We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.
Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]
|
Wired has a follow-up reporting on the controversy surrounding the airline companies hand-over passanger data to government contractors (TSA)designing and testing CAPPSII in 2002.
Two senators on Wednesday asked the Transportation Security Administration whether the agency violated federal rules by helping its contractors acquire passenger data, and why the agency told government investigators it didn’t have such data.
The senators also pressed the TSA for an explanation of why it hadn’t revealed the transfer of millions of passenger records to government contractors. Senate members had asked TSA officials directly whether they had done so, but the answer was no.
Two TSA agency spokesmen also denied to Wired News that any data transfer had taken place, saying that the project did not need data at the time.
But this week, American Airlines became the third airline to reveal that it turned over millions of passenger records to the government without informing the passengers. JetBlue and Northwest Airlines had earlier revealed that they too had transferred passenger records to government contractors. For the past eight months, TSA officials and spokesmen have repeatedly denied that any data transfer occurred. Two senators, Susan Collins (R-Maine) and Joe Lieberman (D-Connecticut) wrote:
We are concerned by potential Privacy Act and other implications of this reported incident. Moreover, TSA told the press, the General Accounting Office and Congress that it had not used any real-world data to test CAPPS II.
American Airlines has now indicated that it provided over 1 million passenger itineraries at TSA’s request, which raises the question of why agency officials told GAO that it did not have access to such data.
And there was much fudging as you can read in the article…
The U.S. Department of Transportation’s Federal Highway Administration is working with four companies to develop new radio-frequency identification technology for roadways. Officials see RFID as a way to warn drivers of, for instance, impending intersection collisions and vehicle rollovers.
Specifically, the government and vendors are investigating technology called dedicated short-range communications, which is related to RFID. The vendors are Mark IV Industries, Raytheon, Sirit, and TransCore.
A prototype system co-developed by the quartet is expected to be ready for testing in about 18 months. The Federal Communications Commission has assigned a block of high-bandwidth radio spectrum for dedicated-communications products–5.850 to 5.925 GHz.
The news just goes from bad to worse on the RFID front. Trevor Mendham quoted Tesco CEO Sir Terry Leahy as saying that RFID tracks products, not people, but American tech company Applied Digital Solutions, through it’s subsidiary Verichip Corporation, has already broken through that barrier.
They have developed a RFID product that is implanted in the victim.
The VeriChip minaturized Radio Freqency Identifcation (RFID) Device is the core of all VeriChip applications. About the size of a grain of rice, each VeriChip contains a unique verification number, which can be used to access a subscriber-supplied database providing personal related information. And unlike conventional forms of identification, VeriChip cannot be lost, stolen, misplaced or counterfeited.
Once implanted just under the skin, via a quick, painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. A small amount of Radio Freqency Energy passes from the scanner energizing the dormant VeriChip, which then emits a radio frequency signal transmitting the individuals unique verification (VeriChipID) number. The VeriChip Subscriber Number then provides instant access to the Global VeriChip Subscriber (GVS) Registry – through secure, password protected web access to subscriber-supplied information. This data is maintained by state-of-the-art GVS Registry Operations Centers located in Riverside, California and Owings, Maryland.
It’s a password protected website- anyone with knowlege of the internet knows that password protected websites are not that secure; anyone that says that they can guarantee the security of such a webserver is whistling in the wind.
It’s rather like that dreadful George Lucas film, The Phantom Menace, where the slaves are fitted with a tracking device. Verichip Corp. doesn’t have slaves in their sights as a target market- they have a wider target market in mind.
VeriChip products are being actively developed for a variety of security, defense, homeland security and secure-access applications, such as authorized access control to government and private sector facilities, research
laboratories, and sensitive transportation resources, including the area of airport security.
In these markets, VeriChip is able to function as standalone
personal verification technology or it is able to operate in conjunction with other security devices such as ID badges and advanced biometrics.
In the financial arena, VeriChip has enormous potential as a personal verification technology that could help curb identity theft and prevent fraudulent access to banking and credit card accounts.
In other words, they are after a world where everyone is fitted with these devices. Does Big Blunkett own shares in this company? At the moment, they are working with gun manufacturers. Who will be next?
This editorial by Electronic security expert Bruce Schneier that was published in the Minneapolis Star Tribune does a pretty good job of demolishing the case against compulsory ID cards. The case is a pretty familiar one to readers of this site, but the main points are there: it’s not about the card itself, it is about the people who use it and check for it. And the question really is does the card help or hinder them in improving security, and does it help or hinder them if they wish to break the rules themselves, and in any event, knowing someone’s identity doesn generally greatly help in knowing their intentions.
In fact, everything I’ve learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.
My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.
It doesn’t really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.
The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.
Two of the 9/11 terrorists had valid Virginia driver’s licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn’t be bribed, initial cardholder identity would be determined by other identity documents … all of which would be easier to forge.
Not that there would ever be such thing as a single ID card. Currently about 20 percent of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself is capable of abuse.
Additionally, any ID system involves people… people who regularly make mistakes. We all have stories of bartenders falling for obviously fake IDs, or sloppy ID checks at airports and government buildings. It’s not simply a matter of training; checking IDs is a mind-numbingly boring task, one that is guaranteed to have failures. Biometrics such as thumbprints show some promise here, but bring with them their own set of exploitable failure modes.
But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American — one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.
The security risks are enormous.
→ Continue reading: Bruce Schneier on why ID cards will not make us safer
Plenty of people around the world by now know of the allegations of philandering made against the English footballer David Beckham, based on claims made to the media, and also on transcripts of SMS phone messages that are said to have been sent between Beckham and one Rebecca Loos.
The ins and outs of the affair are none of our concern, but what did concern me was this explainatory article in The Advertiser:
He apparently even has offered to produce his mobile phone records to prove his innocence. It may surprise some mobile phone users that some carriers retain details of text messages.
In Australia, Telstra keeps SMS messages for up to 28 days and Optus keeps theirs for three days.
I have three questions here. First, why are telephone companies keeping records of these things at all, and second, why is there such a large difference between Telstra, the dominant company that is still half owned by the government, and Optus (which is now owned by Singtel, the phone arm of the Singaporean government.) And thirdly, why are these messages apparently so insecure?
One of the problems with governments collecting and controlling data on individuals is their failure to secure this information. As a recent article in The Register demonstrated, the number of incidents involving computer systems in the civil service is high.
There are a number of serious concerns including inappropriate access of personal records, inappropriate alteration of personal records and their appropriation by a third party. This has been a problem for some time with Inland Revenue staff noted for “celebrity browsing” tax returns. These concerns are hidden within general figures for computer misuse that number up to two thousand. As these are the cases where such changes were noted and disciplinary action brought against the civil servant involved, it is impossible to gauge the seriousness if this problem.
Even after the data has been collected by the civil service agency, it is difficult to ensure that the information is accurate, secure and used only for the purposes required. This could be a minor problem or the tip of the iceberg.
David Blunkett said (on April 7) that he was pushing on with plan for an ID card, with a draft bill to hit Parliament within months. The ID cards will contain biometrics and may be in the wallets of UK citizens by 2007 at the earliest. Blunkett told Radio Five Live that the introduction is necessary to give the government better control over immigration and prevent terrorists using multiple identities.
Blunkett, however, acknowledged that getting compulsory ID cards into law wouldn’t be an easy process. “It would be very surprising if there were not misgivings,” he said. A number of high-profile Cabinet colleagues have expressed objections to the scheme, including Home Secretary Jack Straw and Trade and Industry Minister Patricia Hewitt.
He also admitted there were practical issues to be overcome before the cards were made compulsory. Among them, that Parliament could only vote on the issue of making the cards compulsory when 80 per cent of UK citizens carried them anyway and that estimates of how much the introduction would cost the taxpayer differ wildly – from around £1bn to around £3bn.
While biometrics are high on the UK government’s love list, the rest of the Europe is taking a step back from the idea.
The civil liberties wing of the European Parliament has delayed proposals for biometric passports until the tail end of this year, after elections to the parliament have taken place. MEP Ole Sørensen said
The European Parliament is [currently] not in a position to endorse the proposals… We need proper democratic scrutiny of this far-reaching legislation, which in the worst case scenario could represent a step towards systematic registration of EU citizens’ personal data.
I am currently re-reading Are We At War?, a collection of letters to the Times 1939-1945. (Pub. Times Books 1989.) Here are some extracts from letters on the subject of identity cards:
From a letter from Antony Wells:
Sir, -While obtaining, recently, a National Registration identity card for my small daughter, I remarked that it was pleasant to think all this bothersome business would soon no longer be necessary. I was blandly informed by the clerk that my expectation was quite wrong, since registration was to continue after the war. On looking at the card in my hand, I discovered it was valid until 1960.
In happy fact, identity cards were seen off as a result of a court case soon after the war. But the fact that the government saw fit to plan for them to expire so many years after issue shows how purported “emergency measures” have a way of becoming permanent. The letter was written in December 1944 and the war was quite clearly nearing its end; the government could not have seriously believed it would go on until 1960.
This second extract comes from a letter from (Baron) Quickswood:
…Such cards may seem only a small inconvenience, but they are seriously dangerous to liberty in two ways: -First, they facilitate all sorts of further regimentation of citizens, and that is, of course, why it is desired to retain them; secondly, they have a most mischievous moral effect in treating the individual as a numbered item in the aggregate that makes up the State. There lie before us two alternative conceptions of the State: it may be thought an organization useful to individuals and essentially their servant, or it may be thought a pagan demigod for whom the individual exists, whose service is his greatest glory and whose supremacy is without limit.
…We have to fear an Anglicized totalitarianism, humane and benevolent but esentially destructive of personal liberty and initiative; and there will be a strong coalition of philanphropists and bureaucrats eager to regulate their fellow-citizens. We must be jealous for our liberties, and to begin with must resist being numbered by convicts in order to facilitate our servitude.
I have nothing to add to that.
Unpersons alerted us to the news that from today British police may legally and against the will of any law-abiding subject, take DNA samples and fingerprints from any arrested person without that person having even been charged with committing a criminal act.
We can but echo the good Unpersons concerns:
The law now leaves British police officers free to help Blunkett establish one of the most ambitious and truly disturbing elements of the British police state that he has slowly but surely been working to create over the last few years. In a country where the state can take over half of your income, charge you expenses when it wrongly imprisons you – yet fail to defend you after it has crushed the right to self-defence, send parents to jail for not sending their children to state day-care centres schools, steal your property because ‘you couldn’t possibly have earned that much money without selling illegal drugs’ whilst slowly handing over control to a foreign power, attempt to dictate what you eat ‘for your own good’ and generally treat its citizens as its troublesome children one has to wonder to what extent we already live in a police state.
This has not been a good week.
John Lettice writes for The Register on the difficulties associated with relying on biometrics.
It will all be very costly, he says, and the pseudo-certainty that it supplies may actually cause mistakes to be made, when the ID checks out but the surrounding facts look dodgy.
If you do not check for duplicates, for example, then the system is not going to tell you that Fred Bloggs of Sollihul is in fact Osama bin Laden. A silly example? Yes and no – obviously, it is not very likely that our current entry systems are going to let someone called Fred Bloggs walk through when they look strangely like Osama bin Laden. However, if he checks out as Fred Bloggs, UK citizen, with no record under our future automated systems, then general appearance is rather less likely to be challenged, or even noticed. So the assumed reliability of the systems could actually increase the security of fugitives in the event of their having successfully obtained clean, genuine ID.
There is much more.
The Transportation Security Administration (TSA) is examining the use of RFID-tagged airline boarding passes that could allow passenger tracking within airports, a proposal some privacy advocates called a potentially “outrageous” violation of civil liberties.
Anthony “Buzz” Cerino, communications security technology lead at the TSA, said the agency believes the use of boarding passes with radio frequency identification (RFID) chips could speed up the movement of passengers who sign on to the agency’s “registered traveler” program. This would permit them to pass through a secure “special lane” during the boarding process.
Under the registered traveler program, frequent fliers would provide the TSA with detailed personal information that would be correlated by a background check. Privacy advocates said they believe the RFID boarding pass would then serve as an automatic link to the registered traveler database. Details about how the system might work haven’t been released by the TSA, and Cerino couldn’t be reached today for further comment.
Cerino didn’t say when or if the TSA would push for introduction of the RFID boarding passes or how such a project – likely to require a massive, networked infrastructure – would be funded.
The TSA has already started to work on deploying RFID boarding passes in Africa under the Federal Aviation Administration’s Safe Skies for Africa Initiative – the initiative identifies Angola, Cameroon, Cape Verde, the Ivory Coast, Kenya, Mali, Namibia, Tanzania and Zimbabwe as member countries.
Katherine Albrecht, founder and director of Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), a privacy group that has fought the use of RFID tags by retailers and other organizations, called the idea a potentially “shocking and outrageous” violation of civil liberties.
London Underground is set to roll out high-tech CCTV surveillance software that will automatically alert operators to suspicious behaviour, unattended packages and potential suicide attempts on the capital’s Tube system. The move comes as London remains on a high state of alert against a possible terrorist attack following the bombs in Madrid earlier this month.
LU has been trialling the technology at Liverpool Street station during the past two months and is now evaluating the results with a network-wide rollout tipped to follow across the Tube’s 6,000 CCTV cameras, which cover 95 per cent of stations.
The Intelligent Pedestrian Surveillance system from Ipsotek compares CCTV footage against pictures of the empty station and alerts operators to strange behaviour such as people loitering or bags that have been left on the platform.
Sergio Velastin, director of research and founder of Ipsotek, said that it cuts down on operator time and costs related to blanket monitoring of all CCTV screens by alerting staff only when there is a potential problem. Privacy groups are concerned about the increasing coverage of monitoring technology such as CCTV. Velastin dismissed privacy concerns over IPS and said the software monitors only behavioural patterns and not the individual.
We have tried very consciously to stay away from facial recognition issues. None of our system is capable of recognising an individual – just behaviour. Then the police can come in and say ‘we need to find out who that person is’. It is a balance between being free to do what we wish and being protected.
|
Who Are We? The Samizdata people are a bunch of sinister and heavily armed globalist illuminati who seek to infect the entire world with the values of personal liberty and several property. Amongst our many crimes is a sense of humour and the intermittent use of British spelling.
We are also a varied group made up of social individualists, classical liberals, whigs, libertarians, extropians, futurists, ‘Porcupines’, Karl Popper fetishists, recovering neo-conservatives, crazed Ayn Rand worshipers, over-caffeinated Virginia Postrel devotees, witty Frédéric Bastiat wannabes, cypherpunks, minarchists, kritarchists and wild-eyed anarcho-capitalists from Britain, North America, Australia and Europe.
|
