May 2004 - cypherpunks-legacy

De Soto: A Hero Of Third World Capitalism
by R. A. Hettinga 06 May '04

06 May '04

<http://online.wsj.com/article_print/0,,SB108379937572903386,00.html> The Wall Street Journal May 6, 2004 COMMENTARY De Soto: A Hero Of Third World Capitalism By JOHN BLUNDELL May 6, 2004 Hernando de Soto has been the target of several murder attempts -- an accolade few other economists can claim. The Peruvian's would-be murderers range from the drug barons who depend on lawlessness to prosper, to the deranged Marxist terrorists of "The Shining Path" gangs and, it seems, to several agencies of the Fujimori regime in Lima who did not like the veil on their corruptions being lifted. But Mr. de Soto has remained faithful to his mission -- to evangelize for the capitalist solution to so-called Third World misery: give them property, markets and laws. Here in the so-called First World we enjoy two great benefits from which people in the Third World are locked out -- private property rights and the rule of law. These make our growth, our markets and our society possible. Here we have defined property. I do not mean just real estate. Our lives are a pulsating penumbra of contractual relationships. At its most obvious we own a vehicle. We own, that is to say have secure possession of, many items of great value but often no more than paper claims upon third parties. . . . what are all shares and bonds but such abstractions identified with symbols on pages? Our property rights may get dented by burglars but almost never are they fully expropriated. If we find ourselves in disputes with others we resort to courts. In other words we live by what F.A. Hayek called "Rules of Just Conduct." So settled are these assumptions that it is a jolt to realize that in the most impoverished three quarters of mankind, people do not live in a psychological or material landscape where our familiar institutions work. Poverty is not the result of lack of assets. It is the inability of people to possess -- or trade -- the assets they do have. That's why Mr. de Soto's work is so important. And why he will be awarded the biennial $500,000 Milton Friedman Prize tonight by Washington's prestigious Cato Institute. Hernando de Soto is awarded his laurels for his intellectual achievement. His work has been explained in diverse articles and lectures and distilled into two fine books "The Other Path" (1989) and "The Mystery of Capital" (2000). Both are magisterial. Both are utterly subversive of the stale assumptions under which the Third World is most often discussed. But it would be wrong not to refer to Mr. de Soto's moral and physical courage. Having made a small fortune in business in Europe he could have retired at 38 and lived well in his native Peru. He says that returning to his homeland opened his imagination. Why were his compatriots so poor while the Europeans were so prosperous? One happy discovery Mr. de Soto has made is that the poor are often rather more wealthy than is seen in official statistics. If you live in Ecuador or Uganda or Vietnam you may not feature in national statistics. These are formal frauds concocted by the bureaucracies of the Third World State often to demonstrate they need yet more "aid." An Ecuadorian's straw hats, a Ugandan's sweet potatoes or a Vietnamese's shrimp harvests may not figure in any official inventory, yet they are the product of conscientious work supplying their local markets or, as we might say, "creating value." Every Third World city has its shanty towns. To the naive donor nations these are proof of poverty. Yet these places, bereft of services we regard as normal, are clearly a step up from the deeper poverty of their rural hinterlands. These shanty towns, it turns out, have subtle property rights and adjudications but of course no recourse to normal contract law. Brazilian companies will not run electricity or water or gas to such sprawls of population because the authorities will not permit them. Mr. de Soto's analysis is subtle. Often you cannot see the Third World's intangible webs of licenses, permits, consents, tariffs, levies and extortions. He offers no excuses to the World Bank and all the other well lubricated official aid agencies. He says in every case they connive at the barriers. They make matters worse and often preserve the worst of the agencies of these failing states. The people of the immiserated nations are just like the readers of The Wall Street Journal. They are as agile. They are as dexterous. They are as intelligent. They work the long hours. Yet their daily strivings seem to produce little. This is not because they are obtuse or stupid or misdirected. It is because they do not have the assurance and clarification of who owns what. Place a Harvard MBA in a favela next to Sao Paulo in Brazil and he would be lost. He would be lost because he could get no credit as no property rights are permitted by the State. Try being a financial wizard without any access to finance. Try selling shoes or furniture or beans. So, the people of the Third World do not need injections of "aid" or even well-meaning Peace Corps volunteers. They need property rights. I now see the entire Third World dilemma in a different light after encountering Hernando de Soto. I think he has changed the Peruvian perception of itself too. The enemy of the poor is really the tiny elite of these nations. They live a life of relative luxury because they have access to the sort of property rights we all enjoy. Try buying even a few dollars worth of IBM or Wal-Mart or BP if you live in a favela. No stockbroker will want to deal with you. No banker will open an account where no postman can deliver your mail. The bulk of the population is simply kept out of the extended order of the world's trading system. Try being a farmer if you have no tenancy let alone any freehold. So, my congratulations to Hernando de Soto. Here is capitalism as a noble ideal that will lift countless millions, rather than the parody of corporate greed we see from Enron and related betrayals of the law-abiding, trade enhancing ideal of the company. A market stall trader on a street corner in La Paz is the blood brother of a Carrefour or Marks & Spencer employee. John Blundell is director-general of the Institute of Economic Affairs in London, England. He served as a judge for the Milton Friedman Prize. -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

Everything you never wanted to know about the UK ID card
by R. A. Hettinga 06 May '04

06 May '04

<http://www.theregister.co.uk/2004/05/05/complete_idcard_guide/print.html> The Register Biting the hand that feeds IT The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; Original URL: http://www.theregister.co.uk/2004/05/05/complete_idcard_guide/ Everything you never wanted to know about the UK ID card By John Lettice (john.lettice(a)theregister.co.uk) Published Wednesday 5th May 2004 20:47 GMT A pub bore's guide Do you know how the UK's projected compulsory ID card will work, and what it will entail? If you do, you're significantly in advance of David Blunkett and the Home Office, because although a draft bill and consultation document was published at the end of April, these really only provide signposts to what the powers that be would like it to be able to do, and a little bit of evidence as to how they might propose to get it to do these things. But we're considerably further on in terms of information than we were before the draft, and it's not likely to get much better by the time the consultation period ends. So, as our small contribution to the democratic process, we present The Register Idiot's Guide to the UK ID Card. What do you get, when? There will be a "family" of ID documents that will be phased in, beginning with passports. These will start to appear in three years, at which point it will not be possible to get an old style non-biometric passport. The system's non-compulsory nature therefore hinges on your not actually wanting a passport any more - otherwise you have to give the Passport Office the #73 for the new one. Rollout periods for other members of the family are not covered in the draft bill, but as these are introduced, the old version will similarly cease to exist. Proud owners of old-style perpetual paper UK driving licences, already smug because they don't have to cough up to renew the existing picture licence, can be even smugger. Until such time as Blunkett hunts us all down. The new ten year biometric driving licence will cost around #69, says the Home Office (what do they mean "around"? #68.99?) and the new ten year ID card #35. Which, if they don't get feature-consolidated pretty quickly, is an impressive outlay every ten years. 80 per cent penetration for the new ID is intended to be achieved by 2013. The draft bill includes power to set a date for the card becoming compulsory, but this will not happen until after "the initial stage of the identity card scheme was in place and following a vote in both Houses of Parliament on a detailed report which sets out all the reasons for the proposed move to compulsion." Correct - that does not specify a date. The ID document will contain a picture, one or more pieces of biometric ID, and a unique number which will identity you on the central database. The documentation at the moment only talks about what is likely to be visible on the document, with name and date of birth being put forward as the bare minimum. But it is more specific about the information that will be recorded in the database (see below). The Home Office suggests more visible information: "name, age, validity dates, whether a person has a right to work, and an unique number". There you go, feature-creep already. The biometric can be used to tie a specific individual to the ID document, and to look up an individual and identity them from the database. In that case, you theoretically don't need the document to identify someone in the first place, and the Home Office (and Blunkett) do airily suggest that people might want to have a database check performed on themselves in order to establish their identity. But as we explain below, this really is not something it's smart for them to be pinning too much hope on. Which biometric? For reasons explained here, (http://www.theregister.co.uk/2004/04/19/biometrics/) previous Home Office studies fix on fingerprint as the best combination of identifier and practicality, but recommend a second biometric to be used as a decider in order to bring false alarms down to a more acceptable level (using fingerprint alone with a reasonable trade-off between false alarms and failed matches, Heathrow would generate in excess of 1,000 false alarms a week). The choice of the second biometric isn't so obvious. Iris is in principle a more effective ID biometric than fingerprint, but you need optimum positioning, lighting etc, so it's not so good for widespread deployment or fast throughput in an immigration queue. Facial recognition currently doesn't cut it for mass ID purposes, but might just work as a 50:50 'decider throw' secondary biometric for use at entry points. But the big thing it has going for it is that it's been adopted by ICAO (the International Civil Aviation Authority) as the next step for machine-readable passports. So unless ICAO is persuaded to change its mind, it's coming in passports anyway. ICAO's decision, by the way, seems to have been made on the basis that face had a higher "compatibility" rating than fingerprint or iris. By this, they appear to mean that because passport-based identity currently leans heavily on the picture, it makes sense to carry on using the picture (Yes, we know - don't tell us, tell ICAO). So although the Home Office has kicked off a 10,000 volunteer trial of the three technologies, fingerprint seems the racing certainty for primary biometric, with facial a strong contender for the secondary. The Home Office no doubt has its own reasons for thinking the trial will tell it something useful, but as the target population is over 60 million (us, plus all the people we're looking for and have data on), and the British Airport Authority airports processed 134 million passengers last year (Heathrow 60 million, Gatwick 30 million), you could reasonably doubt that it will learn much of value applicable to very large throughputs and databases. Issues associated with the deployment of the secondary biometric readers (cost, location, environment) could well lead to their not being used outside of entry points and major installations, which might mean non-passport ID would use only the fingerprint. Other differences are likely to creep in; for example, the Home Office appears to be willing to allow veiled pictures for moslem women in ID, but the draft documentation reiterates current passport office guidelines, which amount to 'headscarf OK, veil bad'. So unless somebody's got it wrong, different strengths of ID are already creeping in, and any dreams you had about a single, do-anything document are way, way in the future. The Home Office's suggestion of three different levels of checking (see below), by the way, makes it clear that it in some senses accepts the view that you should use different strengths of security in different situations. But philosophically this doesn't entirely match with its pitching the cards as a single, high-strength security device. How will it work? That depends. The basic link is between you and the document, and this can be readily established by using a machine that checks you against the biometrics in the document. This is essentially a local check which depends on the document being valid and untampered with in the first place, but the introduction of biometrics in the document should make it significantly harder to produce forgeries, so we can expect a substantial initial increase in confidence in the piece of ID produced, even if we are simply looking at the picture and not bothering with the biometrics. Which is A Good Thing, because it's difficult to conceive of biometric readers being either welcome or likely to stay in usable nick for long at point of sale, doctor's surgery, council offices, etc. The Home Office suggests three likely levels of check for non-government purposes. Retailers would check the photo, banks etc would check the biometric and verify it against the database, and employers would check immigration status "via an automated telephone check." These suggestions most likely derive from the Home Office's doomed quest to make us love and demand ID cards, and on a voluntary basis are unlikely to become widespread. How often do you get asked for ID to back up your credit card? So why should shops want the new passport when they don't want the old passport? Banks do need to make pretty strict checks covering identity and place of residence when you open a bank account, but their existing systems work, and they won't jump into a new and unproven system which, from their point of view, brings little to the table, lightly. Plus they're already reading entirely different kinds of cards. And employee checks? Here comes the stick. Employers don't at the moment have to check immigration status when they hire someone, so why would they? Indeed, why would they care? But under the provisions of the Asylum and Immigration Act 1996 the secretary of state can make orders requiring eligibility checks by employers. This will be considered "closer to the date of implementation" of the ID card scheme. The Home Office, bless 'em, pitches ID cards as the "key to the UK's future", and witters (in the press release) (http://www.homeoffice.gov.uk/n_story.asp?item_id=918) that "crucially, the cards will help people to live their lives more easily, giving them a watertight proof of identity for use in daily transactions and travel." So it's clear they want all of your personal transactions to be underpinned by the national unique ID, but we've already seen that the private sector is unlikely to be keen. Not only that, it's more likely to be actively hostile. Banks and credit card companies do not want to make their systems dependent on a database they're not in control of, and no matter how much you want all of your credit cards on one piece of plastic (which is a bad idea anyway, trust us), they ain't going to give you it. They really are not going to help the government in its efforts to make the ID card popular. Really. Moving on from low level and relatively rare operation in the private sector, we get to the government and public sector. There will, as we've already suggested, be considerable resistance to the use of readers and the checking of cards in areas of the public sector, but this will be neither here nor there from the point of view of you, the user. Think about it: not that many of the public services you're likely to be using will be available if you don't establish an ID as part of the process, and you go onto a record as a part of that process. So doctors can be as precious as they like about not checking your ID card, but will still put you onto a list which can and will be checked against the ID register, and if it's not on there, consequences will ensue. As the system matures and increasingly interacts with other public sector ID systems, it will inevitably engulf the whole of the public sector, and it doesn't need support for this to happen. The arms of government that obviously do want to embrace the system are passports and immigration, and the police. It will most obviously sing and dance at the arrivals terminal, so it's worth at this point taking a small detour so that we understand that the singing and the dancing here will by no means be automatic. Passport Control We've already established that a biometric will be used to tie the bearer to the document, and that we can use a secondary biometric to deal with disputes, and a network check in addition to this. But rewind - how, physically, are we handling this? We need to have a reader that will take the biometric from the passport and compare it to a handprint (we'll assume we're doing fingers, OK?) which will probably be produced by placing one hand firmly on a flat surface. So we need the people coming in to understand what they're supposed to do and get it right, and we need to deal with failures to read the passport, and we need to intercept jokers, terrorists and our slower brethren who might be using false hands, cunning fingerprint gloves, or even just the wrong hand. We need an attendant combining a nice and a nasty attitude as appropriate to get them through, or whisk them off to another stage in the process where complete failures to read are checked more thoroughly. Maybe you get your terrorists in there, and you'll certainly get some immigration 'issues' but mostly you're likely to net perfectly innocent UK citizens whose fingers are worn/dirty or whose passports are bust. So you're detaining people you wouldn't have detained under the current system, and you need to undetain them pretty fast if you don't want unpleasant headlines about dud government IT systems in the press. Aside from reading failures and hardware failures, you'll have false matches and failures to identify, and you need procedures to deal with these. For a false match you need to check the secondary biometric to arbitrate, so you need to move these people quickly to that reader, and through it without their thinking 'I am being accused of being a terrorist.' Failure to identify is trickier, because you need to decide on a procedure. If they fail to match up to an apparently working passport, they might also fail to match up to a network check, because you're comparing them to the same thing, right? So do you have a fraud, or do you have somebody with worn fingerprints? If the secondary biometric is iris, then you can check them with that and be pretty sure which, but can you trust facial to be used as a primary identifier? No, you can't, so you you're either treating all of this category of exception as suspect, or you're making human decisions that will, as previously, not always hit the right target. Given that you will be able to check (unless the network is down) whether or not the passport, name and ID exists on the database, you can at least flag failures to read for future investigation. You might be able to avoid quite a bit of the above if you take a slightly different view of what it you're looking for. Failure to match, or false non-match, can be expected to run at a fairly high rate if false alarm/false match is kept down to an acceptable level. The bulk of your failures to match will, actually, be false non-matches, i.e. people who really are on the database but who don't match up to it in this particular instance. And a terrorist is unlikely to want to chance it on the basis that they've got, say a 5 per cent chance of getting through. So you ignore them all? Ah, but when word gets around, the bad guys and the multiple applicants will take steps to file down their fingerprints a little before they attempt entry, and your acceptable compromise starts to morph into a security hole. Which is why flagging failures is important. The network check is obviously useful in cases of passport failure (NB it's an offence not to get it fixed once you know it's broken), but is dependent on the network being up and the response being swift. The Home Office appears to envisage a pretty high level of network checking, but it seems reasonable to doubt that this will happen in real life. Current UK passports first became machine-readable in 1988, but are seldom machine-read. Theoretically this could be used to check that the passport actually exists, that the bearer is not on a watchlist, and that it has not been notified lost or stolen - but possibly not in the latter case. The Passport Office announced a lost and stolen database in December 2003, so IND (the Immigration and Nationality Directorate) may only recently have been able to start looking. Similarly IND has also been working on an automated fingerprint system, intended to match fingers against the 350,000 fingerprints (a 2001 figure) it has on file, and a "warnings list" system. It also has a case information system developed by Siemens and called ACID Warehouse. Really. As we contemplate how effectively we're not using the systems we've had available for 15 years, we should consider the way we're currently not using it. In the EU citizen channel at the airport we'll probably have the picture page of our passport looked at and be nodded through. The introduction of machines will add a more time-consuming stage to this (failures in the queue will slow you up, even if you register first time) and more staff. The process will still need the staff on the desk looking you over, unless we're going to trust machine decision-making entirely as our front line. As non-UK passports won't work with the system, other EU citizens will now have to have their own channel, faster than the UK one, or be sent to the Channel of Death, where we send everybody else. But if they are they'll complain to Brussels, and we'll be told to stoppit. There are actually strict EU limits on what immigration is allowed to ask the local citizenry - did you know this? "As a result of judgements in the European Court of Justice (ECJ), an immigration officer may not require an EEA national to answer questions regarding the purpose and duration of his journey and the financial means available to him. Examination should be restricted to the occasional discretionary warnings index check. Questions may only be directed at establishing whether the person's admission to the United Kingdom would result in a threat to public policy, or public security or public health." (Source: IND general guidance document. Get lippy at your own risk and don't blame us.) Many difficult questions will arise at the airport, where conditions will be just about as optimum as they can get. But what about elsewhere, what about the ferryport? At busy ones, the increasing size of the ferries can produce longish unloading queues already, and mostly all that happens is that drivers holding a clutch of things that looks like approximately the right number of the right documents are waved through. So where do we put the reader? And where do we put the holding area where all the passengers get out of the car, deliver their print and get back in? Where do we put the tailback (quick, there's another three ferryloads coming in)? Nightmare. Monitoring departures is actually harder, because typically the passport check is conducted by the ferry staff, and there's a non-secure holding area beyond this where passengers could be switched. We can all look forward to hearing how the government's going to figure this one out without bankrupting all the ferry companies. The Police The draft is quite specific that it will not be compulsory to carry an ID card, nor will it be permissible for the police to demand to see your card. But in the case of the driving licence (which will morph into an ID card) you'll still have to report to a police station to show it within seven days, and the consultation document tells us that "people will be able to have their biometrics checked against the Register even in the absence of a card on a voluntary basis in order to establish their identity if, for example, they are stopped by the police." To grasp the full import of this peculiarly British situation, we need to think a little about the powers the police already have, and the way they use them. They can't ask you for ID, but they can seek to establish your identity if they arrest you, and they can<//em> arrest you on grounds of reasonable suspicion. Questioning their reasonableness at this juncture is usually not constructive, although you may consider risking a polite indication that you are aware of the relevant laws. Also, their powers of stop and search have been reintroduced via several anti-terrorist measures, and these have been so widely deployed against demonstrators that even David Blunkett has expressed concern. Effectively though, if they want to find out who you are, they have the means to do so, and if they've arrested you, they have the means to find out who you are. But they actually only want to know who you are in pretty specific circumstances. There are those where their reasonable suspicion is actually pretty reasonable, and there are more heavy-handed and wider-ranging checks of, say, protesters at an arms fair. But bitter experience from the 80s means that they avoid stop and search operations that would be interpreted as ethnically targeted and that might trigger unfortunate riot-style situations. So the police are not going to voluntarily implement intensive ID checking in areas of high immigrant population, and the kind of gains that could be made (if you call lots more illegals caught plus lots of bits of London ablaze, gains) by pass-law style implementation of ID won't happen. News that senior police officers support a compulsory ID card is about as surprising as news that they've got fast cars with groovy flashing lights. But in operation the card is most likely to be an adminstrative convenience to them, used to provide a more reliable ID in circumstances where they're seeking to establish it. If the ID's present they can rely more on it being genuine, and if it's not they can establish ID quickly by checking against the database. This will, as at present, leave them with those with invalid ID, but the process should be faster. It'll also allow them to check immigration status and right to work, as these will be on the database even if they're not on the face of the card, so it speeds their processing here, if it's illegal immigrants they're looking for. How, though, do they do the biometric reading? The Home Office appears to envisage the use of mobile readers, but it's doubtful that these will prove reliable enough for use in some kind of networked handheld configuration, and they don't seem particularly compelling from the police point of view. A "reasonable suspicion" candidate with no ID card can be sent down to the station for checking, and one producing an ID card can be identified on the basis that the card is probably genuine and the bearer looks like the picture. If they're concerned about immigration status then a query based on the unique number can be made - biometric check is unnecessary. Nor are there any obvious scenarios where the existence of ID cards will reduce crime. If the police don't know who did it, then the ID card is no use. If they do, then the ID card is merely an administrative advantage. Sure, they know where you live, but so long as you know they know this, you're not there, right? 'What was that you said about them knowing where I live?' Ah yes, this takes us on to the National Identity Register, referred to largely in the documentation as "the Register." For the record, we are The Register, and you should therefore not worry about sentences like: "Clause 29 makes it an offence for any person to disclose information from the Register without lawful authority." Makes it damnable to write about though. The ID Register will hold data as specified in schedule 1 of the draft bill. This is: personal information - names, date and place of birth, gender, address; identifying information - photograph, fingerprint, other biometric information; residential status - nationality, entitlement to remain, terms and conditions of that entitlement; personal reference numbers - National Identity Registration Number and other government issued numbers, and validity periods of related documents; record history - historical information previously recorded, audit trail of changes and date of death; registration history - dates of application, changes to information, dates of confirmation, information regarding other ID cards already issued, details of counter-signatures; validation information - information provided by any application, modification, confirmation or issue and other steps taken in connection with an application or entry, details of any requirement to surrender; security information - personal identification numbers, password or other codes, and questions and answers that could be used to identify a person seeking access; access records - the audit trail of accesses to the entry. Not listed in schedule 1, but listed elsewhere in the documentation as being held by the Register, we have PIN, passport validation information, background evidence or document checks carried out to confirm status, details of non-UK ID (including foreign passports), and information (including biometrics, where available) of unsuccessful applications. Other categories can be added by the home secretary, and information can be added at the request of the holder, provided the home secretary agrees. Blood type and organ donor status are suggested examples of these, but this is slightly potty, given that in both cases you want the information to be immediately obvious to the medics, not dependent on them shoving your card into a reader first. So we can file that with the other feeble attempts to make the card popular. We can draw a number of conclusions from the information that's intended to be on the Register. The presence of "other government issued numbers" means that they can use the ID system to consolidate and weed the NHS and National Insurance systems as they add numbers. This will ultimately make it simpler to associate services with ID, without approval or cooperation of the operators of these services. PIN is interesting, because it could conceivably provide a mechanism for you to use your national ID over the Internet. ""In an increasingly technologically complex and global [sic - as opposed to, say, 'stubbornly oblong?'] world, correct identification has become critically important, and we want to ensure that UK citizens are properly protected and equipped to deal with this emerging world," Blunkett tells us. Unhappily, there is scant sign in the draft bill that they've actually twigged that fingerprints aren't going to be a whole heap of use when you're sitting in front of your screen (anybody who says 'personal reader', see me after class), and the odd mention of PIN is the only sign that there might be something there that they'll get to when they've time to think about anything beyond biometrics. Other listed information is, you'll note, heavily weighted towards immigration control. Clearly, the intention is to have a great deal of data on anybody who isn't a UK citizen from birth. Please yourself as to whether or not you feel this is too much information about you for the government to hold - a commissioner will be appointed to make sure the data is not abused, but actually that's not the half of it. Consider what it doesn't include, things like credit status or whether the security services are after you. Obviously if you're a wanted criminal or terrorist trying to flee the country, police and immigration are going to have you on their list (actually this isn't obvious at all, but they obviously should have you on it) in order to nick you when you hit the border check. So actually they'll have their own database which will interact with the ID Register. Similarly, a bank checking up on you is going to be checking credit rating, homeowner status, county court judgments etc, so will have its own external database and links to other external databases. It will likely prove useful to the bank to consult the Register to confirm you exist and where you live, and it's perfectly conceivable that the unique ID will therefore move out of the Register and into the world in general as a handy, well, unique identifier. So the government reps telling you there's not much in the database and there's a commissioner to mind it, so that's OK, are being really thick, in a 'don't know much about databases' sort of way. They are, without, clearly grasping it, proposing the ID Register as the focus around which an ever-increasing number of personal information databases revolve. They've set themselves a non-trivial task in keeping all of the specified information in the Register accurate and up to date, and the freeform nature of "information relating to an application or entry" will be a particular problem, because it should really be in another kind of database. Indeed, the amount of immigration-related data in the Register makes it look more like an immigration database than a general population register. Granted, the Home Office may be taking the view that the data should be there because it is needed by multiple agencies, but that's the case for much police and social services data too. If these (where they actually exist fully) can be external, why not immigration? From, the subject's perspective of course it doesn't matter whether the database is elegantly conceived and designed; what matters to subjects is the extent to which it enables the collation, use and abuse of data on them. By pitching the ID card as "watertight proof of identity for use in daily transactions and travel" the Home Office is essentially begging for the satellite databases to be produced. So, small piece of government control-freakery possibly under the commissioner's control, potential hordes of escaped privacy monsters enabled by said small database. Security and usability We can't comment on the security of the system at this juncture, but we can run down its sins against security good practice fairly readily. Experts who've given evidence to the Home Affairs Committee ID card enquiry so far have tended to fall into two camps on the scheme. The critics argue that placing all your eggs in one basket is stupid, while the apologists/supporters say that in principle the system can be made secure. If you're not immediately with the critics on this one, consider how the apologists react when pressed. They accept that by placing a great deal of reliance on one card, ID, database or whatever you are inevitably increasing the stakes, but say that in principle the system can be made to function, and can be secure. Pressed further they then concede that we can never guarantee anything 100 per cent. Security experts would be largely with the critics on this one - single points of failure are bad. The proposed ID system, however, has numerous of these, at least conceptually. If you actually need your ID card as the pivotal ID around which your life revolves, allowing you to use government services, financial services, buy stuff, then you're snookered if it breaks. Or if the network breaks. Or the Register. We also need to be concerned about what happens if the card (or the ID without the card) is stolen or compromised. Now, in principle this ought to be impossible or very hard, because the system is dependent on your particular biometric signature. But we've already noted government suggestions of areas where this would not be read, and we've suggested that not checking the biometric or not checking against the central database will be fairly common. So the theft value of the card will depend on how much of value can be obtained using it without tripping a strong biometric check. The more it is used for daily transactions, the higher this value will be. David Blunkett has claimed the system "will make identity theft and multiple identity impossible, not nearly impossible, impossible." Clearly this is untrue, but we need to assess the extent of its untruthfulness; aside from situations where ID theft is enabled by the security systems not actually being used, what about the possibility of the card, or the system, being compromised? Currently it is clearly harder to forge a biometric passport than it is a conventional one, but as biometric passports do not yet exist, why should forgers try to forge one? How much of the difficulty is because of it actually being harder, as opposed to there not having been any motivation for anybody to develop the skills yet? Clearly we can't yet be sure, but you can see the likely dangers. Traditional avenues such as switching the picture and changing the details may still be viable (although surely a bit more complicated) in instances where the biometric isn't read, and altering the biometric itself (clearly harder until it's cracked - then it's easy) could be useful if there's no network check, or depending on the procedures implemented around that check (see Passport Control, above). And there's also the job of making sure any invisible data tallies up - but never say never, it's at least as theoretically possible as the system is theoretically invulnerable, and if it is cracked, the Home Office has a very expensive security update rollout on its hands. The alternative to this is a more distributed, defence-in-depth, horses-for-courses approach where you use different strengths of ID, different cards and different systems where appropriate. A mugshot and a bearer who looks like she might be 12 is enough for a child's weekly season ticket, surely, while (despite howls to the contrary about identity fraud) a piece of plastic and a PIN is good enough to get a bank to give you money. Would the banks like a 100 per cent secure system? Certainly. Will the banks accept a system that eliminates fraud while turning away significant numbers of genuine customers? Not a chance. What they've got now is their current best compromise, and the ID system is not going to change that. Similarly, although the state of the NHS and National Insurance ID systems is lamentable, that is not entirely caused by the UK public sector being historically crap at implementing IT projects. It is in no small measure due to the fact that it really doesn't matter much. Certainly there's a fraud component in there, but it's an acceptable one from the point of view of the particular system, otherwise the system would have reacted by doing something about it. A rational estimate of the annual cost of 'health tourism', for example, is #200 million out of a total budget of #70 billion. From the system's point of view there is absolutely no point in it diverting resources from its primary objectives in order to tackle a problem that small. Other government ID systems can be positioned at different points along the scale. National Insurance should obviously be concerned about the use of fraudulently obtained numbers to get benefits, but hasn't a great deal of reason to worry about the status of a user provided they're working and paying in the money. Inland Revenue has more reason to be concerned about tying the number to real people in order to avoid tax frauds, and so on. There are varying levels of need in terms of identification, and it doesn't necessarily make sense to try to fulfill them all by attempting to devise a single, bulletproof ID system. And in the case of benefit fraud, although the Department of Work and Pensions has estimated total losses at #2 billion, or #7 billion, or vast numbers in between, it confesses it reckons ID-related benefit fraud amounts to a whole #50 million. What will you pay? No, really pay? David Blunkett has recently been pushing contorted piece of reasoning whereby he establishes that the cost of an ID card is in fact #4, rather than the large sums he will be charging. This implausible pitch hinges on the claim that most of the money would have to be spent in order to modernise the passport system anyway, but it kind of misses the point even if you were to accept that. If it is the state as a whole that requires something, then it is the state as whole that pays, and the money comes back through general taxation, right? Chancellor Gordon Brown refused to pay for it out of general taxation, as he does regarding much else, but if it had been an absolute necessity, then he couldn't have refused. Kick and scream for a long time, yes, but refuse, no. So one has one's doubts, and if one counter-argues that it's really the people travelling and driving who need the modernisations and should therefore pay, one still has to explain the others. The people who currently have to pay absolutely nothing for an ID card because they don't need to have one will have to pay their #4 in the form of a #35 payment in order to get an ID card. Of course, it's not compulsory. Until it is. And we could point to the essential weirdness of arriving at a situation where everybody in the country has to pay individually for something they have no choice but to buy. Isn't that a tax? And if it's not, then what's the point of taxes? Couldn't we just abolish them all and pay for everything by name? This hypothecation madness is however more properly a matter for New Labour's conscience than it is for The Register (capital T, emphasis), so we'll move on to the #3.1 billion. You can, with the aid of the tried and tested UK government IT project algorithm, double this and add ten per cent for luck. Some people already have, and we wouldn't put money on them being wrong. But what you cannot do is say why it will cost #3.1 billion (or at least #3.1 billion, if you insist). The home Office has been solemnly saying 3.1 for months now, but has not said how it arrived at this figure. This makes it remarkably difficult to assess whether it's going to be money well spent or not. As Ross Anderson said (along with much else worth reading (http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/uc130-iv/…)) in his evidence to the Home Affairs Committee, " If the thing remains covered by Official Secrets to the point that even Parliament does not know which path the Home Office is intending to take, then that is bad news." We now have an indication of the path the Home Office intends to take, but we do not have cost breakdowns and we have not been presented with alternatives, ranging from simple modernisation of the passport system up to universal ID megaproject, with relevant estimates. We are supposed to be being consulted, but we have not been given sufficient justification for the rejection of the lesser options to be able to make an informed judgment on the adoption of the maximalist one. It's difficult to conceive that any system at the minimal end of the scale could possibly cost as much as #3.1 billion. If it's the case that passports need to be upgraded in order to conform to the US requirement for ICAO standard biometrics, then it is simply necessary that it have a facial biometric. Although the European Commission envisages the harmonisation of ID documents in the EU using biometrics, and intends fingerprint to fulfill the main role here, it has not ordered the introduction of ID cards where they don't exist. Nor need fingerprints be on passports, visa and ID documents for third country nationals immediately. Says the Commission: "...it could be considered that in their implementation Member States should have more flexibility. The facial image should be introduced as the first biometric identifier for reasons of interoperability. The introduction of the compulsory fingerprints need not necessarily happen at the same time, as it has not been decided whether the VIS [Visa Information System] will include biometric data from its very beginning." So if the Commission's drive for a "coherent approach" stands, then we will have facial biometric and fingerprint on passports, but we don't have to put both of them in yet. We could anticipate the Commission in order to save expenditure on future revisions, but we could possibly do as Canada has so far - leave space for the print, pending a final decision and/or (in Canada's case) a satisfactory agreement with the US. So what would this cost? You would have to allow for the new passport production processes, and you'd need to spend money on sufficient biometric reader systems to support passport applications. The total would most certainly not be #3.1 billion. But ah, you say, you'd also need the readers at entry and exit points, the central database and the network connecting it all. This is quite possibly the conclusion the Home Office has jumped to, but it ain't necessarily the right conclusion. The equipment you need is determined by what it is that you propose to do with the system. The current requirement is for passports with a facial biometric, but there is no requirement for you to actually read that biometric. And actually, those countries which intend to read facial biometrics with a view to learning something useful from them will give up fairly swiftly, for reasons explained above; the United States' current collection of mugshots at entry points speaks of some kind of cryogenic mindset, collecting the database in the hope that scientific advancement will eventually cure it. Here, we could perfectly well have toed the ICAO line by including facial and just carrying on identifying people by looking at the picture. We could certainly (and being us, we surely would) keep the biometric data on a central database for reference, but there's absolutely no need for us to actually access this database from checking points. We could, perfectly validly, view the biometric simply as a strengthening of the integrity of the document, and use a combination of visual appearance, supporting information and common sense to tie the bearer to the document. This is not as strong as the theoretical strength of the #3.1 billion system we're not sure will actually work, but it's considerably stronger than what we have, and could be seen as a highly cost-effective reform of the passport system. And, as various scenarios put forward above indicate, it is via the strengthening of the document that the bulk of the general gains of the system can be achieved. Some countries, incidentally, take this position to the extent that they throw away the biometric after it's been included in the document. The biometric in the document ties the individual to the document, so you don't need to store the biometric any more, right? Summary So, what have we got? We have an overall strengthening of the integrity ID documents in the UK, and in the case of the passport this is an important gain, primarily from an immigration point of view, but also in situations where passport would be used to establish ID (e.g. banking). The major gain is to be made simply via the document, and does not hinge on an ability to check with a central database. A local check of biometric against document could strengthen the ID further, but in most cases this shouldn't be necessary - looks like person, probably is person, sure passport isn't forged, pass, person. ID-related health and benefit fraud are not sufficiently extensive for them to justify a universal rollout of ID cards. The existence of a single, solid database of people in the UK could prove useful in tidying up National Insurance, NHS and tax records, but that single database will not even begin to exist until 2013, and these record systems do not need the strength of ID proposed by the Home Office in order to function. Yes, they need tidying up and weeding, but they could at least as well be tidied up by other means - and the tidying ought to start a bit sooner than in ten years time. For the security services, the ID scheme is largely an administrative convenience. It will not of itself help catch criminals or terrorists, nor will it help significantly in finding them. As and when the hypothetical ring of steel exists, checking all UK ID as it comes in and out of the country, then the security services will have (theoretically - depends on how good they are at sharing) a record of a suspect with UK ID entering or leaving the country. But if it's someone they seriously suspect they've got that already, check? And they've been known to track them all the way through Spain to Gibraltar, too... The other agenda As you were so rightly thinking, we missed one in the summary - immigration. This however fits better as the primary driver of the other agenda, the one that isn't in the draft and the consultation documentation, but that is slowly beginning to be spilled out in interviews and Committee evidence. We don't propose to pass an opinion on who started it, but the public, the Daily Mail, the Government and the Home Office are now whipping each other up into some kind of circular frenzy about immigration. And the buck stops at Blunkett's Home Office. A brief, but by no means comprehensive, list of Blunkett's headaches here will be useful. He has large numbers of asylum applicants to be processed and supported while they await processing. He has overloaded application systems at embassies throughout the world, overloaded processing systems in the UK, scandals caused by people shorting out the processing systems in order to deal with the backlog. He has asylum seekers whove been rejected and overstayers in the country somewhere, he doesn't know where. He has people applying again and again until they get in (no, he doesn't know how many, otherwise they wouldn't, right?). And he has people-trafficking. This is widely perceived as a huge issue, but actually the numbers are estimated by the police as quite small, the main illegal immigration problem being assisted entry, where a passport is sent out of the country, altered, comes back with the illegal immigrant, and is then sent out once more. We barely scratch the surface, but you can understand why Blunkett might just be the teensiest bit tetchy. He needs a magic bullet to fix all of this, and the ID card is it. But how does it fix it? We're really better off looking at how he thinks it will fix it. In recent statements Blunkett has pinned a great deal of hope on his knowing who's coming in, who's going out and who's here. To the Home Affairs Committee on 4th May, for example, he said he would be aware of "who is coming in and out, those who are resident, and those who are engaged in activities around terrorism." Note that he's aware of the latter already, and that this awareness has nothing to do with the existence or non-existence of an ID card system - it's a security services surveillance matter. The broader importance is the faith he's putting in a complete and accurate audit of the UK population, and his most pressing motivation for wanting this is immigration. If for a moment we just pretend he's actually going to get this, we can see how at least some of the immigration headaches get nailed. It doesn't help with the application overload, because we still have to create an ID for new applicants (even the ones we turn down straight away). It should get the lid on multiple applications, because we'll catch the matching biometrics. It should seriously impede assisted entry, provided it turns out the passport can't be altered, and it could have a similar effect on forgeries. Eventually, granted that knowing who's coming in and out actually works, it should reduce the number of people who're in the UK somewhere, but who can't be found and thrown out. They will die off or find some way of legitimising themselves. Blunkett himself concedes that it will be possible to establish a false ID, but then you'll be stuck with it for the rest of your life. Which would probably fine from the point of view of an illegal immigrant in the UK. And there are all sorts of people who'd find having just the one strong British ID in addition to any others they have quite handy. One could even toy with the notion of Osama bin Laden having one in order to draw disablement benefit while he's holed up in some Afghan cave. He'd only do it the once and then he'd be stuck with it though, so that's OK by David. Blunkett's dream of 100 per cent knowledge of what's in the UK is however marred by exceptions. He can't insist on 100 per cent before compulsion comes in, and once it does arrive, the pool will continue to be muddied by people coming in on short stays (no ID registration required) then vanishing. The 'unpeople' who're already here aren't likely to turn themselves in, and someone with no legitimate ID is clearly not someone who's going to arrive at the police station to show ID within seven days. So how do you nick them? Well, you can do it via mechanisms the Home Office has specifically ruled out - making carrying ID compulsory, ethnically targeted stop and searches and the like, but we've ruled all that out, haven't we? So what it hinges on is the card really becoming the "key" to life in the UK, used "in daily transactions and travel." The more widespread its use, the more checkpoints there will be, and the fewer aspects of daily life that will be available to you without your using the card. It is currently possible to exist in the UK without a valid identity, but the more checkpoints there are, the narrower the options of the ID-less will be. So it's not just desirable from the Home Office's point of view that the British public love and use the card, it's absolutely vital. If they don't the whole thing doesn't work. So do you want this? It's a system that won't achieve most of its objectives, and those it will achieve will be achieved via massive overdesign (secure passport system? Here, take this networked database and personal information register to go with it). You get a personal ID card you don't need. You pay vastly more than you need to for the ID documents you do need. It only addresses the immigration problem (most of the British public sees immigration as a problem) if you pretend to love it and use it all the time, in all sorts of areas where you don't need it and it's inappropriate. And you get the free centralised database of your personal information anyway, providing a locus for any number of government and private databases of your personal information. Don't worry you've nothing to hide - even from your bank, other banks, loan sharks and double glazing salespeople, right? It costs #3.1 billion for all this cool stuff. At least. Go and tell the Home Office how much you support it, you've got until the 20th July, and you'll find a link to the consultation document below. If you happen to agree with any of this article, paraphrase it, don't just copy it. If you do they'll just mark you down as a petition signer and disenfranchise you, like they did with the Stand objectors in the previous "consultation." Coonsultation input should be sent to Robin Woodland, Legislation Consultant, Identity Cards Programme, Home Office, 3rd Floor, Allington Towers, 19 Allington Street, Londob SW1E 5EB. They can be faxed to +44 (0)20 7035 5386 or emailed to identitycards(a)homeoffice.gsi.gov.uk, with 'consultation response' in the subject line. All of this information is prominently displayed on page 42 of the consultation document. . Related stories: Draft bill and consultation (http://www.homeoffice.gov.uk/docs3/identitycardsconsult.pdf) Glitches in ID card kit frustrate Blunkett's pod people (http://www.theregister.co.uk/2004/05/05/id_pilot_glitches/) UK public wants ID cards, and thinks we'll screw up the IT (http://www.theregister.co.uk/2004/04/22/id_cards/) Fingerprints as ID - good, bad, ugly? (http://www.theregister.co.uk/2004/04/19/biometrics/) ID cards: a guide for technically-challenged PMs (http://www.theregister.co.uk/2004/04/05/uk_id_cards/) ) Copyright 2004 -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

2 1

Microsoft: 'Palladium' Is Still Alive and Kicking
by R. A. Hettinga 05 May '04

05 May '04

<http://www.microsoft-watch.com/article2/0,1995,1585354,00.asp> Wednesday, May 05, 2004 Microsoft: 'Palladium' Is Still Alive and Kicking By Mary Jo Foley Updated: Redmond denies published report that it is axing its Next-Generation Secure Computing Base and insists the technology still will debut in Longhorn. SEATTLE - Microsoft spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology. "NGSCB is alive and kicking," said Mario Juarez, a product manager in Microsoft's security and technology business unit. ADVERTISEMENT NGSCB - the hardware/software security system formerly code-named "Palladium" - has been one of the most controversial components expected to debut in the version of Windows that's due out in 2006+. Unlike last year's WinHEC, where NGSCB received top billing, this year, it's just a blip on the radar screen. In fact, there are at only three sessions on the WinHEC docket specifically about NGSCB. But Microsoft is still talking up its NGSCB vision at this week's show. Microsoft is continuing to be vague about exactly how much of its NGSCB code will ship as part of Longhorn. Company officials have gone on record saying that customers would not be impacted by the technology until Microsoft delivered Version 2 of the NGSCB platform. The company has not provided a date for Version 2. In spite of these facts, the plan of record continues to be to deliver Version 1 of its NGSCB technology as part of Longhorn, said Juarez. Juarez acknowledged that Microsoft is reworking its NGSCB technologies to enable independent software vendors and customers with a way to allow their existing applications to take advantage of NGSCB without having to rewrite them. He said that customers to whom Microsoft has shown early versions of NGSCB requested this change. He added that Microsoft will provide more details on how it plans to do this some time later this year. Microsoft has explained NGSCB's inner workings this way: The two foundations of NGSCB were designed to be the Trusted Platform Module on the hardware side, and the Trusted Operating Root (or "nexus") on the software side. The nexus was to be the kernel of an isolated software stack that was designed to run inside the standard Windows environment. The nexus was slated to provide a set of APIs that would enable sealed storage and other foundations for trusted-computing. But up until this week, Microsoft had said that only applications that were designed from the ground-up to be nexus-aware would be able to take advantage of these features. Juarez also admitted that the NGSCB team currently "did not have a managed code story." He said, "We need to go back and figure out how that will look and work." Managed code is a key concept in Longhorn. It involves a new programming model centered around a new "managed" application programming interface. Microsoft is gunning to have many of Longhorn's own subsystems function as managed applications and is advocating that third parties make their Longhorn applications managed, as well. Juarez said Microsoft is not providing any of its NGSCB bits as part of the new Longhorn pre-alpha release that it is distributing this week to WinHEC attendees. But he denied that this means that the company is exorcising NGSCB from the product. Instead, he said that the NGSCB team decided that the driver developers at the show wouldn't be the right targets for this code. "We are not updating the development environment now. We are evaluating whether there will be one in Longhorn," he said. "The only question is what it will look like." Microsoft did include in the pre-alpha version of Longhorn software developer kit that it distributed at the Professional Developers Conference last fall both the NGSCB application programming interface (API) set, as well as various NGSCB class-library files. "We are making some predictable changes," Juarez continued. He said that Microsoft has attempted to be very transparent about its NGSCB plans over the past two years in order to allay industry fears about Microsoft's security intentions. "We've just been doing in public what is usually done in private," Juarez said, in terms of detailing the NGSCB evolving its strategy and directions. (Note: This story was updated. One of the four scheduled NGSCB sessions at this year's show was cancelled, leaving only three on the docket. Also: Juarez said he misspoke, re: whether there will be an NGSCB development environment included as part of Version 1 of NGSCB. Microsoft is currently evaluating whether or not to make the dev environment part of the release, he said.) -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

[IP] microsoft offers "whitelist"
by R. A. Hettinga 05 May '04

05 May '04

"A whitelist for my friends." Check. "All others pay cash." Next? Anybody get this? Anybody?? ;-). Cheers, RAH ------ --- begin forwarded text

1 0

Pd has flaked off
by Eugen Leitl 05 May '04

05 May '04

That nagscab Pd zombie will be back in no time, though. Maybe we could brainstorm a funky new name for it. http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49936 Microsoft Shelves NGSCB Project As NX Moves To Center Stage After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said. On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The project, dreamed up with Intel in 2002, was once code-named Palladium. "We're evaluating how these NGSCB capabilities should be integrated into Longhorn, but we don't know exactly how it'll be manifested. A lot of decisions have yet to be made," said Mario Juarez, product manager in Microsoft's Security and Technology Business Unit. "We're going to come out later this year with a complete story." Juarez said the project is being shelved because customers and ISV partners didn't want to rewrite their applications using the NGSCB API set. Though Microsoft plans to use the NGSCB "compartmentalizing" technology in future versions of Windows, the company is moving swiftly to support No Execute (NX) security technology in newer AMD and Intel processors. NX reduces memory buffer overruns that many hackers exploit to insert malicious code into Windows and allows developers to mark pages as nonexecutable. "Two years ago, we went public with something that was very, very far off in the future," Juarez said, noting that customer and ISV feedback and faster-than-expected chip security advancements led Microsoft back to the drawing board. "There's no tie between [NGSCB] and NX, but it is reflective of innovations in hardware we hadn't foreseen." At WinHEC 2004, for example, Microsoft product managers said Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 will exploit AMD's Enhanced Virus Protection or NX technology for 32-bit applications. Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended Systems will also support the NX feature in Intel Itanium processors for clients due out in the second half. In addition, Microsoft will continue to support Intel's LaGrande security architecture, Juarez said. ISVs will have the flexibility to "NX-enable" their applications, said Richard Brunner, AMD Fellow and software architect, who presented the technology at WinHec 2004. "No Execute can be selectively disabled for a particular application," Brunner said. NX is one of several new hardware technologies that will be supported by Windows XP SP2, including iSCSI and Serial ATA. The NGSCB code won't be updated in the enhanced Longhorn developer's preview update, due out later this week, but in the future it will be used in some capacity, Juarez said. "The investment is high in this," he added. "It's in an important realm." Microsoft announced the NGSCB plans for Longhorn at WinHEC 2003 and released NGSCB code in the Longhorn Developer Preview software development kit last fall at the Redmond, Wash.-based company's Professional Developers Conference. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]

1 0

[IP] microsoft offers "whitelist"
by Dave Farber 05 May '04

05 May '04

Microsoft offers anti-spam bypass Hotmail, MSN operator adopts program that will allow marketers to bypass filters by paying a bond. May 5, 2004: 6:28 AM EDT WASHINGTON (Reuters) - Microsoft Corp. said Wednesday it has adopted an e-mail "whitelist" program by IronPort Systems Inc. that will allow legitimate marketers to thread the gauntlet of spam filters protecting its in-boxes. Microsoft's Hotmail and MSN e-mail services, which together claim 170 million regular users, will require marketers to put money up front if they wish to ensure their messages aren't mistaken for unwanted spam. IronPort's "Bonded Sender" service guarantees that legitimate marketers who post a cash bond and adhere to a set of guidelines will get their messages delivered. "It's the exact opposite of blocking. It says, 'Hey you're a good guy, I'm not going to run you through the metal detectors," said Tom Gillis, IronPort's vice president for marketing. Such a "whitelist" approach requires the active cooperation of marketers -- a much more likely prospect now that Microsoft has signed up, Gillis said. Unsolicited bulk messages now account for roughly two-thirds of all e-mail, according to several estimates. Internet providers use filters to examine incoming messages and consult "blacklists" to block traffic from computers known to send out spam. IronPort's approach rewards e-mail senders who agree to be held accountable for their messages. Participating marketers must demonstrate a history of responsible e-mailing and must provide an easy way for consumers to opt out of future mailings, among other things. Those found to be engaging in abusive behavior forfeit a cash bond of up to $20,000, Gillis said. Internet providers are considering other ways to make e-mail more reliable. Both Microsoft and Yahoo Inc. (YHOO: Research, Estimates) are developing authentication systems that could make it harder for spammers to appropriate others' e-mail addresses. Other methods would make spamming less profitable by sucking up computing power or requiring human input every time a message is sent. "When you add these up over time, it will be uneconomical to send out spam," said Microsoft spam specialist George Webb. ------------------------------------- You are subscribed as rah(a)shipwright.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

[IP] microsoft offers "whitelist"
by Dave Farber 05 May '04

05 May '04

Microsoft offers anti-spam bypass Hotmail, MSN operator adopts program that will allow marketers to bypass filters by paying a bond. May 5, 2004: 6:28 AM EDT WASHINGTON (Reuters) - Microsoft Corp. said Wednesday it has adopted an e-mail "whitelist" program by IronPort Systems Inc. that will allow legitimate marketers to thread the gauntlet of spam filters protecting its in-boxes. Microsoft's Hotmail and MSN e-mail services, which together claim 170 million regular users, will require marketers to put money up front if they wish to ensure their messages aren't mistaken for unwanted spam. IronPort's "Bonded Sender" service guarantees that legitimate marketers who post a cash bond and adhere to a set of guidelines will get their messages delivered. "It's the exact opposite of blocking. It says, 'Hey you're a good guy, I'm not going to run you through the metal detectors," said Tom Gillis, IronPort's vice president for marketing. Such a "whitelist" approach requires the active cooperation of marketers -- a much more likely prospect now that Microsoft has signed up, Gillis said. Unsolicited bulk messages now account for roughly two-thirds of all e-mail, according to several estimates. Internet providers use filters to examine incoming messages and consult "blacklists" to block traffic from computers known to send out spam. IronPort's approach rewards e-mail senders who agree to be held accountable for their messages. Participating marketers must demonstrate a history of responsible e-mailing and must provide an easy way for consumers to opt out of future mailings, among other things. Those found to be engaging in abusive behavior forfeit a cash bond of up to $20,000, Gillis said. Internet providers are considering other ways to make e-mail more reliable. Both Microsoft and Yahoo Inc. (YHOO: Research, Estimates) are developing authentication systems that could make it harder for spammers to appropriate others' e-mail addresses. Other methods would make spamming less profitable by sucking up computing power or requiring human input every time a message is sent. "When you add these up over time, it will be uneconomical to send out spam," said Microsoft spam specialist George Webb. ------------------------------------- You are subscribed as rah(a)shipwright.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

Re: [FoRK] Why We Are Losing The War on Terrorism
by Major Variola (ret) 04 May '04

04 May '04

>"The volume of data they collect has reached the point where good >analysis is no longer tractable in a theoretical algorithmic sense with >the best tools they currently have at their disposal, particularly when >you have a data space as broad and diffuse as "terrorism" to sift. " This is a sham. Their traffic analysis tools are very competent. And pervasive. They are perhaps jockeying for money for translators, since that may be the limiting resources. That may be what keeps the signal to noise down so that further resources can be applied. Tracking and correlating are not the bottlenecks.

1 0

TSA to Test New Rail Security Technology
by R. A. Hettinga 04 May '04

04 May '04

<http://www.newsday.com/news/politics/wire/sns-ap-rail-security,0,7608472,pr…> Newsday.com TSA to Test New Rail Security Technology By LESLIE MILLER Associated Press Writer May 4, 2004, 9:36 AM EDT WASHINGTON -- Amtrak and commuter rail passengers at one suburban station will have to walk through an explosives detection machine and have their bags screened in a new security experiment designed to frustrate terrorists. The Transportation Security Administration was beginning a pilot project Tuesday at a rail stop in a Maryland suburb of Washington. Passengers were to walk through a "puffer" machine, which sucks in the air around them and within seconds determines whether they've been in contact with explosives. Jack Riley, director of the public safety research program for Rand Corp., a think tank, said harried commuters probably won't like being screened. "Anything that lengthens their rail experience is just going to meet with resistance," he said. TSA spokeswoman Yolanda Clark said the agency hopes passengers will see it "as another ring of security in another mode of transportation." The 30-day pilot program also includes a baggage screening machine used in overseas airports. The TSA wants to see how well the machines work in a passenger rail and commuter environment. Amtrak and a commuter railroad service use the station in New Carrollton, Md., about 9 miles northeast of Washington. The TSA announced the project in March, soon after terrorist bombings on trains in Madrid killed 191 people and injured more than 2,000. The FBI and the Homeland Security Department have warned that terrorists might strike trains and buses in major U.S. cities using bombs concealed in bags or luggage. Since more than half of Amtrak's 500 stations are unstaffed, screening all passengers is nearly impossible. TSA spokesman Mark Hatfield said of the experiment, "We're looking to get a lot of data that's going to help us look at ways it can be deployed and eliminate ways that it won't be practical." A key problem in screening railway passengers is doing it quickly enough that trains still run on time. That is not supposed to be a problem with the puffer machine, made by General Electric. The machine -- formally called EntryScan -- already is used in power plants and military installations in the United States and Europe. GE spokesman James Bergen said every person constantly radiates as much heat as a 100-watt light bulb in a "human convection plume." The puffer machine has a hood that catches the optimal amount of plume, he said. If someone has a bomb or has been in contact with one, the plume will carry traces of explosives into a detector that measures the wavelength of the energy coming off the particles. Some passengers also will be asked to put their bags through a machine that uses X-ray technology to determine what's in them. The machine, made by L-3 Communications of New York City, is used in overseas airports, as well as at the Statue of Liberty and in government buildings on Capitol Hill. The Rand Corp.'s Riley said he doubts the equipment will be practical on a day-to-day basis. Screening rail passengers might make sense for certain events, he said, such as the upcoming political conventions. Only passengers on Amtrak and the Maryland Transit Administration's MARC commuter rail system will be affected. A Washington Metro train also stops at the New Carrollton station, but those passengers won't be part of the study. * __ On the Net: Transportation Security Administration: http://www.tsa.gov Transportation Department: http://www.dot.gov -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

Re: [FoRK] Why We Are Losing The War on Terrorism (fwd from andrew@ceruleansystems.com)
by Tyler Durden 04 May '04

04 May '04

"The volume of data they collect has reached the point where good analysis is no longer tractable in a theoretical algorithmic sense with the best tools they currently have at their disposal, particularly when you have a data space as broad and diffuse as "terrorism" to sift. " This is also going to get increasingly difficult in the US, as the entire world begins to view us as a rogue nation. In other words, within a few years a search of potential terrorists is likely to spit out 95% of the world's population! (Unless, of course, we can convince everyone that torture is a necessary tool for freedom.) -TD >From: Eugen Leitl <eugen(a)leitl.org> >To: transhumantech(a)yahoogroups.com, cypherpunks(a)al-qaeda.net >Subject: Re: [FoRK] Why We Are Losing The War on Terrorism (fwd from >andrew(a)ceruleansystems.com) >Date: Tue, 4 May 2004 10:56:42 +0200 > >----- Forwarded message from "J. Andrew Rogers" ><andrew(a)ceruleansystems.com> ----- > >From: J.Andrew Rogers <andrew(a)ceruleansystems.com> >Date: Mon, 3 May 2004 22:08:30 -0700 >To: fork(a)xent.com >Subject: Re: [FoRK] Why We Are Losing The War on Terrorism >X-Mailer: Apple Mail (2.613) > > >On May 3, 2004, at 9:14 AM, Contempt for Meatheads forwarded: > >We desperately need adult supervision and high quality minds in the > >intelligence business! I am growing more convince that the security > >clearance process, the government hiring/promotion process, and > >information silos are overwhelming our ability to get even a > >marginally adequate level of intelligence needed to fight terrorism. > >Wow, this is depressing. > > > >My confident belief (100%): we will continue to lose the war on > >terrorism until we fix our intelligence system. > > >I think this analysis is correct, but also a bit too shallow to be >really insightful. While there are some significant institutional >problems and byzantine self-defeating regulations, these things are >masking a much bigger technical problem that desperately needs to be >tackled from their perspective. > >The volume of data they collect has reached the point where good >analysis is no longer tractable in a theoretical algorithmic sense with >the best tools they currently have at their disposal, particularly when >you have a data space as broad and diffuse as "terrorism" to sift. >Institutional procedures and problems aggravate this, but the >underlying issues are deeper. > >One of the ways I keep track of what the US DoD is up to is by analysis >of the open research programs, contracts, and grants that they publish. > By threading the many, many programs together over time, you can see >how fast different technologies are progressing and you can chain >inferences to make an intelligent estimate as to when specific >capabilities (which may require the intersection of multiple research >tracks) could theoretically be available to the DoD. Furthermore, the >program managers have a habit of mildly editorializing their program >descriptions in response to some of the proposals they have received >and the success of the proposals they have actually funded, which also >gives some added insight. > >One thing that I have noticed for several years is that the advanced >data mining and automated intelligence analysis research programs have >been essentially stalled for many years now despite aggressive >marketing and a large number of agencies willing to liberally fund >proposals. And the editorializing of the program managers on this >research track makes it clear that they are quite frustrated both with >the lack of progress in this area and with the fact that research >proposals keep trying to beat the same dead horse over and over. >Furthermore, while most programs have a shelf-life after which they are >either closed (both on good progress or no progress), these particular >programs keep getting extended and re-funded over and over, sometimes >under a different name but always with roughly the same parameters. > >As long as this program track is stuck in neutral, the intelligence >agencies will have serious problems that will be all but >insurmountable. The US intelligence service is a victim of its own >ability to acquire data. This isn't a problem that they can simply >throw money at in the sense that it requires pretty substantial >algorithm breakthroughs to even be tractable for high-quality analysis. > To date, private research organizations have clearly been unable to >solve this problem in any meaningful way, and there is substantial >evidence of this fact. In the mean time, they are left using narrow >brittle algorithms to sift and analyze the data, with holes you could >drive a truck (bomb) through. > >Someone who fully understood the theoretical limitations and likely >implementation parameters of the current state-of-the-art could likely >defeat the automated analysis. Fortunately for the intelligence >agencies, few people have those skills and they get by on a pretty >broken system hampered further by institutional problems. > >j. andrew rogers > >_______________________________________________ >FoRK mailing list >http://xent.com/mailman/listinfo/fork > >----- End forwarded message ----- >-- >Eugen* Leitl <a href="http://leitl.org">leitl</a> >______________________________________________________________ >ICBM: 48.07078, 11.61144 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE >http://moleculardevices.org http://nanomachines.net ><< attach3 >> _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/

1 0