HACK
REPORT RUBBISHED
The Home Office has dismissed an apparently
successful attempt to clone and edit the data on
a British identity card's microchip.
A spokesperson said, "This story is rubbish.
We are satisfied the personal data on the chip
cannot be changed or modified and there is no
evidence this has happened. The identity card
includes a number of design and security features
that are extremely difficult to replicate."
They added, "Furthermore, the card readers
we will deploy will undertake chip authentication
checks that the card produced will not pass. We
remain confident that the identity card is one of
the most secure of its kind, fully meeting
rigorous international standards."
Philippe Martin, a senior analyst at Kable,
commented, "It is a serious problem if the
chip can be cloned and data edited, giving them
entitlement to benefits and services. It may mean
that the Home Office having to do more work to
make the card more secure, which could imply
further public expenditure. This shows up the big
con. The Home Office doesn't really care about
'ID theft', or it wouldn't be pushing technology
that any competent crook can subvert."
Phil Booth, national coordinator of the NO2ID
campaign group added, "The ID obsessed
officials are putting our personal information at
risk in their scramble to control it."
(Source: The Register, Aug/09) |
|
|
ID CARDS WILL NOT HELP
Adam Laurie is no ordinary hacker. In the
world of computing, he is considered a genius, a man
whose talents are used by government departments and
blue-chip companies to guard against terrorists and
cyber-criminals. But even by his standards, what he is
about to demonstrate is mind-boggling, and deeply
disturbing. Embedded inside the card for foreigners is a
microchip with the details of its bearer held in
electronic form: name, date of birth, physical
characteristics, fingerprints and so on, together with
other information such as immigration status and whether
the holder is entitled to State benefits.
This chip is the vital security measure that, so the
Government believes, will make identity cards
'unforgeable'. But as I watch, Laurie picks up a mobile
phone and, using just the handset and a laptop computer,
electronically copies the ID card microchip and all its
information in a matter of minutes. He then creates a
cloned card, and with a little help from another
technology expert, he changes all the information the
card contains, the physical details of the bearer, name,
fingerprints and so on. And he doesn't stop there.
With a few more keystrokes on his computer, Laurie
changes the cloned card so that whereas the original card
holder was not entitled to benefits, the cloned chip now
reads 'Entitled to benefits'. As a chilling twist, he
adds a message that would be visible to any police
officer or security official who scanned the card:
"I am a terrorist - shoot on sight." And all of
this has been done in such a way as to fool the
electronic readers intended to check the ID card's
authenticity. It is, quite simply, a terrifying
achievement.
For the implications of what he has demonstrated could
scarcely be more serious. Laurie's fake card could be
used to fool banks, commit fraud and maybe even illegally
claim benefits or free NHS care. More disturbing still,
it could be used to cover the tracks of terrorists
planning atrocities on British or foreign soil. By any
sensible measure, his demonstration, as part of a special
Mail investigation, should be the final nail in the
coffin of the Government's £5.4-billion ID scheme.
The card unveiled by the Home Secretary will not hit the
streets until the end of this year, so Laurie has not had
the chance to test the precise design. But according to
the UK Identity And Passport Service, it is essentially
the same and potentially just as vulnerable as the Home
Office's 'foreign nationals' card we tested. "It is
the same technology," a spokesman told me.
"We're not running two different systems. It is just
the facade that is different." (Source: Daily Mail, Aug/09)
Among the
many dreadful press intrusions, hysteria and distortions
that the parents of murdered girls Holly Wells and
Jessica Chapman had to endure, the most brainless was the
constant speculation regarding random circumstances
leading up to the atrocity that could have been avoided,
expressed in the overused catchphrase: Holly and
Jessica would still be alive today. This became so
regular a feature of lazy, rubbish writing that often it
tipped into macabre farce. If police records were
cross-referenced, Holly and Jessica would still be alive
today. If parental supervision had been stricter, Holly
and Jessica would still be alive today.
If they were at church instead of out for a walk, if they
had been taught to be suspicious instead of friendly, if
they hadnt been David Beckham fans, if Ian Huntley
had been run over by a steam roller, if an earthquake had
split Soham apart or aliens had landed on the village
green, yada, yada, yada, Holly and Jessica would still be
alive today. All ludicrous speculation, massively hurtful
to the bereaved parents and utterly pointless, since the
poor girls are dead and nothing can change that.
But just when we thought all such rubbish has ceased, our
own dear Herald lets us down. Someone writing in the
paper this week as a lone voice supporter of ID cards,
dug out the old phrase, blew the cobwebs off it, and told
us with the confidence of an all- seeing deity, that if
ID cards had been in force before the Soham murders
guess what? Holly and Jessica would still be
alive today. Oh, give us a break.
However, this brief and unwelcome return to cliché at
least serves some good, since Huntleys case is
perfect for demonstrating precisely the converse of the
authors argument, notably why ID cards are not only
a gross infringement of personal liberties, but also a
completely ineffective tool in combating serious crime.
Huntley had no criminal record; therefore his ID card
would have confirmed him to be squeaky clean. When
applying for this imaginary card, there would have been
nothing to stop him from doing so under his alias, since
there are no cunning plans in place to circumvent this
little piece of trickery.
The card will merely confirm that you are indeed who you
said you were when you applied, were fingerprinted and
biometrically measured. With just a little creative
manoeuvring from someone wishing to fool the system, the
card wont have a bloody clue who you were before.
So even if Huntley had indeed boasted a string of
convictions, which of course he did not, avoiding
detection would have been straightforward. But why are we
even having this debate? Anyone who genuinely believes
that home secretary David Blunkett is engineering this
fascism for the greater security of the British public
needs a bit of a lie down in a darkened room.
Joining the clichés in this debate is another
outstandingly stupid phrase, trotted out by the same kind
of radio phone-in guests who like to say: This
country would be nothing without the royal
family,and, Immigrants come over here and
live like kings on the taxpayer. When questioned on
why compulsory cards would be a good or a bad thing, the
favoured response among such deep thinkers is inevitably:
If youve nothing to hide, whats the
problem? Heres the problem. Plenty of
innocent people have things to hide, things that are
absolutely nobody elses business but their own, and
is their right to keep concealed.
There are many people who choose to live under an alias
for perfectly valid reasons: women fleeing violent
relationships who fear their fist-wielding partner will
track them down; parents who gave up their babies for
adoption and never wish to be tracked down by their adult
children, or even an ex-colleague of mine who was
sexually abused as a child and wanted rid of the family
back in Ireland who never believed her story and kept
trying to find her. She wanted their name erased from her
life and memory, and to ensure that her own children
would never find them and make contact.
And what about the simple, daft, but life-affirming
notion some innocent, law-abiding people experience when
they take a fancy to living a new and completely
anonymous life somewhere else under a brand new identity.
Why shouldnt they? None of these people are guilty
or criminals, yet all of them have something they wish to
hide. Blunketts scheme will make such simple
freedoms, that we have so long taken for granted,
impossible. Meanwhile, terrorists, fraudsters and
organised crime will carry on regardless.
As you read this, there is doubtless someone already
perfecting the reproduction and forgery of biometric
cards. There are so many reasons why ID cards are an
obscene infringement of human rights, and so very few why
they will increase security and improve services. After
the CSA example of outstandingly botched IT, you can bet
the technology to introduce ID cards will throw up some
nightmares. Sorry madam, you cant travel/get health
care/a library card/your university place. Why not? Card
says youre a convicted felon. But Im not.
Sorry, computer says no.
And, of course, those organisations that say they never
pass on information without your express permission are
so trustworthy, arent they? Try this revealing test
at home. Its a great one. Next time you order from
a catalogue/online, anything with a box to tick for
do not share my data, simply slip in a made
up initial to your name. Sally K Smith. Then sit back and
watch all the unsolicited brochures from new companies
flood in to Sally K Smith. Gotcha. Invent a new initial
for each new company then every transgression becomes
traceable.
Make no mistake; the government will sell your data. No
coincidence that Blunkett made the allusion to the
supermarket loyalty card. And what will that data
include? HIV positive? Member of a political party?
Recovering addict? Who can be sure? Im innocent and
I have much to hide. Its called my private life. (Source: Sunday
Herald)
|
|
|