Feeds

ID cards: a guide for technically-challenged PMs

Save us all billions - don't do it, Tone...

  • alert
  • submit to reddit

Intelligent flash storage arrays

Polluted inputs

We've already looked at several examples of polluted inputs that could undermine the system's integrity - false US ID, inadequate, arbitrary or cursory UK checking systems, and input systems from many other parts of the world whose reliability is debatable. These can clearly provide routes for the people you wish to intercept to pass through your control points and swim happily in your system. But what about the broader issue of what you do about those individuals who do not have ID that can be processed by your systems? Most of the world's population currently falls into this category, and that will likely remain the case for many years - so what do you do about them?

Well, in order to process them you need to give them some form of ID that your system can process, and on a small scale we're already doing this. Most people visiting the US will now, one way or the other, have their biometrics on the US database, and the UK can been phasing in fingerprinting of travellers coming from areas with a high incidence of asylum seekers. But what are we actually doing in these cases? Effectively, we're creating an ID that is valid within our system for the individual, and as always that ID is only as good as the inputs on which we base our decision.

The US or British consular official who grants the ID will make the decision on the basis of interview and supporting documentation, but how sure can we be about the validity of the information presented? And the more applications we have to process, the less likely we are to conduct examinations of the detail necessary for us to have confidence in that information. To avoid either being overwhelmed or ending up presiding over a rubber-stamping system, we therefore have to pressure countries to introduce ID systems which we can then presume provide a valid and accurate statement of an individual's identity. But will be really be confident in these, or will we simply be making that presumption in order to stop our own systems breaking down?

So who the hell do you think you are?

We shouldn't get too sniffy about the reliability of identity systems in the developing world, because when it comes down to it we in the west have precious little justification in being so damned sure about identity. Try this little parlour game, which I promise you has a moral to it. Ask yourself who you are, how you know this, and how far back in your life you can get before you start to get a little doubtful. You won't get anything like so far back if you perform the exercise on friends and family, but stick with yourself for the moment. Your family can vouch for you up to a point - but are they telling the truth? You have a birth certificate, but is this really you? Is the information on it correct? How do you know?

Fingerprints don't work when you're born (even David Blunkett doesn't fingerprint newborn babes yet, anyway), and general DNA testing at birth doesn't exist yet either. But say it did, and you were then able to point out that your DNA matched the DNA on the birth record, therefore you were definitely you... Er, who? Of itself this simply means your DNA matches the birth record, which is just as close to establishing ID as your fingerprint matching your passport (we covered this, right?). But it also provides proof that you are related to the people in your immediate family (or not - hey, mom...), and various things about your broader ancestry.

Effectively, what it's doing is establishing an identity for you in relation to the identities of a number of people surrounding and preceding you. But your identity, or what you think of as your identity, is something that has been assumed, generally, and by the accepted systems, as genuine at some point. This is probably around time of birth, but not necessarily, and not entirely - Fergusson, for example, suggests a Fergus as parent (allegedly...) at some point in the past, while Smith suggests an ancestral occupation and Pasteur a dairyman (joke - don't write in).

Identity is actually something that is established through a series of factors, history, occupation, location, parentage, and the whereabouts and circumstances of you or your ancestors when state systems began to require fixed and recorded tagging systems. The existence of these fixed systems does not however mean that you do not have multiple identities or identifiers (more people in my street, for example, will know me as the bloke at the top of the road with the dodgy old motor than will know me by name), nor does it mean that what they regard as fixed is what you personally regard as your identity.

But they've got something they're happy to think of as your unique identity, and we think of what's happening now as a successor to the processes that defined that ID for them. In developed countries at some point in the past couple of centuries the music stopped, censuses were taken and identity standards were defined. Now governments are pushing for a similar, global exercise that will result in everybody having what government will view as a standard identity, and where there is no pre-existing reliable identifier (as in the instances where people who didn't use surnames were assigned them), a new, relatively arbitrary one will be created.

As we've seen, this doesn't get us very far, because what we're interested in is the things that are associated with this identity, rather than the identity itself. Granted that false identities will inevitably be imported into the new systems, we'll need to wait at least a generation for these to work through, and granted that the systems' efficacy in fighting crime is dependent on accurate input of new associations, we'll need to wait a lot longer than that. But we will be able to say who everybody was saying they were when they first entered the system. Cool - but is it helpful, or worth the money? ®

Related stories

Blunkett ready to force through compulsory ID for UK
Draft ID card bill makes it to Queen's speech
Mission impossible? Blunkett's big biometric ID adventure

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.