From ukcrypto at chiark.greenend.org.uk Wed Oct 1 00:28:05 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 01 Oct 2008 00:28:05 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> Message-ID: <48E2B605.4010809@zen.co.uk> Ian Batten wrote: > > On 30 Sep 2008, at 18:07, Charles Lindsey wrote: >> I think it safe to assume that UK passports have omitted several >> features which a competent cryptographer would have included as a >> matter of course :-(. > > I don't. It'd be stunned if the design hadn't made a trip to the West > Country. You expect CESG to do more than say product X complies with a standard? I think you have an overly optimistic expectation of CESG's capabilities. The subversion of the entire UK passport system would be > rather uncool. The passports have had the benefit of some of the best > physical security people in the game in the design of the paper and the > watermarks, so why wouldn't they be equally motivated to sort out the > electronic properties? Motivation - do CESG have any such motivation? Then there is their lack of competence, or let's see, maybe - their lack of competence? I don't know how competent GCHQ are, but CESG are only good for certification to standards written by someone else, and not even that really. They simply don't know how to do secure. And I don't think GCHQ is going to want to be involved in passport design. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Wed Oct 1 00:37:44 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 01 Oct 2008 00:37:44 +0100 Subject: Phorms Ts and Cs In-Reply-To: References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> Message-ID: <48E2B848.8060601@zen.co.uk> Ian Batten wrote: > > On 30 Sep 08, at 1625, James Firth wrote: > >> Ian Batten wrote: >> >>> The changes BT are making to Total Broadband terms and conditions are >>> rather harder-line than we anticipated. (see below). >> >> You've missed out the change to clause 11, where they change "material >> disadvantage" to "significant disadvantage" when it comes to trying to >> end >> your contract early due to change in Ts & Cs: > > Except if you haven't accepted the new contract. Surely they can't > impose a contract which contains a new set of termination clauses, > without providing an opportunity to consider the new contract under the > old termination clauses. > > Anyway, for me, it doesn't matter: my 12 month contract expired in July, > and BT spent last week trying to convince me to re-sign on a new 12 > month contract. Not unsurprisingly, I declined their kind offer, so I'm > on minimum termination period. Hmmm, vote with your feet? A few of the free ISPs offer to do the work involved in a change of ISP for you. I don't know how this works in regard to contracts, but some very-non-geeks of my acquaintance have changed with little problem (except the c**p service from their new "free" ISP - they will do the work to get a new customer, but after that ..). However if the £15 ISPs (home ISPs seem to operate either "free", at about £15 pcm, or at about £25 pcm) were to offer this, on the basis that BT were screwing around ... -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Wed Oct 1 01:09:36 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 01 Oct 2008 01:09:36 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <48E2B605.4010809@zen.co.uk> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <48E2B605.4010809@zen.co.uk> Message-ID: <48E2BFC0.6080503@zen.co.uk> Peter Fairbrother wrote: > Ian Batten wrote: >> >> On 30 Sep 2008, at 18:07, Charles Lindsey wrote: > >>> I think it safe to assume that UK passports have omitted several >>> features which a competent cryptographer would have included as a >>> matter of course :-(. >> >> I don't. It'd be stunned if the design hadn't made a trip to the West >> Country. > > You expect CESG to do more than say product X complies with a standard? > I think you have an overly optimistic expectation of CESG's capabilities. > > The subversion of the entire UK passport system would be >> rather uncool. The passports have had the benefit of some of the best >> physical security people in the game in the design of the paper and >> the watermarks, so why wouldn't they be equally motivated to sort out >> the electronic properties? > > Motivation - do CESG have any such motivation? > > Then there is their lack of competence, or let's see, maybe - their lack > of competence? > > I don't know how competent GCHQ are, but CESG are only good for > certification to standards written by someone else, and not even that > really. They simply don't know how to do secure. > > And I don't think GCHQ is going to want to be involved in passport design. > > > > -- Peter Fairbrother > > Of course, the other thing about CESG is that nobody in Gubbmint seems to ask them anything, or to take any notice of what they say; so it wouldn't surprise me at all if it "hadn't made a trip to the West Country" -- or if it had, quite possibly no-one took any notice of what they said. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Wed Oct 1 06:34:37 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 01 Oct 2008 06:34:37 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <48E2BFC0.6080503@zen.co.uk> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <48E2B605.4010809@zen.co.uk> <48E2BFC0.6080503@zen.co.uk> Message-ID: <48E30BED.5030802@iosis.co.uk> Peter Fairbrother wrote: > Of course, the other thing about CESG is that nobody in Gubbmint seems > to ask them anything, or to take any notice of what they say; so it > wouldn't surprise me at all if it "hadn't made a trip to the West > Country" -- or if it had, quite possibly no-one took any notice of > what they said. From things heard, some of them ask but they don't have to take any notice of the answer, and indeed there have been a number of years when the money to take notice was not made available. We have not yet seen the sea change from the top that is necessary, and some of the best people have either faded away from being involved, or are still in there but keeping their heads down (and, sadly, RIP Phil Perry, who was trying to help the NHS). It is the ICO that is pushing infosec, but that doesn't lead to a systemic approach to it. Peter From ukcrypto at chiark.greenend.org.uk Wed Oct 1 10:40:03 2008 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Wed, 01 Oct 2008 10:40:03 +0100 Subject: sfs8 pt1 In-Reply-To: <48E28C22.6010005@gmx.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> Message-ID: On Tue, 30 Sep 2008 21:29:22 +0100, Dave Howe wrote: > first in the browser's list that the server supports, by the look of > things - I haven't done an exhaustive test of that. I have no idea how > to get IE (or firefox, for that matter) to reorder the list though. I would expect the order of the browser's list to be the order in which the items were loaded during configuration, or else the inverse thereof. Either way, if you remove all entries from the browser's list and then reload them in an order of your choosing, you should be able to achieve what you want. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Wed Oct 1 10:50:28 2008 From: ukcrypto at chiark.greenend.org.uk (Alexander Hanff) Date: Wed, 01 Oct 2008 10:50:28 +0100 Subject: International No Click day Message-ID: <48E347E4.8050503@googlemail.com> I am calling for an international No Click day in protest against Phorm and other behavioural advertising/tracking companies. See the following URL for initial details with more to come in the next 24 hours: https://nodpi.org/2008/10/01/boycott-tracking-and-behavioural-advertising-14th-october-2008/ There will be some images/banners created in the next 24 hours for people to place on their web sites and social networking profiles. If you need any more info please contact me directly by email. Obviously given the short time scale the more people spread the word the better. Regards Alexander Hanff From ukcrypto at chiark.greenend.org.uk Wed Oct 1 11:02:49 2008 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Wed, 01 Oct 2008 11:02:49 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> Message-ID: On Tue, 30 Sep 2008 19:21:34 +0100, Ian Batten wrote: > I wouldn't be at all surprised if it were possible to place onto a > passport a set of information signed with a self-signed cert. Indeed, > short of the passport itself embodying containing some root keys and the > hardware to test data against them --- which would require substantial > power, which isn't available --- it's hard to see how you would stop > this. It's some memory. I can load bits into it. Why wouldn't I be > able to? In a sensibly designed chip, there would be data that could be altered after manufacture and data that could not, with a fusible link to be destroyed after the unalterable data had been loaded. That data might also be unreadable externally, but available for the internal electronics of the chip to access as part of its verification procedures. If the Bad Guys want to clone chips by altering stuff in an already-existing passport, then they could not do it. With the hidden stuff not even readable, they might not be able to do it even if they could lay their hands on virgn chips. > > The question is if that data will be seen as valid by a reader at the > border of (a) the issuing country (b) a country on friendly terms with > the issuing country and (c) an arbitrary country, and what benefit it > gives me. > > In the case of (a) the answer is clearly `no', because the data isn't > read anyway: the passport's serial number is extracted and the > photograph is retrieved from the UKPA database. I would not necessarily expect such readers to be online to the UKPA database. They would verify the chip on the consistency of tha data contained within it, using their knowledge of the Public Key with which it should be secured. Just as current Chip'n'Pin cards are usually verified offline. The problem with the Dutch (?) readers is that they apparently do not have even the Dutch Public Key loaded into them. > In the case of (b) it depends on if the country has access to the UKPA > passport data. Not so (see above). It only needs to know the relevant UK Public Key (which, of course, it needs to have obtained by some reliable means). > If (c), the border won't have access to UKPA data and may not have > practical access to any signing technology. Sure, but if they do choose to invest in signing technology, then they are in the same position as country (b), at least to the extent that they trust whatever Public Key they have been able to obtain. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Wed Oct 1 12:11:31 2008 From: ukcrypto at chiark.greenend.org.uk (ukcrypto@chiark.greenend.org.uk) Date: Wed, 01 Oct 2008 12:11:31 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> Message-ID: <20081001121131.hydq59ec5s84ck40@webmail01.purplecloud.com> Quoting Ian Batten : [snip] > I don't. It'd be stunned if the design hadn't made a trip to the West > Country. The subversion of the entire UK passport system would be > rather uncool. The passports have had the benefit of some of the best > physical security people in the game in the design of the paper and the > watermarks, so why wouldn't they be equally motivated to sort out the > electronic properties? CESG were saying (at least, they said to me in 2003 / 2004) that there =20 were significant problems with biometrics for ID card use. Did they say that to anyone that matters? Did those people listen? I =20 don't know, and I won't find out, because CESG and GCHQ are secret. [snip] > I think it's significant that the passport electronic stuff is driven > by ICAO, not anyone serious. I think it's there so you can use a > passport as the identification at a self checkin machine, and so > airlines can extract pre-fly information more easily. End of. I don't > think it's a primary, or even a secondary, source of real ``can I cross > borders'' authentication. > > ian Advocates of national ID cards say that passports are not good enough =20 to identify a person as that person. That's a bit worrying, unless =20 it's a nonsense made up to push biometric ID cards on top of biometric =20 passports. Splitting passports from a national ID card seems to have been a big =20 mistake. Having to jump through hoops to get an ID card AND a =20 passport, and pay significant amounts for both, has annoyed many of =20 the people who were happy with the principal of an ID card. I wonder if the weird passport procedure will be dropped for people =20 who have a valid ID card? From ukcrypto at chiark.greenend.org.uk Wed Oct 1 13:01:48 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Wed, 1 Oct 2008 13:01:48 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20080930190936.GC5906@segfault.net> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> Message-ID: > >> would stop this. It's some memory. I can load bits into it. Why >> wouldn't I be able to? > > First of all the data should only be readable by people who are > authorized to read them. What's the definition of `authorized'? I would argue that anyone to whom I show my passport is authorized, because the data belongs to me and I can authorize whoever I like to read it. The ICAO scheme, as I understand it, is that the data on the RFID chip doesn't include the passport serial number, which is used as an encryption key. So the intent is that the contents of the chip are readable to anyone who can read the data page of an open passport (old blue British passports have the serial number on the front cover, but that's not at all common these days). Now there are some objections one might raise about the lack of entropy in passport serial numbers, but the intent --- that authorization remains with the holder of the passport --- is the right one. What did you have in mind as `authorized'? > > Not anyone with any kind of rfid reader > without any kind of authentication. I think it's perfectly right that I should be able to use an RFID reader to extract data from my passport, and my children's passports. If there were hidden data there which require magic keys not in possession of the holder I'm sure we'd be the first to complain about it. Passports should be transparent to the holder. ian From ukcrypto at chiark.greenend.org.uk Wed Oct 1 13:23:27 2008 From: ukcrypto at chiark.greenend.org.uk (steve) Date: Wed, 1 Oct 2008 12:23:27 +0000 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> Message-ID: <20081001122327.GB28090@segfault.net> Hi, On Wed, Oct 01, 2008 at 01:01:48PM +0100, Ian Batten wrote: > > > >>would stop this. It's some memory. I can load bits into it. Why > >>wouldn't I be able to? > > > >First of all the data should only be readable by people who are > >authorized to read them. > > > What's the definition of `authorized'? I would argue that anyone to > whom I show my passport is authorized, because the data belongs to me > and I can authorize whoever I like to read it. absolutely. That's how it should be. Unfortunatly it's possible to ready the data from your epassport by anyone from 3 meter distance. Without you authorizing it or knowing it. > > one. What did you have in mind as `authorized'? Same what you thought: It's my data. I should be able to deny or allow access to this data. > >Not anyone with any kind of rfid reader > >without any kind of authentication. > > I think it's perfectly right that I should be able to use an RFID > reader to extract data from my passport, and my children's passports. yepp. you should be allowed to read them. In the end you own them. They are your data. steve From ukcrypto at chiark.greenend.org.uk Wed Oct 1 13:31:48 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Wed, 1 Oct 2008 13:31:48 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> Message-ID: <767D01FA-7AE1-4DD1-A006-76ABA2C87754@batten.eu.org> On 01 Oct 08, at 1102, Charles Lindsey wrote: > > In a sensibly designed chip, there would be data that could be > altered after manufacture and data that could not, with a fusible > link to be destroyed after the unalterable data had been loaded. > That data might also be unreadable externally, but available for the > internal electronics of the chip to access as part of its > verification procedures. > > If the Bad Guys want to clone chips by altering stuff in an already- > existing passport, then they could not do it. With the hidden stuff > not even readable, they might not be able to do it even if they > could lay their hands on virgn chips. I suspect they'd be able to extract the `unreadable' data given enough money and expertise. For example, given the resources of a national laboratory (a reasonable threat model for the high-quality forging of passports) they would perhaps be able to extract the data either by re- making the fusible link or by suitably spooky analysis of the memory behind it. >> >> In the case of (a) the answer is clearly `no', because the data >> isn't read anyway: the passport's serial number is extracted and >> the photograph is retrieved from the UKPA database. > > I would not necessarily expect such readers to be online to the UKPA > database. They are. My passport is not an RFID one, and my photograph has been displayed on the screen of passport terminals as I've gone through LGW, LHR and LCY lately. And I _think_ BHX: can't remember. Either they're online, or they cache the data locally (hardly a huge amount of storage). > They would verify the chip on the consistency of tha data contained > within it, using their knowledge of the Public Key with which it > should be secured. Just as current Chip'n'Pin cards are usually > verified offline. > > The problem with the Dutch (?) readers is that they apparently do > not have even the Dutch Public Key loaded into them. I'm losing track of the claims here. Is someone claiming to have analysed a real, live, in use by Dutch border police, RFID reader, and confirmed that it will accept random biometrics over a self-signed certificate? What I've read are claims about `reference implementations', which aren't at all the same thing. ian From ukcrypto at chiark.greenend.org.uk Wed Oct 1 13:34:52 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Wed, 1 Oct 2008 13:34:52 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20081001122327.GB28090@segfault.net> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <20081001122327.GB28090@segfault.net> Message-ID: <1BC8B266-266B-4AAB-B69F-4FBD02D5E2AE@batten.eu.org> On 01 Oct 08, at 1323, steve wrote: > Hi, > > On Wed, Oct 01, 2008 at 01:01:48PM +0100, Ian Batten wrote: >>> >>>> would stop this. It's some memory. I can load bits into it. Why >>>> wouldn't I be able to? >>> >>> First of all the data should only be readable by people who are >>> authorized to read them. >> >> >> What's the definition of `authorized'? I would argue that anyone to >> whom I show my passport is authorized, because the data belongs to me >> and I can authorize whoever I like to read it. > > absolutely. That's how it should be. Unfortunatly it's possible to > ready > the data from your epassport by anyone from 3 meter distance. Without > you authorizing it or knowing it. Except it's encrypted over the passport serial number, yes? Anyway, it's hardly onerous to protect yourself against. http://www.smartcardfocus.com/shop/ilp/se ~59/p/ I keep all the Oystercards at home in those, and the passports now some of us have RFID ones likewise. Although they live when not in use in an effective Faraday cage (steel filing cabinet). > >> >> one. What did you have in mind as `authorized'? > > Same what you thought: It's my data. I should be able to deny or allow > access to this data. > >>> Not anyone with any kind of rfid reader >>> without any kind of authentication. >> >> I think it's perfectly right that I should be able to use an RFID >> reader to extract data from my passport, and my children's passports. > > yepp. you should be allowed to read them. In the end you own them. > They > are your data. Exactly. So, how do you protect it against being read by other people? ian From ukcrypto at chiark.greenend.org.uk Wed Oct 1 15:14:59 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 01 Oct 2008 15:14:59 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20081001122327.GB28090@segfault.net> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <20081001122327.GB28090@segfault.net> Message-ID: <48E385E3.6070307@iosis.co.uk> steve wrote: > absolutely. That's how it should be. Unfortunatly it's possible to ready > the data from your epassport by anyone from 3 meter distance. Without > you authorizing it or knowing it. Perhaps monitor from a distance the reading of a passport when it is presented to a dedicated reader, if the reader is not screened, I think. But then there are several levels of security in the panoply of passport specs, and one of the problems delaying the move to chip driving licences (whioch use basically the same spec) has been failure to agree across Europe on the level of security required. Peter From ukcrypto at chiark.greenend.org.uk Wed Oct 1 15:36:20 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Wed, 1 Oct 2008 15:36:20 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <48E385E3.6070307@iosis.co.uk> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <20081001122327.GB28090@segfault.net> <48E385E3.6070307@iosis.co.uk> Message-ID: On 01 Oct 08, at 1514, Peter Tomlinson wrote: > steve wrote: >> absolutely. That's how it should be. Unfortunatly it's possible to >> ready >> the data from your epassport by anyone from 3 meter distance. Without >> you authorizing it or knowing it. > Perhaps monitor from a distance the reading of a passport when it is > presented to a dedicated reader, if the reader is not screened, I > think. OK, that's a risk I'd not thought of. So you could probably monitor some passports while you progress through the queue at immigration between when you get within range of the readers and when you're passed through and leave the area. That would give you access to the encrypted form of known-good passports (because you can observe the hold being passed through). But if the passport data is encrypted under a key derived from the serial number of the passport, it's not clear how serious the attack is. A brute-force search (or something better than that) will yield name, passport number and a few other odds and ends, which are of value. How much value, I don't know, I suspect not a great deal beyond a small amount of ID theft. Launching a passive RF attack in a monitored, secured, CCTV'd area to obtain a small amount of ID-theft material doesn't strike me as a well-targeted use of baddies' resources. And quite what you can achieve with a passport number but without the passport, I don't know. ian From ukcrypto at chiark.greenend.org.uk Wed Oct 1 15:52:09 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 01 Oct 2008 15:52:09 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <20081001122327.GB28090@segfault.net> <48E385E3.6070307@iosis.co.uk> Message-ID: <48E38E99.30905@iosis.co.uk> Ian Batten wrote: > On 01 Oct 08, at 1514, Peter Tomlinson wrote: >> steve wrote: >>> absolutely. That's how it should be. Unfortunatly it's possible to >>> ready >>> the data from your epassport by anyone from 3 meter distance. Without >>> you authorizing it or knowing it. >> Perhaps monitor from a distance the reading of a passport when it is >> presented to a dedicated reader, if the reader is not screened, I think. > OK, that's a risk I'd not thought of. So you could probably monitor > some passports while you progress through the queue at immigration > between when you get within range of the readers and when you're > passed through and leave the area. That would give you access to the > encrypted form of known-good passports (because you can observe the > hold being passed through). > > But if the passport data is encrypted under a key derived from the > serial number of the passport, it's not clear how serious the attack > is. A brute-force search (or something better than that) will yield > name, passport number and a few other odds and ends, which are of > value. How much value, I don't know, I suspect not a great deal beyond > a small amount of ID theft. Launching a passive RF attack in a > monitored, secured, CCTV'd area to obtain a small amount of ID-theft > material doesn't strike me as a well-targeted use of baddies' > resources. And quite what you can achieve with a passport number but > without the passport, I don't know. But we heard recently from HO that passports will double as ID cards, which suggests that the technology has converged (at least in the mind of one lady). It was also said some while ago that there would be 10,000 ID card 'readers' to be deployed. Sadly for those who want to snoop on passports in an insecure area, that is unlikely to be enough of the readers for it to be possible to have one on the counter of every bank branch or even in the interview cubicles. However, this is entering a fantasy realm, because if we have ID cards we really want eID cards that we can use via a PC, and that needs a rather better security model. Peter From ukcrypto at chiark.greenend.org.uk Wed Oct 1 16:20:28 2008 From: ukcrypto at chiark.greenend.org.uk (John Brazier) Date: Wed, 1 Oct 2008 16:20:28 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20081001122327.GB28090@segfault.net> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <20081001122327.GB28090@segfault.net> Message-ID: <017c01c923d9$3cb74950$b625dbf0$@co.uk> Ian Batten/Steve wrote: >> What's the definition of `authorized'? I would argue that anyone to >> whom I show my passport is authorized, because the data belongs to me >> and I can authorize whoever I like to read it. >> I think it's perfectly right that I should be able to use an RFID >> reader to extract data from my passport, and my children's passports. > yepp. you should be allowed to read them. In the end you own them. They > are your data. Well, the data may be about you, but you don't own the passport (See page 2 Note 6). I also suspect that HMG believe that the data belongs to them ... J From ukcrypto at chiark.greenend.org.uk Wed Oct 1 17:30:39 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 01 Oct 2008 17:30:39 +0100 Subject: Phorms Ts and Cs In-Reply-To: <4fe75880d7ukcrypto@vigay.com> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> Message-ID: <48E3A5AF.1090709@zen.co.uk> Paul Vigay wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In a dim and distant universe <48E2B848.8060601@zen.co.uk>, > Peter Fairbrother enlightened us thusly: > >> However if the £15 ISPs (home ISPs seem to operate either "free", at >> about £15 pcm, or at about £25 pcm) were to offer this, on the basis >> that BT were screwing around ... > > > Far be it for me to advertise the ISP I work for, but I can certainly > recommend Orpheus Internet. We're in the £25.00 a month bracket (although > we do have a £19.95 a month tariff for low users, ie. <=2GB a month). > > We're also pleased to be listed at http://www.antiphormleague.com/isp.php > > Our website is at www.orpheusinternet.co.uk > > Just get a MAC number from BT and we'll do the rest. :-) > Now if you were to offer to get the MAC number, rather than requiring the luser to get it - some of the free ones do it, I don't know how that works though. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Wed Oct 1 21:19:28 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 01 Oct 2008 21:19:28 +0100 Subject: Phorms Ts and Cs In-Reply-To: <4fe793a368ukcrypto@vigay.com> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> <48E3A5AF.1090709@zen.co.uk> <4fe793a368ukcrypto@vigay.com> Message-ID: <48E3DB50.1040808@zen.co.uk> Paul Vigay wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In a dim and distant universe <48E3A5AF.1090709@zen.co.uk>, > Peter Fairbrother enlightened us thusly: > >> Now if you were to offer to get the MAC number, rather than requiring >> the luser to get it - some of the free ones do it, I don't know how that >> works though. > > That's interesting. I wonder how they obtain that, as it normally has to be > generated by the losing ISP. Speculating, with a bit of vague memory added in, I think the new ISP gets the MAC from the old ISP directly, rather than getting the customer to do it. This may only be possible for the "free" ISPs, as they take over the telephone line as well as the ADSL. But as I said, I don't know for sure. However I'm pretty sure that in a couple of cases existing contracts were terminated without penalty - and if you could offer that, maybe based on BT's illegal actions, or breach of contract, plus hassle-free transfers ... One other point, when BT ask if you want to "opt-in" tp Phorming, is that an marketing message covered by the Privacy and Electronic Communications Regulations? If so, BT can send such messages as long as the user didn't opt-out when they obtained the address (presumably when the user signed up), but under the regulations the marketing message must also include an effective opt-out, so the user doesn't get any more messages. I don't think offering the option to store a long-term cookie counts - people may either delete all cookies regularly, as I do and recommend, or they may connect a new computer to the same ADSL connection. I also wonder what technology they use to make the user's computer display the message - anyone know? I can't think of a way to do that without committing a crime or two, but maybe they are cleverer than me. Or maybe they are just committing even more crimes. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Wed Oct 1 21:37:50 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Wed, 01 Oct 2008 21:37:50 +0100 Subject: Phorms Ts and Cs In-Reply-To: <4fe75880d7ukcrypto@vigay.com> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> Message-ID: <48E3DF9E.8070009@zen.co.uk> Paul Vigay wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In a dim and distant universe <48E2B848.8060601@zen.co.uk>, > Peter Fairbrother enlightened us thusly: > >> However if the £15 ISPs (home ISPs seem to operate either "free", at >> about £15 pcm, or at about £25 pcm) were to offer this, on the basis >> that BT were screwing around ... > > > Far be it for me to advertise the ISP I work for, but I can certainly > recommend Orpheus Internet. We're in the £25.00 a month bracket As you can see from my email address, I'm with Zen who are also in the £25 pcm range. What I'd like is for Zen, and all ISPs, to offer a transferable email address. Zen only have one-month contract periods, and I've been with them for I think 8 years - because their service is good. I do have other email addresses, based on domains I own, with the domain provider providing an email service for £10 per year or so - why can't the ISPs do that? At £25 per month it should be included as standard. It's not as if it will involve any more traffic. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Thu Oct 2 00:34:25 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Thu, 02 Oct 2008 00:34:25 +0100 Subject: Phorms Ts and Cs In-Reply-To: <4fe7a646a7ukcrypto@vigay.com> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> <48E3A5AF.1090709@zen.co.uk> <4fe793a368ukcrypto@vigay.com> <48E3DB50.1040808@zen.co.uk> <4fe7a646a7ukcrypto@vigay.com> Message-ID: <48E40901.40505@zen.co.uk> Paul Vigay wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In a dim and distant universe <48E3DB50.1040808@zen.co.uk>, > Peter Fairbrother enlightened us thusly: > >> Speculating, with a bit of vague memory added in, I think the new ISP >> gets the MAC from the old ISP directly, rather than getting the customer >> to do it. > > Yes, that was how I was imagining they'd probably do it - although in my > experience, if you try speaking to BT on "behalf of a customer" they > invariably refuse to talk to you unless you can prove you're the account > holder. Maybe that's why, in my limited experience, only "free" customers have done it that way - they will be transferring their 'phone lines from BT too. But afaik none of then had to contact BT at all, even for the telephone line transfer. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Thu Oct 2 08:19:18 2008 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Thu, 02 Oct 2008 08:19:18 +0100 Subject: sfs8 pt1 In-Reply-To: References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> Message-ID: <48E475F6.3050206@gmx.co.uk> Charles Lindsey wrote: > On Tue, 30 Sep 2008 21:29:22 +0100, Dave Howe wrote: > >> first in the browser's list that the server supports, by the look of >> things - I haven't done an exhaustive test of that. I have no idea how >> to get IE (or firefox, for that matter) to reorder the list though. > > I would expect the order of the browser's list to be the order in which > the items were loaded during configuration, or else the inverse thereof. > > Either way, if you remove all entries from the browser's list and then > reload them in an order of your choosing, you should be able to achieve > what you want. Fair advice - now, how do I do that in Internet Exploiter? From ukcrypto at chiark.greenend.org.uk Thu Oct 2 10:34:13 2008 From: ukcrypto at chiark.greenend.org.uk (Nicholas Bohm) Date: Thu, 02 Oct 2008 10:34:13 +0100 Subject: Phorms Ts and Cs In-Reply-To: <48E3DB50.1040808@zen.co.uk> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> <48E3A5AF.1090709@zen.co.uk> <4fe793a368ukcrypto@vigay.com> <48E3DB50.1040808@zen.co.uk> Message-ID: <48E49595.4030209@ernest.net> Peter Fairbrother wrote: > Paul Vigay wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> In a dim and distant universe <48E3A5AF.1090709@zen.co.uk>, >> Peter Fairbrother enlightened us thusly: >> >>> Now if you were to offer to get the MAC number, rather than requiring >>> the luser to get it - some of the free ones do it, I don't know how that >>> works though. >> >> That's interesting. I wonder how they obtain that, as it normally has >> to be >> generated by the losing ISP. > > Speculating, with a bit of vague memory added in, I think the new ISP > gets the MAC from the old ISP directly, rather than getting the customer > to do it. > > This may only be possible for the "free" ISPs, as they take over the > telephone line as well as the ADSL. But as I said, I don't know for sure. > > However I'm pretty sure that in a couple of cases existing contracts > were terminated without penalty - and if you could offer that, maybe > based on BT's illegal actions, or breach of contract, plus hassle-free > transfers ... > > > > One other point, when BT ask if you want to "opt-in" tp Phorming, is > that an marketing message covered by the Privacy and Electronic > Communications Regulations? Not unless it's sent by electronic mail, namely "any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient and includes messages sent using a short message service" > If so, BT can send such messages as long as the user didn't opt-out when > they obtained the address (presumably when the user signed up), but > under the regulations the marketing message must also include an > effective opt-out, so the user doesn't get any more messages. > > I don't think offering the option to store a long-term cookie counts - > people may either delete all cookies regularly, as I do and recommend, > or they may connect a new computer to the same ADSL connection. > > I also wonder what technology they use to make the user's computer > display the message - anyone know? I can't think of a way to do that > without committing a crime or two, but maybe they are cleverer than me. > > Or maybe they are just committing even more crimes. Nick -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ukcrypto at chiark.greenend.org.uk Thu Oct 2 11:28:44 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Thu, 02 Oct 2008 11:28:44 +0100 Subject: Phorms Ts and Cs In-Reply-To: <48E49595.4030209@ernest.net> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> <48E3A5AF.1090709@zen.co.uk> <4fe793a368ukcrypto@vigay.com> <48E3DB50.1040808@zen.co.uk> <48E49595.4030209@ernest.net> Message-ID: <48E4A25C.1010206@iosis.co.uk> Nicholas Bohm wrote: > Peter Fairbrother wrote: > >> Paul Vigay wrote: >> >> One other point, when BT ask if you want to "opt-in" tp Phorming, is >> that an marketing message covered by the Privacy and Electronic >> Communications Regulations? >> > Not unless it's sent by electronic mail, namely "any text, voice, sound > or image message sent over a public electronic communications network > which can be stored in the network or in the recipient's terminal > equipment until it is collected by the recipient and includes messages > sent using a short message service" But, if you are already an internet service customer, is it not the case that they can legally send you, electronically, as much bumph as they like as long as it is directly related to the service? Peter From ukcrypto at chiark.greenend.org.uk Thu Oct 2 11:59:59 2008 From: ukcrypto at chiark.greenend.org.uk (Nicholas Bohm) Date: Thu, 02 Oct 2008 11:59:59 +0100 Subject: Phorms Ts and Cs In-Reply-To: <48E4A25C.1010206@iosis.co.uk> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> <48E3A5AF.1090709@zen.co.uk> <4fe793a368ukcrypto@vigay.com> <48E3DB50.1040808@zen.co.uk> <48E49595.4030209@ernest.net> <48E4A25C.1010206@iosis.co.uk> Message-ID: <48E4A9AF.3080202@ernest.net> Peter Tomlinson wrote: > Nicholas Bohm wrote: >> Peter Fairbrother wrote: >> >>> Paul Vigay wrote: >>> >>> One other point, when BT ask if you want to "opt-in" tp Phorming, is >>> that an marketing message covered by the Privacy and Electronic >>> Communications Regulations? >>> >> Not unless it's sent by electronic mail, namely "any text, voice, sound >> or image message sent over a public electronic communications network >> which can be stored in the network or in the recipient's terminal >> equipment until it is collected by the recipient and includes messages >> sent using a short message service" > But, if you are already an internet service customer, is it not the case > that they can legally send you, electronically, as much bumph as they > like as long as it is directly related to the service? DPA 11(3): “direct marketing†means the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals. The invitation to be phormed is probably about a new service rather than the existing service, so Peter F's corollaries would apply (i.e. you have to be able to opt out of further communications about the new service once and for all - see Privacy regs 22), if the BT page counts as electronic mail as defined. That seems at first sight more difficult. Nick -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF From ukcrypto at chiark.greenend.org.uk Thu Oct 2 12:26:57 2008 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Thu, 02 Oct 2008 12:26:57 +0100 Subject: sfs8 pt1 In-Reply-To: <48E475F6.3050206@gmx.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> Message-ID: On Thu, 02 Oct 2008 08:19:18 +0100, Dave Howe wrote: >> Either way, if you remove all entries from the browser's list and then >> reload them in an order of your choosing, you should be able to achieve >> what you want. > > Fair advice - now, how do I do that in Internet Exploiter? Use Firefox :-) -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Thu Oct 2 19:17:46 2008 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Thu, 02 Oct 2008 19:17:46 +0100 Subject: sfs8 pt1 In-Reply-To: References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> Message-ID: <48E5104A.5080101@gmx.co.uk> Charles Lindsey wrote: > On Thu, 02 Oct 2008 08:19:18 +0100, Dave Howe wrote: > >>> Either way, if you remove all entries from the browser's list and then >>> reload them in an order of your choosing, you should be able to achieve >>> what you want. >> >> Fair advice - now, how do I do that in Internet Exploiter? > > Use Firefox :-) Firefox doesn't have this problem - just IE. From ukcrypto at chiark.greenend.org.uk Thu Oct 2 20:59:21 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 2 Oct 2008 20:59:21 +0100 Subject: Phorms Ts and Cs In-Reply-To: <48E4A25C.1010206@iosis.co.uk> References: <9C9DE1EC-5CD6-48D4-9177-B1F3E5EC6BE7@batten.eu.org> <48E2B848.8060601@zen.co.uk> <4fe75880d7ukcrypto@vigay.com> <48E3A5AF.1090709@zen.co.uk> <4fe793a368ukcrypto@vigay.com> <48E3DB50.1040808@zen.co.uk> <48E49595.4030209@ernest.net> <48E4A25C.1010206@iosis.co.uk> Message-ID: <6P9PGMyZgS5IFAE+@perry.co.uk> In article <48E4A25C.1010206@iosis.co.uk>, Peter Tomlinson writes >But, if you are already an internet service customer, is it not the >case that they can legally send you, electronically, Not sure if you are limiting this to emails, SMS etc (I am). >as much bumph as they like Only if each time it happens, they tell you how you can ask them to stop. >as long as it is directly related to the service? I don't think it matters what the email is about (they will all be "marketing" of one sort or other). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Oct 2 21:48:17 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 2 Oct 2008 21:48:17 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> Message-ID: In article , Ian Batten writes >The ICAO scheme, as I understand it, is that the data on the RFID chip >doesn't include the passport serial number, which is used as an >encryption key. So the intent is that the contents of the chip are >readable to anyone who can read the data page of an open passport (old >blue British passports have the serial number on the front cover, but >that's not at all common these days). > >Now there are some objections one might raise about the lack of entropy >in passport serial numbers Lots of people know my passport number. It's a standard item requested by airlines when booking, conferences [1] when registering, hotels when checking in. [1] The ones I go to anyway. Nothing very secret, but organised by intergovernmental agencies and the like, and often needing to issue an "invitation letter" to obtain a visa, and that letter typically uses the passport number to match the invitation to the applicant. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Oct 2 21:51:43 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 2 Oct 2008 21:51:43 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20081001121131.hydq59ec5s84ck40@webmail01.purplecloud.com> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20081001121131.hydq59ec5s84ck40@webmail01.purplecloud.com> Message-ID: In article <20081001121131.hydq59ec5s84ck40@webmail01.purplecloud.com>, signup@bealoid.co.uk writes >I wonder if the weird passport procedure will be dropped for people who >have a valid ID card? That's my question about using a UK-issued ID card for travel inside the EU, dressed up differently. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Oct 2 22:07:37 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Thu, 2 Oct 2008 22:07:37 +0100 Subject: ID card rollout begins In-Reply-To: References: <48E0B574.9010709@bbk.ac.uk> <3FFF733A-F4EA-46E1-80B1-B9038D6176AD@batten.eu.org> <48E122E8.9060209@bbk.ac.uk> Message-ID: In article , Charles Lindsey writes >Does a UK passport include the carrier's place of birth (or former >nationality, if naturalized)? It gives place of birth. Which is enough to start jumping to conclusions. [But not former citizenship as far as I can see]. An American passport does the same (as a UK one), so perhaps it's some sort of standard. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Thu Oct 2 22:13:14 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Thu, 2 Oct 2008 22:13:14 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> Message-ID: <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> > > Lots of people know my passport number. It's a standard item > requested by airlines when booking, conferences [1] when > registering, hotels when checking in. But we run around in circles. If someone knows your passport number, what additional information of value could they extract from your passport? If I want a photograph of you I need to disambiguate you from an Australian SF author, but http://www.ripe.net/info/ncc/staff/pics/roland_perry.jpg is passport-alike enough. What else is there on a passport that's worth an RF attack? I can't believe your date of birth would be that hard to obtain by easier means. ian From ukcrypto at chiark.greenend.org.uk Fri Oct 3 10:23:08 2008 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Fri, 03 Oct 2008 10:23:08 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> Message-ID: On Thu, 02 Oct 2008 22:13:14 +0100, Ian Batten wrote: >> >> Lots of people know my passport number. It's a standard item requested >> by airlines when booking, conferences [1] when registering, hotels when >> checking in. > > But we run around in circles. If someone knows your passport number, > what additional information of value could they extract from your > passport? ... It enables that someone to decode all the stuff on the chip, if he manages to catch you within 2m (thereabouts) of himself. Maybe that is no big deal, but people are jumping up and down at the thought it might be possible, so what are they worrying about? Is it just the start of the slippery slope that starts with "if you have nothing to hide, why should you worry ...?". -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Fri Oct 3 10:29:46 2008 From: ukcrypto at chiark.greenend.org.uk (Charles Lindsey) Date: Fri, 03 Oct 2008 10:29:46 +0100 Subject: sfs8 pt1 In-Reply-To: <48E5104A.5080101@gmx.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> <48E5104A.5080101@gmx.co.uk> Message-ID: On Thu, 02 Oct 2008 19:17:46 +0100, Dave Howe wrote: > Charles Lindsey wrote: >> On Thu, 02 Oct 2008 08:19:18 +0100, Dave Howe >> wrote: >> >>>> Either way, if you remove all entries from the browser's list and then >>>> reload them in an order of your choosing, you should be able to >>>> achieve >>>> what you want. >>> >>> Fair advice - now, how do I do that in Internet Exploiter? >> >> Use Firefox :-) > > Firefox doesn't have this problem - just IE. Ah! I was misled because your original example related to Firefox, which seems to be fixable. But at least the situation CAN be controlled from the browser end, since nobody is _forced_ to use IE. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ukcrypto at chiark.greenend.org.uk Fri Oct 3 11:13:23 2008 From: ukcrypto at chiark.greenend.org.uk (Wendy M. Grossman) Date: Fri, 03 Oct 2008 11:13:23 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> Message-ID: <48E5F043.4060500@pelicancrossing.net> Charles Lindsey wrote: > On Thu, 02 Oct 2008 22:13:14 +0100, Ian Batten wrote: > >>> >>> Lots of people know my passport number. It's a standard item >>> requested by airlines when booking, conferences [1] when registering, >>> hotels when checking in. >> >> But we run around in circles. If someone knows your passport number, >> what additional information of value could they extract from your >> passport? ... > > It enables that someone to decode all the stuff on the chip, if he > manages to catch you within 2m (thereabouts) of himself. > > Maybe that is no big deal, but people are jumping up and down at the > thought it might be possible, so what are they worrying about? Is it > just the start of the slippery slope that starts with "if you have > nothing to hide, why should you worry ...?". > It seems to me there are two concerns: 1) that over time more information will be added to the chip that can also be captured by a third party 2) that given a set of valid data (full name, city of birth, dob, date of expiry, passport number) it becomes possible to clone a passport without having access to it. My birth city and dob are in Wikipedia; my middle name is known to some friends and a few banks and governments; one of my passport numbers is known to the issuing countries, presumably my airlines (who swipe it when I fly), and maybe one or two hotels (I rarely stay in hotels, and even more rarely the kind that want passport numbers); my other passport number is much less widely known. I don't think it makes sense to argue whether it's easier for someone to compile this information from other sources than to swipe it via RFID leakage. I think the point is that the more open routes there are to the data the less you can trust the document as a secure means of identification. I live on the first floor and keep my door locked. It would be much harder for a would-be burglar to climb up a ladder and through a window. Still lock the windows, though. Mostly. wg From ukcrypto at chiark.greenend.org.uk Fri Oct 3 11:14:33 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Fri, 3 Oct 2008 11:14:33 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> Message-ID: <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> On 03 Oct 08, at 1023, Charles Lindsey wrote: > On Thu, 02 Oct 2008 22:13:14 +0100, Ian Batten > wrote: > >>> >>> Lots of people know my passport number. It's a standard item >>> requested by airlines when booking, conferences [1] when >>> registering, hotels when checking in. >> >> But we run around in circles. If someone knows your passport >> number, what additional information of value could they extract >> from your passport? ... > > It enables that someone to decode all the stuff on the chip, if he > manages to catch you within 2m (thereabouts) of himself. > > Maybe that is no big deal, but people are jumping up and down at the > thought it might be possible, so what are they worrying about? Is it > just the start of the slippery slope that starts with "if you have > nothing to hide, why should you worry ...?". If I could trivially extract all the data from my passport and decode it, that would increase faith in the transparency of the documents. It wouldn't be ``those with nothing to hide'', it would be ``this is nothing to hide''. Using magic numbers like passport number, SSN, NHS number as ``only you can know this'' identifiers clearly doesn't work: no-one seriously suggests that the they are, or indeed can be, simultaneously kept confidential and used as general purpose identifiers. If the data on the passport were all public, and the security of the device rested in its physical and cryptographic resistance to forgery and alteration, what would the problem be with it being globally readable? The question isn't rhetorical: I may be missing a problem. ian From ukcrypto at chiark.greenend.org.uk Fri Oct 3 11:54:48 2008 From: ukcrypto at chiark.greenend.org.uk (Igor Mozolevsky) Date: Fri, 3 Oct 2008 11:54:48 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> Message-ID: 2008/10/3 Ian Batten: > If I could trivially extract all the data from my passport and decode it, > that would increase faith in the transparency of the documents. It wouldn't > be ``those with nothing to hide'', it would be ``this is nothing to hide''. I think the more worrying aspect would be the ability to read and clone/alter the data especially if you have a single document that is the holy grail of your "identity" (as the gov't sees it). I assume a simple replay attack doesn't work on those chips, right? -- Igor From ukcrypto at chiark.greenend.org.uk Fri Oct 3 14:45:51 2008 From: ukcrypto at chiark.greenend.org.uk (David Biggins) Date: Fri, 3 Oct 2008 14:45:51 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> Message-ID: > -----Original Message----- > From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto- > admin@chiark.greenend.org.uk] On Behalf Of Ian Batten > Sent: 03 October 2008 11:15 > To: ukcrypto@chiark.greenend.org.uk > Subject: Re: Tool to backup, modify and clone ePassport released > =20 > If the data on the passport were all public, and the security of the > device rested in its physical and cryptographic resistance to forgery > and alteration, what would the problem be with it being globally > readable? >=20 > The question isn't rhetorical: I may be missing a problem. Twofold - one is that the passport is used for ID in several situations where a cryptographic solution is not available. Making it easy to replicate the "visually verifiable" aspects of a passport without the holder knowing, by allowing silent access to the electronic copy, is therefore a problem. The other is that dependence on - and assumptions of infallibility of - the crypto becomes absolute - which given the all-too-demonstrable weaknesses of human institutions, creates entire classes of vulnerability all their own. Dave. From ukcrypto at chiark.greenend.org.uk Fri Oct 3 23:26:25 2008 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Fri, 03 Oct 2008 23:26:25 +0100 Subject: sfs8 pt1 In-Reply-To: References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> <48E5104A.5080101@gmx.co.uk> Message-ID: <48E69C11.6030600@gmx.co.uk> Charles Lindsey wrote: > But at least the situation CAN be controlled from the browser end, since > nobody is _forced_ to use IE. Sadly, that isn't true - I know of quite a few places where the Official Mandated Web Browser is IE and no other web browser is permitted on a Corporate PC. And even if it was, it would be irrelevant - last I looked, IE still has a massive market share (better than 80% of the "hits" to most websites, as I understand it) so IE is the defacto standard browser, warts and all. From ukcrypto at chiark.greenend.org.uk Sat Oct 4 00:19:10 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Sat, 04 Oct 2008 00:19:10 +0100 Subject: sfs8 pt1 In-Reply-To: <48E5104A.5080101@gmx.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> <48E5104A.5080101@gmx.co.uk> Message-ID: <48E6A86E.40609@zen.co.uk> Dave Howe wrote: > Charles Lindsey wrote: >> On Thu, 02 Oct 2008 08:19:18 +0100, Dave Howe wrote: >> >>>> Either way, if you remove all entries from the browser's list and then >>>> reload them in an order of your choosing, you should be able to achieve >>>> what you want. >>> Fair advice - now, how do I do that in Internet Exploiter? >> Use Firefox :-) > > Firefox doesn't have this problem - just IE. Eh? Seems to me Firefox offers non-DHE options. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Sat Oct 4 01:39:02 2008 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Sat, 04 Oct 2008 01:39:02 +0100 Subject: sfs8 pt1 In-Reply-To: <48E6A86E.40609@zen.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> <48E5104A.5080101@gmx.co.uk> <48E6A86E.40609@zen.co.uk> Message-ID: <48E6BB26.3070802@gmx.co.uk> Peter Fairbrother wrote: > Dave Howe wrote: >> Charles Lindsey wrote: >>> On Thu, 02 Oct 2008 08:19:18 +0100, Dave Howe >>> wrote: >>> >>>>> Either way, if you remove all entries from the browser's list >>>>> and then reload them in an order of your choosing, you should >>>>> be able to achieve what you want. >>>> Fair advice - now, how do I do that in Internet Exploiter? >>> Use Firefox :-) >> >> Firefox doesn't have this problem - just IE. > > Eh? > > Seems to me Firefox offers non-DHE options. yes, it does - but the list that came from Firefox had the DHE options listed first, so apache chose the first of those it could support. This was not true of IE, so it got the non-DHE flavour of SSL, which is recoverable in wireshark. From ukcrypto at chiark.greenend.org.uk Sat Oct 4 08:15:03 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sat, 4 Oct 2008 08:15:03 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> Message-ID: In article <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org>, Ian Batten writes >> Lots of people know my passport number. It's a standard item >>requested by airlines when booking, conferences [1] when registering, >>hotels when checking in. > >But we run around in circles. If someone knows your passport number, >what additional information of value could they extract from your >passport? If I want a photograph of you I need to disambiguate you >from an Australian SF author, http://en.wikipedia.org/wiki/Roland_Perry used to have a quite useful disambiguation paragraph [see wiki-history of 26th March 2006], but it's been deleted. I don't think it's regarded as etiquette for me to reinstate it. >but http://www.ripe.net/info/ncc/staff/pics/roland_perry.jpg is >passport-alike enough. > >What else is there on a passport that's worth an RF attack? I don't know. I was just responding to the suggestion that an attack would be facilitated by knowing the passport number. Maybe it's just some kind of academic exercise? >I can't believe your date of birth would be that hard to obtain by >easier means. I can't find it, which surprises me. (It's not a secret, so feel free). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sat Oct 4 08:45:52 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sat, 4 Oct 2008 08:45:52 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org> Message-ID: In article <82C58533-7DCB-4F47-8EA4-5700159FE03F@batten.eu.org>, Ian Batten writes >Using magic numbers like passport number, SSN, NHS number as ``only you >can know this'' identifiers clearly doesn't work: no-one seriously >suggests that the they are, or indeed can be, simultaneously kept >confidential and used as general purpose identifiers. Although there is a widespread belief that you *can* do this with SSNs, amongst the public and many bureaucrats/administrators in the USA. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sat Oct 4 08:56:58 2008 From: ukcrypto at chiark.greenend.org.uk (steve) Date: Sat, 4 Oct 2008 07:56:58 +0000 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> References: <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> Message-ID: <20081004075658.GF10287@segfault.net> Hi, Ian, your are argueing about 'the secrecy of your data' but the real problem is somewhere else. It is your choice how public you want to make your data or not. Other folks might not want to be as 'open' as you are. This is your choice and it's your responsibility. The problem with rfid and epassport is that it is no longer your choice. It's the choice of the attacker as you are forced to use the epassport and can not prevent others from reading your data. If you are not worried about someone stealing your data because your data is public already (other people might have a different opinion on this) then consider that somebody can track you: Anyone can read the epassport info without any authentication required. This means someone can tell when you enter which building or what shop or who you meet or sit at the same table with. And let's not forget with all the other issues with the epassport, including people using your credentials to authenticate themself (forging of epassports), ... The real question is: Do ePassport make us more safe (as we are told and what the justification for the 50GBP is) or do they make use less safe? Does it make sense to roll out ePassports in the way they want to roll it out or should other security features be added? steve On Thu, Oct 02, 2008 at 10:13:14PM +0100, Ian Batten wrote: > > > >Lots of people know my passport number. It's a standard item > >requested by airlines when booking, conferences [1] when > >registering, hotels when checking in. > > But we run around in circles. If someone knows your passport number, > what additional information of value could they extract from your > passport? If I want a photograph of you I need to disambiguate you > from an Australian SF author, but > http://www.ripe.net/info/ncc/staff/pics/roland_perry.jpg is passport-alike > enough. > > What else is there on a passport that's worth an RF attack? I can't > believe your date of birth would be that hard to obtain by easier means. > > ian > From ukcrypto at chiark.greenend.org.uk Sat Oct 4 11:24:39 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sat, 04 Oct 2008 11:24:39 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20080929115203.GD25263@segfault.net> <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> Message-ID: <48E74467.7070203@iosis.co.uk> Roland Perry wrote: > In article <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org>, Ian > Batten writes >> I can't believe your date of birth would be that hard to obtain by >> easier means. > I can't find it, which surprises me. (It's not a secret, so feel free). Just like I'm surprised that the email address that I give when posting comments on various blogs cannot now be found by Google - it used to be visible, and its in a spammer list that I know gets around, because it gets spammed. Peter From ukcrypto at chiark.greenend.org.uk Sat Oct 4 11:40:16 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sat, 04 Oct 2008 11:40:16 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20081004075658.GF10287@segfault.net> References: <20080929194703.GA5906@segfault.net> <93E26F4E-7E7B-494E-BE31-D29D95B8D4D7@batten.eu.org> <20080930190936.GC5906@segfault.net> <484A75B4-ED68-4C15-9B73-BACC299168F6@batten.eu.org> <20081004075658.GF10287@segfault.net> Message-ID: <48E74810.8060702@iosis.co.uk> steve wrote: > Hi, > > Ian, your are argueing about 'the secrecy of your data' but the real > problem is somewhere else. It is your choice how public you want to make > your data or not. Other folks might not want to be as 'open' as you are. > > This is your choice and it's your responsibility. > > The problem with rfid and epassport is that it is no longer your choice. > It's the choice of the attacker as you are forced to use the epassport > and can not prevent others from reading your data. > > If you are not worried about someone stealing your data because your > data is public already (other people might have a different opinion on > this) then consider that somebody can track you: Anyone > can read the epassport info without any authentication required. This > means someone can tell when you enter which building or what shop or > who you meet or sit at the same table with. > > And let's not forget with all the other issues with the epassport, > including people using your credentials to authenticate themself > (forging of epassports), ... > > The real question is: I'm deviating from Steve's real question in order to point you to Dan Solove http://docs.law.gwu.edu/facweb/dsolove/ and in particular his article ""I've Got Nothing to Hide" and Other Misunderstandings of Privacy" which is downloadable free if you register. He argues that we need privacy, whether or not we have anything to hide: "In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings." Peter From ukcrypto at chiark.greenend.org.uk Sat Oct 4 11:57:15 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sat, 4 Oct 2008 11:57:15 +0100 Subject: ID card rollout begins In-Reply-To: References: <48DB53DF.4000209@iosis.co.uk> <454B3CFF-7CCD-4D05-8FC9-BC70B82164F7@batten.eu.org> <2A0243BD-D759-4420-9510-D0FD753E13C7@batten.eu.org> <48DC7702.7070603@iosis.co.uk> <492CC2D6-7DD0-4AE3-BB1A-35EC475E19D6@batten.eu.org> <20080927142628.GA28580@annexia.org> <20080927192140.GA10399@annexia.org> <9DE8A857-5558-4F9B-8334-7A95DEB9A18C@batten.eu.org> Message-ID: <8AZ+FVXLw05IFAlL@perry.co.uk> In article , Ian Batten writes >>why wouldn't a pass that's "good enough for GCHQ" also be "good >>enough for the airside shops at Luton airport". > >Would a pass that's ``good enough for GCHQ'' also be ``good enough for >working with children?'' or ``good enough for working for FSA- >regulated companies?'' They're on the face of it orthogonal requirements. Some vetting processes will automatically mop up others. eg Higher levels of security clearance will include terrorist and child protection issues (the latter because of what it says about you, rather than because there are vulnerable children inside GCHQ), as well an identity check. Or an FSA approval may imply you don't have a criminal record (as well as perhaps passing some sort of maths test). But I agree that making a matrix of this is likely to be challenging. >> Driving licences work a bit like that; you can use them for limited >>periods overseas, and they allow you to drive [some] things other than >>what you were specifically tested on - trivially automatics if you >>passed on a manual, but not vice versa). > >But they define very closely the things you can drive as though on a >full license and the things you can drive as though on a provisional: >they don't act as a general permit to drive wheely-type things. My original car licence also allowed me to drive "heavy locomotives" thru agricultural tractors to mopeds and mowing machines; even though I'd never driven one let alone been tested in one. > And if you're outside the EU you'd be well advise to regard the >license you passed your group B (group E back in the day) In my red licence B is an automatic, E is a moped. Cars (and much else besides) are A. >car driving test on as a license to drive cars; all those other >extensions (B1E minibus + trailer and so on) may not be valid. Which >is the same problem we're seeing with other documents: the semantics >aren't defined well enough internationally. Three pages of small print in my red licence is now a handful of icons on a plastic card. So much for being able to understand exactly what's allowed. (There's no icon for a moped or mowing machine, for example, let alone heavy locomotives). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sat Oct 4 14:03:57 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Fairbrother) Date: Sat, 04 Oct 2008 14:03:57 +0100 Subject: sfs8 pt1 In-Reply-To: <48E6BB26.3070802@gmx.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> <48E5104A.5080101@gmx.co.uk> <48E6A86E.40609@zen.co.uk> <48E6BB26.3070802@gmx.co.uk> Message-ID: <48E769BD.6030609@zen.co.uk> Dave Howe wrote: > Peter Fairbrother wrote: >> Dave Howe wrote: >>> Charles Lindsey wrote: >>>> On Thu, 02 Oct 2008 08:19:18 +0100, Dave Howe >>>> wrote: >>>> >>>>>> Either way, if you remove all entries from the browser's list >>>>>> and then reload them in an order of your choosing, you should >>>>>> be able to achieve what you want. >>>>> Fair advice - now, how do I do that in Internet Exploiter? >>>> Use Firefox :-) >>> Firefox doesn't have this problem - just IE. >> Eh? >> >> Seems to me Firefox offers non-DHE options. > > yes, it does - but the list that came from Firefox had the DHE options > listed first, so apache chose the first of those it could support. This > was not true of IE, so it got the non-DHE flavour of SSL, which is > recoverable in wireshark. > > That's if the server chooses a DHE option. For real security all non-DHE options should be eliminated from both servers and browsers. -- Peter Fairbrother From ukcrypto at chiark.greenend.org.uk Sat Oct 4 23:07:00 2008 From: ukcrypto at chiark.greenend.org.uk (Dave Howe) Date: Sat, 04 Oct 2008 23:07:00 +0100 Subject: sfs8 pt1 In-Reply-To: <48E769BD.6030609@zen.co.uk> References: <44F2CFBD.9090302@gmx.co.uk> <44F3023A.8070706@gmx.co.uk> <7A38D004-AAAB-4272-BFB9-472A88C5195D@uk.fujitsu.com> <48D7851A.80002@gmx.co.uk> <48D7E48B.3090509@gmx.co.uk> <48D9660C.8020006@gmx.co.uk> <48DD333A.5090401@gmx.co.uk> <12857.78.33.104.73.1222692607.squirrel@webmail.procter.org.uk> <48E142BC.8080006@gmx.co.uk> <48E28C22.6010005@gmx.co.uk> <48E475F6.3050206@gmx.co.uk> <48E5104A.5080101@gmx.co.uk> <48E6A86E.40609@zen.co.uk> <48E6BB26.3070802@gmx.co.uk> <48E769BD.6030609@zen.co.uk> Message-ID: <48E7E904.8080602@gmx.co.uk> Peter Fairbrother wrote: > That's if the server chooses a DHE option. For real security all non-DHE > options should be eliminated from both servers and browsers. Sure. but I can't find a way to do that with Internet Exploiter - which brings us back to the original point - and I can't contact everyone on the web who has an apache server and tell them to lock down on their server to prevent non-DHE crypto being used if Exploiter requests it. From ukcrypto at chiark.greenend.org.uk Sun Oct 5 08:47:46 2008 From: ukcrypto at chiark.greenend.org.uk (Mary Hawking) Date: Sun, 5 Oct 2008 08:47:46 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> Message-ID: >, Ian Batten writes >>Using magic numbers like passport number, SSN, NHS number as ``only >>you can know this'' identifiers clearly doesn't work: no-one seriously >>suggests that the they are, or indeed can be, simultaneously kept >>confidential and used as general purpose identifiers. > >Although there is a widespread belief that you *can* do this with SSNs, >amongst the public and many bureaucrats/administrators in the USA. >-- >Roland Perry And in the NHS for NHS numbers. This lack of joined up thought is worrying... Mary Hawking PS anyone prepared to bet that the NHS number will become the ID number? After all, that is where the old NHS number started... and the systems are already there for the vast majority of the population. -- Mary Hawking From ukcrypto at chiark.greenend.org.uk Sun Oct 5 09:18:15 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Sun, 5 Oct 2008 09:18:15 +0100 Subject: Fingerprint recognition in schools Message-ID: I met a woman yesterday whose daughter has just started at the school my daughter is at. I'd let the introduction of fingerprint-triggered lunch payment slide by --- I'm focussed on the implications for my children of Contactpoint, Connexions and Connecting for Health, and regard school-level initiatives as far less worrying --- but she's more concerned about it than I am. Her argument was a social one: that acclimatising or acculturating children to using fingerprints for identification is a bad thing, as it then makes later, more invasive programmes easier to roll out. Her family history meant she was more sensitive to this risk than perhaps I am. It's an argument we've discussed before on this list, and I think it's fairly compelling. However, it's a difficult argument to make on a small-scale: the scheme is entirely school led. Interestingly, the new scheme comes with advantages for parents that the older --- smartcard --- scheme doesn't have. There's no reason it is related to the change from cards to prints, but parents whose children are already in the school are heartily sick of the fact that payment has to be made by cheque, and the new system's tie in to online payment is incredibly attractive. I don't think this is a conspiratorial ``let's roll out an attractive benefit to sugar coat an unattractive mechanism'', but certainly peoples' reaction to the use of fingerprints may be softened by the ease of the new payment structure. Note that the school we're discussing doesn't have the issues --- crime, chaotic households, high levels of free school meals, etc --- that make these schemes very attractive in some contexts. And there is a clearly documented opt-out scheme where the child can use a card rather than a fingerprint anyway, so a parent saying ``I don't want my child to do this'' can be easily accommodated. And a child who is opted out like that still gets the other benefits, notably the on-line payment. My main counter-argument was that although the slippery-slope argument has a lot of merit, this is a practical scheme with practical benefits. There's been, for example, a low but steady level of child X forgetting their card and `borrowing' money from child Y, which although it's entirely innocent now has the potential for problems, and I can imagine it having a lot of problems in some schools. And I suspect that a consultation exercise --- my interlocutor's main concern --- would throw a lot of heat and rather less light on the topic, especially in the month that HPV vaccination is being done. The main risk I can see if that actual fingerprints can be reconstructed from systems that are probably not wildly physically or logically secure: the security of the fingerprint rests in the quality of the hashing algorithm used to store the reference copy. I can remember seeing a paper which claimed that you can reconstruct the fingerprint from the information stored in these sorts of systems, but I can't run it down. What's the thinking on (a) the slippery slope argument and (b) the problem of reconstruction of prints from hashes? ian From ukcrypto at chiark.greenend.org.uk Sun Oct 5 09:40:44 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Sun, 5 Oct 2008 09:40:44 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> Message-ID: <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> > Mary Hawking > PS anyone prepared to bet that the NHS number will become the ID > number? After all, that is where the old NHS number started... and > the systems are already there for the vast majority of the population. Clearly there are people entitled to use the NHS who aren't in any way entitled to a UK ID card: French citizens, for example. Are they allocated an NHS number for the duration of treatment, or is something else used? I know PACS doesn't index images against NHS numbers for precisely this reason. And are there any classes of people who will be entitled to a UK ID card but are _not_ entitled to NHS treatment? ian From ukcrypto at chiark.greenend.org.uk Sun Oct 5 09:50:34 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 5 Oct 2008 09:50:34 +0100 Subject: Fingerprint recognition in schools In-Reply-To: References: Message-ID: <9oO+$s7a$H6IFAvd@perry.co.uk> In article , Ian Batten writes >There's no reason it is related to the change from cards to prints, >but parents whose children are already in the school are heartily sick >of the fact that payment has to be made by cheque, and the new >system's tie in to online payment is incredibly attractive. My kids secondary school it's cash or nothing. Well not quite "nothing" as they have some sort of token system for free school meal recipients that I'm not at all sure meets the criteria for recipients of free school meals to be indistinguishable at the point of delivery. >What's the thinking on (a) the slippery slope argument I tend to agree, although in the USA they are happy to give up fingerprints for driving Licences. >and (b) the problem of reconstruction of prints from hashes? When I looked at this, my impression was that the system was pretty low cost (and low resolution), and the hash was therefore inherently irreversible to anything useful. ps This story comes up like clockwork this time every year - for the last five at least. Plenty of debate about it to be found online. Here's one from last year: The £20k mentioned in that article is about right; perhaps someone can look up some specifications from whoever the vendor is. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Oct 5 10:21:07 2008 From: ukcrypto at chiark.greenend.org.uk (Wendy M. Grossman) Date: Sun, 05 Oct 2008 10:21:07 +0100 Subject: Fingerprint recognition in schools In-Reply-To: <9oO+$s7a$H6IFAvd@perry.co.uk> References: <9oO+$s7a$H6IFAvd@perry.co.uk> Message-ID: <48E88703.8060007@pelicancrossing.net> Roland Perry wrote: >>I tend to agree, although in the USA they are happy to give up fingerprints for driving Licences.>> Where would this be? I've had a NY driver's license since 1970, and have never been asked for fingerprints. wg From ukcrypto at chiark.greenend.org.uk Sun Oct 5 10:26:51 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 5 Oct 2008 10:26:51 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> Message-ID: In article <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org>, Ian Batten writes > And are there any classes of people who will be entitled to a UK ID >card but are _not_ entitled to NHS treatment? Depends if people with UK Passports and no right of abode are allowed an ID card [1]. And ex-pats aren't entitled to any more NHS treatment than a foreign tourist would be, I think - although all of the above might have an EHIC (nee e111) card that gives some limited treatment. [1] Later. The Border Agency has the following things as proof of right of abode: # a UK passport or an ID Card issued under the Identity Cards Act 2006 describing them as a British citizen; or # a UK passport or an ID Card issued under the Identity Cards Act 2006 describing them as a British subject with the right of abode in the UK So it seems likely there *is* a class of people *with* and ID card, but no right of abode ie: * .... an ID Card issued under the Identity Cards Act 2006 describing them as a British subject AND NOT with the right of abode in the UK -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Oct 5 10:34:45 2008 From: ukcrypto at chiark.greenend.org.uk (Ian Batten) Date: Sun, 5 Oct 2008 10:34:45 +0100 Subject: Fingerprint recognition in schools In-Reply-To: <9oO+$s7a$H6IFAvd@perry.co.uk> References: <9oO+$s7a$H6IFAvd@perry.co.uk> Message-ID: On 5 Oct 2008, at 09:50, Roland Perry wrote: > In article , Ian > Batten writes >> There's no reason it is related to the change from cards to prints, >> but parents whose children are already in the school are heartily >> sick >> of the fact that payment has to be made by cheque, and the new >> system's tie in to online payment is incredibly attractive. > > My kids secondary school it's cash or nothing. Well not quite > "nothing" > as they have some sort of token system for free school meal recipients > that I'm not at all sure meets the criteria for recipients of free > school meals to be indistinguishable at the point of delivery. That requirement is one of the main points in favour of non-cash systems. People in receipt of free meals receive a regular credit to a specified value. In which case I can clearly see the reason to tie the token to the user by something slightly more credible than physical possession. > When I looked at this, my impression was that the system was pretty > low > cost (and low resolution), and the hash was therefore inherently > irreversible to anything useful. It is apparently is going to pop up a photograph of the child to the operator, which tends to imply that the vendors have limited faith in the resolution of their system... ian ian From ukcrypto at chiark.greenend.org.uk Sun Oct 5 10:48:29 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 5 Oct 2008 10:48:29 +0100 Subject: Fingerprint recognition in schools In-Reply-To: <48E88703.8060007@pelicancrossing.net> References: <9oO+$s7a$H6IFAvd@perry.co.uk> <48E88703.8060007@pelicancrossing.net> Message-ID: In article <48E88703.8060007@pelicancrossing.net>, Wendy M. Grossman writes >>>I tend to agree, although in the USA they are happy to give up >fingerprints for driving Licences.>> > >Where would this be? I've had a NY driver's license since 1970, and >have never been asked for fingerprints. Several states have required thumb prints for some time, although sometimes only for new licences (from some starting date) and not renewals. California's the biggest, but also Texas, Georgia, Hawaii and a few others. There's also a Homeland Security proposal that I've rather lost track of, to harmonise the Drivers License characteristics and application criteria (ie proof of ID to get one) in all states. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Oct 5 10:53:57 2008 From: ukcrypto at chiark.greenend.org.uk (Wendy M. Grossman) Date: Sun, 05 Oct 2008 10:53:57 +0100 Subject: Fingerprint recognition in schools In-Reply-To: References: <9oO+$s7a$H6IFAvd@perry.co.uk> <48E88703.8060007@pelicancrossing.net> Message-ID: <48E88EB5.1090001@pelicancrossing.net> Roland Perry wrote: > In article <48E88703.8060007@pelicancrossing.net>, Wendy M. Grossman > writes >>>> I tend to agree, although in the USA they are happy to give up >> fingerprints for driving Licences.>> >> >> Where would this be? I've had a NY driver's license since 1970, and >> have never been asked for fingerprints. > > Several states have required thumb prints for some time, although > sometimes only for new licences (from some starting date) and not > renewals. California's the biggest, but also Texas, Georgia, Hawaii and > a few others. OK. The really hilarious bit about NY is that when they eventually at long last brought in photos - sometime in the late 1980s, I think - they made everyone apply in person so they could be photographed (they were very inexperienced in Ithaca when they did mine, and it took them a few tries). Since then, all renewals have been by mail. So my license has a 20-yo picture on it that was bad to begin with. AFAIAA there's no requirement that I show up in person when it next expires, in 2010, either. > > There's also a Homeland Security proposal that I've rather lost track > of, to harmonise the Drivers License characteristics and application > criteria (ie proof of ID to get one) in all states. Yes - that's the Real ID Act, which I'm well aware of. Quite a few states are refusing to comply. wg From ukcrypto at chiark.greenend.org.uk Sun Oct 5 10:59:08 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 5 Oct 2008 10:59:08 +0100 Subject: Fingerprint recognition in schools In-Reply-To: References: <9oO+$s7a$H6IFAvd@perry.co.uk> Message-ID: In article , Ian Batten writes >It is apparently is going to pop up a photograph of the child to the >operator, which tends to imply that the vendors have limited faith in >the resolution of their system... I have a feeling that the library systems pop up the name of the child. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Oct 5 11:50:55 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 5 Oct 2008 11:50:55 +0100 Subject: Fingerprint recognition in schools In-Reply-To: <48E88EB5.1090001@pelicancrossing.net> References: <9oO+$s7a$H6IFAvd@perry.co.uk> <48E88703.8060007@pelicancrossing.net> <48E88EB5.1090001@pelicancrossing.net> Message-ID: In article <48E88EB5.1090001@pelicancrossing.net>, Wendy M. Grossman writes >The really hilarious bit about NY is that when they eventually at long >last brought in photos - sometime in the late 1980s, I think - they >made everyone apply in person so they could be photographed (they were >very inexperienced in Ithaca when they did mine, and it took them a few >tries). Since then, all renewals have been by mail. So my license has a >20-yo picture on it that was bad to begin with. AFAIAA there's no >requirement that I show up in person when it next expires, in 2010, either. In Georgia they give you an eyetest at 64, so that and subsequent renewals have to be done in person [1]. As Georgia also mandates renewal in person when you change address (no doubt so they can check the new proof-of-address), perhaps that mops up everyone sufficiently (do they have a valid NY address on file for you). I note my UK photo-licence will need renewing in the not too distant future (after x years [2], rather than me attaining a particular age), something I only realised by recently reading about people caught out but that. Of course, the licence has a date on it in half-point, but like many others I'd assumed it was age related. [1] For UK readers: the DL renewal centres in Georgia are spread about the place in exactly the same way as the new Border Agency Passport interview/ID Card issuing centres. http://news.bbc.co.uk/1/hi/uk_politics/4967276.stm [2] One of the "improvements" of the plastic licence is that it doesn't actually say when it was first issued [although you can deduce when the test was passed from the counterpart], just when it was last renewed (in my case because of a change of address). -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Oct 5 11:57:59 2008 From: ukcrypto at chiark.greenend.org.uk (Wendy M. Grossman) Date: Sun, 05 Oct 2008 11:57:59 +0100 Subject: Fingerprint recognition in schools In-Reply-To: References: <9oO+$s7a$H6IFAvd@perry.co.uk> <48E88703.8060007@pelicancrossing.net> <48E88EB5.1090001@pelicancrossing.net> Message-ID: <48E89DB7.6070407@pelicancrossing.net> Roland Perry wrote: > > In Georgia they give you an eyetest at 64, so that and subsequent > renewals have to be done in person [1]. As Georgia also mandates renewal > in person when you change address (no doubt so they can check the new > proof-of-address), perhaps that mops up everyone sufficiently (do they > have a valid NY address on file for you). Yes, a friend helpfully supplies his address for that purpose. In NY, the rule has generally been that you have to supply a valid optician's certificate that your eyesight meets the requirements (with correction, if necessary). I don't imagine that changes at 64, though there is a facility for relatives to report if they think someone is no longer competent to drive, and then the State will call you in for some kind of testing. > > I note my UK photo-licence will need renewing in the not too distant > future (after x years [2], rather than me attaining a particular age), > something I only realised by recently reading about people caught out > but that. Of course, the licence has a date on it in half-point, but > like many others I'd assumed it was age related. A major reason why I never updated mine! I still have one of the old paper licenses. Fortunately, I haven't moved since it was issued. wg From ukcrypto at chiark.greenend.org.uk Sun Oct 5 15:53:41 2008 From: ukcrypto at chiark.greenend.org.uk (ukcrypto@chiark.greenend.org.uk) Date: Sun, 05 Oct 2008 15:53:41 +0100 Subject: Fingerprint recognition in schools In-Reply-To: References: Message-ID: <20081005155341.v6n9srjy0w444ks8@webmail01.purplecloud.com> Quoting Ian Batten : > What's the thinking on (a) the slippery slope argument and (b) the > problem of reconstruction of prints from hashes? 1) A lot of this stuff is experimented with children. I'm concerned that they don't have the information or skills to give informed consent or assent. Especially when the details are 'hidden' and the schemes have attractive fripperies (Discount voucher for music etc). 2) Physical contact - with fingers - of the reader seems sub-optimal in today's "wash hands" clean society. From ukcrypto at chiark.greenend.org.uk Sun Oct 5 16:08:28 2008 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Sun, 05 Oct 2008 16:08:28 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> Message-ID: <48E8D86C.9000002@pemble.net> Roland Perry wrote: > In article <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org>, Ian > Batten writes >> And are there any classes of people who will be entitled to a UK ID >> card but are _not_ entitled to NHS treatment? > > Depends if people with UK Passports and no right of abode are allowed > an ID card [1]. And ex-pats aren't entitled to any more NHS treatment > than a foreign tourist would be, I think - although all of the above > might have an EHIC (nee e111) card that gives some limited treatment. > > [1] Later. The Border Agency has the following things as proof of > right of abode: > > # a UK passport or an ID Card issued under the Identity Cards Act 2006 > describing them as a British citizen; or > # a UK passport or an ID Card issued under the Identity Cards Act 2006 > describing them as a British subject with the right of abode in the UK > > So it seems likely there *is* a class of people *with* and ID card, > but no right of abode ie: > > * .... an ID Card issued under the Identity Cards Act 2006 describing > them as a British subject AND NOT with the right of abode in the UK It doesn't quite follow - there are (were?) definitely classes of people with a UK passport describing them as a British subject AND NOT with the right of abode - Hong Kong Chinese prior to the handover, for example. I am not sure that this class of people will be automatically entitled (or required) to have an ID card. You get an ID card if you are on the (evil, hiss, boo) Register: s2(2) The individuals entitled to be entered in the Register are— (a) every individual who has attained the age of 16 and, without being excluded under subsection (3) from an entitlement to be registered, is residing at a place in the United Kingdom; and (b) every individual of a prescribed description who has resided in the United Kingdom or who is proposing to enter the United Kingdom. Now s2(3) has: Regulations made by the Secretary of State may provide that an individual residing in the United Kingdom is excluded from an entitlement to be registered if— (a) he is residing in the United Kingdom in exercise of an entitlement to remain there that will end less than the prescribed period after it was acquired; (b) he is an individual of a prescribed description who has not yet been resident in the United Kingdom for the prescribed period; or (c) he is residing in the United Kingdom despite having no entitlement to remain there. So, if you are not in the UK (because, quite plausibly, you have no right of abode) - no Register entry (dance around table) & no ID card. Or, even if you are in the UK you might fall under (c), as a vistor, health tourist, etc. But this all depends on the righteousness of Her Majesty's Secretary of State, so, frankly, we're all dooooomed. Matthew From ukcrypto at chiark.greenend.org.uk Sun Oct 5 16:54:18 2008 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sun, 05 Oct 2008 16:54:18 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <48E8D86C.9000002@pemble.net> References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> <48E8D86C.9000002@pemble.net> Message-ID: <48E8E32A.9000900@iosis.co.uk> Matthew Pemble wrote: > Roland Perry wrote: >> In article <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org>, Ian >> Batten writes >>> And are there any classes of people who will be entitled to a UK ID >>> card but are _not_ entitled to NHS treatment? >> Depends if people with UK Passports and no right of abode are allowed >> an ID card [1]. And ex-pats aren't entitled to any more NHS treatment >> than a foreign tourist would be, I think - although all of the above >> might have an EHIC (nee e111) card that gives some limited treatment. >> >> [1] Later. The Border Agency has the following things as proof of >> right of abode: >> >> # a UK passport or an ID Card issued under the Identity Cards Act >> 2006 describing them as a British citizen; or >> # a UK passport or an ID Card issued under the Identity Cards Act >> 2006 describing them as a British subject with the right of abode in >> the UK >> >> So it seems likely there *is* a class of people *with* and ID card, >> but no right of abode ie: >> >> * .... an ID Card issued under the Identity Cards Act 2006 describing >> them as a British subject AND NOT with the right of abode in the UK > It doesn't quite follow - there are (were?) definitely classes of > people with a UK passport describing them as a British subject AND NOT > with the right of abode - Hong Kong Chinese prior to the handover, for > example. I am not sure that this class of people will be automatically > entitled (or required) to have an ID card. You get an ID card if you > are on the (evil, hiss, boo) Register: > > s2(2) The individuals entitled to be entered in the Register are— > > (a) every individual who has attained the age of 16 and, without > being excluded under subsection (3) from an entitlement to be > registered, is residing at a place in the United Kingdom; and > > (b) every individual of a prescribed description who has resided in > the United Kingdom or who is proposing to enter the United Kingdom. > > Now s2(3) has: > > Regulations made by the Secretary of State may provide that an > individual residing in the United Kingdom is excluded from an > entitlement to be registered if— > > (a) he is residing in the United Kingdom in exercise of an > entitlement to remain there that will end less than the prescribed > period after it was acquired; > > (b) he is an individual of a prescribed description who has not yet > been resident in the United Kingdom for the prescribed period; or > > (c) he is residing in the United Kingdom despite having no > entitlement to remain there. > > So, if you are not in the UK (because, quite plausibly, you have no > right of abode) - no Register entry (dance around table) & no ID card. > Or, even if you are in the UK you might fall under (c), as a vistor, > health tourist, etc. > > But this all depends on the righteousness of Her Majesty's Secretary > of State, so, frankly, we're all dooooomed. > > Matthew So, Matthew, diligent student of the law, where is the clause that permits the SofS to say to a person: "you third country (i.e. non-EEA) national are entitled to reside here (we have granted you that), you have been here x months (which might be very close to zero, i.e. you have just arrived and we are going to let you stay), to stay you now have to have a UK ID card, you will give HMG xx (or xxx) pounds or we will throw you out"? Peter PS Just as an aside, see also Section 29 of the Identity Cards Act 2006 [1]: if you are deemed to have done something that causes the NIS to misbehave (or to have caused it to misbehave by not doing something), no matter how long ago you did it or didn't do it, you are going to be charged with a criminal offence and there is no defence if you did/did not do that thing. That is why some people are very wary of being involved in a project that has good as well as bad parts. [1] http://p10.hostingprod.com/@spyblog.org.uk/blog/2007/08/id-cards-national-identity-register-procurement-begins-which-company-directors-f.html From ukcrypto at chiark.greenend.org.uk Sun Oct 5 17:06:14 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Sun, 5 Oct 2008 17:06:14 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <48E8D86C.9000002@pemble.net> References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> <48E8D86C.9000002@pemble.net> Message-ID: In article <48E8D86C.9000002@pemble.net>, Matthew Pemble writes >> * .... an ID Card issued under the Identity Cards Act 2006 describing >>them as a British subject AND NOT with the right of abode in the UK >It doesn't quite follow - there are (were?) definitely classes of >people with a UK passport describing them as a British subject AND NOT >with the right of abode - Hong Kong Chinese prior to the handover, for >example. I am not sure that this class of people will be automatically >entitled (or required) to have an ID card. There must be some, otherwise the earlier rule would have just stated: "... an ID Card issued under the Identity Cards Act 2006 describing them as a British subject" on the hypothetical grounds that unless they had right of abode they would never have received an ID card. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Sun Oct 5 17:33:06 2008 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Sun, 05 Oct 2008 17:33:06 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: <48E8E32A.9000900@iosis.co.uk> References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> <48E8D86C.9000002@pemble.net> <48E8E32A.9000900@iosis.co.uk> Message-ID: <48E8EC42.70506@pemble.net> Peter Tomlinson wrote: > So, Matthew, diligent student of the law, where is the clause that > permits the SofS to say to a person: "you third country (i.e. non-EEA) > national are entitled to reside here (we have granted you that), you > have been here x months (which might be very close to zero, i.e. you > have just arrived and we are going to let you stay), to stay you now > have to have a UK ID card, you will give HMG xx (or xxx) pounds or we > will throw you out"? > While I will bow to the knowledge of any of the lawyers on the list, I would assume that s3(2) of the Immigration Act 1971 gives SofS the power to make such a regulation (i.e. conditions on leave to remain.) We are, of course, discussing s3(9)c & s3(9)d of the same Act here (as amended by the more recent acts). I would have included a link to the statutelaw website but they are somewhat over-lengthy ... I would also note that already, although nothing to do with ID Cards, applying for a UK visa for residence, extending a visa or applying for Indefinite Leave to Remain already costs you money - http://www.ukba.homeoffice.gov.uk/ukresidency/cost/ - and, I assume, that sometimes people do get thrown out for not forking over these not-insignificant (up to £950, apparently, although I seem to recall 'mutterings into his beer' from a Kiwi ex-colleague that suggested the total cost was even more than this) amounts of wonga. Matthew From ukcrypto at chiark.greenend.org.uk Sun Oct 5 17:42:53 2008 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Sun, 05 Oct 2008 17:42:53 +0100 Subject: Tool to backup, modify and clone ePassport released In-Reply-To: References: <20081005064756.7444.3183.Mailman@chiark.greenend.org.uk> <10A0463C-5DD0-4A8E-852E-34B6BE861C07@batten.eu.org> <48E8D86C.9000002@pemble.net> Message-ID: <48E8EE8D.2070407@pemble.net> Roland Perry wrote: >> It doesn't quite follow - there are (were?) definitely classes of >> people with a UK passport describing them as a British subject AND >> NOT with the right of abode - Hong Kong Chinese prior to the >> handover, for example. I am not sure that this class of people will >> be automatically entitled (or required) to have an ID card. > > There must be some, otherwise the earlier rule would have just stated: > > "... an ID Card issued under the Identity Cards Act 2006 describing > them as a British subject" > > on the hypothetical grounds that unless they had right of abode they > would never have received an ID card. There is an assumption, in your argument, of competence in the drafting of statute law that may not be rationally justified :) Matthew From ukcrypto at chiark.greenend.org.uk Sun Oct 5 20:58:08 2008 From: ukcrypto at chiark.greenend.org.uk (PeteM) Date: Sun, 05 Oct 2008 20:58:08 +0100 Subject: Fingerprint recognition in schools In-Reply-To: References: Message-ID: <48E91C50.2040809@callnetuk.com> Ian Batten wrote on 5-10-08 09:18: > > Interestingly, the new scheme comes with advantages for parents that > the older --- smartcard --- scheme doesn't have. There's no reason it > is related to the change from cards to prints, but parents whose > children are already in the school are heartily sick of the fact that > payment has to be made by cheque, and the new system's tie in to online > payment is incredibly attractive. I'm lost here, before we even get to the fingerprint technology. What is difficult about paying by cheque? It takes 30 seconds to write a cheque. It can take several minutes just to log into an online bank account, and that's if you are prepared to have one anyway. I'm not. Anyway, a parent who *is* addicted to online banking but objects to fingerprints should simply insist on using online anyway. How can the school reasonably object? snip > > The main risk I can see if that actual fingerprints can be reconstructed > from systems that are probably not wildly physically or logically > secure: the security of the fingerprint rests in the quality of the > hashing algorithm used to store the reference copy. I can remember > seeing a paper which claimed that you can reconstruct the fingerprint > from the information stored in these sorts of systems, but I can't run > it down. > > What's the thinking on (a) the slippery slope argument I agree it's a worry but I don't think there's much anyone can do about it. It's not as big a danger as things like the CRB system, the children's database, the ID card, RFID tagging of passports etc. > and (b) the > problem of reconstruction of prints from hashes? I am told by a friend who manufactures these things (FWMTT) that you can't reconstruct a fingerprint image from the hash. I accept that, but it doesn't reassure me. The police can still use these school databases when (not if) they get hold of them. Suppose they have a fingerprint from somewhere that they want to match, perhaps lifted from a crime scene, like a bus to Fairford. All they do is scan it onto the system scanner and create a hash. Then they compare this hash against all the hashes produced by pupils' fingerprints. If they find one, they infer that the actual fingerprints matched as well as the hashes. Don't laugh, they do it all the time with DNA. You can hear the prosecutor now, "... ten billion to one chance of a misidentification blah blah ... " The FWMTT told me that can't be done because you can't scan a fingerprint, only an actual finger. But I think you probably can. In fact I think it's been done, using wax and araldite or something. Like "The Norwood Builder". -- Pete Mitchell From ukcrypto at chiark.greenend.org.uk Mon Oct 6 07:36:11 2008 From: ukcrypto at chiark.greenend.org.uk (Benjamin Donnachie) Date: Mon, 6 Oct 2008 07:36:11 +0100 Subject: Fingerprint recognition in schools In-Reply-To: <48E91C50.2040809@callnetuk.com> References: <48E91C50.2040809@callnetuk.com> Message-ID: <732076a80810052336s5c2c1277wa5ecdb29ef8b0a2c@mail.gmail.com> 2008/10/5 PeteM : > I am told by a friend who manufactures these things (FWMTT) that you can't > reconstruct a fingerprint image from the hash. I think it's been done. I've just finished a night shift and will hunt for it later when I'm more awake... Ben From ukcrypto at chiark.greenend.org.uk Mon Oct 6 09:34:01 2008 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Mon, 6 Oct 2008 09:34:01 +0100 Subject: Tool to backup, modify and clone ePassport released In-Re