From the IDWorkshop mailing list. There seems to be a lot of activity at the moment around government driven identity schemes. In the last few days, I've seen a report on Californian limitations on rfid based cards. But being a Brit what really interests me is the UK proposals. This has been given a kick by the recent atrocities. And not all in favour of the ID cards. Even the Home Secretary has admitted on TV that ID cards and ID systems would not have made any difference. These are particularly interesting. http://www.theregister.co.uk/2005/07/26/overseas_passports_biometric/ http://www.theregister.co.uk/2005/07/25/id_card_goes_icao/ One aspect I find fascinating is the problems they are having deciding where the source of all subsequent trust comes from. What they are falling back on is that the whole house of cards rests on the integrity and accuracy of the National Identity Register which is the underlying database. But they are using security by obscurity (or simple political spin) to avoid explaining how this integrity is maintained. As El Reg so eloquently puts it. "Effectively, it's a system which by design puts all of its eggs in one basket, and is dependent on that basket being made impregnable via measures which the Government will never reveal or discuss. Trust us..." This reminds me of the problems and process obtaining SSL Certs from the major Cert suppliers. All they were ever really proving was that whoever ordered the Cert could work a fax machine. But having done that the Cert could then be used to verify the identity of the holder. So IMHO, the whole trust tree surrounding web certs rests on a dubious premise and really just looks like a mechanism for charging fees. This doesn't stop SSL working, but it does limit it's usefulness. I can understand how PGP's web of trust works. What I can't understand is how any tree structured ID trust system can work. It feels like "turtles all the way down". Eventually you get to some body that claims ultimate accuracy. But in the real world, they can't. Back to politics, while this is happening, two pledges have started http://www.pledgebank.com/refuse I will refuse to register for an ID card and will donate £10 to a legal defence fund but only if 10000 other people will also make this same pledge. 10724 people have signed http://www.pledgebank.com/resist "I will actively support those people who, on behalf of all of us*, refuse to register for an ID card, and I pledge to pay at least £20 into a fighting fund for them but only if 50000 other people will too." A mere 190 signatures. |
[ << Why is digital rights important ] [ Government Identity Part II >> ]
[ 29-Jul-05 10:06am ] [ Identity ]