cypherpunks-legacy
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
May 2004
- 48 participants
- 129 discussions
<http://online.wsj.com/article_print/0,,SB108379937572903386,00.html>
The Wall Street Journal
May 6, 2004
COMMENTARY
De Soto: A Hero
Of Third World
Capitalism
By JOHN BLUNDELL
May 6, 2004
Hernando de Soto has been the target of several murder attempts -- an
accolade few other economists can claim. The Peruvian's would-be murderers
range from the drug barons who depend on lawlessness to prosper, to the
deranged Marxist terrorists of "The Shining Path" gangs and, it seems, to
several agencies of the Fujimori regime in Lima who did not like the veil
on their corruptions being lifted. But Mr. de Soto has remained faithful to
his mission -- to evangelize for the capitalist solution to so-called Third
World misery: give them property, markets and laws.
Here in the so-called First World we enjoy two great benefits from which
people in the Third World are locked out -- private property rights and the
rule of law. These make our growth, our markets and our society possible.
Here we have defined property. I do not mean just real estate. Our lives
are a pulsating penumbra of contractual relationships. At its most obvious
we own a vehicle. We own, that is to say have secure possession of, many
items of great value but often no more than paper claims upon third
parties. . . . what are all shares and bonds but such abstractions
identified with symbols on pages? Our property rights may get dented by
burglars but almost never are they fully expropriated. If we find ourselves
in disputes with others we resort to courts. In other words we live by what
F.A. Hayek called "Rules of Just Conduct."
So settled are these assumptions that it is a jolt to realize that in the
most impoverished three quarters of mankind, people do not live in a
psychological or material landscape where our familiar institutions work.
Poverty is not the result of lack of assets. It is the inability of people
to possess -- or trade -- the assets they do have.
That's why Mr. de Soto's work is so important. And why he will be awarded
the biennial $500,000 Milton Friedman Prize tonight by Washington's
prestigious Cato Institute.
Hernando de Soto is awarded his laurels for his intellectual achievement.
His work has been explained in diverse articles and lectures and distilled
into two fine books "The Other Path" (1989) and "The Mystery of Capital"
(2000). Both are magisterial. Both are utterly subversive of the stale
assumptions under which the Third World is most often discussed.
But it would be wrong not to refer to Mr. de Soto's moral and physical
courage. Having made a small fortune in business in Europe he could have
retired at 38 and lived well in his native Peru. He says that returning to
his homeland opened his imagination. Why were his compatriots so poor while
the Europeans were so prosperous?
One happy discovery Mr. de Soto has made is that the poor are often rather
more wealthy than is seen in official statistics. If you live in Ecuador or
Uganda or Vietnam you may not feature in national statistics. These are
formal frauds concocted by the bureaucracies of the Third World State often
to demonstrate they need yet more "aid." An Ecuadorian's straw hats, a
Ugandan's sweet potatoes or a Vietnamese's shrimp harvests may not figure
in any official inventory, yet they are the product of conscientious work
supplying their local markets or, as we might say, "creating value."
Every Third World city has its shanty towns. To the naive donor nations
these are proof of poverty. Yet these places, bereft of services we regard
as normal, are clearly a step up from the deeper poverty of their rural
hinterlands. These shanty towns, it turns out, have subtle property rights
and adjudications but of course no recourse to normal contract law.
Brazilian companies will not run electricity or water or gas to such
sprawls of population because the authorities will not permit them.
Mr. de Soto's analysis is subtle. Often you cannot see the Third World's
intangible webs of licenses, permits, consents, tariffs, levies and
extortions. He offers no excuses to the World Bank and all the other well
lubricated official aid agencies. He says in every case they connive at the
barriers. They make matters worse and often preserve the worst of the
agencies of these failing states.
The people of the immiserated nations are just like the readers of The Wall
Street Journal. They are as agile. They are as dexterous. They are as
intelligent. They work the long hours. Yet their daily strivings seem to
produce little. This is not because they are obtuse or stupid or
misdirected. It is because they do not have the assurance and clarification
of who owns what.
Place a Harvard MBA in a favela next to Sao Paulo in Brazil and he would be
lost. He would be lost because he could get no credit as no property rights
are permitted by the State. Try being a financial wizard without any access
to finance. Try selling shoes or furniture or beans. So, the people of the
Third World do not need injections of "aid" or even well-meaning Peace
Corps volunteers. They need property rights.
I now see the entire Third World dilemma in a different light after
encountering Hernando de Soto. I think he has changed the Peruvian
perception of itself too. The enemy of the poor is really the tiny elite of
these nations. They live a life of relative luxury because they have access
to the sort of property rights we all enjoy. Try buying even a few dollars
worth of IBM or Wal-Mart or BP if you live in a favela. No stockbroker will
want to deal with you. No banker will open an account where no postman can
deliver your mail. The bulk of the population is simply kept out of the
extended order of the world's trading system. Try being a farmer if you
have no tenancy let alone any freehold.
So, my congratulations to Hernando de Soto. Here is capitalism as a noble
ideal that will lift countless millions, rather than the parody of
corporate greed we see from Enron and related betrayals of the law-abiding,
trade enhancing ideal of the company. A market stall trader on a street
corner in La Paz is the blood brother of a Carrefour or Marks & Spencer
employee.
John Blundell is director-general of the Institute of Economic Affairs in
London, England. He served as a judge for the Milton Friedman Prize.
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
<http://www.theregister.co.uk/2004/05/05/complete_idcard_guide/print.html>
The Register
Biting the hand that feeds IT
The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;
Original URL: http://www.theregister.co.uk/2004/05/05/complete_idcard_guide/
Everything you never wanted to know about the UK ID card
By John Lettice (john.lettice(a)theregister.co.uk)
Published Wednesday 5th May 2004 20:47 GMT
A pub bore's guide Do you know how the UK's projected compulsory ID card
will work, and what it will entail? If you do, you're significantly in
advance of David Blunkett and the Home Office, because although a draft
bill and consultation document was published at the end of April, these
really only provide signposts to what the powers that be would like it to
be able to do, and a little bit of evidence as to how they might propose to
get it to do these things. But we're considerably further on in terms of
information than we were before the draft, and it's not likely to get much
better by the time the consultation period ends. So, as our small
contribution to the democratic process, we present The Register Idiot's
Guide to the UK ID Card.
What do you get, when? There will be a "family" of ID documents that will
be phased in, beginning with passports. These will start to appear in three
years, at which point it will not be possible to get an old style
non-biometric passport. The system's non-compulsory nature therefore hinges
on your not actually wanting a passport any more - otherwise you have to
give the Passport Office the #73 for the new one. Rollout periods for other
members of the family are not covered in the draft bill, but as these are
introduced, the old version will similarly cease to exist. Proud owners of
old-style perpetual paper UK driving licences, already smug because they
don't have to cough up to renew the existing picture licence, can be even
smugger. Until such time as Blunkett hunts us all down. The new ten year
biometric driving licence will cost around #69, says the Home Office (what
do they mean "around"? #68.99?) and the new ten year ID card #35. Which, if
they don't get feature-consolidated pretty quickly, is an impressive outlay
every ten years. 80 per cent penetration for the new ID is intended to be
achieved by 2013. The draft bill includes power to set a date for the card
becoming compulsory, but this will not happen until after "the initial
stage of the identity card scheme was in place and following a vote in both
Houses of Parliament on a detailed report which sets out all the reasons
for the proposed move to compulsion." Correct - that does not specify a
date.
The ID document will contain a picture, one or more pieces of biometric ID,
and a unique number which will identity you on the central database. The
documentation at the moment only talks about what is likely to be visible
on the document, with name and date of birth being put forward as the bare
minimum. But it is more specific about the information that will be
recorded in the database (see below). The Home Office suggests more visible
information: "name, age, validity dates, whether a person has a right to
work, and an unique number". There you go, feature-creep already. The
biometric can be used to tie a specific individual to the ID document, and
to look up an individual and identity them from the database. In that case,
you theoretically don't need the document to identify someone in the first
place, and the Home Office (and Blunkett) do airily suggest that people
might want to have a database check performed on themselves in order to
establish their identity. But as we explain below, this really is not
something it's smart for them to be pinning too much hope on.
Which biometric? For reasons explained here,
(http://www.theregister.co.uk/2004/04/19/biometrics/) previous Home Office
studies fix on fingerprint as the best combination of identifier and
practicality, but recommend a second biometric to be used as a decider in
order to bring false alarms down to a more acceptable level (using
fingerprint alone with a reasonable trade-off between false alarms and
failed matches, Heathrow would generate in excess of 1,000 false alarms a
week). The choice of the second biometric isn't so obvious. Iris is in
principle a more effective ID biometric than fingerprint, but you need
optimum positioning, lighting etc, so it's not so good for widespread
deployment or fast throughput in an immigration queue.
Facial recognition currently doesn't cut it for mass ID purposes, but might
just work as a 50:50 'decider throw' secondary biometric for use at entry
points. But the big thing it has going for it is that it's been adopted by
ICAO (the International Civil Aviation Authority) as the next step for
machine-readable passports. So unless ICAO is persuaded to change its mind,
it's coming in passports anyway. ICAO's decision, by the way, seems to have
been made on the basis that face had a higher "compatibility" rating than
fingerprint or iris. By this, they appear to mean that because
passport-based identity currently leans heavily on the picture, it makes
sense to carry on using the picture (Yes, we know - don't tell us, tell
ICAO).
So although the Home Office has kicked off a 10,000 volunteer trial of the
three technologies, fingerprint seems the racing certainty for primary
biometric, with facial a strong contender for the secondary. The Home
Office no doubt has its own reasons for thinking the trial will tell it
something useful, but as the target population is over 60 million (us, plus
all the people we're looking for and have data on), and the British Airport
Authority airports processed 134 million passengers last year (Heathrow 60
million, Gatwick 30 million), you could reasonably doubt that it will learn
much of value applicable to very large throughputs and databases.
Issues associated with the deployment of the secondary biometric readers
(cost, location, environment) could well lead to their not being used
outside of entry points and major installations, which might mean
non-passport ID would use only the fingerprint. Other differences are
likely to creep in; for example, the Home Office appears to be willing to
allow veiled pictures for moslem women in ID, but the draft documentation
reiterates current passport office guidelines, which amount to 'headscarf
OK, veil bad'. So unless somebody's got it wrong, different strengths of ID
are already creeping in, and any dreams you had about a single, do-anything
document are way, way in the future. The Home Office's suggestion of three
different levels of checking (see below), by the way, makes it clear that
it in some senses accepts the view that you should use different strengths
of security in different situations. But philosophically this doesn't
entirely match with its pitching the cards as a single, high-strength
security device.
How will it work? That depends. The basic link is between you and the
document, and this can be readily established by using a machine that
checks you against the biometrics in the document. This is essentially a
local check which depends on the document being valid and untampered with
in the first place, but the introduction of biometrics in the document
should make it significantly harder to produce forgeries, so we can expect
a substantial initial increase in confidence in the piece of ID produced,
even if we are simply looking at the picture and not bothering with the
biometrics.
Which is A Good Thing, because it's difficult to conceive of biometric
readers being either welcome or likely to stay in usable nick for long at
point of sale, doctor's surgery, council offices, etc. The Home Office
suggests three likely levels of check for non-government purposes.
Retailers would check the photo, banks etc would check the biometric and
verify it against the database, and employers would check immigration
status "via an automated telephone check." These suggestions most likely
derive from the Home Office's doomed quest to make us love and demand ID
cards, and on a voluntary basis are unlikely to become widespread.
How often do you get asked for ID to back up your credit card? So why
should shops want the new passport when they don't want the old passport?
Banks do need to make pretty strict checks covering identity and place of
residence when you open a bank account, but their existing systems work,
and they won't jump into a new and unproven system which, from their point
of view, brings little to the table, lightly. Plus they're already reading
entirely different kinds of cards. And employee checks? Here comes the
stick. Employers don't at the moment have to check immigration status when
they hire someone, so why would they? Indeed, why would they care? But
under the provisions of the Asylum and Immigration Act 1996 the secretary
of state can make orders requiring eligibility checks by employers. This
will be considered "closer to the date of implementation" of the ID card
scheme.
The Home Office, bless 'em, pitches ID cards as the "key to the UK's
future", and witters (in the press release)
(http://www.homeoffice.gov.uk/n_story.asp?item_id=918) that "crucially, the
cards will help people to live their lives more easily, giving them a
watertight proof of identity for use in daily transactions and travel." So
it's clear they want all of your personal transactions to be underpinned by
the national unique ID, but we've already seen that the private sector is
unlikely to be keen. Not only that, it's more likely to be actively
hostile. Banks and credit card companies do not want to make their systems
dependent on a database they're not in control of, and no matter how much
you want all of your credit cards on one piece of plastic (which is a bad
idea anyway, trust us), they ain't going to give you it. They really are
not going to help the government in its efforts to make the ID card
popular. Really.
Moving on from low level and relatively rare operation in the private
sector, we get to the government and public sector. There will, as we've
already suggested, be considerable resistance to the use of readers and the
checking of cards in areas of the public sector, but this will be neither
here nor there from the point of view of you, the user. Think about it: not
that many of the public services you're likely to be using will be
available if you don't establish an ID as part of the process, and you go
onto a record as a part of that process. So doctors can be as precious as
they like about not checking your ID card, but will still put you onto a
list which can and will be checked against the ID register, and if it's not
on there, consequences will ensue. As the system matures and increasingly
interacts with other public sector ID systems, it will inevitably engulf
the whole of the public sector, and it doesn't need support for this to
happen.
The arms of government that obviously do want to embrace the system are
passports and immigration, and the police. It will most obviously sing and
dance at the arrivals terminal, so it's worth at this point taking a small
detour so that we understand that the singing and the dancing here will by
no means be automatic.
Passport Control We've already established that a biometric will be used to
tie the bearer to the document, and that we can use a secondary biometric
to deal with disputes, and a network check in addition to this. But rewind
- how, physically, are we handling this?
We need to have a reader that will take the biometric from the passport and
compare it to a handprint (we'll assume we're doing fingers, OK?) which
will probably be produced by placing one hand firmly on a flat surface. So
we need the people coming in to understand what they're supposed to do and
get it right, and we need to deal with failures to read the passport, and
we need to intercept jokers, terrorists and our slower brethren who might
be using false hands, cunning fingerprint gloves, or even just the wrong
hand. We need an attendant combining a nice and a nasty attitude as
appropriate to get them through, or whisk them off to another stage in the
process where complete failures to read are checked more thoroughly. Maybe
you get your terrorists in there, and you'll certainly get some immigration
'issues' but mostly you're likely to net perfectly innocent UK citizens
whose fingers are worn/dirty or whose passports are bust. So you're
detaining people you wouldn't have detained under the current system, and
you need to undetain them pretty fast if you don't want unpleasant
headlines about dud government IT systems in the press.
Aside from reading failures and hardware failures, you'll have false
matches and failures to identify, and you need procedures to deal with
these. For a false match you need to check the secondary biometric to
arbitrate, so you need to move these people quickly to that reader, and
through it without their thinking 'I am being accused of being a
terrorist.' Failure to identify is trickier, because you need to decide on
a procedure. If they fail to match up to an apparently working passport,
they might also fail to match up to a network check, because you're
comparing them to the same thing, right? So do you have a fraud, or do you
have somebody with worn fingerprints? If the secondary biometric is iris,
then you can check them with that and be pretty sure which, but can you
trust facial to be used as a primary identifier? No, you can't, so you
you're either treating all of this category of exception as suspect, or
you're making human decisions that will, as previously, not always hit the
right target. Given that you will be able to check (unless the network is
down) whether or not the passport, name and ID exists on the database, you
can at least flag failures to read for future investigation.
You might be able to avoid quite a bit of the above if you take a slightly
different view of what it you're looking for. Failure to match, or false
non-match, can be expected to run at a fairly high rate if false
alarm/false match is kept down to an acceptable level. The bulk of your
failures to match will, actually, be false non-matches, i.e. people who
really are on the database but who don't match up to it in this particular
instance. And a terrorist is unlikely to want to chance it on the basis
that they've got, say a 5 per cent chance of getting through. So you ignore
them all? Ah, but when word gets around, the bad guys and the multiple
applicants will take steps to file down their fingerprints a little before
they attempt entry, and your acceptable compromise starts to morph into a
security hole. Which is why flagging failures is important.
The network check is obviously useful in cases of passport failure (NB it's
an offence not to get it fixed once you know it's broken), but is dependent
on the network being up and the response being swift. The Home Office
appears to envisage a pretty high level of network checking, but it seems
reasonable to doubt that this will happen in real life. Current UK
passports first became machine-readable in 1988, but are seldom
machine-read. Theoretically this could be used to check that the passport
actually exists, that the bearer is not on a watchlist, and that it has not
been notified lost or stolen - but possibly not in the latter case. The
Passport Office announced a lost and stolen database in December 2003, so
IND (the Immigration and Nationality Directorate) may only recently have
been able to start looking.
Similarly IND has also been working on an automated fingerprint system,
intended to match fingers against the 350,000 fingerprints (a 2001 figure)
it has on file, and a "warnings list" system. It also has a case
information system developed by Siemens and called ACID Warehouse. Really.
As we contemplate how effectively we're not using the systems we've had
available for 15 years, we should consider the way we're currently not
using it. In the EU citizen channel at the airport we'll probably have the
picture page of our passport looked at and be nodded through. The
introduction of machines will add a more time-consuming stage to this
(failures in the queue will slow you up, even if you register first time)
and more staff. The process will still need the staff on the desk looking
you over, unless we're going to trust machine decision-making entirely as
our front line. As non-UK passports won't work with the system, other EU
citizens will now have to have their own channel, faster than the UK one,
or be sent to the Channel of Death, where we send everybody else. But if
they are they'll complain to Brussels, and we'll be told to stoppit. There
are actually strict EU limits on what immigration is allowed to ask the
local citizenry - did you know this? "As a result of judgements in the
European Court of Justice (ECJ), an immigration officer may not require an
EEA national to answer questions regarding the purpose and duration of his
journey and the financial means available to him. Examination should be
restricted to the occasional discretionary warnings index check. Questions
may only be directed at establishing whether the person's admission to the
United Kingdom would result in a threat to public policy, or public
security or public health." (Source: IND general guidance document. Get
lippy at your own risk and don't blame us.)
Many difficult questions will arise at the airport, where conditions will
be just about as optimum as they can get. But what about elsewhere, what
about the ferryport? At busy ones, the increasing size of the ferries can
produce longish unloading queues already, and mostly all that happens is
that drivers holding a clutch of things that looks like approximately the
right number of the right documents are waved through. So where do we put
the reader? And where do we put the holding area where all the passengers
get out of the car, deliver their print and get back in? Where do we put
the tailback (quick, there's another three ferryloads coming in)?
Nightmare. Monitoring departures is actually harder, because typically the
passport check is conducted by the ferry staff, and there's a non-secure
holding area beyond this where passengers could be switched. We can all
look forward to hearing how the government's going to figure this one out
without bankrupting all the ferry companies.
The Police The draft is quite specific that it will not be compulsory to
carry an ID card, nor will it be permissible for the police to demand to
see your card. But in the case of the driving licence (which will morph
into an ID card) you'll still have to report to a police station to show it
within seven days, and the consultation document tells us that "people will
be able to have their biometrics checked against the Register even in the
absence of a card on a voluntary basis in order to establish their identity
if, for example, they are stopped by the police."
To grasp the full import of this peculiarly British situation, we need to
think a little about the powers the police already have, and the way they
use them. They can't ask you for ID, but they can seek to establish your
identity if they arrest you, and they can<//em> arrest you on grounds of
reasonable suspicion. Questioning their reasonableness at this juncture is
usually not constructive, although you may consider risking a polite
indication that you are aware of the relevant laws. Also, their powers of
stop and search have been reintroduced via several anti-terrorist measures,
and these have been so widely deployed against demonstrators that even
David Blunkett has expressed concern.
Effectively though, if they want to find out who you are, they have the
means to do so, and if they've arrested you, they have the means to find
out who you are. But they actually only want to know who you are in pretty
specific circumstances. There are those where their reasonable suspicion is
actually pretty reasonable, and there are more heavy-handed and
wider-ranging checks of, say, protesters at an arms fair. But bitter
experience from the 80s means that they avoid stop and search operations
that would be interpreted as ethnically targeted and that might trigger
unfortunate riot-style situations.
So the police are not going to voluntarily implement intensive ID checking
in areas of high immigrant population, and the kind of gains that could be
made (if you call lots more illegals caught plus lots of bits of London
ablaze, gains) by pass-law style implementation of ID won't happen.
News that senior police officers support a compulsory ID card is about as
surprising as news that they've got fast cars with groovy flashing lights.
But in operation the card is most likely to be an adminstrative convenience
to them, used to provide a more reliable ID in circumstances where they're
seeking to establish it. If the ID's present they can rely more on it being
genuine, and if it's not they can establish ID quickly by checking against
the database. This will, as at present, leave them with those with invalid
ID, but the process should be faster. It'll also allow them to check
immigration status and right to work, as these will be on the database even
if they're not on the face of the card, so it speeds their processing here,
if it's illegal immigrants they're looking for.
How, though, do they do the biometric reading? The Home Office appears to
envisage the use of mobile readers, but it's doubtful that these will prove
reliable enough for use in some kind of networked handheld configuration,
and they don't seem particularly compelling from the police point of view.
A "reasonable suspicion" candidate with no ID card can be sent down to the
station for checking, and one producing an ID card can be identified on the
basis that the card is probably genuine and the bearer looks like the
picture. If they're concerned about immigration status then a query based
on the unique number can be made - biometric check is unnecessary.
Nor are there any obvious scenarios where the existence of ID cards will
reduce crime. If the police don't know who did it, then the ID card is no
use. If they do, then the ID card is merely an administrative advantage.
Sure, they know where you live, but so long as you know they know this,
you're not there, right?
'What was that you said about them knowing where I live?' Ah yes, this
takes us on to the National Identity Register, referred to largely in the
documentation as "the Register." For the record, we are The Register, and
you should therefore not worry about sentences like: "Clause 29 makes it an
offence for any person to disclose information from the Register without
lawful authority."
Makes it damnable to write about though. The ID Register will hold data as
specified in schedule 1 of the draft bill. This is: personal information -
names, date and place of birth, gender, address; identifying information -
photograph, fingerprint, other biometric information; residential status -
nationality, entitlement to remain, terms and conditions of that
entitlement; personal reference numbers - National Identity Registration
Number and other government issued numbers, and validity periods of related
documents; record history - historical information previously recorded,
audit trail of changes and date of death; registration history - dates of
application, changes to information, dates of confirmation, information
regarding other ID cards already issued, details of counter-signatures;
validation information - information provided by any application,
modification, confirmation or issue and other steps taken in connection
with an application or entry, details of any requirement to surrender;
security information - personal identification numbers, password or other
codes, and questions and answers that could be used to identify a person
seeking access; access records - the audit trail of accesses to the entry.
Not listed in schedule 1, but listed elsewhere in the documentation as
being held by the Register, we have PIN, passport validation information,
background evidence or document checks carried out to confirm status,
details of non-UK ID (including foreign passports), and information
(including biometrics, where available) of unsuccessful applications. Other
categories can be added by the home secretary, and information can be added
at the request of the holder, provided the home secretary agrees. Blood
type and organ donor status are suggested examples of these, but this is
slightly potty, given that in both cases you want the information to be
immediately obvious to the medics, not dependent on them shoving your card
into a reader first. So we can file that with the other feeble attempts to
make the card popular.
We can draw a number of conclusions from the information that's intended to
be on the Register. The presence of "other government issued numbers" means
that they can use the ID system to consolidate and weed the NHS and
National Insurance systems as they add numbers. This will ultimately make
it simpler to associate services with ID, without approval or cooperation
of the operators of these services. PIN is interesting, because it could
conceivably provide a mechanism for you to use your national ID over the
Internet. ""In an increasingly technologically complex and global [sic - as
opposed to, say, 'stubbornly oblong?'] world, correct identification has
become critically important, and we want to ensure that UK citizens are
properly protected and equipped to deal with this emerging world," Blunkett
tells us. Unhappily, there is scant sign in the draft bill that they've
actually twigged that fingerprints aren't going to be a whole heap of use
when you're sitting in front of your screen (anybody who says 'personal
reader', see me after class), and the odd mention of PIN is the only sign
that there might be something there that they'll get to when they've time
to think about anything beyond biometrics.
Other listed information is, you'll note, heavily weighted towards
immigration control. Clearly, the intention is to have a great deal of data
on anybody who isn't a UK citizen from birth. Please yourself as to whether
or not you feel this is too much information about you for the government
to hold - a commissioner will be appointed to make sure the data is not
abused, but actually that's not the half of it. Consider what it doesn't
include, things like credit status or whether the security services are
after you. Obviously if you're a wanted criminal or terrorist trying to
flee the country, police and immigration are going to have you on their
list (actually this isn't obvious at all, but they obviously should have
you on it) in order to nick you when you hit the border check. So actually
they'll have their own database which will interact with the ID Register.
Similarly, a bank checking up on you is going to be checking credit rating,
homeowner status, county court judgments etc, so will have its own external
database and links to other external databases. It will likely prove useful
to the bank to consult the Register to confirm you exist and where you
live, and it's perfectly conceivable that the unique ID will therefore move
out of the Register and into the world in general as a handy, well, unique
identifier.
So the government reps telling you there's not much in the database and
there's a commissioner to mind it, so that's OK, are being really thick, in
a 'don't know much about databases' sort of way. They are, without, clearly
grasping it, proposing the ID Register as the focus around which an
ever-increasing number of personal information databases revolve. They've
set themselves a non-trivial task in keeping all of the specified
information in the Register accurate and up to date, and the freeform
nature of "information relating to an application or entry" will be a
particular problem, because it should really be in another kind of
database. Indeed, the amount of immigration-related data in the Register
makes it look more like an immigration database than a general population
register. Granted, the Home Office may be taking the view that the data
should be there because it is needed by multiple agencies, but that's the
case for much police and social services data too. If these (where they
actually exist fully) can be external, why not immigration?
From, the subject's perspective of course it doesn't matter whether the
database is elegantly conceived and designed; what matters to subjects is
the extent to which it enables the collation, use and abuse of data on
them. By pitching the ID card as "watertight proof of identity for use in
daily transactions and travel" the Home Office is essentially begging for
the satellite databases to be produced. So, small piece of government
control-freakery possibly under the commissioner's control, potential
hordes of escaped privacy monsters enabled by said small database.
Security and usability We can't comment on the security of the system at
this juncture, but we can run down its sins against security good practice
fairly readily. Experts who've given evidence to the Home Affairs Committee
ID card enquiry so far have tended to fall into two camps on the scheme.
The critics argue that placing all your eggs in one basket is stupid, while
the apologists/supporters say that in principle the system can be made
secure. If you're not immediately with the critics on this one, consider
how the apologists react when pressed. They accept that by placing a great
deal of reliance on one card, ID, database or whatever you are inevitably
increasing the stakes, but say that in principle the system can be made to
function, and can be secure. Pressed further they then concede that we can
never guarantee anything 100 per cent.
Security experts would be largely with the critics on this one - single
points of failure are bad. The proposed ID system, however, has numerous of
these, at least conceptually. If you actually need your ID card as the
pivotal ID around which your life revolves, allowing you to use government
services, financial services, buy stuff, then you're snookered if it
breaks. Or if the network breaks. Or the Register.
We also need to be concerned about what happens if the card (or the ID
without the card) is stolen or compromised. Now, in principle this ought to
be impossible or very hard, because the system is dependent on your
particular biometric signature. But we've already noted government
suggestions of areas where this would not be read, and we've suggested that
not checking the biometric or not checking against the central database
will be fairly common. So the theft value of the card will depend on how
much of value can be obtained using it without tripping a strong biometric
check. The more it is used for daily transactions, the higher this value
will be.
David Blunkett has claimed the system "will make identity theft and
multiple identity impossible, not nearly impossible, impossible." Clearly
this is untrue, but we need to assess the extent of its untruthfulness;
aside from situations where ID theft is enabled by the security systems not
actually being used, what about the possibility of the card, or the system,
being compromised? Currently it is clearly harder to forge a biometric
passport than it is a conventional one, but as biometric passports do not
yet exist, why should forgers try to forge one? How much of the difficulty
is because of it actually being harder, as opposed to there not having been
any motivation for anybody to develop the skills yet? Clearly we can't yet
be sure, but you can see the likely dangers. Traditional avenues such as
switching the picture and changing the details may still be viable
(although surely a bit more complicated) in instances where the biometric
isn't read, and altering the biometric itself (clearly harder until it's
cracked - then it's easy) could be useful if there's no network check, or
depending on the procedures implemented around that check (see Passport
Control, above). And there's also the job of making sure any invisible data
tallies up - but never say never, it's at least as theoretically possible
as the system is theoretically invulnerable, and if it is cracked, the Home
Office has a very expensive security update rollout on its hands.
The alternative to this is a more distributed, defence-in-depth,
horses-for-courses approach where you use different strengths of ID,
different cards and different systems where appropriate. A mugshot and a
bearer who looks like she might be 12 is enough for a child's weekly season
ticket, surely, while (despite howls to the contrary about identity fraud)
a piece of plastic and a PIN is good enough to get a bank to give you
money. Would the banks like a 100 per cent secure system? Certainly. Will
the banks accept a system that eliminates fraud while turning away
significant numbers of genuine customers? Not a chance. What they've got
now is their current best compromise, and the ID system is not going to
change that. Similarly, although the state of the NHS and National
Insurance ID systems is lamentable, that is not entirely caused by the UK
public sector being historically crap at implementing IT projects. It is in
no small measure due to the fact that it really doesn't matter much.
Certainly there's a fraud component in there, but it's an acceptable one
from the point of view of the particular system, otherwise the system would
have reacted by doing something about it. A rational estimate of the annual
cost of 'health tourism', for example, is #200 million out of a total
budget of #70 billion. From the system's point of view there is absolutely
no point in it diverting resources from its primary objectives in order to
tackle a problem that small.
Other government ID systems can be positioned at different points along the
scale. National Insurance should obviously be concerned about the use of
fraudulently obtained numbers to get benefits, but hasn't a great deal of
reason to worry about the status of a user provided they're working and
paying in the money. Inland Revenue has more reason to be concerned about
tying the number to real people in order to avoid tax frauds, and so on.
There are varying levels of need in terms of identification, and it doesn't
necessarily make sense to try to fulfill them all by attempting to devise a
single, bulletproof ID system. And in the case of benefit fraud, although
the Department of Work and Pensions has estimated total losses at #2
billion, or #7 billion, or vast numbers in between, it confesses it reckons
ID-related benefit fraud amounts to a whole #50 million.
What will you pay? No, really pay?
David Blunkett has recently been pushing contorted piece of reasoning
whereby he establishes that the cost of an ID card is in fact #4, rather
than the large sums he will be charging. This implausible pitch hinges on
the claim that most of the money would have to be spent in order to
modernise the passport system anyway, but it kind of misses the point even
if you were to accept that. If it is the state as a whole that requires
something, then it is the state as whole that pays, and the money comes
back through general taxation, right? Chancellor Gordon Brown refused to
pay for it out of general taxation, as he does regarding much else, but if
it had been an absolute necessity, then he couldn't have refused. Kick and
scream for a long time, yes, but refuse, no.
So one has one's doubts, and if one counter-argues that it's really the
people travelling and driving who need the modernisations and should
therefore pay, one still has to explain the others. The people who
currently have to pay absolutely nothing for an ID card because they don't
need to have one will have to pay their #4 in the form of a #35 payment in
order to get an ID card. Of course, it's not compulsory. Until it is.
And we could point to the essential weirdness of arriving at a situation
where everybody in the country has to pay individually for something they
have no choice but to buy. Isn't that a tax? And if it's not, then what's
the point of taxes? Couldn't we just abolish them all and pay for
everything by name? This hypothecation madness is however more properly a
matter for New Labour's conscience than it is for The Register (capital T,
emphasis), so we'll move on to the #3.1 billion.
You can, with the aid of the tried and tested UK government IT project
algorithm, double this and add ten per cent for luck. Some people already
have, and we wouldn't put money on them being wrong. But what you cannot do
is say why it will cost #3.1 billion (or at least #3.1 billion, if you
insist). The home Office has been solemnly saying 3.1 for months now, but
has not said how it arrived at this figure. This makes it remarkably
difficult to assess whether it's going to be money well spent or not. As
Ross Anderson said (along with much else worth reading
(http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/uc130-iv/…))
in his evidence to the Home Affairs Committee, " If the thing remains
covered by Official Secrets to the point that even Parliament does not know
which path the Home Office is intending to take, then that is bad news."
We now have an indication of the path the Home Office intends to take, but
we do not have cost breakdowns and we have not been presented with
alternatives, ranging from simple modernisation of the passport system up
to universal ID megaproject, with relevant estimates. We are supposed to be
being consulted, but we have not been given sufficient justification for
the rejection of the lesser options to be able to make an informed judgment
on the adoption of the maximalist one.
It's difficult to conceive that any system at the minimal end of the scale
could possibly cost as much as #3.1 billion. If it's the case that
passports need to be upgraded in order to conform to the US requirement for
ICAO standard biometrics, then it is simply necessary that it have a facial
biometric. Although the European Commission envisages the harmonisation of
ID documents in the EU using biometrics, and intends fingerprint to fulfill
the main role here, it has not ordered the introduction of ID cards where
they don't exist. Nor need fingerprints be on passports, visa and ID
documents for third country nationals immediately. Says the Commission:
"...it could be considered that in their implementation Member States
should have more flexibility. The facial image should be introduced as the
first biometric identifier for reasons of interoperability. The
introduction of the compulsory fingerprints need not necessarily happen at
the same time, as it has not been decided whether the VIS [Visa Information
System] will include biometric data from its very beginning."
So if the Commission's drive for a "coherent approach" stands, then we will
have facial biometric and fingerprint on passports, but we don't have to
put both of them in yet. We could anticipate the Commission in order to
save expenditure on future revisions, but we could possibly do as Canada
has so far - leave space for the print, pending a final decision and/or (in
Canada's case) a satisfactory agreement with the US.
So what would this cost? You would have to allow for the new passport
production processes, and you'd need to spend money on sufficient biometric
reader systems to support passport applications. The total would most
certainly not be #3.1 billion. But ah, you say, you'd also need the readers
at entry and exit points, the central database and the network connecting
it all. This is quite possibly the conclusion the Home Office has jumped
to, but it ain't necessarily the right conclusion.
The equipment you need is determined by what it is that you propose to do
with the system. The current requirement is for passports with a facial
biometric, but there is no requirement for you to actually read that
biometric. And actually, those countries which intend to read facial
biometrics with a view to learning something useful from them will give up
fairly swiftly, for reasons explained above; the United States' current
collection of mugshots at entry points speaks of some kind of cryogenic
mindset, collecting the database in the hope that scientific advancement
will eventually cure it. Here, we could perfectly well have toed the ICAO
line by including facial and just carrying on identifying people by looking
at the picture.
We could certainly (and being us, we surely would) keep the biometric data
on a central database for reference, but there's absolutely no need for us
to actually access this database from checking points. We could, perfectly
validly, view the biometric simply as a strengthening of the integrity of
the document, and use a combination of visual appearance, supporting
information and common sense to tie the bearer to the document. This is not
as strong as the theoretical strength of the #3.1 billion system we're not
sure will actually work, but it's considerably stronger than what we have,
and could be seen as a highly cost-effective reform of the passport system.
And, as various scenarios put forward above indicate, it is via the
strengthening of the document that the bulk of the general gains of the
system can be achieved. Some countries, incidentally, take this position to
the extent that they throw away the biometric after it's been included in
the document. The biometric in the document ties the individual to the
document, so you don't need to store the biometric any more, right?
Summary
So, what have we got? We have an overall strengthening of the integrity ID
documents in the UK, and in the case of the passport this is an important
gain, primarily from an immigration point of view, but also in situations
where passport would be used to establish ID (e.g. banking). The major gain
is to be made simply via the document, and does not hinge on an ability to
check with a central database. A local check of biometric against document
could strengthen the ID further, but in most cases this shouldn't be
necessary - looks like person, probably is person, sure passport isn't
forged, pass, person.
ID-related health and benefit fraud are not sufficiently extensive for them
to justify a universal rollout of ID cards. The existence of a single,
solid database of people in the UK could prove useful in tidying up
National Insurance, NHS and tax records, but that single database will not
even begin to exist until 2013, and these record systems do not need the
strength of ID proposed by the Home Office in order to function. Yes, they
need tidying up and weeding, but they could at least as well be tidied up
by other means - and the tidying ought to start a bit sooner than in ten
years time.
For the security services, the ID scheme is largely an administrative
convenience. It will not of itself help catch criminals or terrorists, nor
will it help significantly in finding them. As and when the hypothetical
ring of steel exists, checking all UK ID as it comes in and out of the
country, then the security services will have (theoretically - depends on
how good they are at sharing) a record of a suspect with UK ID entering or
leaving the country. But if it's someone they seriously suspect they've got
that already, check? And they've been known to track them all the way
through Spain to Gibraltar, too...
The other agenda
As you were so rightly thinking, we missed one in the summary -
immigration. This however fits better as the primary driver of the other
agenda, the one that isn't in the draft and the consultation documentation,
but that is slowly beginning to be spilled out in interviews and Committee
evidence. We don't propose to pass an opinion on who started it, but the
public, the Daily Mail, the Government and the Home Office are now whipping
each other up into some kind of circular frenzy about immigration. And the
buck stops at Blunkett's Home Office.
A brief, but by no means comprehensive, list of Blunkett's headaches here
will be useful. He has large numbers of asylum applicants to be processed
and supported while they await processing. He has overloaded application
systems at embassies throughout the world, overloaded processing systems in
the UK, scandals caused by people shorting out the processing systems in
order to deal with the backlog. He has asylum seekers whove been rejected
and overstayers in the country somewhere, he doesn't know where. He has
people applying again and again until they get in (no, he doesn't know how
many, otherwise they wouldn't, right?). And he has people-trafficking. This
is widely perceived as a huge issue, but actually the numbers are estimated
by the police as quite small, the main illegal immigration problem being
assisted entry, where a passport is sent out of the country, altered, comes
back with the illegal immigrant, and is then sent out once more.
We barely scratch the surface, but you can understand why Blunkett might
just be the teensiest bit tetchy. He needs a magic bullet to fix all of
this, and the ID card is it. But how does it fix it? We're really better
off looking at how he thinks it will fix it.
In recent statements Blunkett has pinned a great deal of hope on his
knowing who's coming in, who's going out and who's here. To the Home
Affairs Committee on 4th May, for example, he said he would be aware of
"who is coming in and out, those who are resident, and those who are
engaged in activities around terrorism." Note that he's aware of the latter
already, and that this awareness has nothing to do with the existence or
non-existence of an ID card system - it's a security services surveillance
matter. The broader importance is the faith he's putting in a complete and
accurate audit of the UK population, and his most pressing motivation for
wanting this is immigration.
If for a moment we just pretend he's actually going to get this, we can see
how at least some of the immigration headaches get nailed. It doesn't help
with the application overload, because we still have to create an ID for
new applicants (even the ones we turn down straight away). It should get
the lid on multiple applications, because we'll catch the matching
biometrics. It should seriously impede assisted entry, provided it turns
out the passport can't be altered, and it could have a similar effect on
forgeries. Eventually, granted that knowing who's coming in and out
actually works, it should reduce the number of people who're in the UK
somewhere, but who can't be found and thrown out. They will die off or find
some way of legitimising themselves. Blunkett himself concedes that it will
be possible to establish a false ID, but then you'll be stuck with it for
the rest of your life.
Which would probably fine from the point of view of an illegal immigrant in
the UK. And there are all sorts of people who'd find having just the one
strong British ID in addition to any others they have quite handy. One
could even toy with the notion of Osama bin Laden having one in order to
draw disablement benefit while he's holed up in some Afghan cave. He'd only
do it the once and then he'd be stuck with it though, so that's OK by David.
Blunkett's dream of 100 per cent knowledge of what's in the UK is however
marred by exceptions. He can't insist on 100 per cent before compulsion
comes in, and once it does arrive, the pool will continue to be muddied by
people coming in on short stays (no ID registration required) then
vanishing. The 'unpeople' who're already here aren't likely to turn
themselves in, and someone with no legitimate ID is clearly not someone
who's going to arrive at the police station to show ID within seven days.
So how do you nick them?
Well, you can do it via mechanisms the Home Office has specifically ruled
out - making carrying ID compulsory, ethnically targeted stop and searches
and the like, but we've ruled all that out, haven't we? So what it hinges
on is the card really becoming the "key" to life in the UK, used "in daily
transactions and travel." The more widespread its use, the more checkpoints
there will be, and the fewer aspects of daily life that will be available
to you without your using the card. It is currently possible to exist in
the UK without a valid identity, but the more checkpoints there are, the
narrower the options of the ID-less will be. So it's not just desirable
from the Home Office's point of view that the British public love and use
the card, it's absolutely vital. If they don't the whole thing doesn't work.
So do you want this? It's a system that won't achieve most of its
objectives, and those it will achieve will be achieved via massive
overdesign (secure passport system? Here, take this networked database and
personal information register to go with it). You get a personal ID card
you don't need. You pay vastly more than you need to for the ID documents
you do need. It only addresses the immigration problem (most of the British
public sees immigration as a problem) if you pretend to love it and use it
all the time, in all sorts of areas where you don't need it and it's
inappropriate. And you get the free centralised database of your personal
information anyway, providing a locus for any number of government and
private databases of your personal information. Don't worry you've nothing
to hide - even from your bank, other banks, loan sharks and double glazing
salespeople, right?
It costs #3.1 billion for all this cool stuff. At least. Go and tell the
Home Office how much you support it, you've got until the 20th July, and
you'll find a link to the consultation document below. If you happen to
agree with any of this article, paraphrase it, don't just copy it. If you
do they'll just mark you down as a petition signer and disenfranchise you,
like they did with the Stand objectors in the previous "consultation."
Coonsultation input should be sent to Robin Woodland, Legislation
Consultant, Identity Cards Programme, Home Office, 3rd Floor, Allington
Towers, 19 Allington Street, Londob SW1E 5EB. They can be faxed to +44
(0)20 7035 5386 or emailed to identitycards(a)homeoffice.gsi.gov.uk, with
'consultation response' in the subject line. All of this information is
prominently displayed on page 42 of the consultation document. .
Related stories:
Draft bill and consultation
(http://www.homeoffice.gov.uk/docs3/identitycardsconsult.pdf)
Glitches in ID card kit frustrate Blunkett's pod people
(http://www.theregister.co.uk/2004/05/05/id_pilot_glitches/)
UK public wants ID cards, and thinks we'll screw up the IT
(http://www.theregister.co.uk/2004/04/22/id_cards/)
Fingerprints as ID - good, bad, ugly?
(http://www.theregister.co.uk/2004/04/19/biometrics/)
ID cards: a guide for technically-challenged PMs
(http://www.theregister.co.uk/2004/04/05/uk_id_cards/)
) Copyright 2004
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
2
1
<http://www.microsoft-watch.com/article2/0,1995,1585354,00.asp>
Wednesday, May 05, 2004
Microsoft: 'Palladium' Is Still Alive and Kicking
By Mary Jo Foley
Updated: Redmond denies published report that it is axing its
Next-Generation Secure Computing Base and insists the technology still will
debut in Longhorn.
SEATTLE - Microsoft spent much of Day 2 of its Windows Hardware
Engineering Conference (WinHEC) here refuting a published report claiming
the company has axed its Next Generation Secure Computing Base (NGSCB)
security technology.
"NGSCB is alive and kicking," said Mario Juarez, a product manager in
Microsoft's security and technology business unit.
ADVERTISEMENT
NGSCB - the hardware/software security system formerly code-named
"Palladium" - has been one of the most controversial components expected to
debut in the version of Windows that's due out in 2006+.
Unlike last year's WinHEC, where NGSCB received top billing, this year,
it's just a blip on the radar screen. In fact, there are at only three
sessions on the WinHEC docket specifically about NGSCB. But Microsoft is
still talking up its NGSCB vision at this week's show.
Microsoft is continuing to be vague about exactly how much of its NGSCB
code will ship as part of Longhorn. Company officials have gone on record
saying that customers would not be impacted by the technology until
Microsoft delivered Version 2 of the NGSCB platform. The company has not
provided a date for Version 2.
In spite of these facts, the plan of record continues to be to deliver
Version 1 of its NGSCB technology as part of Longhorn, said Juarez.
Juarez acknowledged that Microsoft is reworking its NGSCB technologies to
enable independent software vendors and customers with a way to allow their
existing applications to take advantage of NGSCB without having to rewrite
them. He said that customers to whom Microsoft has shown early versions of
NGSCB requested this change. He added that Microsoft will provide more
details on how it plans to do this some time later this year.
Microsoft has explained NGSCB's inner workings this way: The two
foundations of NGSCB were designed to be the Trusted Platform Module on the
hardware side, and the Trusted Operating Root (or "nexus") on the software
side. The nexus was to be the kernel of an isolated software stack that was
designed to run inside the standard Windows environment. The nexus was
slated to provide a set of APIs that would enable sealed storage and other
foundations for trusted-computing.
But up until this week, Microsoft had said that only applications that
were designed from the ground-up to be nexus-aware would be able to take
advantage of these features.
Juarez also admitted that the NGSCB team currently "did not have a managed
code story." He said, "We need to go back and figure out how that will look
and work."
Managed code is a key concept in Longhorn. It involves a new programming
model centered around a new "managed" application programming interface.
Microsoft is gunning to have many of Longhorn's own subsystems function as
managed applications and is advocating that third parties make their
Longhorn applications managed, as well.
Juarez said Microsoft is not providing any of its NGSCB bits as part of
the new Longhorn pre-alpha release that it is distributing this week to
WinHEC attendees. But he denied that this means that the company is
exorcising NGSCB from the product. Instead, he said that the NGSCB team
decided that the driver developers at the show wouldn't be the right
targets for this code.
"We are not updating the development environment now. We are evaluating
whether there will be one in Longhorn," he said. "The only question is what
it will look like."
Microsoft did include in the pre-alpha version of Longhorn software
developer kit that it distributed at the Professional Developers Conference
last fall both the NGSCB application programming interface (API) set, as
well as various NGSCB class-library files.
"We are making some predictable changes," Juarez continued. He said that
Microsoft has attempted to be very transparent about its NGSCB plans over
the past two years in order to allay industry fears about Microsoft's
security intentions.
"We've just been doing in public what is usually done in private," Juarez
said, in terms of detailing the NGSCB evolving its strategy and directions.
(Note: This story was updated. One of the four scheduled NGSCB sessions at
this year's show was cancelled, leaving only three on the docket. Also:
Juarez said he misspoke, re: whether there will be an NGSCB development
environment included as part of Version 1 of NGSCB. Microsoft is currently
evaluating whether or not to make the dev environment part of the release,
he said.)
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
"A whitelist for my friends." Check.
"All others pay cash." Next? Anybody get this? Anybody??
;-).
Cheers,
RAH
------
--- begin forwarded text
1
0
That nagscab Pd zombie will be back in no time, though. Maybe we could
brainstorm a funky new name for it.
http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49936
Microsoft Shelves NGSCB Project As NX Moves To Center Stage
After a year of tackling the Windows security nightmare, Microsoft has killed
its Next-Generation Secure Computing Base (NGSCB) project and later this year
plans to detail a revised security plan for Longhorn, the next major version
of Windows, company executives said.
On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The
project, dreamed up with Intel in 2002, was once code-named Palladium.
"We're evaluating how these NGSCB capabilities should be integrated into
Longhorn, but we don't know exactly how it'll be manifested. A lot of
decisions have yet to be made," said Mario Juarez, product manager in
Microsoft's Security and Technology Business Unit. "We're going to come out
later this year with a complete story."
Juarez said the project is being shelved because customers and ISV partners
didn't want to rewrite their applications using the NGSCB API set.
Though Microsoft plans to use the NGSCB "compartmentalizing" technology in
future versions of Windows, the company is moving swiftly to support No
Execute (NX) security technology in newer AMD and Intel processors. NX
reduces memory buffer overruns that many hackers exploit to insert malicious
code into Windows and allows developers to mark pages as nonexecutable.
"Two years ago, we went public with something that was very, very far off in
the future," Juarez said, noting that customer and ISV feedback and
faster-than-expected chip security advancements led Microsoft back to the
drawing board. "There's no tie between [NGSCB] and NX, but it is reflective
of innovations in hardware we hadn't foreseen."
At WinHEC 2004, for example, Microsoft product managers said Windows XP
Service Pack 2 and Windows Server 2003 Service Pack 1 will exploit AMD's
Enhanced Virus Protection or NX technology for 32-bit applications.
Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended Systems
will also support the NX feature in Intel Itanium processors for clients due
out in the second half. In addition, Microsoft will continue to support
Intel's LaGrande security architecture, Juarez said.
ISVs will have the flexibility to "NX-enable" their applications, said
Richard Brunner, AMD Fellow and software architect, who presented the
technology at WinHec 2004. "No Execute can be selectively disabled for a
particular application," Brunner said. NX is one of several new hardware
technologies that will be supported by Windows XP SP2, including iSCSI and
Serial ATA.
The NGSCB code won't be updated in the enhanced Longhorn developer's preview
update, due out later this week, but in the future it will be used in some
capacity, Juarez said. "The investment is high in this," he added. "It's in
an important realm."
Microsoft announced the NGSCB plans for Longhorn at WinHEC 2003 and released
NGSCB code in the Longhorn Developer Preview software development kit last
fall at the Redmond, Wash.-based company's Professional Developers
Conference.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
1
0
Microsoft offers anti-spam bypass
Hotmail, MSN operator adopts program that will allow marketers to bypass
filters by paying a bond.
May 5, 2004: 6:28 AM EDT
WASHINGTON (Reuters) - Microsoft Corp. said Wednesday it has adopted an
e-mail "whitelist" program by IronPort Systems Inc. that will allow
legitimate marketers to thread the gauntlet of spam filters protecting its
in-boxes.
Microsoft's Hotmail and MSN e-mail services, which together claim 170
million regular users, will require marketers to put money up front if they
wish to ensure their messages aren't mistaken for unwanted spam.
IronPort's "Bonded Sender" service guarantees that legitimate marketers who
post a cash bond and adhere to a set of guidelines will get their messages
delivered.
"It's the exact opposite of blocking. It says, 'Hey you're a good guy, I'm
not going to run you through the metal detectors," said Tom Gillis,
IronPort's vice president for marketing.
Such a "whitelist" approach requires the active cooperation of marketers --
a much more likely prospect now that Microsoft has signed up, Gillis said.
Unsolicited bulk messages now account for roughly two-thirds of all e-mail,
according to several estimates.
Internet providers use filters to examine incoming messages and consult
"blacklists" to block traffic from computers known to send out spam.
IronPort's approach rewards e-mail senders who agree to be held accountable
for their messages.
Participating marketers must demonstrate a history of responsible e-mailing
and must provide an easy way for consumers to opt out of future mailings,
among other things.
Those found to be engaging in abusive behavior forfeit a cash bond of up to
$20,000, Gillis said.
Internet providers are considering other ways to make e-mail more reliable.
Both Microsoft and Yahoo Inc. (YHOO: Research, Estimates) are developing
authentication systems that could make it harder for spammers to
appropriate others' e-mail addresses.
Other methods would make spamming less profitable by sucking up computing
power or requiring human input every time a message is sent.
"When you add these up over time, it will be uneconomical to send out
spam," said Microsoft spam specialist George Webb.
-------------------------------------
You are subscribed as rah(a)shipwright.com
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
Microsoft offers anti-spam bypass
Hotmail, MSN operator adopts program that will allow marketers to bypass
filters by paying a bond.
May 5, 2004: 6:28 AM EDT
WASHINGTON (Reuters) - Microsoft Corp. said Wednesday it has adopted an
e-mail "whitelist" program by IronPort Systems Inc. that will allow
legitimate marketers to thread the gauntlet of spam filters protecting its
in-boxes.
Microsoft's Hotmail and MSN e-mail services, which together claim 170
million regular users, will require marketers to put money up front if they
wish to ensure their messages aren't mistaken for unwanted spam.
IronPort's "Bonded Sender" service guarantees that legitimate marketers who
post a cash bond and adhere to a set of guidelines will get their messages
delivered.
"It's the exact opposite of blocking. It says, 'Hey you're a good guy, I'm
not going to run you through the metal detectors," said Tom Gillis,
IronPort's vice president for marketing.
Such a "whitelist" approach requires the active cooperation of marketers --
a much more likely prospect now that Microsoft has signed up, Gillis said.
Unsolicited bulk messages now account for roughly two-thirds of all e-mail,
according to several estimates.
Internet providers use filters to examine incoming messages and consult
"blacklists" to block traffic from computers known to send out spam.
IronPort's approach rewards e-mail senders who agree to be held accountable
for their messages.
Participating marketers must demonstrate a history of responsible e-mailing
and must provide an easy way for consumers to opt out of future mailings,
among other things.
Those found to be engaging in abusive behavior forfeit a cash bond of up to
$20,000, Gillis said.
Internet providers are considering other ways to make e-mail more reliable.
Both Microsoft and Yahoo Inc. (YHOO: Research, Estimates) are developing
authentication systems that could make it harder for spammers to
appropriate others' e-mail addresses.
Other methods would make spamming less profitable by sucking up computing
power or requiring human input every time a message is sent.
"When you add these up over time, it will be uneconomical to send out
spam," said Microsoft spam specialist George Webb.
-------------------------------------
You are subscribed as rah(a)shipwright.com
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
>"The volume of data they collect has reached the point where good
>analysis is no longer tractable in a theoretical algorithmic sense with
>the best tools they currently have at their disposal, particularly when
>you have a data space as broad and diffuse as "terrorism" to sift. "
This is a sham. Their traffic analysis tools are very competent.
And pervasive.
They are perhaps jockeying for money for translators, since that
may be the limiting resources. That may be what keeps the
signal to noise down so that further resources can be applied.
Tracking and correlating are not the bottlenecks.
1
0
<http://www.newsday.com/news/politics/wire/sns-ap-rail-security,0,7608472,pr…>
Newsday.com
TSA to Test New Rail Security Technology
By LESLIE MILLER
Associated Press Writer
May 4, 2004, 9:36 AM EDT
WASHINGTON -- Amtrak and commuter rail passengers at one suburban station
will have to walk through an explosives detection machine and have their
bags screened in a new security experiment designed to frustrate terrorists.
The Transportation Security Administration was beginning a pilot project
Tuesday at a rail stop in a Maryland suburb of Washington. Passengers were
to walk through a "puffer" machine, which sucks in the air around them and
within seconds determines whether they've been in contact with explosives.
Jack Riley, director of the public safety research program for Rand Corp.,
a think tank, said harried commuters probably won't like being screened.
"Anything that lengthens their rail experience is just going to meet with
resistance," he said.
TSA spokeswoman Yolanda Clark said the agency hopes passengers will see it
"as another ring of security in another mode of transportation."
The 30-day pilot program also includes a baggage screening machine used in
overseas airports. The TSA wants to see how well the machines work in a
passenger rail and commuter environment.
Amtrak and a commuter railroad service use the station in New Carrollton,
Md., about 9 miles northeast of Washington.
The TSA announced the project in March, soon after terrorist bombings on
trains in Madrid killed 191 people and injured more than 2,000. The FBI and
the Homeland Security Department have warned that terrorists might strike
trains and buses in major U.S. cities using bombs concealed in bags or
luggage.
Since more than half of Amtrak's 500 stations are unstaffed, screening all
passengers is nearly impossible.
TSA spokesman Mark Hatfield said of the experiment, "We're looking to get a
lot of data that's going to help us look at ways it can be deployed and
eliminate ways that it won't be practical."
A key problem in screening railway passengers is doing it quickly enough
that trains still run on time. That is not supposed to be a problem with
the puffer machine, made by General Electric.
The machine -- formally called EntryScan -- already is used in power plants
and military installations in the United States and Europe.
GE spokesman James Bergen said every person constantly radiates as much
heat as a 100-watt light bulb in a "human convection plume." The puffer
machine has a hood that catches the optimal amount of plume, he said.
If someone has a bomb or has been in contact with one, the plume will carry
traces of explosives into a detector that measures the wavelength of the
energy coming off the particles.
Some passengers also will be asked to put their bags through a machine that
uses X-ray technology to determine what's in them. The machine, made by L-3
Communications of New York City, is used in overseas airports, as well as
at the Statue of Liberty and in government buildings on Capitol Hill.
The Rand Corp.'s Riley said he doubts the equipment will be practical on a
day-to-day basis. Screening rail passengers might make sense for certain
events, he said, such as the upcoming political conventions.
Only passengers on Amtrak and the Maryland Transit Administration's MARC
commuter rail system will be affected. A Washington Metro train also stops
at the New Carrollton station, but those passengers won't be part of the
study.
* __
On the Net:
Transportation Security Administration: http://www.tsa.gov
Transportation Department: http://www.dot.gov
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
Re: [FoRK] Why We Are Losing The War on Terrorism (fwd from andrew@ceruleansystems.com)
by Tyler Durden 04 May '04
by Tyler Durden 04 May '04
04 May '04
"The volume of data they collect has reached the point where good
analysis is no longer tractable in a theoretical algorithmic sense with
the best tools they currently have at their disposal, particularly when
you have a data space as broad and diffuse as "terrorism" to sift. "
This is also going to get increasingly difficult in the US, as the entire
world begins to view us as a rogue nation. In other words, within a few
years a search of potential terrorists is likely to spit out 95% of the
world's population! (Unless, of course, we can convince everyone that
torture is a necessary tool for freedom.)
-TD
>From: Eugen Leitl <eugen(a)leitl.org>
>To: transhumantech(a)yahoogroups.com, cypherpunks(a)al-qaeda.net
>Subject: Re: [FoRK] Why We Are Losing The War on Terrorism (fwd from
>andrew(a)ceruleansystems.com)
>Date: Tue, 4 May 2004 10:56:42 +0200
>
>----- Forwarded message from "J. Andrew Rogers"
><andrew(a)ceruleansystems.com> -----
>
>From: J.Andrew Rogers <andrew(a)ceruleansystems.com>
>Date: Mon, 3 May 2004 22:08:30 -0700
>To: fork(a)xent.com
>Subject: Re: [FoRK] Why We Are Losing The War on Terrorism
>X-Mailer: Apple Mail (2.613)
>
>
>On May 3, 2004, at 9:14 AM, Contempt for Meatheads forwarded:
> >We desperately need adult supervision and high quality minds in the
> >intelligence business! I am growing more convince that the security
> >clearance process, the government hiring/promotion process, and
> >information silos are overwhelming our ability to get even a
> >marginally adequate level of intelligence needed to fight terrorism.
> >Wow, this is depressing.
> >
> >My confident belief (100%): we will continue to lose the war on
> >terrorism until we fix our intelligence system.
>
>
>I think this analysis is correct, but also a bit too shallow to be
>really insightful. While there are some significant institutional
>problems and byzantine self-defeating regulations, these things are
>masking a much bigger technical problem that desperately needs to be
>tackled from their perspective.
>
>The volume of data they collect has reached the point where good
>analysis is no longer tractable in a theoretical algorithmic sense with
>the best tools they currently have at their disposal, particularly when
>you have a data space as broad and diffuse as "terrorism" to sift.
>Institutional procedures and problems aggravate this, but the
>underlying issues are deeper.
>
>One of the ways I keep track of what the US DoD is up to is by analysis
>of the open research programs, contracts, and grants that they publish.
> By threading the many, many programs together over time, you can see
>how fast different technologies are progressing and you can chain
>inferences to make an intelligent estimate as to when specific
>capabilities (which may require the intersection of multiple research
>tracks) could theoretically be available to the DoD. Furthermore, the
>program managers have a habit of mildly editorializing their program
>descriptions in response to some of the proposals they have received
>and the success of the proposals they have actually funded, which also
>gives some added insight.
>
>One thing that I have noticed for several years is that the advanced
>data mining and automated intelligence analysis research programs have
>been essentially stalled for many years now despite aggressive
>marketing and a large number of agencies willing to liberally fund
>proposals. And the editorializing of the program managers on this
>research track makes it clear that they are quite frustrated both with
>the lack of progress in this area and with the fact that research
>proposals keep trying to beat the same dead horse over and over.
>Furthermore, while most programs have a shelf-life after which they are
>either closed (both on good progress or no progress), these particular
>programs keep getting extended and re-funded over and over, sometimes
>under a different name but always with roughly the same parameters.
>
>As long as this program track is stuck in neutral, the intelligence
>agencies will have serious problems that will be all but
>insurmountable. The US intelligence service is a victim of its own
>ability to acquire data. This isn't a problem that they can simply
>throw money at in the sense that it requires pretty substantial
>algorithm breakthroughs to even be tractable for high-quality analysis.
> To date, private research organizations have clearly been unable to
>solve this problem in any meaningful way, and there is substantial
>evidence of this fact. In the mean time, they are left using narrow
>brittle algorithms to sift and analyze the data, with holes you could
>drive a truck (bomb) through.
>
>Someone who fully understood the theoretical limitations and likely
>implementation parameters of the current state-of-the-art could likely
>defeat the automated analysis. Fortunately for the intelligence
>agencies, few people have those skills and they get by on a pretty
>broken system hampered further by institutional problems.
>
>j. andrew rogers
>
>_______________________________________________
>FoRK mailing list
>http://xent.com/mailman/listinfo/fork
>
>----- End forwarded message -----
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a>
>______________________________________________________________
>ICBM: 48.07078, 11.61144 http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>http://moleculardevices.org http://nanomachines.net
><< attach3 >>
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
1
0