Dropsafe

by Alec Muffett

A primer on the failings of British ID cards

If you ever feel the need to find or cite an introduction to the British ID Card proposition, and of the likely failings, weaknesses and actual threats of it, my friend and colleague Dave Walker has posted a clear and concise summary which I recommend to all.

The matter of ID cards came up at the weekend party where Brian Mickelthwait and Antoine Clarke amongst others were trying to compose arguments in favour of cards, so as to “think like their opposition” and put themselves ahead of the game; I recommended against this activity because I don’t think it’s wise to let your opponent know your own perceived weaknesses and prefer to think on my feet instead, but by then there was enough booze in the air that cynical debate was not going to get airtime.

Incidentally, as I remember it, the pro-card argument put forth by Brian was that the Police will be happy with identity cards, even forged identity cards, because frequent demanding presentation of identity cards will leave a breadcrumb-like trail of activity behind any miscreant. I believe Forsyth’s “Day of the Jackal” was presented as example of this.

To me, this has a pair of fairly obvious complementary counterarguments in snowballing – viz: carry enough disposable fake identity cards and use them one time only – which makes this argument redundant; and/or the unwearable social and financial cost of a strongly functional technological infrastructure to check cards online and in real-time, not reliant upon human inspection of a photograph for authentication, with associated “mandatory-carry” and frequent checking requirements beyond the “mortgages and job applications” we currently hear mooted.

But hey, what do I know? I’m only a computer security geek who builds that sort of thing for a living – not a political commentator. 🙂

Comments

One response to “A primer on the failings of British ID cards”

  1. Antoine Clarke
    re: A primer on the failings of British ID cards

    Thank you for being my 10,000th hit (on antoineclarke.blogspot.com)!

    I can see why the debate between Brian, you and me was so frustrating.

    Neither Brian Micklethwait nor I are in favour of the sort of identity cards that are being proposed by the UK government. The databases will not be accurate, they will be either forgeable, or stealable, or hackable, or someone will simply bribe or blackmail a technician to alter or delete records.

    So even if the argument for freedom were simply ignored, the exercise is pointless considering the enormous costs involved.

    However, unlike most people who oppose electronic ID cards, I do not stop there. I ask myself “what kind of system could a government introduce that would help in counterterrorism activities?”

    Here, I admit that if a bank employee, security guard, car rental clerk, hotel receptionist, airline check-in operator, has to look at a card with a photograph, name and date of birth, then look up at the person with the piece of card, there is a much better chance of remembering the face and the alias of a suspect.

    Note that I specifically DON’T CARE what name is on the card. Even if a terrorist has, say 50 of them with different aliases, each one of them leaves a trail. Detectives can track down someone by following up aliases, because sooner or later a composite will emerge. And unless there is a random pattern to the alias selection – surely not at all easy, if the identity is going to stand the most basic scrutiny (“is there a birth certificate?” “is there such a person on the electoral roll?” “does the bank card name match the id card?” “did we find 50 other id cards in his pockets when we searched him?”) – then the very aliases can divulge information. The more aliases, the more data.

    So I tried to say, in effect: “if we are going to have ID cards anyway, because the police, MI5, the government are all hell-bent on it, we should have just a piece of card, with the name, date of birth, place of birth and place of issue of the card on it, and a photograph stapled on.”

    If you’re going to have a card that’s forgeable, a database that’s flawed, might as well spend as little on it as possible. And rely on the only thing that actually disrupts terrorism ops: human intell.

    I expect that that my proposals would fail to prevent terror attacks, most of the time. but they would allow the trail to be followed and support networks rolled up. Which is all I think you can plan for.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts