RTP Discussions

[LordMatt]

(Republished from - orginally posted 21/09/2008)

I am highly doubtfull of the workability of identity cards. I have said so a number of times. I said so on and the result is that I was asked to (re) read the article in question.

Never one to do things by halves this is what I did.

This article is not intended to rain on anyones parade although I have no doubt this is how I will come across. (I anthropologise now). I want to say, for the record, that I want to encourage all sorts of thinking on all sorts of subjects but that thinking must then face the fierce furnace of examination (not to mention plain old public opinion).

Going into this (re) read my general attitude to ID cards could be summarised as "no thanks" and in a bit more detail.

Support for cards in the UK seems to be currently falling faster than a certain US president's trousers after the UK governments repeated displays of the inability to keep data safe. The UK Government has so far proven that they cannot yet trusted with even slightly sensitive data. Thus ID cards (which remain largely unproven as a way of stopping terrorists) do not seem a good idea to me or to many other people.

ID cards are very good for tracking the innocent but the guilty have always had the resources to steal or create fake identities. My greatest worry here is that if we create a system where we depend on "documented identity" we will become less alert to misuse of identity. Should such an identity be stolen (already a big problem cost a lot of money) it becomes much more convincing. This ID card system of total trust is a small step from "the system says you were on that road Mr Smith, therefore we find you guilty of..."

However if we doubt or distrust the card then it becomes next to worthless against the cost.

What I cannot see is how any card system (even an OpenID based system) could ever serve to reduce the current problems with identity rather than make them worse. Identities are already a valuable commodity for crime and fraud and the ID card system will make them all the more valuable going to far as to create a lucrative black market worth more than the current illegal drug market.

The articles suggestion of "trusted surveillance" while admirable does not, for me, address the need for "global" or united surveillance at all. All the while we are watched there is data that becomes attractive to people that might want to abuse the the data. No mater the laws we create or the technology we put in place there will always be people that are are willing to commit the resources to breaking in and getting that data.

As an aside the article suggests we store data "in ways which ensure that no-one else can access the data - ever". As a technical person I must ask - how do you plan to do that then?

The best security encryption of yesteryear can be easily broken in seconds by modern computers which means that it should be assumed that at sometime soon we will have the capacity to break the best encryption of today. Already we have had to move on from 128 bits of encryption to 256 bits. Furthermore we are finding that they are flaws in current encryption techniques that render them less secure. Take WEP for example.

So any paper that states that we must lock our data to be readable only to ourselves must provide a solution for this. Even if they do how will they address the issue that all known encryption methods require some form of key to be readable? If I can steal your key I can read your data.

The article goes on to state that this is not a fantasy (although I would like to lay a few challenges there). I get the impression that author is suggesting some sort of cross between a personal log and two factor key encryption (one for encrypting data to your personal log and one for reading it). There are two big technical problems with this (in addition to the ones I have expressed already).

The first problem is that this data will need to be stored somewhere. This will likely run into terrabytes very quickly even with good compression. That storage must be stable enough to last indefinitely and must be protected from physical theft, damage or corruption. The best practice for this suggests that three copies of this must be kept securely at three different geographic locations.

The second problem is that the data must be taken, logged, encrypted and then sent to store. All I need to compromise your data is install a monitor that records data prior to encryption. A simple data retention law would convert the ultimate personal log system into a government owned surveillance machine.

Furthermore the first problem requires transmitting of data to the backups. While this could be intercepted and recorded in it's encrypted form and might be safe from reading for now but if technology finds an attack (or your key is compromised or guessed) then asll your data is exposed. Furthermore if you are forced to hand over some unencrypted data that matches the stolen encrypted data then your "attacker" gains a significant advantage in breaking and guessing your key.

If you can solve these technical issues then I am willing to consider the possibility of "Trusted Surveillance" but untill then I still prefer the safety of not recording the data to start with.

[HarryStottle]