ID Matters - Ripe for Satire

[detective-boy]

I have actually pointed out that your claims are false, but you can't actually answer those points ...

You can read, can you?

You have NOT pointed out "my claims" are false ... you've invented some claims you wrongly allege I have made ... so apart from pointing out that you are mistaken (which is what I have done), what exactly do you expect me to do? Engage in discussing your fantasies?

 

[SpookyFrank]

We definitely need a reliable form of ID in this country (for a whole range of reasons). Citizens have the right to their own identity (surely this is an absolutely fundamental right?) and to a system which allows them to assert it against someone else who is impersonating them.

Biometrics are now available to permit that to be done in a reasonably manageable way. Though not perfect, biometric ID documents will be very, very much more reliable than what we have had before now. They are a big step in the right direction though there is no way they will be perfect.

The only thing that can accurately identify a single human being out of the billions available to choose from is another human being. The more a person's identity depends upon machines and computer data the easier it is for that identity to be lost, appropriated or tampered with. What we are looking at now is typical government logic whereby increased computerisation of people's identity has led to more problems than it has sovled and therefore the only thing to do is to step up the process. Going backwards or admitting a mistake is not an option of course. Identity theft would not have been possible in the days before someone's identity was something distinct from the person themselves; before it was made a commodity, an object, something outside of that person's control. You cannot make a human being into data, a human being cannot be quantified. The state would like to think differently- just like it would prefer human beings to be tidy, predictable machines with guaranteed outputs and easily reprogrammed voting preferences- and so we find ourselves in a world where a lie is made into the truth. At first the people will suffer for this, but the state will suffer most in the end.

 

[detective-boy]

The only thing that can accurately identify a single human being out of the billions available to choose from is another human being.

Please tell me that you are not suggesting that the only reliable identification process is human observation?

(The same human observation that has regularly been found wanting in criminal cases, to the point where for at least 25 years it has been treated with great suspicion ...)

 

[Pickman's model]

Please tell me that you are not suggesting that the only reliable identification process is human observation?

(The same human observation that has regularly been found wanting in criminal cases, to the point where for at least 25 years it has been treated with great suspicion ...)

particularly in one case i recall from the poll tax riot when the officer giving evidence admitted that to see the events he claimed he'd have had to see round several corners

 

[Jonti]

Please tell me that you are not suggesting that the only reliable identification process is human observation?
...

We're highly visual, big-brained, social animals, and a lot of our brains are dedicated to facial recognition. Objectively tiny differences in, for example, the shape of eyes, lips and nose, in the hue of skin, and in the music of a body's movement loom large on our eyes. We're highly attuned to seeing patterns in these variables as well. Quite literally, we've evolved to recognise each other.

So yeah, facial recognition may seem easy to us, but it's phenomenally difficult to engineer in practice. Look into the reasons for this, and they are to do with the mathematics of what one is trying to achieve. Essentially, many different real faces are consistent with the same biometric measures (depending on expression, lighting, and orientation, for example).

Reasonable results can be achieved under laboratory conditions though, and this is exploited by IT snake-oil salesmen to flog useless kit to clueless or craven politicos and "security specialists".

in August of 2003, the Tampa Police Department scrapped Ybor City's facial-recognition system, citing the system's ineffectiveness as bearing heavily on their decision. Virginia Beach's system is still in place, however, it has never produced a match or arrest since its installation in 2002. Boston's Logan Airport ran two separate facial recognition system tests at its security checkpoints using volunteers posing as terrorists over a three-month period and posted disappointing results. Throughout the testing period, the systems correctly identified the volunteers 153 times and failed to identify the volunteers 96 times. As a result of the lackluster success rate of only 61.4 percent, the airport decided to explore other technologies for securing its checkpoints

source

 

[Jonti]

No. I point out that the system is intended to address some current real major issues.

I note that you simply ignore that point rather than addressing it ...

The point was addressed by explaining that the proposed cure is worse than the disease.

Whatever faults you see in the present system, it does not wrongly prevent millions of us from proving our right to work in the UK, obtaining non-emergency state healthcare, and sending our children to school.

 

[detective-boy]

So yeah, facial recognition may seem easy to us, but it's phenomenally difficult to engineer in practice.

... and your point is?

That wasn't the issue. I would not argue with the fact that facial recognition is pretty useless, even in fixed position situations "Stand here and look at the camera please" let alone in fluid movement situations (such as associated with public space CCTV). In fact I have posted to that effect numerous times in the past when challenging the conspiralunatics who claim that there are supercomputers facially recognising us as we alk down the street and cross-referencing our "files" ...

The point was I am arguing that biometrics (such as fingerprints, DNA, iris scans) are far more reliable means of establishing identity and you appear to be arguing that facial recognition by a human is better.

Please answer the question.

 

[detective-boy]

Whatever faults you see in the present system, it does not wrongly prevent millions of us from proving our right to work in the UK, obtaining non-emergency state healthcare, and sending our children to school.

No. But it really does all the bad things I listed. You claim it will stop people getting what they are entitled to ... but you can only justify that claim by stating that it will be implemented in a completely fuckwitted, "computer says no" way where if the biometric recognition system says no match then that is it, you get fucked off out of it. You have produced no evidence that that is how the system is intended to work. There is no reason why it would have to be.

Now please address the point ...

 

[Jonti]

OK, so you think the system will not behave as described here (note: not my claim as such).

Can you explain why you think that, please?

 

[belboid]

You can read, can you?

You have NOT pointed out "my claims" are false ... you've invented some claims you wrongly allege I have made ... so apart from pointing out that you are mistaken (which is what I have done), what exactly do you expect me to do? Engage in discussing your fantasies?

i thought I'd wait and see if you came up with anything sensible, but you didn't. Shock horror. Do you always lose your rage so easilly? Is tghat why you had to leave the police? Would explain a lot.

Now, I understand why you want to restrict the conversation to being solely about the use of biometrics, because you were getting your arse kixcked whenever you talked of anything broader. But talk more broadly you did! Not least in your utterly spurious use of the mythical 'right' to our own identity. As I pointed out (and as you ignored then) the invention of this right is purely to serve the needs of central government and the police, not to defend the 'rights' of the citizen. And, as i pointed out in the post, about which you blew your top, the cases where we would need any such 'right' are excuciatingly limited, and in no way require some spurious bit of plastic, biometricised or not.

Now, if you really really wanna restrict the conversation to the effectiveness of biometrics, well, you aren't entirely wrong. There is no perfect way of determining identity (and there never will be - which also puts a a bit of a hole in your 'rights' argument), but there are systems which are more comprehensive than others. The big problem comes in assuming that 'more comprehensive' effectively equates perfect. Simple fact, there will be errors, they happen when humans input data. But they will be a lot harder to correct once they are on the 'perfect' system. Can anyone prove that yet? No, of course not, but it is what tends to happen when a 'foolproof' system comes along, its owners believe whatever it churns out, and it is down to the individual to sort out. That is going to be a massive pain in the arse for whoever is affected.

We all know the data on an ID card (of whatever kind) can be changed and corrupted. In most cases when an ID card is required it will only be the card data itself that is checked, and so that will lead to significant fraud, and make the card less useful as a means of definitively identifying anyone. But even when it comes to checks where the card is checked against a central database, only the very foolish would say it was really secure (even tho that stage hasn't yet been broken). The central database can be corrupted, either through hacking or, more likely, internal tampering by someone at the IPS, or the card check machine could be fooled into not checking the central database, but thinking it has, and thus giving back more false information.

In a nutshell - it wont work, it'll never be able to, and it'll do FA good for the 'average' citizen

 

[Jonti]

... the biometric would match a database, not the card - clearly without that you'd have nothing more than we have already.

Quite; it is a pointless piece of "security theatre".

"... in most cases biometric data does not need to be checked against a database. When you imagine the number of people travelling in and out of the country every day, you don't want millions of peoples' biometrics flying across networks. The only interaction needed with the database is a check certifying the cardholder's entitlement to the service requested."

source

 

[Jonti]

I am arguing that biometrics (such as fingerprints, DNA, iris scans) are far more reliable means of establishing identity [than] facial recognition by a human ...

Authenticating an individual means proving that each person has one and only one entry on the population register. It's easy to demonstrate that that job is not feasible for large populations.

It also means verification that the ID card ("voucher") has the right details for the person proffering same. That could be easy to do, depending on the biometric chosen; you just have to look see. But ...

"Verification is a source of some confusion among politicians and the media. If my flat print fingerprints match the templates stored on an ID voucher, then the biometrics have successfully completed their verification job. But was the ID voucher issued by IPS? And even if it was, have I tampered with it since then and inserted my biometrics? The technology needed to answer those further questions and help to make the NIS secure is PKI – the public key infrastructure – and not biometrics."

 

[detective-boy]

OK, so you think the system will not behave as described here (note: not my claim as such).

Can you explain why you think that, please?

That is a six page article which makes all sorts of claims and draws all sorts of conclusions. Some of them I agree with (mainly the descriptive stuff from the experts describing how things operate), some of them I don't (mainly the conclusions drawn which, for the most part, make all sorts of additional assumptions).

It also describes some things which are systemic characteristics (for particular systems, set up in particular ways) and it describes other things which are fucntions of how they assume the system will be used. So it is fuckwitted to ask a simplistic "So you think the system will not behave as described here".

Which bits in particular are you pointing at?

 

[Jonti]

"fuckwitted" can fuck off, potty mouth

 

[detective-boy]

Now, I understand why you want to restrict the conversation to being solely about the use of biometrics, because you were getting your arse kixcked whenever you talked of anything broader.

No. I restrict it to one topic at a time because experience shows it is impossible to keep any sort of focus otherwise - as you have demonstrated here by racing off in lots of different directions again ...

not to defend the 'rights' of the citizen.

If the citizen is important (and I believe that they are of central importance - there is no point in a society other than to better the lives of the citizens - apart from the citizens there is no-one else who should gain from societies arrangements), why is being able to assert your identity not important? Why would it not matter if anyone could impersonate you in any particular situation they wished? I simly do not understand how you can say that that would not be important.

But they will be a lot harder to correct once they are on the 'perfect' system.

Of course the system will not be "perfect" - there will always be errors with anything that involves humans at any stage. But why are you assuming that the system will operate on an absolute "This system is perfect and this system say's no" basis? No other system we have ever invented does at the system management level (though sometimes it is difficult to engage individual fuckwit operators). The fingerprint system we have had for years manages to deal with occasional problems without any major meltdown - why do you assume that the ID system will be any different?

We all know the data on an ID card (of whatever kind) can be changed and corrupted.

Yes ... but with massively more difficulty than forging a National Insurance number card or a birth certificate - surely you acknowledge that the system will be far, far more difficult to get around than what we have at the moment.

 

[detective-boy]

"fuckwitted" can fuck off, potty mouth

I take it that you have conceded that you have no argument then. Thanks.

* Leaves thread *

 

[Jonti]

surely you acknowledge that the system will be far, far more difficult to get around than what we have at the moment

The data is going to come from the system we have at the moment!

 

[Jonti]

I take it that you have conceded that you have no argument then. Thanks.

* Leaves thread *

lol

read about public key cryptography while you're away

 

[belboid]

No. I restrict it to one topic at a time because experience shows it is impossible to keep any sort of focus otherwise - as you have demonstrated here by racing off in lots of different directions again ...

ie by making points which you cannot answer.

If the citizen is important (and I believe that they are of central importance - there is no point in a society other than to better the lives of the citizens - apart from the citizens there is no-one else who should gain from societies arrangements), why is being able to assert your identity not important? Why would it not matter if anyone could impersonate you in any particular situation they wished? I simly do not understand how you can say that that would not be important.

answered that one before. most of the time (eg to buy booze, get NHS treatment) I dont care, why should I? It matters when they are depriving me of something by 'impersonating' me. Will ID cards make that more difficult? Actually, no, not according to most industry workers (eg the microsoft blokes commnets jonti has already linked to) . Most of the time ID cards will NOT check back with the central database before giving a yes or no. So it will still be very very easilly forgeable.

Of course the system will not be "perfect" - there will always be errors with anything that involves humans at any stage. But why are you assuming that the system will operate on an absolute "This system is perfect and this system say's no" basis? No other system we have ever invented does at the system management level (though sometimes it is difficult to engage individual fuckwit operators).

The fingerprint system we have had for years manages to deal with occasional problems without any major meltdown - why do you assume that the ID system will be any different?

Because with every 'improvement' in such a system it becomes [harder to correct. Because the system is better, and according to some (with less knowledge than you, maybe, or just cos it is in their interest) it is good as perfect, it wil be relied upon far more. And if it were easy to change the onfo on the central Db, then there wouldnt be much point having it, would there?

 

[detective-boy]

Most of the time ID cards will NOT check back with the central database before giving a yes or no.

Again you are assuming that will be the case. I have not seen concrete proposals for how the system is intended to be used in different contexts. But the point is that how it is used is different from what it is capable of.

Biometrics provide us with an opportunity to use something unique to you to link to your identity. That has not been the case before. There is a debate to be had about how good current technology is in relation to getting down to the level of precision needed to establish the "uniqueness", but I believe we have reached the point where it is realistic to expect only a manageable number of issues arising. And unless we take the next step (effectively making use of the biometrics of the entire population) we will never know for sure what reality actually is - our estimates of how frequently a particular DNA profile would be encountered are for the most part based on statistical prediction.

And if it were easy to change the onfo on the central Db, then there wouldnt be much point having it, would there?

Nobody is saying that it would be "easy" to change things on the central database ... but there is no reason why there cannot be acceptable protocols and procedures to deal with any issues encountered. You keep assuming there won't be ... but you provide no justification for why that must be the outcome. If you are simply pointing out that is a danger that it may be operated in a fuckwitted manner, with over-reliance on it's infallability, etc. then I would agree with you. But I would still say that that danger can be addressed and it is not a reason to bin all the potential advantages - that would be a very good reason to pull the plug on the internet too - do you argue that we should do that?

If you have ever tried to put someone's life back together who has had their identity well and truly stolen (as I have on a number of occasions) you would realise how damaging our inability to assert our identity at present actually is. One of the people described it as being "almost as bad as being raped". That is why I believe we must try and improve on what we have and why I believe that despite any problems we may encounter it is worth pressing on with the scheme now.

 

[belboid]

Again you are assuming that will be the case. I have not seen concrete proposals for how the system is intended to be used in different contexts. But the point is that how it is used is different from what it is capable of.

There have been some outline proposals, and we do know that there are three levels of card examination. The costs involved, as well as the privacy concerns, mean that it will be unusual for the most thorough examination to be used, and we can make some fairly reasonable assumptions as to what those will be.

Nobody is saying that it would be "easy" to change things on the central database ... but there is no reason why there cannot be acceptable protocols and procedures to deal with any issues encountered. You keep assuming there won't be ... but you provide no justification for why that must be the outcome. If you are simply pointing out that is a danger that it may be operated in a fuckwitted manner, with over-reliance on it's infallability, etc. then I would agree with you. But I would still say that that danger can be addressed and it is not a reason to bin all the potential advantages - that would be a very good reason to pull the plug on the internet too - do you argue that we should do that?

But it must become more difficult to change the data, or there would be no point in doing it. Yes, of course there will be protocols put into place, tho these have not (to my knowledge) been issued yet, which should be a great worry as the cards are actually being issued already.

As to the danger - like the internet, its a cost/benefit analysis. Everything I have seen indicates the costs are too high.

If you have ever tried to put someone's life back together who has had their identity well and truly stolen (as I have on a number of occasions) you would realise how damaging our inability to assert our identity at present actually is. One of the people described it as being "almost as bad as being raped". That is why I believe we must try and improve on what we have and why I believe that despite any problems we may encounter it is worth pressing on with the scheme now.

I can very well understand the (thankfully rare) need. But as most professionals seem to think that this won't actually help, then it is no reason to support the system. Maybe in theory it could work, but especially in the circumstances we are talking about, then I am far from convinced that it will.

 

[detective-boy]

There have been some outline proposals, and we do know that there are three levels of card examination. The costs involved, as well as the privacy concerns, mean that it will be unusual for the most thorough examination to be used, and we can make some fairly reasonable assumptions as to what those will be.

That's as maybe ... but as I say how it is used is not necessarily the same as what it is capable of ... and if the way it is used initially does not provide the necessary benefits then how it is used can be changed - the basic biometric link is there to facilitate that.

But it must become more difficult to change the data, or there would be no point in doing it. Yes, of course there will be protocols put into place, tho these have not (to my knowledge) been issued yet, which should be a great worry as the cards are actually being issued already.

More difficult, yes. Not easy and not impossible. Certainly it shoud not be done without appropriate investigation / checks / sign-off. Undoubtedly problems will arise and loopholes will be identified and closed in processes and procedures - that is the human way of doing things!

As to the danger - like the internet, its a cost/benefit analysis. Everything I have seen indicates the costs are too high.

I have no problem with you or anyone else holding that conclusion provided you acknowledge what the costs and benefits are in a realistic manner (as you, unlike some other posters, appear to have).

I can very well understand the (thankfully rare) need. But as most professionals seem to think that this won't actually help, then it is no reason to support the system.

Perhaps not as rare as you think ... and increasingly a problem in my experience (but, like much fraud, no reliable statistics are maintained on the subject). Not sure that "most" professionals don't think it will help. Yes, many experts raise various issues - but most of them (like those quoted in The Register article linked to) are taking a single aspect of the possible / proposed system and raising issues which may already have been addressed and which there is certainly no reason why cannot be addressed. Yes, many experts point out that there are considerations that need to be taken into account and that there may still be some issues ... but most of those I encounter believe overall it is a step in the right direction.

 

[belboid]

That's as maybe ... but as I say how it is used is not necessarily the same as what it is capable of ... and if the way it is used initially does not provide the necessary benefits then how it is used can be changed - the basic biometric link is there to facilitate that.

but the extent to which it is used is very important, as it indicates both he numbers of people who have access to the data, and the number of machines that will be used to access it. the higher both are, the greater the risk of that highest level of security being breached. the lower they are, the greater the risk of much ID fraud carrying on as is.

(and, of course, the more data that is collected, the greater all the civil liberties arguments, risk of other penalties from 'leaks' of the data)

 

[Jonti]

Most biometric checks will bypass ID database

Again you are assuming that will be the case ... <much shilling snipped>

"Verification checks of biometrics identifiers will be made against the card in most cases using the biometrics stored in the chip, for example if the facial image or fingerprint biometrics are verified as part of an immigration check at the border," said Hillier, Parliamentary Under-Secretary (Identity), Home Office, in a parliamentary written answer on 17 November 2008.

source

 

[detective-boy]

but the extent to which it is used is very important

You've moved the goalposts again.

I drew a distinction between how it was used and what it was capable of. You have now moved to the extent to which it is used and the access of different people to the data (which in a simple verification mode is not a necessary feature)

Actual access to the biometrics (or even the detailed database data) is of course an issue ... but I do not see it as a necessary aspect of a verification system at all. Do you?

In more general terms, please explain why, if we have a system of bank cards (which DON'T include any biometrics) which allow us to access our bank accounts and give us money from them within a second or two, which have been around for donkeys years and which have not been breached to any siginificant extent in terms of establishing who we are (except in relation to a cloned card), technology including biometrics shoud be so easy to breach?

 

[detective-boy]

<much shilling snipped>

Oh fuck off with your "shilling" you pathetic, inadequate internet warrior cunt.

 

[Jonti]

I'd given the link to Hillier's parliamentary written answer previously in the thread. You either didn't bother with to read it, or failed to understand what it meant.

But that's hardly the point, in a way. Folks can see for themselves that you simply haven't bothered to do the most basic homework before spreading your misinformation about the Big Brother Database.

You "pathetic, inadequate internet warrior" shill

 

[belboid]

You've moved the goalposts again.

I drew a distinction between how it was used and what it was capable of. You have now moved to the extent to which it is used and the access of different people to the data (which in a simple verification mode is not a necessary feature)

Actual access to the biometrics (or even the detailed database data) is of course an issue ... but I do not see it as a necessary aspect of a verification system at all. Do you?

i honestly dont think its goalpost shifting, the extent of use will have a significant impact upon the useability of the sceme, and the possibility of fraud. Of course the scheme is, probably, technically possible - thats a pretty big part of the civil liberties argument.

But I am confused by the last paragrpah there - & I think I must be missing what you're trying to say. Checking with the central db WILL be essential for definitive confirmation of id (with the proviso's re data input failure, hacking etc made earlier), as the data on the card itself can already be hacked, as has been shown various times.

In more general terms, please explain why, if we have a system of bank cards (which DON'T include any biometrics) which allow us to access our bank accounts and give us money from them within a second or two, which have been around for donkeys years and which have not been breached to any siginificant extent in terms of establishing who we are (except in relation to a cloned card), technology including biometrics shoud be so easy to breach?

but you can't omit cloning, it is the major part of CC fraud isn't it? Certainly the part (along with net hacks) that afects most individuals. As to why they haven't been used more widely in for ID theft (beyond that necessary for the cloning), it's because other methods are currently easier. So there's no need to go further.

 

[belboid]

"Verification checks of biometrics identifiers will be made against the card in most cases using the biometrics stored in the chip, for example if the facial image or fingerprint biometrics are verified as part of an immigration check at the border," said Hillier, Parliamentary Under-Secretary (Identity), Home Office, in a parliamentary written answer on 17 November 2008.

source

worth repeatng the quote, it shows a very suprisingly lowexpected level of usage for third level checks. Tho as they cost around £2 each (I read somewhere, sounds about right ime) I guess the cost would just be prohibitive (not top mention the risks of interception/other data loss with so much data travelling back n forth)

 

[detective-boy]

But I am confused by the last paragrpah there - & I think I must be missing what you're trying to say.

I was saying that the kit could verify the data, etc. without the actual person operating it actually knowing the data (like the cashier doesn't actually need to know loads of stuff from your bank account when the little machine confirms your card transaction - it's all done behind the scenes as it were).