Original URL: https://www.theregister.co.uk/2006/10/27/letters_2710/

Identity, voting and missing fingers

With added nuclear zing

By Lucy Sherriff

Posted in Bootnotes, 27th October 2006 15:29 GMT

Letters There is a bit of a fingerprinted theme to today's letters page, but we have plenty of other stuff too, so let's get started.

The government, having consulted with as many agreeable people as it could find, decided that it has a plan for dealing with our nuclear waste. Simple, and ingenious, we're sure you'll agree. Let's bury it! The idea's been popular before...

The channel tunnel! Bury it in the tunnel!

Can I have my finders fee now please?


"... because people are strangely resistant to the idea of living on top of a smouldering pile of depleted fuel rods ..."

Well such unnecessary language does little to help matters. "Smouldering pile" is not a very good description, and it has to be pointed out that many people in already live on top of a pile of radioactive material - especially those in Edinburgh and the surrounding area. The radioactive material is more commonly called 'granite'.


I wonder what would happen if a local authority within the M25 applied?

Would the government suddenly discover special reasons to exclude them?

(Personally I think that "burying" this stuff is probably the stupidest scheme. When something does go wrong it will cost billions to fix it. Much better to keep the stuff on the surface when problems are both obvious and easily fixable.)


Ireland's e-voting scheme looks a little shaky to our newly-Ireland-based Thomas C Greene. So let's get that debate going. Pass the popcorn:

I disagree with Thomas Greene's assessment of the e-voting debacle in Ireland.

The combination of electronic machines with a paper record...can only be useful if the design is secure. Still, it's the /least/ desirable alternative because it introduces needless complexity, and tremendous uncertainty when results are in dispute. How do you know which record, the electronic or the paper, is valid? Either component can be attacked, can fail, or can simply be designed badly.

This is a common misconception. The paper ballots are the ones verified by the voters. So, if there is any uncertainty, then the paper takes precedence. It's a matter of system design to ensure that in practice, there is no discrepancy between the electronic and paper versions. There may be better solutions than voter verified paper ballots (VVPB), but the least desirable system is not VVPB. It is unverifiable electronic voting machines.

When confronted by news that a voting machine had been compromised, Ahern noted that "the anti-electronic voting campaign group in the Netherlands physically hacked into a machine to demonstrate security flaws. If one hacked into a ballot box one could do that too".

It's a sensible observation, but it doesn't help.

It is not a sensible observation. Ballot boxes are prepared for use in the presence of candidates and their agents. Everyone can ensure that there are no ballots already present. At the end of polling, they are sealed under a similar level of scrutiny.

They are opened under similar secure conditions at counting centres, under full public gaze. Unveriable voting machines simply do not have this level of transparency. There is no escaping the fact that we are required to blindly trust whatever software happens to be running on the machine.

There are certainly risks associated with paper ballot elections. But every objective assessment shows they are far more trustworthy than unverifiable electronic voting machines.

For secure, trustworthy e-voting, one needs hardware validated by an independent (and competent) testing agency, and a system to ensure that only validated hardware is used (ie, no post-validation equipment changes of any sort, and fragile seals to indicate tampering visibly).

Wrong. We don't need ballot boxes to be tested by any "independent testing agency". So, we demand the same level of assurance from electronic voting, which is a system that can be verified by the users, ie. the voters, and does not require us to trust any independent testing agency.

The experience in Ireland has been that once a government chooses a system to use, the testing simply becomes a rubber stamping exercise. One can see this in the Irish case, where for example, the testing performed by the PTB institute in Germany, was not testing at all, rather it was a form of inspection and observation. Unfortunately, few people read the test reports, and even fewer actually understand the implications of the (lack of) actual testing done.

Next, one needs software validated by an independent testing agency, and a mechanism to ensure that only validated software can be installed. This would involve the compiler, all source code, libraries, encryption software, etc. It doesn't have to be /open source/, but the validating agency has got to have access to every single bit. It would then build all of the software and issue approved copies. This can be verified cryptographically, cheaply, and easily.

Wrong again. Exactly the same argument applies as for the hardware.

Of course, there must not be any mechanism for remote IP access or switched telephone access to the machines or the database. Leased lines only.

There also needs to be a validated auditing mechanism to show every instance of access to the machines and the database.

Internal audit trails produced by the software which we don't want or need to trust, are worthless.

All the best,


Now, don protective gloves and click on the link for the next page...

Fingerprinting kids so they can be registered for school, or access their libraries is not going down well with all parents. Some are even getting lawyered up. But why are schools soooo keen on the technology in the first place?

I am the network manager in a secondary school and we were looking into a biometric fingerprint registration system. I had a few concerns which were answered as follows:-

1. The fingerprint stored uses only four identifying points. We were assured that the police would therefore not be able to use the prints because they require 7 points to positively identify someone.

2. The stored fingerprint is stored along with the pupil's name as an encrypted "hash" file, and stored within the fingerprinting terminal itself - it is not on a central database. The terminal sends only a timestamp, pupil ID and a Yes string to the database for registration.

This would mean that the police would have to download the hashes from the terminal, which is very dificult to do, and then compare the crime scene print's hash with the original hash - after decryping the whole lot. The company supplying the terminals furthermore stated that they would contest in court any police request for assistance in doing this. We were assured that it would be easier for the police to fingerprint the entire school again rather than follow this process. Granted, they are selling a product, but they seemed very convincing.

The problem is with registration itself. Increasing government red tape means that attendance data has to be provided in electronic format. This means that calling out a register is no longer viable, as it then takes an employee several hours to scan/enter this data. Credit cards are no good either, as Johnny Truant will simply give his card to Freddy Diligent to swipe in for him. PIN codes are the same. Retinal scanners do not work on about 20% of the population, without considering the uproar that shining bright lights into pupils' eyes twice a day woudl provoke.

This leaves fingerprints as the only method that minimises administration time, is reliable and ensures that pupil X has actually attended. The real problem is the government regulations that demand this data in electronic format.

I personally do not like the idea of fingerprinting systems but recognise that they are the ideal solution to the problem. It is the government that is forcing schools down this road, and a cynic could argue that fingerprinting the entire population is an underlying aim.

Wasn't there some talk about ID cards....?


Richard Furlong states: "People say, 'if you've got nothing to hide, you've got nothing to fear', I always say, well how much do you earn then?"

I prefer "Do you have curtains?"


Oh well played, sir, well played. We'll nick that one for future use...

FAO Richard Furlong:

In answer to your question, £17,500 pa.

Yours is the same arguement that means a speed camera needs to be clearly marked, so that if people wish to break the law, they can make an informed decision about whether they will be caught. The innocent are only innocent until they become a criminal, why should it do any harm for the police to have the records on file?

Lets just say someone you loved was murdered, and the only clue left behind was a single fingerprint on the murder weapon. If that person had never commited a crime before, and never did again, they would never be caught. However, for the sake of the police (who know who we all are anyway) having his/her prints on record in advance, they could pick the murderer up the next day.

Talk about a nanny-state, we protect criminals because of a refusal to allow any group to suspect us of being one.


So all this biometric stuff makes people worry they'll have their fingers chopped off, eh? At least one of you already has a workaround in place:

My way of objecting to fingerprints. ( Especially for the U.S. Visit program )

The day I have to use my fingerprint for _any_ identification purpose, will be the same day that I make a high resolution scan of my fingerprints available on the Internet. Cryptographers have a term for this: "Plausible deniability"

By reducing the identificational value of my fingerprint to nill. (Everyone, even Osama, can make a gelatine cast of my prints ), I am simultaniously making them worthless for the U.S. government...

Frank, Oslo, Norway

There is -no- stuff that I want to give up a limb or an organ for. None, whatsoever. If it's that important for you to take it, have it already, just get away from me.

I'd be far more interested in technology that would render products useless. Obviously, this would work spectacularly well for any electronic device. I would either want it to be found back easily and returned to me, if possible, and if not: send out a signal, world-wide if you have to, that just shuts it down permanently.

It's all about making it useless to the perpetrator. Steal my cell/Palm/Crackberry = I'll have it turned into a brick. Steal my car = all the electronics dies at once., steal my computer = fry the motherboard.

But protecting it with biometrics? Nothing is that important. Just buy good insurance.


"fingerprint scanner protecting your family jewels"? Have you been buying codpieces from the Innovations catalogue again?


In the book science fiction "One of Us", the author Michael Marshall Smith takes this one step further. The book's protagonist is a small-time crook, who lands in trouble with shady associates and has to borrow money.

He does this buy 'buying' a finger; the severed finger of one Walter Fitt, severed whilst said man was alive and attached to a small life support system to keep it alive (the owner, the hapless Walter Fitt presumably then being killed) so that from then until the disappearence of the owner is noticed, there is a source of mostly untraceable currency.

The thing is, this is not wholly science fiction. Keeping bits of organisms alive, at least for a few hours, is relatively simple; complicating factors only set in after several hours (and this is slowed down if the tissue is kept cold).

I personally think that the biometrics industry needs to take a long hard look at the various ways an utterly amoral and nasty crook might try to circumvent their systems; fingerprints aren't foolproof, eye irises aren't either and just about everything else is experimental.

Keys are likely to be with us for a long time yet.

Dr. Dan

Great book, that one.

More fingerprinting the yoof. And this time, the case in favour:

My son has just started studying for his Leaving Certificate (the Irish equivalent to A-levels). He has to use a combination of a palm print and a pin each morning as he enters the school, although attendance is taken in each class as well.

I reckon the palm print is to prevent kids logging each other in. Oh, and the 'you're being watched'- vibe it gives him freaks him out, which I regard as something of a good thing given how prone teenage boys are to arsing off.

Recent research into development of adolescent brains has shown that the part of the brain that deals with long-term decision making and delayed gratification isn't fully developed until late teens/early twenties. So maybe as parents we need to be a little willing to put some safeguards around the kids' decisions - analogous to the way you don't let a 5 year old cross the road alone because their speed perception isn't fully developed yet. A 16/17/18 year old may look like an adult, but they aren't, and they don't think like one yet.

Emma Gottesman

New, shiny SSL. What's that? You don't love it?

Ie7 does not play nicely with ssl sites that use a self signed certificate. I already trust myself but now Microsoft wants us to buy expensive certificates off their mates or my web apps will stay broken. In internet exploder.

- Sim

  Oh, puh-lease!  The real story here is how Verisign is working on new "products" to keep its own profit margins up. And, perhaps, that most Homo Sapiens are less wise than the moniker implies.

Put another way: in spite of my attempts to the contrary, most of my relatives don't look at the lock. They don't even look _for_ the lock. So unless it is made to pulse in some particularly eye-catching way, fuggeddaboudit. The people who actually look for/at the indicators for "security" are probably already smart enough to not fall for the phish-bait in the first place.

Finally, just because the new certificate costs more doesn't mean the purchaser is clean.  It just means the check cleared. So I'll keep flogging FireFox to my lower-tech family, knowing they are better off. And I'll continue pushing an alternate OS to the latest from Redmond.

- Del

So the question left unanswered is: what is an extended validation certificate? Does that mean that verisign went over to the company and did its job, checking to see that the sign outside really said Amazon? Green and red text are very nice, excepting of course for the color blind, but the whole point of the certificate process has been to make sure that the people with the certificates are who they claim to be. I don't think this has been broken yet.   My guess is that these are really a marketing ploy - so Verisign can make more money, and so that microsoft can get paid as well to keep companies off the black list. Capitalism, not consumer protection, makes the world go 'round.


Microsoft manages to bend time to its will:

I was wondering just how micro$oft managed to screw this one up. It's not exactly like it's a rare phenom. Exactly the same thing happened in 2004, 2005, 2006 and will happen again in 2010, 2011 and  2012.

In fact, on average there are 3-4 months in every year that have 5 Sundays in them. What's going to happen when the clocks go forward, why is that not a problem.. Or have they just not realised it yet?

Of course we all know the real reason... Sloppy coding.


A schoolboy error indeed, but if anything I'm surprised there aren't more of this class of bug.  Calendars are notoriously tricky things to get 100% right, especially without a clear specification.  How many PDAs have calendars that run up to 2099?  That's not just a randomly chosen year because 2100 will not be a leap year.  What about the year 8000?  Any guesses? Well, it hasn't been defined yet though I doubt many people are concerned by that.  Although there is a possibility that 2048 will be demoted from its leap year status.

This is before we get into local variations.  If Microsoft ever try to regionalise their calendars they better be in for a rough ride.  The Hindu calendar has a leap month when the sun is in the same sign of the stellar zodiac on two consecutive dark moons, whilst the Hebrew calendar ensures that the year never beings on Sunday, Wednesday or Friday.  Where I work, the number of weeks in the year depends on the time of day.  Really - it does.

Just don't try explaining that to the upper management.  All they are interested in is that the work week is the same as Microsoft's whilst ending at 7 p.m. on Saturday.  See what I mean about a clear specification?


Microsoft may have new software by then, but considering the company I work for (One of the UK’s largest) is still running windows NT workstation on the majority of its machines. (Still has NT server on at least the 3000 servers I deal with too), 2016 may still be see the odd occurrences of this error, although as a professional programmer, this does make me wonder what sort of cowboys Microsoft has working for them?? Why did 5 Sundays in a month never occur to them, it’s not exactly unprecedented to have the same 5 weekdays in any one month

Andy S

I’m frankly shocked you didn’t throw in some sort of Doctor Who reference in the article.  Then again, perhaps it is just far too obvious to a uk-based audience. 

Greg Gilbraith


And that is all for this week. More next week, so tell us all about it. You know you want to. ®