and modify votes on voting machine, and
-tamper with audit logs and election results.

States Purchase Insecure Software
As a result of this study, Maryland put on hold its purchase of Diebold voting machines. Later, an independent review confirmed the previous findings. It counted 328 security weaknesses, and concluded that: "The system, as implemented in policy, procedure and technology, is at high risk of compromise" (pg. 17).


Diebold had threatened legal action against students and ISPs who publicised the flaws found in their voting machines, though they have now backed down.

A comprehensive account of both the problems with the machines and the legal actions Diebold attempted in order to try and stop various internal emails detailing flaws in the machines being distributed around the web can be found here. Diebold's response to the problems has been far from reassuring as the threatened legal action illustrates. But it gets worse, since according to the above article:

The state of Maryland, however, commissioned an investigation of the Diebold machines by SIAC. SIAC found 328 security weaknesses; of those, 26 were designated critical . Among the problems: Diebold doesn't encrypt vote totals before they are transferred to the Board of Elections over the Internet. Diebold's response is far from reassuring, as the Washington Post reported:

"Further, as a result of the review, Diebold has rewritten its software to include better encryption coding and harder-to-crack passwords. The encryption and password upgrades will be made only for the machines destined for Maryland , [Diebold executive Mark] Radke said, and would not be available for the 33,000 touch-screen machines already in use elsewhere."

So there you have it: the squeaky wheel gets the grease. Diebold will fix Maryland's machines, but everyone else in America will continue to suffer from hundreds of security holes, 26 of them critical. Feel better?

Of course, anyone that really cares about security knows that a system has to be built with security in mind from the get-go. You can't just bolt security on top of a system after the fact and assume that the any problems will be fixed. But that's exactly what Diebold proposes to do. They told us to trust them before, and now they're asking us to trust them again. How trusting are you?


The above articles paint a very worrying picture about the way electronic voting is shaping up in America and suggest other countries should be very careful and cautious about e-voting. It seems to me that the any moves towards e-voting should involve the following requirements (based on the list in the security focus article):

* the use of open source software that is open to scrutiny by anyone

* the voting machines must pass thorough testing to ensure security and reliability

* the voting machines must produce paper copies of the votes, verified as accurate by the voter, to be used for auditing purposes.

* voting machines must be usable by the disabled.

* Surprise recounts must be held in a proportion of randomly selected constituencies in each election.

* voting machines must only communicate with other systems in order to report vote totals. Incoming communication from other systems should be forbidden.

At any rate, until trials have shown that electronic systems can be used reliably without opening up scope for manipulation of the voting process, we should stick to paper ballots.

Tuesday, December 02, 2003

Labour issuing more gagging orders than the Tories

The Guardian reports that:

Ministers in Tony Blair's government have issued more official gagging orders than the previous Conservative government, figures show.

The rise in the controversial orders - which keep secret Whitehall documents in court cases - has occurred despite official assurances that their use would be curtailed.

Ministers signed 100 public interest immunity certificates (PIIs) in the five full years since Mr Blair came to power in 1997, compared with 70 under the previous five years of the Tory government.

The figures have been collated from lists of orders obtained during an investigation by the BBC's File on Four programme, which will be broadcast tonight on Radio 4.

Rules introduced in the wake of the arms-to-Iraq affair in the mid-1990s were supposed to reduce the volume of such orders.

While in opposition, Labour made political capital by criticising Conservative ministers for exploiting gagging orders to suppress politically embarrassing evidence. Sir Richard Scott, during his inquiry into the arms-to-Iraq affair, delivered a scathing attack on the abuse of such certificates.


So much for their commitment to freedom of information and open government.

Saturday, November 15, 2003

ID cards and biometrics

Fiona McTaggart, a govt minister and former chairwoman of Liberty, defends ID cards in a Guardian article. An excellent rebuttal can be found at spy.org.uk's blog, and the Guardian's letters section also contains some excellent points. An interesting section from the spy.org.uk rebuttal is this:

Here we go again, the repetition of the false claim that biometrics are somehow unique. Not even the people with a vested commercial interest in selling the technology dare to make that claim. Your "biometric characteristics" may be reasonably individual to you personally, but that is not the same as saying that what ends up inside a Smart Card or database is "unique" or "unforgeable".

The specious reasoning goes along the lines of: if your Smart ID Card ever gets lost or stolen, there would be no need to worry, since, for example your fingerprint biometric would make it impossible for anybody else to use it, thereby crushing Identity Theft.

Leaving aside the statistics of False Positives, False Negatives, and the small percentage of people with no usable biometric at all (tens of thousands in a population of 60 million) the fact is that you leave your fingerprints all over your ID Card. There is a very high probability (around 80%) that latent fingerprints taken off your ID Card could be used to construct a "false finger" which is sufficient to fool the finger print scanner.


Emphasis added. The point here is that biometric identifiers are compared with each other in a manner that is probabilistic. The higher the number of data points compared, the more certain you can be that a match is a real match but the less certain you can be that you'll get a match. Thus you have to trade off the false positives, getting a match on biometrics from 2 different people, against the false negatives, failing to detect that two biometric readings are from the same person.

Now if someone claims that they've got a false positive rate for a particular biometric system, of 1 in a billion this might sound like it will give real certainty and allow a national identity register to be created in a manner that prevents people from applying from multiple identities. They'd reason that in a population of 60million, a 1 in a billion chance of a false positive is safe. They'd be wrong.

To compare every person's biometric with every other person's biometric (as would be required to create the database in this manner) would involve (60,000,000 times 59,999,999)/2 = 1,799,999,970,000,000
comparisons. For each comparison there's 1 billionth of a chance of getting a false positive. You'd therefore expect
1799999.97 of those comparisons to return a false positive match. That's roughly 1.8million false positive matches. Note that that does not involve 1.8million people, but rather 1.8million comparisons.

In other words, you can guarantee that there will be a large number of false positive matches as the database is assembled. Without a means of determining whether a positive match is a true or false positive, you won't be able to prevent people from creating multiple identities on the system. Worse, if you concentrate on getting such a low false positive rate, the false negative rate is likely to shoot up, making if even more likely that if someone did try to get multiple identities on the system, their attempt would not even show up as a positive match. And note that the false positive rate needs to cover software glitches, hardware glitches and human error too. Also, if you double the size of the population you roughly quadruple the number of comparisons.

It seems to me that without a solution to this, the idea that a national ID card can provide a secure and reliable means of verifying identity is simply a mirage.

Tuesday, November 11, 2003

10 reasons why the govt's ID cards plan will not work

"Clandestine entry and working in this country, the misuse of free public services, the issues around organised crime and terrorism - all these issues will be the ones for years to come."

Blunkett's statement above (see this report from the Guardian) sums up the reasons the govt claims the ID cards are necessary. Below are 10 reasons why I believe the plan will not deal with any of these problems.

1. The govt has to issue the cards to us. They will therefore need to ask for existing ID documents to prove who we are. The cards will therefore be no more reliable a means of identification than the weakest existing documents that are sufficient for the govt to issue the new cards.

2. Terrorists, and organised criminals, can simply, forge, fraudulently obtain, or recruit people with ID cards. Suicide bombers are not known for repeat offending.

3. Illegal immigrants will simply avoid contact with the authorities (e.g. work for "cash in hand") until they've managed to forge or fraudulently obtain ID cards.

4. Benefit fraud due to false identity has been estimated at £20-£50 million per year. ID cards are estimated to cost at £1.6 billion a year to implement. On these figures the cards will cost at least 30 times as much as the benefit fraud they could prevent. These are govt figures. See the commons debate on ID cards.

5. The govt will be creating a single card that can be used for accessing public services, travelling abroad, proving eligibility to drive, applying for jobs, proving legal residence, etc. It could easily end up being required for opening bank accounts, taking out loans and mortgages and anything else where identity is considered important. Thus, if the card becomes accepted and trusted in the way the govt intends, to pretend to be you in ALL these areas of life, criminals will only need to successfully forge one document.

6. By creating a central database of personal information, used to back the ID cards, the govt will create a single target that can be attacked by criminals to obtain the necessary information to track you down, pretend to be you, forge records for forged cards,etc.

7. The govt has a hopeless record on creating computerised databases, e.g. consider this Guardian story about the Courts' computer system.

The odds are the ID system will be ridden full of bugs and errors, cost considerably more than currently claimed and will fail to work.

8. The govt claims biometric identifiers will make forgery impossible. This is simply false. Biometric identifiers do not work 100% correctly. Forgers can obtain or forge blank cards and download their own biometrics onto such cards. Biometric identifiers can also be stolen and forged themselves. They might make things difficult in which case a weaker part of the system will be attacked (e.g. the documentation to acquire the cards).

9. Identity theft currently occurs where people gain enough sensitive information to pretend to be someone else. They gain this information from a variety of sources, e.g. from thrown out bank/credit card statements, from restaurant receipts, from customer databases etc. ID cards will not close off all these options and will create new options.

10. Illegal workers need only avoid contact with the authorities to avoid the need to produce an ID card. Even if ID cards were compulsory to carry, the opportunities for forging or fraudulently obtaining the cards would be still be available.


Further reading:

Richard Hallam MP has written an excellent article in his blog.

The Register has an excellent article here.

ID cards -- the next steps is the govt's latest document outlining the plans.

STAND is worth looking at too. And don't forget to try some of the links on my sidebar...

Big Blunkett announces incremental plan for national ID cards.

The BBC and the Guardian report that Blunkett has outlined his plan for national ID cards. In the face of cabinet splits over the issue, he is going for an incremental approach to introducing the cards.

According to the govt's new document on the subject the national ID cards will be introduced in 2 phases. In phase 1, a new national identity register will be established, passports and driving licences will be replaced by cards carrying biometric identitifiers (e.g. fingerprints or iris scans) starting in 2007/8, a voluntary ID card for those without passports or driving licences will be made available and mandatory ID documents containing biometric identifiers will be introduced for foreign nationals staying in Britain for more than 3 months.

In phase 2, after a full debate and a vote in parliament, the cards will be made compulsory to own and access to public services will require presentation of such a card. The cards will also be required to apply for jobs legally.

Blunkett is trying desperately to justify this claiming the cards will make identity theft impossible (which is simply false -- biometrics will not prevent forgery or false application for the cards) and asserting they're necessary without explaining why. Moreover the new govt document on this topic repeats a lie about the govt's earlier consultation on entitlement cards. The document states:

Of the 5000 people who responded formally to the consultation, 4200 expressed a view. Over 60% of these were in favour. We also received over 5000 emails from an organised opposition campaign. Over 96% of these were opposed.

But the 5000 emails referred to were sent by individuals responding to the govt constultation via the STAND website, and thus were a formal part of the consultation. It is simply disengenous to separate these from the other responses since they were sent via the gov'ts formal channels for the consultation and involved individuals making their own mind up to oppose (or support in some cases) the cards.

For some detailed criticism of the cards, this article in the Register is worth a look. The Stand website also has good material including more detail on the spinning and lies over the results of the consultation exercise. Finally, Samizdata and White Rose also comment on this.

Thursday, November 06, 2003

And the Tories think this man will be taken seriously...

We are here to serve - the syllable at the heart of our party and the heart of our jams. Lovely strawberry preserves to spread on toast. Mmmm! Mmmm!

Well, OK, I admit it, Mr Poll Tax Michael Howard did not say that. He did say something almost equally stupid however:

We are here to serve - the syllable at the heart of our name, and at the heart of our purpose.

Choose a different syllable and you'd get "We are here to con...". This is the highlight of a speech full of meaningless waffle. What a great start. Blair must be quivering in his boots. Time will of course tell whether Dracula Howard can do the job, but he'll need to do better than this or he may resemble Count Duckula more than Count Dracula.

Commons debate on ID cards

White Rose highlighted a House of Commons debate held on ID cards. It is well worth reading. The news reports suggest that a draft Bill will be presented in the Queen's Speech with a view to legislating later. The govt seem to be heading for an incremental implementation of such a card. This issue doesn't seem likely to die any time soon.

Saturday, November 01, 2003

Courts approve use of Terrorism Act against peaceful protestors

Back when the Terrorism Act 2000 was merely a bill, Jack Straw, the Home Secretary at the time, reassured us that "There is nothing in the bill that will interfere in the right of people to protest peacefully, " and "The legislation is not intended to deal with alleged offences properly dealt with under the existing criminal law. Neither will it in any way curb individuals' democratic rights to protest peacefully."

So of course it came as a complete surprise (NOT) when the Terrorism Act 2000 was used against peaceful protestors in London. Still given Straw's reassurances and the fact the current Home Secretary David Blunkett does not control the police directly, it might seem only fair to wait for the outcome of the legal challenge. Well the courts have upheld the use of the Terrorism Act in these circumstances. So much for the reassurances given by Straw when it was a bill. It is worth remembering why he gave the reassurances. It's all down to the definition of terrorism, which states:

1. - (1) In this Act "terrorism" means the use or threat of action where-
(a) the action falls within subsection (2),
(b) the use or threat is designed to influence the government or to intimidate
the public or a section of the public, and
(c) the use or threat is made for the purpose of advancing a political,
religious or ideological cause.

(2) Action falls within this subsection if it-
(a) involves serious violence against a person,
(b) involves serious damage to property,
(c) endangers a person's life, other than that of the person committing the action,
(d) creates a serious risk to the health or safety of the public or a section of the public, or
(e) is designed seriously to interfere with or seriously to disrupt an electronic system.

(3) The use or threat of action falling within subsection (2) which involves the use of firearms or explosives is terrorism whether or not subsection (1)(b) is satisfied.

(4) In this section-
(a) "action" includes action outside the United Kingdom,
(b) a reference to any person or to property is a reference to any person, or to property, wherever situated,
(c) a reference to the public includes a reference to the public of a country other than the United Kingdom, and
(d) "the government" means the government of the United Kingdom, of a Part of the United Kingdom or of a country other than the United Kingdom.

(5) In this Act a reference to action taken for the purposes of terrorism includes a reference to action taken for the benefit of a proscribed organisation.


Clearly, this definition covers acts of mere civil disobedience, or even threats thereof. It seems clear to me the police could argue that any demonstration involves a threat of "terrorism" so defined, since some of the protestors might try to damage property or threaten to do so through civil disobedience. Once the police get approval to stop and search on this basis, they have the power to search anyone for articles that might be used for "terrorism", e.g. anything that could be used to damage property, or for disrupting an electronic system -- a faxable document for example, mass faxing being a way of disrupting a fax machine which is an electronic system.

The irony is that the trading of arms is far more likely to have involved real terrorists or the risk of such arms falling into their hands than the protests against the trading of arms going on outside the fair.

The moral of the story is that govt assurances that legislation is not intended to be used in certain situations are worthless when the legislation explicitly allows such usage. Bear in mind the above definition of terrorism, and look over the offences in the Terrorism Act 2000 and ask yourself how easy it would be to arrest perfectly innocent people as "suspected terrorists". A more detailed article on the Terrrorism Act can be found here.

Thursday, October 30, 2003

On the Tory party

Looked at objectively, solid progress was being made by the Tories under IDS' leadership. They'd gone from -20 to level pegging and better, in the opinion polls. They'd stopped fighting over Europe. They did well in the 2003 local elections, arguably better than any of the 3 major parties. At their conference they'd even presented a range of solid, well thought out policies on health, crime and education. On top of that, Labour's lost it's look of invulnerability -- the public no longer trusts the PM and the govt has actually looked vulnerable for the first time since it was elected. Thus it was looking as if the Tories might actually have turned a corner and be ready to come out fighting for the next general election.

So what happens? The knives come out and they remove their leader from office. Just when it appears they're on to something, just when the govt is faltering, they demonstrate to the electorate that theyre still preoccupied with their internal squabbles and to anyone wishing to lead them that they might as well herd cats for a living.

This is not to say that IDS was a stellar choice for leader, but he was doing the right things for the Tory party. Under his leadership the Tories were repositioning themselves, coming up with new ideas for governing the country, inching their way to producing a coherent alternative to Labour, to presenting themselves an alternative govt with a clear vision of what they're for and how they'll govern. He didn't have a great deal of charisma, but ultimately that matters less than having the right ideas. With practice, IDS may have overcome his problems in public speaking and moreover could have delegated his more capable public speakers to sell the message where it mattered. Besides people may well be fed up with the smooth speaking charisma of Blair and the lack of charisma might actually make people more inclined to trust IDS.

So where now for the Tories? ISTM their best bet is to unite quickly around a new leader and carry on with the strategy IDS set out. This will probably still see the party set back effectively 6 months whilst people get used to the new leader but is the best option. Spending a month or two with an actual contest is likely simply to reinforce the impression of a party still obsessed with internal factional fighting. But which leader? Elect Ken Clarke and watch as Blair calls a Euro referendum in order to see the Tories implode. Michael Howard is looking likely, but his public image in the last Tory govt was hardly positive and moreover he presided over the attacks on civil liberties that opened the door for Labour to do even worse. Portillo does not seem to want the job. As for any other candidates, they're mostly unknown quantities, which may be a good thing or a bad thing.

At any rate this is a crucial period for the Tories, it may make the difference between being returned to power some day and going the way of the old Liberal Party.

Sunday, October 12, 2003

ID cards dropped from Queen's speech?

I spotted this on White Rose. According to the Observer Downing Street is to dump plans for ID cards, apparently because it would "close to useless" for fighting terrorism a point that has been made by opponents of the cards all along. Indeed the Observer report makes some very familiar points:

The move comes after a new report revealed that there are serious concerns at the Home Office that the scheme would be dogged by security and cost problems and that its introduction would do little to help the war on terrorism. Such arguments were a central part of the Government's case for ID cards. Blunkett also said that it would mean only those entitled to do so would be able to use public services.

Critics point out that it is already possible to check National Insurance numbers or passports of people who use the NHS without the need for a new form of identification which could cost each person £40 under a compulsory purchase scheme.

The report also says that legitimate British citizens trying to use their ID card for public services such as a visit to their GP or to book a place in their local school could be barred because of high 'false reject' rates of ID cards.


If the govt really is dropping this it is good news, though I wouldn't be surprised to see them return to the agenda later.

Wednesday, October 08, 2003

The Tory conference

One of the depressing aspects of British politics at the moment is the fact that the opposition parties seem to be rather hopeless, thus ensuring that Labour can do what it likes, and reducing the opportunities for sold criticism and scrutiny of legislation. So I've taken some interest in the Tory party conference to see if there are any signs that they might be turning the corner and beginning to recover from the defeats of 1997 and 2001.

It seems to me that on the policy front, they do have some bold ideas and are well placed to take the govt on if they sort out their other problems. Not that everything they've announced has made sense. But 3 initiatives in particular are intriguing.

The idea of making police forces accountable to local communities via an elected sheriff is a bold decentralist move which reduces the power of the central state and helps to ensure the police will be the servant of the people as they should be.

School passports, whereby parents can choose which school to send their kids to, and the school chosen receives the money, seems to me a good way of putting power into parents' hands and using market forces to improve school standards. Combined with less of the stalinist use of targets and directives to control schools from the centre, this should lead to steady improvement in school standards over the long run.

Finally the patient passports look set to ensure a similar power for users of the NHS.

Of course there are details to work out with the above policies, but a clear theme is emerging of decentralising power to communities and individuals in the public service, which IMHO is all for the good.

However the Tories still seem to be bedevilled by infighting, conflicting signals (promising to cut taxes, whilst promising pension increases and 40000 police officers) and their leader's inability so far to articulate a coherent message for the electorate and otherwise hold the govt to account.

Also I would like to see a commitment to restore the civil liberties trashed by the current govt, e.g. a commitment to restore jury trial should the govt's criminal justice bill get through parliament, a commitment to ensure effective oversite of the powers of surveillance exercised by various govt agencies alongside the means to ensure accountability on the part of those agencies' use of those powers.

The Tories often talk about promoting individual freedom, if they're serious they should promise a restoration of civil liberties alongside the reduction of centralised state power.

Friday, October 03, 2003

On the spot fines for parents of kids off school.

The BBC reports that the govt plans to introduce on the spot fines of £25 to £100 pounds to parents when found with their kids out of school without the school's permission. The fines can be imposed by head teachers, council officers or the police. The fines are as follows:


  • £25 - Parent agrees absence unauthorised and pays in 14 days

  • £50 - Parent does not agree absence was unauthorised and pays in 14 days

  • £50 - Parent agrees absence was unauthorised and pays in 28 days

  • £100 - Parent does not agree absence was unauthorised and pays in 28 days



Note that disputing that the absence was unauthorised will double the initial fine. This proposal would thus see parents fined if, for example, the school failed to record the authorisation or, worse, if a head teacher or police officers was abusing his or her powers. The cost of going to court to challenge these fines would likely be more than the fines themselves, leaving the imposition of fines open to abuse.

657 days in prison without charge or trial.

Just to remind people that when the British parliament passed the Anti-Terrorism, Crime and Security Act 2001, the govt obtained the power to detain foreign nationals resident in Britain if the Home Secretary signed a certificate saying they were "suspected international terrorists". Liberty have been campaigning on this and point out that (as of this writing) there are several detainees who've spent a total of 657 days, 1 hour and 53 mins in prison under this legislation. Note that:


  • appeals cannot be made to normal British courts -- a special committee, the Special Immigration Appeals Committee, is in place instead operating under different procedures, thus the normal protection of the law is not afforded to these detainees. Proceedings of this committee can take place in the absence of the detainee, the detainee's lawyers, or both. Evidence can be given in the absence of the detainee and/or his lawyers. The reasons for decisions can be withheld.


  • No other European state has felt it necessary to introduce such powers to combat terrorism.

  • The detainees can be denied access to lawyers and families and have been denied such access for long periods.



This document from Liberty discusses Britain's anti-terror laws more generally and contains considerable detail on the internment measures. CAMPACC have a web page on the ATCS Act here. My own writings on Britain's anti-terror laws can be found on Magna Carta Plus.

Finally, I should mention that on uk.politics.misc Alan Goss has been highlighting this issue periodically.

Wednesday, October 01, 2003

ID cards: It looks as if they're serious...

Several reports appeared over the period I was in the US regarding ID cards. Taiwan has finished rolling out 22 million Java-based ID cards according to White Rose, and Thailand is planning a similar card for its 61 million citizens. Scottish secondary school pupils are to be issued an ID card according to a Scotland on Sunday report (thanks again to White Rose for highlighting this). Tony Blair apparently thinks ID cards might protect civil liberties, whilst the Guardian reports that plans are afoot to create a unified population database.

All this suggests the govt are serious about introducing ID cards, despite some reports of splits in the cabinet over the issue. Clearly the practical problems that could affect ID cards can be overcome as Taiwan has shown. The govt's own consultation suggests making driving licences and passports double as ID cards, enabling the roll-out to exploit the renewal and updating of these documents that already occurs, with a new ID-card being issued to those without. Such a process would minimise the costs associated with issuing the ID cards, although creating the unified population database will not be trivial. I will not be surprised to see a bill in the forthcoming Queen's Speech.

I don't believe for a minute they'll have any real impact on crime, terrorism, benefit fraud, illegal immigration or any other excuse the govt has for introducing them. There's no evidence that those countries who have ID cards have had any more success at dealing with such problems than those who don't. Even if the cards are difficult to forge, people could get hold of them by forging the documents needed to obtain them. Such a large database will contain numerous errors, and will also be a target for organised criminals wishing to extract or modify the database for their own purposes. Illegal immigrants could simply arrive without contacting the authorities, work on the black market and fraudulently obtain the cards by forging the documentation to apply for them. The vast bulk of benefit fraud comes from misdeclared circumstances, not false IDs.

Those opposed to this might like to visit this site.

Daleks beware...

...Dr Who is set to return to BBC TV by 2005, according to this Guardian report. Yes I admit it, I am a fan of the series. I hope they do a good job of it, I'm glad the people involved seem to be an entirely new team -- I feel one reason the show died in the 1980s was it got stuck in a rut. I hope the new series does for Dr Who what Star Trek: The Next Generation did for Star Trek -- update a classic sci-fi show for a new era, retaining the essentials of the original but carving a new furrow all of its own. Just a few requests: No wobbly sets, give Paul McGann a second chance (the TV movie was cheesy, but he played the role well nevertheless), don't dwell on the past, be original and aim for solid scifi drama.

I guess that's one for the "anything else that takes my interest" section!

Comments restored

As you'll now see, it is possible to comment on articles again. Sorry about the interruption in service!

Wednesday, September 24, 2003

A note on comments

You might have noticed that the comments and the ability to post them have disappeared from my blog. This is due to me having to reconstruct my template after trashing it recently. Unfortunately I forgot to re-include the comments. I'll do so on return from my US trip on the 1st October. In the meantime sorry for the delay and inconvenience this may cause! The perils of being a novice blogger...

Guardian columnist supports ID card

David Aaronavitch argues for ID cards in the Grauniad. I'd write a dissection of this except that (1) I'm rather busy on a trip to the US (2) www.spy.org.uk's blog has done a superb job.

So I'll note that as per usual, this advocate of ID cards claimed they'll help with fighting crime, benefit fraud, etc without providing any solid arguments or evidence that they will do so. The fact that most EU countries have ID cards is in fact prima facie evidence they don't help with such problems -- none of the EU countries have seen a reduction in crime, benefit fraud, etc as a result of adopting them. Anyway read Spy.org.uk's blog for more details...

Friday, September 19, 2003

Polling booths to be abolished for local elections

I almost missed this but for taking a trip over to Samizdata's weblog. A brief report in the Telegraph states that John Prescott is to abolish polling boths in local elections in England and Wales, apparently because postal balloting increases turn-out.

Now it seems to me that the problem with postal balloting is that you can never be sure the person filling in and posting the ballot form is the person to whom the ballot was sent. At least with the polling booth, they can do some checks to make sure that you are the person who was supposed to get the form and check that you haven't already voted whether with your form or someone else. As for the turnout, certainly it seems to be up in areas using postal balloting. However the same report also states:

But the Free e-democracy project, a non-party political group which has a history of developing internet voting software, says there is no guarantee that results from e-voting or postal ballots can be trusted.

However I expect postal ballots to be popular with the politicians -- I'm sure election candidates will love going round to people's houses to help them fill in the forms, and then volunteer to post the forms themselves. Perhaps this explains some of the increased turnout?


Monday, September 15, 2003

Labour adds some more blocks to the British police state

Several reports over the last week or so illustrate how the govt is trying to turn "big brother" (that is Orwell's big brother, nothing to do with the silly TV show) into a reality.

The Telegraph and the BBC were among those to report two developments.

Firstly the revival of the ``snooper's charter'', whereby numerous govt agencies will be given the right to demand communications data -- who you email, which websites you visit, who you phone and the location of your mobile phone whilst switched on -- from telecomms providers. In the new form, 6 govt agencies will gain automatic access to this data on their own authority, namely the UK Atomic Energy Constabulary, the Scottish Drugs Enforcement Agency, the Maritime and Coastguard Agency, the Financial Services Authority, the Radiocommunications Agency and the Office of the Ombudsman for Northern Ireland. However hundreds of other bodies including local councils will be able to get access via making a request via the Interception of Communications Commissioner. The earlier form gave automatic access to all the bodies. Note that the police, MI5, MI6, GCHQ, Inland Revenue and Customs and Excise have had these powers since the Regulation of Investigatory Powers Act 2000 came into force. Note also that the fire services and ambulance services are to get these powers to combat hoax calls -- but surely there's no need for them to monitor email and website access for this purpose?

The second development is that the govt has published the so-called "voluntary code" for communications providers to store the above data for 12 months, so that the agencies with access to it can perform retrospective trawling. I say "so-called" voluntary code because the govt is threatening a compulsory code if the telecomms industry continues to resist the efforts to impose this.

The Guardian also reported on these plans.

So what will the likely impact be? The first point to note is that it will be trivial for terrorists or organised criminals to avoid being caught out by these plans. The options for doing so range from regularly buying and changing unregistered pay-as-you-go mobile phones, using anonymous internet accouts or accounts opened under false identities and regularly changing them, using face-to-face contact, "dead drops", sending communications by post and many other means of communicating secretly or anonymously. They could even steal mobile phones for the purpose. The implication thus is that the people who will be snooped on will be the law abiding general public and the stupid/technologically illiterate criminals.

But it does not end there. There is also the scope for abuse. A govt department, reeling under embarassing revelations uncovered by a journalist, may use access to this information to track down the journalists sources, or failing that, track down the journalists friends and acquaintances in order to put maximum pressure on the journalist. Another govt department might decide to find out who visits the websites for an opposition group, again with sinister motives in mind.

But it does not even end there. The govt is requiring telecomms providers to store this information for upto 1 year. Thus there will be multiple databases of varying degrees of security with this information stored on them, and staff to deal with them. The staff could be intimidated or bribed to get information for organised criminals or terrorists. The databases themselves may become the target of hackers.

So in return for a few stupid or illiterate criminals being caught, we are being asked to let the govt perform the electronic equivalent of tailing all of us for a year and storing the records of who we meet and where we go and then risking this information being used against us by numerous govt agencies, officials and even criminals. The Stasi would have been proud of such a creation.

Finally, another illustration of the mind set of this govt. The govt has published its green paper on children's services, ostensibly looking at better ways of protecting children. Many of the recommendations are sensible. But the govt couldn't help suggesting that every child be issued an ID card apparently for their protection. Quite why issuing ID cards to those who will never be abused will help isn't explained. But what is clear is that this will ensure that all children grow up accustomed to having an ID card, linked to centralised database with information about them shared between all and sundry in govt. Thus even if their plan to impose ID cards on us all fails now, they'll at least educate the next generation to regard them as "normal".

Wednesday, September 03, 2003

John Stevens claims ID cards "essential" in TWAT

White Rose, a civil liberties blog comments on a Reuters report that John Stevens, the Police Commissioner for London, regards compulsory ID cards as essential for fighting terrorism. Both White Rose and Samizdata provide interesting comments on this. E.g. highlighting the contrary nnature of Stevens' comments:

What I am totally against is the business whereby we can trace and follow people who have a normal life. But we do need to have the ability to identify those people who are around doing their business lawfully and those other people who want to create mayhem and effectively destroy our way of life.

So he is totally against tracing and following people who have a normal life but wants to identify people who are doing their business normally! For his purposes, he only needs to identify those who are terrorists and/or criminals.

However another of his statements deserves a response:

The excuse people say is that terrorists and organised criminals get round it. They might do. But in getting round it, it will identify who they are.

This is simply wrong. All of the hijackers on 9/11 had apparently valid travel and identity documents. "Getting round it" did not identify them as terrorists and in fact involved elaborately established false identities. And here's the nub of the problem. The possession of a valid ID card will not indicate whether you're a terrorist or a criminal unless you get convicted as such and continue to operate under that identity (without e.g. bribing officials to wipe the slate clean). Real terrorists will operate under false identities and recruit people who haven't got criminal records and won't attract attention to carry out their plans.

I have yet to see a single jot of evidence that ID cards will help at all with crime and terrorism. The govt has not provided any. Stevens hasn't either. According to Liberty there is in fact evidence that those countries with ID cards have not solved problems relating to crime, terrorism or immigration and have seen the fuelling of a criminal industry in the production of forgeries. Surely that suggests the ID cards could in fact make the situation worse?

The rise of a British police state?

This Guardian article was highlighted in a posting made to the uk.politics.misc usenet group, by Alan G. Apparently, Special Branch is now 2.5 times bigger than it was during the Cold War. Furthermore:

In addition to the growth in its size, the special branch "now has far more civilian staff and the means for mass surveillance of telecommunications and the payments of informers which it never had in those days," he adds.

In the run-up to the next EU summit in Brussels in mid-October, each special branch division in Britain will be expected to provide the names and profiles of activists who are expected to go to Belgium to protest, Statewatch says.


So Britain has a political police force keeping tabs on people who attend demonstrations, with powers to perform mass surveillance of telecommunications, growing to its largest level ever. And at the same time we've had the massive growth in CCTV (still largely unregulated) and a relentless eriosion of civil liberties by the current Labour govt extending back to well before 11 Sept 2001. The govt has enormous powers to invade our privacy, without any effective accountability. Maybe the term police state is a bit strong for the current situation, but the trend is clear -- Britain is heading that way.

Wednesday, August 20, 2003

More on the DNA database

For those who read my blog on the Scottish Police Federation's outcry against requiring recruits to submit DNA samples for the national database, don't get me wrong. I do think DNA fingerprinting is a useful tool and I do not object to DNA testing of suspects during the investigation of crime, especially serious crime.

What I object to is the permanent storing, without consent, of DNA samples collected from suspects and volunteers regardless of whether they get convicted of a crime or not. This amounts to placing members of the general public under permanent suspicion regardless of whether they have a criminal record or not. And, as the Scottish Police Federation realise, those who have their DNA samples on the database are at risk of being framed for crime by those who'd abuse the system. The SPF's objections when the police are demanded to give DNA samples, provide a stark contrast to the normally enthusiastic pronouncements of police spokesmen when the general public are demanded to give such samples.

Also, if samples can be permanently retained once given, regardless of whether a suspect or volunteer has been convicted or gives consent, this provides an incentive for the police and the authorities who maintain the database to get samples from people purely in order to have them on the database, and thus to arrest and charge people of a crime simply to get their DNA sample or to intimidate people into giving "voluntary" DNA samples. Those who think I'm being paranoid should take a look at this article from a local Sunderland newspaper:

Hundreds of men living on Seaham's Westlea estate are to be tested after DNA, believed to be that of the attacker, was recovered from the crime scene. Police say they will "look closely" at anyone who refuses to take the DNA test.

And:

The screening will take us a major step nearer to finding the person responsible," said Det Chief Insp Brian Tait, leading the investigation. He added: "Everyone who takes part will do so as a volunteer, but we would certainly look closely at the reasons offered by any individual who refused to help".

Thus refusing to take the supposedly voluntary DNA test will ensure the police "look closely" at you. In this atmosphere, it appears that every man in a certain age group must give a test (and thus be permanently on the database) or be treated as highly suspicious at best, despite the fact they claim to be searching for an attacker with certain characteristics:

The man being hunted is thin, about six feet tall and was wearing a dark mask, dark top with hood and slightly lighter coloured trousers.

As a result, a large chunk of the male population of Seaham's Westlea estate are about to have their DNA on the database permanently, and under some pressure, despite having committed no crime, and not being convicted or even being charged with a crime.

Of course, the police are investigating serious crime here -- the rapes of 2 elderly women. Of course if they have good reason to suspect someone of committing the crime they should be able to do a DNA test as part of the investigation. But what is actually happening, I grant most probably through the best intentions of the police to solve this crime, is that a large number of men will be tested and their DNA permanently stored, even though they had nothing to do with the crime.

The sad thing is that the actual culprit now has a strong incentive to leave the area to avoid this publicised exercise in DNA collecting. Of course there's no guarantee that if DNA samples had to be destroyed if the subject is released without charge or is acquitted, the police wouldn't do a blanket testing like this. However the incentive to do so is greater with the permanent storage of even voluntary samples, and it appears that the police are pressurising every man they ask in this "voluntary" exercise to give a sample or else. And for those who want everyone's DNA on the database these sorts of exercises provide a means of achieving this goal incrementally by stealth, as well as softening people up for the time when they make it compulsory.

Sunday, August 17, 2003

Scottish police "outrage" over demand for their DNA

The Scotland on Sunday newspaper reports that plans to require all new recruits to hand over DNA samples for a national database have led to a rebellion amongst Scottish police officers. This is in stark contrast to the enthusiasm usually shown by police spokesmen (e.g. see comments towards the end of this article) for plans to collect and retain the DNA samples of the general public without requiring us to be charged or convicted of an offence.

Surely the Scottish Police Federation has nothing to hide and therefore nothing to fear from this? At least that's the usual line taken when such measures are proposed for the public, but the slogan "nothing to hide, nothing to fear" is a slogan for fools. It assumes the innocent have nothing to hide, and implicitly assumes the authorities can always be trusted.

The Scotland on Sunday article does point out various dangers of having all recruits donate samples to this database, but surely these dangers equally apply to collecting and retaining samples from the public?

NB according to the article, since last summer new recruits south of the border already have to hand over DNA samples.

Friday, August 15, 2003

Police incompetence leads to proposal for new law (revisited)

A point I should have made about the situation regarding the "comedy terrorist" has been made very eloquently by the White Rose blog in this article.

As an exercise for the reader to illustrate the point about the number of laws being created by UK govts, I invite them to total up the number of clauses in all the Acts of Parliament created since 1997 by the Parliament in Westminster. You can find all Acts of Parliament passed since 1998 online here. Now ask yourself how many of those clauses you were aware of prior to the exercise, how many you can memorise in one go and, for those willing to spend a ridiculous amount of time on it, how many you can actually understand without reference to earlier laws...

And now ponder the consequences of the idea that ignorance of the law is no defence in criminal trials...

NB for a simpler exercise one might take particular note of the number of bills related to criminal justice, terrorism and policing have been passed since 1997, but then how do you know that other bills haven't created offences you need to be aware of?

Police incompetence leads to proposal for new law...

According to this report from the BBC Aaron Barschak, the self styled "comedy terrorist", set off 6 alarms and was pictured on several CCTV cameras prior to gate crashing Prince William's recent birthday party.

In other words, the police were hopelessly incompetent at stopping an uninvited guest from gatecrashing a royal party. The report recommends a new offence be created to cover situations such as this.

Severe incompetence by the police will become a criminal offence. Nope, sorry, scratch that, I tried to make a logical deduction as to what offence could possibly prevent Barschak or a real terrorist from doing what Barschak did or worse. Actually, the new offence will be trespassing on royal or govt property. What good will this do if the police remain so incompetent?

Alternatively, if the police get their bottoms in gear and provide proper protection, why on earth would such a law make a difference?

Is it just me or is this proposed law mere window dressing?

Thursday, August 14, 2003

Prizes for everyone?

Apparently A-level pass rates are now at 95.4% in England and 96.4% in Wales. When will the govt admit that A-levels might just have become a tad easier than a decade or two ago? When the pass rate reaches 100%?

Manipulating inflation.

Today, The Guardian reports that the Chancellor's recent decision to adopt the measure of inflation used in the Eurozone is causing the Bank of England some problems. For example:

As Mr King said, when the switchover occurs in November's pre-Budget report, the Bank will have to explain to the public why inflation, which was above target and falling, is now below target and rising. Threadneedle Street may be forced to print two versions of the inflation forecast, one based on the new measure and one on the old.

All this raises an interesting question. How on earth do we know what the real rate of inflation is?

The Eurozone measure is lower, according to the report, apparently because it excludes housing costs. The retail price index the BoE currently uses also excludes, e.g. wages and stock market prices. In other words neither measure involves a complete survey of prices and both miss out significant factors.

The problem here is that inflation involves a general rise in the prices of goods and services caused when the amount of the currency concerned increases relative to the amount of goods and services being traded. A partial measure of price rises will not produce an accurate picture -- prices of some products may rise whilst others fall. Indeed if the supply of currency remains static, then a price rise in one sector of the economy will be balanced by a fall in prices elsewhere. The govt statistics give a distorted picture of this. And isn't it convenient for the Chancellor that the adopting the new measure of inflation will suddenly see Britain meeting it's inflation targets again?

(See this document for a deeper discussion of inflation.)

Friday, August 08, 2003

ID cards: New Labour's poll tax?

Over recent weeks there have been several reports about the British govt's plans for a national identity card, e.g. this report in the Telegraph.

According to the Telegraph's report the ID card will cost £25 pounds and will be compulsory to own (I've seen other reports suggesting it would be £39 pounds). Quite why issuing 50 million pieces of plastic to everyone over 16 will help at all with fighting terrorism, crime, illegal immigration, health tourism or benefit fraud is something that no-one has managed to adequately explain to me. If our current forms of ID don't suffice for these purposes, then how are we to issue such cards in a manner that will make them any more reliable? After all in order to issue the card, the govt will need to ask for proof of ID and all we have is the current stuff. Thus even if the card is made more difficult to forge than any current form of ID, the documentation required to obtain it won't be.

However aside from whether the cards are of any real use or not, there are serious logistical problems to be overcome in the issuing of these cards and the maintenance of the database, and the govt has not had a good record on large-scale computer projects to date. To issue 50 million cards over 13 years (and that's just to cover the existing population over 16, never mind additions from births and immigration) will require an average of over 10500 cards to be issued each day, along with a database entry. Is the govt seriously saying it can make even remotely adequate checks on applicant's identities if they're planning to issue these cards at an average rate of 439 cards per hour?! Note this calculation assumes applications being processed for 24 hours a day, 7 days per week and 365 days per year for 13 years. And the govt's record on large scale computing projects is atrocious -- most of them fail, the few that don't run way over budget and suffer all sorts of problems before creaking into a semblance of workability. This project would dwarf them all.

Margaret Thatcher finally came a cropper over the famous "poll tax". These proposed cards would literally be another poll tax -- a tax on mere existence -- because it would be compulsory to own one and the govt plans to charge you £25 (or £39) for the privilege. I suggest that if the policy was seriously pursued it may even turn out to be a poll tax in the figurative sense of a disastrous and unpopular policy that deeply damages the govt of the day, forcing them to relent...

Welcome

Welcome to James Hammerton's blog. At this blog you will mostly find commentary on politics, typically British politics and/or civil liberties.

I am particularly concerned at the erosion of civil liberties, which in Britain at least predates Sept 11th 2001 and which has accelerated markedly since then. Of course we should deal with the terrorists, but many measures seem to me of doubtful value (e.g. proposals for a national ID card and overly broad legal definitions of terrorism) for that purpose and designed simply to increase the power of the state over the individual.

In the absence of an archive of blogs from me to review, you can get a flavour of my take on these issues at my website, http://www.tardis.ed.ac.uk/~james and via my essays at www.magnacartaplus.org. I also post regularly to uk.politics.misc.

Finally, I'll add that many things have taken my interest over the years so from time to time I may blog about something entirely unrelated to the above!

James