22 August 2017
Dean Procter

Dean Procter

Dean Procter - Transinteract

330Posts 1,049,072Views 471Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

Government ID-iot Card DNA Database Back By Stealth

09 October 2009  |  4270 views  |  5

The lurking danger of the DNA database and Government ID card systems.
Governments are courting disaster. At a time when we're all even more concerned about governments wasting money they are trying to sneak in the ill-conceived National ID card schemes.

Democracy is being undermined as governments try to play the terrorist fear card in an attempt to get us to accept the un-democratic identity card.

Identity is essential. It is essential to have the mechanism to prove someone is who they say they are but NOT JUST FOR 'OFFICIALS'. Governments are trying to put into place a system which instantly puts democracy in danger. The citizen will be at the mercy of any card reader carrying impostor while the government and the 'approved' corporations get to demand everyone else flash their card at will (and criminals copy it in the streets).

No protection for my mother when the impostor policeman, government official, council employee, utility worker - comes to her door and demands to 'interrogate' her identity card. How will my mother and your mother be able to tell that the 'official looking' person is REAL? She won't. How will you be able to tell whether that cop is really a cop? Where's the mechanism? Governments are creating a system where citizens will just be more vulnerable.

Governments are actually playing right into the hands of criminals and terrorists with these appalling schemes. Simple DNA signatures are easy to fake. What will the government's response be? More complex DNA records. Why not go the whole hog? They will.
Already there are researchers working on DNA weapons - imagine a disease which only killed Jews, or Arabs, or even a particular family group? More easily imagine a despot or even a terrorist group who target on the basis of your DNA record conveniently stored and catalogued by the same government that loses your data, state secrets and more credibility every day? Science fiction? Hardly, it is no more difficult than using DNA to fight disease.

Give me one proof that 'super-criminals' won't be able to fabricate DNA 'evidence' to shift blame for their crimes onto others?
Governments? Terrorists?

DNA fabrication, duplication and a host of other little tricks are already in use in labs where making up a 'copy' of someone's DNA is little more than leggo-type play.

'Smart Cards' have never been smarter than hackers. At the very least the psychological effect on the citizenry with only the 'man' being able to demand or prove your identity will probably give birth to our own crop of home-grown terrorists.

The Government has only looked at the issue from their (or certain lobbyists) perspective and totally disregarded the dangerous and negative impact that their scheme will have on those they are supposed to be serving, and protecting while ignoring that truth that the ID card system will not make a single person safer, nor will it make government services easier or cheaper to provide.

There are no advantages at all to the citizenry in the current ID card scheme.
Identity must be democratic - that is  - you must be able to use it equally.

As for the ridiculous technology chosen - the smart card - there is already plenty of information out there about its unsuitability to the task and the only smart 'card' I ever saw was a comedian, and not the idiot who came up with the ID card scheme.

I'm not against identity - I evangelise ID's essentiality - but please save democracy and save us from the Government ID-iocy Cards.

Don't let your government undermine your democracy.

***I note with some suspicion and dismay that the US isn't allowing prisoners to have their DNA tested to prove their innocence in a crime they may have already been convicted of, yet they're only to happy to collect and analyse anyone else's DNA. How does the UK and Australia stand on that. It doesn't sound very democratic does it? Even if it only proves the innocence of one person it makes justice more just.

Democratic Identity?

Tens of thousands of politicians and celebrities will be allowed to keep their names off a new Government children’s database, UK ministers said recently.

Their identities will be ’shielded’ on the list which will carry details of 11million children in England and their parents.

If it isn't 'safe' for them why is it for you?

p.s.

I only 'invented' one word in that - see if you can spot it and I couldn't quite accept that the spell-checker thinks uncatalogued is the opposite of cataloged - they're both going to have to be ..gue in my town (and the British Library agrees). Remember the WMD's? Who are you going to trust to tell you the truth?

FCC Mandated Disclaimer: I am paid by Transinteract to promote their solutions which include identity systems. I own shares in Transinteract. I do not have any investments in either comedians or 'smart' cards.

I forgot that not everyone is up to speed with whats going on in the world of ID and comedian cards so I thought I better put some links in for those...

This was published: 31 Jul 2009 - 07:50 am   

 

The image of the ID card for British citizens was officially unveiled yesterday by the Home Secretary in Manchester and London.

The ID card, which can also be used as a travel document in Europe, was revealed by the Home Secretary at St Pancras International Station in London and to residents of Greater Manchester at an event in the city centre.

This was published: 10 Jul 2009 - 08:00 am   

 

Proximity has won the contract to develop campaigns for the Identity and Passport Service (IPS) as its long-term below the line agency. Working across the agency’s entire area of work, including ID cards, passports and the General Register Office (GRO), the contract is set to last three to four years.

ID Cards: Home Secretary promises to accelerate rollout - Wednesday, July 01, 2009

Or from the horses mouth (UK Govt DirectGov)

For those with an interest in the world of ID and cards, card-carrying Thales has stepped up to host the DNA database which the government knows it can't secure given its record in the past, and the fact that every Tom, Dick and Harriet have been poking their noses into the database to spy on neighbour, lovers and rock stars. Oh it'll cost £4.74 billion to do it (govt estimate so multiply by 3 and add 'special contingencies').

Stephen - What do you think the chances are of Australia is doing it by stealth?

...and to quote 'you can't stick..it in any old reader' exemplifies my point that only the elite will be able to interogate your identity card (and criminals) while you (and your mum) have to accept every Tom Dick and Harry at (plastic) face value.

Encryption - Cryptography - isn't that where you do some fancy numbers and obscure the data? It has never been cracked before. Except for instance the following examples:

The latest 2009 ipod encryption - http://it.slashdot.org/article.pl?sid=09/07/24/2218201

Remember GSM encryption? - what you say on your iPhone — or any GSM phone, which includes all phones on AT&T, T-Mobile, Rogers, and almost all phones internationally — can be intercepted, decrypted, and listened to if a person has several thousand dollars worth of equipment and the motivation to do it.

Wifi encryption - remember that?...

DVD encryption remember that?

Full disk encryption - remember that? Various cracked.

Blue Ray encryption cracked - got one yet?

RSA encryption cracked - remember that?

Blackberrry encryption cracked?

Have you been in 'smart' cards long enough to have made the same claims about previous 'smart' incantations? Comedy.

Update Stephen - Tuesday October 13th ABC 7.30 Australian ID Card by stealth. The medicare card 'morphs' into an IDiot card.

Perhaps you might like to find it on the ABC site and view it.

I quote you "I have no idea what strawman ID card Dean Procter is taking aim at.."

Let's shorten it to your first four words - an apt quote for you -"I have no idea".

Perhaps get one before you set the tone of our conversation next time.

 

Comments: (8)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 10 October, 2009, 09:04

I have no idea what strawman ID card Dean Procter is taking aim at in his latest oblique pitch for the magic and inscrutable Transinteract.  I am not aware of any actual government DNA scheme.

I would have ignored the entire rant except for an important misrepresentation about smartcards.  He suggests that "any card reader carrying impostor" will be able to take your smartcard are make away with its contents.  This is quite wrong.  Well designed smartcards employ mutual authentication, so that the card detects what sort of reader it's been inserted into, and will only divulge information to readers that are cryptographically verified by the card. This is one of the reasons they're called smart.  You cannot stick a decent smartcard into any old reader and scan it (which of course is the fundamental point about EMV).

If Dean has examples of hackers outsmarting sophisticated cryptographic smartcards, like the FIPS-201 and the EU smart health card breeds, then let's see 'em.  Otherwise, his sweeping generalisations criticising smartcards in favour of his own secret solution are utter hyperbole.

Stephen Wilson, Lockstep Technologies.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 11 October, 2009, 01:11

The main comedy here is that Dean Procter presents a grab bag of unsophisticated media reports as some sort of "argument".

A number of security systems have indeed been subverted over time, almost always because of poor design in the key management. 

No, I don't remember RSA encryption being cracked.  It has never happened. If Dean is thinking of the cases of short (512 bit) RSA keys being attacked by brute force, then it's misleading or ignorant or both to call this "cracked".

And he hasn't come up with any examples of late model smartcards card like FIPS 201 being attacked. 

To borrow from former PM Paul Keating, debating smartcard security with Dean is a bit like being whipped by a piece of wet lettuce.

Stephen Wilson, Lockstep Technologies.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Dean Procter
Dean Procter - Transinteract - Sydney | 11 October, 2009, 03:19

I fail to see how the primary concerns of individuals - that of being able to participate in the identity scheme is met by the ID-iot card.

What the card carriers don't want us to know is that they'll be absolutley useless to anyone without the reader. This means people interacting on the net, in the street will not have the privilege of being able to confirm anyone's identity, unless they have the reader which, the cheapest I could find was about $20. So the public would have to fork out another billion dollars to participate and prove their identity online?

Didn't those card carriers sell another pig in a poke a while back that cost over a billion pounds?

1. Chip and PIN card partial 'solution' that solved little, reduced one form of fraud only to see it displaced elsewhere for the moment. £1.1 Billion

2. smarter chip idiot card £4.7 Billion

3. new readers for everyone for the smarter card £800 million

I need a little help in understanding exactly how they make the world a safer place. The IRA had no trouble getting into London whenever they wanted to. How will asking potential terrorists to carry ID cards make us any safer?  Will all those Mexicans swimming the Rio Grande be all that much more stoppable carrying an IDiot card? No. The only use they could possibly be is if there was a cop on every street corner scanning every person as they came past and checking them against the database, and  better not use DNA or fingerprints.

If it weren't for the total rubbish about making us safer that we've been fed in the whole ID card debate it might be more believable. As it is it looks just like a £10million slush fest that does nothing to enhance the lives and democracy of citizens.

Tube Risk From RFIDiot chips

In fact the miss-use of these type of chips puts the lives of Britons in more danger every day. For instance - is it a good idea to label the parts of the London Tube System with RFID chips? (They put RFID chips on tube equipment and not just the escalators - in the tunnels) Would it not be possible to use these RFID devices (ie no suicide bomber required) to automatically trigger a bomb precisely at a point in the tube system where the smart chip people have conveniently placed them? There was a you-tube video where some high-school kids used a 'smart passport' to set off a 'smart-chip' detecting proximity bomb. Granted the average terrorist might not have a high school education, but they can still watch you-tube. I understand that GPS and mobiles don't work on the tube because of the risk of being used to trigger bombs (and the expense of repeaters), but to place another equally useful opportunity into the mix is beyond my comprehension.

I don't see how we 'need' these IDiot things to protect us from terrorism while the governments run around madly introducing new risks without a thought.

There isn't really much so far that I've heard that qualifies as smart. Does anyone think about these sorts of things or perhaps they're just focusing on the vendor's luncheon wine-list and their next holiday?

As far as I can see the IDiot card does little to protect the average citizen from anything and adds a whole lot more risks and costs.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 11 October, 2009, 05:06

Dean, you cover so much territory and mash up so many different issues, it's hard to follow.  Some of your points are certainly valid, but they have nothing to do with smartcard technology. 

To answer some of the concerns ...

"I fail to see how the primary concerns of individuals - that of being able to participate in the identity scheme is met by the ID-iot card."

It would help if you were specific about what ID card you're criticising. There are many different models in action and on the drawing board.  Malaysia, Hong Kong, Estonia, and the UK have markedly different architectures and philosophies.  Note that no ID card is on the horizon for Australia.

BTW I am no fan of ID cards generally; I agree they're not a good response to terrorism.  But I do advocate targetted use of smartcards for securing e-government services, because smartcards are the best way to deliver mutual authentication, and the best way to stop attack and replay of personal identifiers online.

"What the card carriers don't want us to know is that they'll be absolutley useless to anyone without the reader. This means people interacting on the net, in the street will not have the privilege of being able to confirm anyone's identity, unless they have the reader which, the cheapest I could find was about $20. So the public would have to fork out another billion dollars to participate and prove their identity online?"

Some of this is very silly.  DVDs too are absolutely useless to anyone without a player.  If buying a $20 card reader represents the public 'forking out billions', then what does it mean to have to buy a PC to access the Internet?  Trillions perhaps?  In any case, we're seeing smartcard readers increasingly built in to standard notebooks.  Mine has one.  Look up the new Dell e6500 which has both contact and contactless card readers as standard.

Dean then skips across a range of public safety issues:

"I need a little help in understanding exactly how they make the world a safer place. The IRA had no trouble getting into London whenever they wanted to. ... Tube Risk From RFIDiot chips ... In fact the miss-use of these type of chips puts the lives of Britons in more danger every day ... I don't see how we 'need' these IDiot things to protect us from terrorism".

There are some worthy points here, but they're lost in a bizarre mash up of RFID and government ID.  They're different beasts.  Elsewhere in his original blog, Dean chose to mix in the spectre of DNA weapons, and the risks of various encryption systems being "hacked" (some of the risks more imagined than real) and comes up with an incoherent conclusion that smartcards are no good.

What about this for a considered and consistent approach (mine):

- Government ID cards are not a quick fix for terrorism or border control

- Smartcards are good for protecting individual identity online, in applications like credit card payments, e-health, e-voting and anonymous participation in OSNs

- There is no such thing as perfect security

- But the better smartcards have a range of encryption, access control, tamper resistance and anti-copying mechanisms, which in the higher end architectures like FIPS 201 have not been defeated.

"Does anyone think about these sorts of things or perhaps they're just focusing on the vendor's luncheon wine-list and their next holiday?"

Gratuitous insults and the smug "IDiot" slogan don't lend authority to what is a very hollow criticism of smartcard technology.  And I think it's a bit rich coming from someone who has spent years grandiosely advertising his own cell phone based solution but who steadfastly refuses to reveal how it works.

Stephen Wilson, Lockstep.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Dean Procter
Dean Procter - Transinteract - Sydney | 11 October, 2009, 08:39

If - there is an issue then do all the cards become junk?

Stephen - your last paragraph is testament to our security but misses the point about whether this card solution is a solution to anything except ensuring a cash-flow out of the public purse for a very poor return. It isn't about me or what solution I may or may not have - it is about whether the current ID card schemes actually provide any real benefits.

Finally I end with a call for honesty - if everyone needs to buy a reader to participate then why weren't the public told all the facts in the first place?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 15 October, 2009, 02:26

 

If there is an issue then do all the cards become junk?

What sort of issue?   Multi-programmable smartcards can have their firmware upgraded post-issuance to deal with bugs, and to deploy new security countermeasures as the cybercrime arms race proceeds.  In the worst case event of a fatal flaw, then smartcards can be withdrawn and a fix re-issued, as any security device.  But it's worth noting that wholesale replacement is a dramatic step that is almost always avoidable, by implementing other fixes.  Think about OTP generators: for years they've been regarded by purists as fatally flawed (in respect of Man in the Middle attack) and yet no bank has felt compelled to swap them out.  The same goes for magnetic stripe cards themselves.  Yes there is an "issue", but no, they're not all junk.

So please Dean, enough already of the woolly FUD about smartcards having "issues" and needing to be replaced.

Stephen - your last paragraph is testament to our security but misses the point about whether this card solution is a solution to anything except ensuring a cash-flow out of the public purse for a very poor return.

Dean evidently subscribes to the security-by-obscurity theory, which is totally discredited.  Good security should be vested in publicly scrutinised design, not in secrecy.  If you're a security product developer, who advances a particular solution (while rabidly criticising all others) then the onus is on you to be transparent, so independent evaluation can be done.

Finally I end with a call for honesty - if everyone needs to buy a reader to participate then why weren't the public told all the facts in the first place?

Well once again, it's hard to know what card scheme Dean is criticising. While I do strongly advocate engineering government smartcards with advanced security so they can be used by consumers for G2C and even B2C transactions, there are sadly few examples anywhere in the world where this is actually done (Estonia being a rare example).  So, if Dean is referring to the UK National ID System, then as far as I know, it is not necessary to buy a smartcard reader to "participate".  And if it were necessary, then I think this could be a very good thing, if it meant that consumers could avail themselves of improved Internet security tools. 

Stephen Wilson, Lockstep.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 15 October, 2009, 02:45

Dean edited his original blog insteading of adding a sequential comment, and I didn't immediately notice his new material ...

Update Stephen - Tuesday October 13th ABC 7.30 Australian ID Card by stealth. The medicare card 'morphs' into an IDiot card. Perhaps you might like to find it on the ABC site and view it.

Actually I've already studied the 7:30 Report story Dean.  You have it wrong.  While there is a lot of work to be done to define a new Medicare smartcard, initial indications are that the Rudd government -- if it goes down this path at all -- will be light years away from previous governments' flirtations with ID cards.  Health Minister Roxon has carefully and properly characterised any future Medicare smartcard as being (a) dedicated to health, and (b) not used to carry records but rather to carry health-specific identifiers.  These are some of the hallmarks of a good, privacy-enhancing smartcard, as experts in this field have long argued, including the Australian Privacy Foundation. 

Dean, there is nothing in the 7:30 Report story to suggest that the new idea is morphing into an ID card. You drop the phrase "Australian ID Card by stealth" when citing the story but that's your editorial.  There is nothing in the report about stealth or identity cards. 

Your assertion about morphing is baseless, and disregards the fresh approach to a Medicare card.  I have to say that you are either ignorant of the important details of the smartcard debate, or else you are deliberately misrepresenting what the new approach might be.

I quote you "I have no idea what strawman ID card Dean Procter is taking aim at.." Let's shorten it to your first four words - an apt quote for you -"I have no idea". Perhaps get one before you set the tone of our conversation next time.

Dean, the tone of this conversation was set long ago by you, with your hollow blustering about "IDiot" cards, and your unsubstantiated ambit claims about smartcards being flawed, especially your wild idea that the RSA algorithm has been "hacked".  Then you mangle my words to say that I have "no idea", in a continuation of your own abusive tone.

I've been trying to raise the tone.  Without getting personal, I've been trying to set the record straight on a couple of specific misrepresentations or misunderstandings, such as the idea that "any card reader carrying impostor" will be able to scan your smartcard, or the underlying phobia that "smartcard" equals identity card.

If you're worried about tone, then I suggest you engage in the actual debate and stop name-calling. 

Stephen.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Dean Procter
Dean Procter - Transinteract - Sydney | 17 October, 2009, 13:17

Where is my Mum left in this debate when the stranger knocks on the door?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Dean

I've been on a sabbatical

13 March 2017  |  4205 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineStart upsGroupWhere are they now?

Financials Named As Customers of Child Porn Planting Hacking Team

06 July 2015  |  2427 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupWhatever...

In case you wondered...

02 March 2015  |  1015 views  |  0 comments | recomends Recommends 0 TagsInnovationGroupWhatever...

Coal is a dirty business.

02 March 2015  |  1408 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupGoing green

It makes perfect sense of course, to have a Plan

03 October 2013  |  3175 views  |  0 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Dean's profile

job title CEO
location Sydney
member since 2008
Summary profile See full profile »
Ubiquitous mobile phone based payments, ID, transaction authentication, mobile wallet and transport ticketing.

Dean's expertise

Member since 2008
329 posts471 comments

Who's commenting on Dean's posts